Commit Graph

1765 Commits

Author SHA1 Message Date
Ard Biesheuvel
80d6f4c6bb target/arm: implement SM3 instructions
This implements emulation of the new SM3 instructions that have
been added as an optional extension to the ARMv8 Crypto Extensions
in ARM v8.2.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 20180207111729.15737-4-ard.biesheuvel@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-09 10:40:28 +00:00
Ard Biesheuvel
cd270ade74 target/arm: implement SHA-3 instructions
This implements emulation of the new SHA-3 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 20180207111729.15737-3-ard.biesheuvel@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-09 10:40:28 +00:00
Ard Biesheuvel
90b827d131 target/arm: implement SHA-512 instructions
This implements emulation of the new SHA-512 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 20180207111729.15737-2-ard.biesheuvel@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-09 10:40:28 +00:00
Peter Maydell
95695effe8 target/arm: Handle exceptions during exception stack pop
Handle possible MPU faults, SAU faults or bus errors when
popping register state off the stack during exception return.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-8-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:28 +00:00
Peter Maydell
600c33f247 target/arm: Make exception vector loads honour the SAU
Make the load of the exception vector from the vector table honour
the SAU and any bus error on the load (possibly provoking a derived
exception), rather than simply aborting if the load fails.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-7-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:28 +00:00
Peter Maydell
65b4234ff7 target/arm: Make v7m_push_callee_stack() honour MPU
Make v7m_push_callee_stack() honour the MPU by using the
new v7m_stack_write() function. We return a flag to indicate
whether the pushes failed, which we can then use in
v7m_exception_taken() to cause us to handle the derived
exception correctly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1517324542-6607-6-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:27 +00:00
Peter Maydell
fd592d890e target/arm: Make v7M exception entry stack push check MPU
The memory writes done to push registers on the stack
on exception entry in M profile CPUs are supposed to
go via MPU permissions checks, which may cause us to
take a derived exception instead of the original one of
the MPU lookup fails. We were implementing these as
always-succeeds direct writes to physical memory.
Rewrite v7m_push_stack() to do the necessary checks.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-5-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:27 +00:00
Peter Maydell
0094ca70e1 target/arm: Add ignore_stackfaults argument to v7m_exception_taken()
In the v8M architecture, if the process of taking an exception
results in a further exception this is called a derived exception
(for example, an MPU exception when writing the exception frame to
memory). If the derived exception happens while pushing the initial
stack frame, we must ignore any subsequent possible exception
pushing the callee-saves registers.

In preparation for making the stack writes check for exceptions,
add a return value from v7m_push_stack() and a new parameter to
v7m_exception_taken(), so that the former can tell the latter that
it needs to ignore failures to write to the stack. We also plumb
the argument through to v7m_push_callee_stack(), which is where
the code to ignore the failures will be.

(Note that the v8M ARM pseudocode structures this slightly differently:
derived exceptions cause the attempt to process the original
exception to be abandoned; then at the top level it calls
DerivedLateArrival to prioritize the derived exception and call
TakeException from there. We choose to let the NVIC do the prioritization
and continue forward with a call to TakeException which will then
take either the original or the derived exception. The effect is
the same, but this structure works better for QEMU because we don't
have a convenient top level place to do the abandon-and-retry logic.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-4-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:27 +00:00
Peter Maydell
6c94851881 target/arm: Split "get pending exception info" from "acknowledge it"
Currently armv7m_nvic_acknowledge_irq() does three things:
 * make the current highest priority pending interrupt active
 * return a bool indicating whether that interrupt is targeting
   Secure or NonSecure state
 * implicitly tell the caller which is the highest priority
   pending interrupt by setting env->v7m.exception

We need to split these jobs, because v7m_exception_taken()
needs to know whether the pending interrupt targets Secure so
it can choose to stack callee-saves registers or not, but it
must not make the interrupt active until after it has done
that stacking, in case the stacking causes a derived exception.
Similarly, it needs to know the number of the pending interrupt
so it can read the correct vector table entry before the
interrupt is made active, because vector table reads might
also cause a derived exception.

Create a new armv7m_nvic_get_pending_irq_info() function which simply
returns information about the highest priority pending interrupt, and
use it to rearrange the v7m_exception_taken() code so we don't
acknowledge the exception until we've done all the things which could
possibly cause a derived exception.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1517324542-6607-3-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:27 +00:00
Peter Maydell
5ede82b8cc target/arm: Add armv7m_nvic_set_pending_derived()
In order to support derived exceptions (exceptions generated in
the course of trying to take an exception), we need to be able
to handle prioritizing whether to take the original exception
or the derived exception.

We do this by introducing a new function
armv7m_nvic_set_pending_derived() which the exception-taking code in
helper.c will call when a derived exception occurs.  Derived
exceptions are dealt with mostly like normal pending exceptions, so
we share the implementation with the armv7m_nvic_set_pending()
function.

Note that the way we structure this is significantly different
from the v8M Arm ARM pseudocode: that does all the prioritization
logic in the DerivedLateArrival() function, whereas we choose to
let the existing "identify highest priority exception" logic
do the prioritization for us. The effect is the same, though.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1517324542-6607-2-git-send-email-peter.maydell@linaro.org
2018-02-09 10:40:27 +00:00
David Hildenbrand
46a99c9f73 s390x/cpumodel: model PTFF subfunctions for Multiple-epoch facility
For now, the kernel does not properly indicate configured CPU subfunctions
to the guest, but simply uses the host values (as support in KVM is still
missing). That's why we missed to model the PTFF subfunctions that come
with Multiple-epoch facility.

Let's properly add these, along with a new feature group.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180205102935.14736-1-david@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
Cornelia Huck
e3fd586dfa s390x/cpumodel: allow zpci features in qemu model
AEN and AIS can be provided unconditionally, ZPCI should be turned on
manually.

With -cpu qemu,zpci=on, the guest kernel can now successfully detect
virtio-pci devices under tcg.

Also fixup the order of the MSA_EXT_{3,4} flags while at it.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
Cornelia Huck
f6c232ce16 s390x/tcg: wire up pci instructions
On s390x, pci support is implemented via a set of instructions
(no mmio). Unfortunately, none of them are documented in the
PoP; the code is based upon the existing implementation for KVM
and the Linux zpci driver.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
6762808fda s390x/flic: cache the common flic class in a central function
This avoids tons of conversions when handling interrupts.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-19-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
f68ecdd4f3 s390x/tcg: cache the qemu flic in a central function
This avoids tons of conversions when handling interrupts.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-17-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
799478621e s390x/tcg: STSI overhaul
Current STSI implementation is a mess, so let's rewrite it.

Problems fixed by this patch:
1) The order of exceptions/when recognized is wrong.
2) We have to store to virtual address space, not absolute.
3) Alignment check of the block is missing.
3) The SMP information is not indicated.

While at it:
a) Make the code look nicer
    - get rid of nesting levels
    - use struct initialization instead of initializing to zero
    - rename a misspelled field and rename function code defines
    - use a union and have only one write statement
    - use cpu_to_beX()
b) Indicate the VM name/extended name + UUID just like KVM does
c) Indicate that all LPAR CPUs we fake are dedicated
d) Add a comment why we fake being a KVM guest
e) Give our guest as default the name "TCGguest"
f) Fake the same CPU information we have in our Guest for all layers

While at it, get rid of "potential_page_fault()" by forwarding the
retaddr properly.

The result is best verified by looking at "/proc/sysinfo" in the guest
when specifying on the qemu command line
    -uuid "74738ff5-5367-5958-9aee-98fffdcd1876" \
    -name "extra long guest name"

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-14-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
4d1369efaa s390x: fix size + content of STSI blocks
All blocks are 4k in size, which is only true for two of them right now.
Also some reserved fields were wrong, fix it and convert all reserved
fields to u8.

This also fixes the LPAR part output in /proc/sysinfo under TCG. (for
now, everything was indicated as 0)

While at it, introduce typedefs for these structs and use them in TCG/KVM
code.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-13-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
631b59664c s390x/flic: optimize CPU wakeup for TCG
Kicking all CPUs on every floating interrupt is far from efficient.
Let's optimize it at least a little bit.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-12-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
6a253de395 s390x/tcg: implement TEST PENDING INTERRUPTION
Use s390_cpu_virt_mem_write() so we can actually revert what we did
(re-inject the dequeued IO interrupt).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-10-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
b194e44785 s390x/flic: make floating interrupts on TCG actually floating
Move floating interrupt handling into the flic. Floating interrupts
will now be considered by all CPUs, not just CPU #0. While at it, convert
I/O interrupts to use a list and make sure we properly consider I/O
sub-classes in s390_cpu_has_io_int().

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-9-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
6ca62eb598 s390x/tcg: tolerate wrong wakeups due to floating interrupts
This is a preparation for floating interrupt support and only applies to
MTTCG, single threaded TCG works just fine. If a floating interrupt wakes
up a VCPU and the CPU thinks it can run (clearing cs->halted), at
the point where the interrupt would be delivered, already another VCPU
might have picked up the interrupt, resulting in a wakeup without an
interrupt (executing wrong code).

It is wrong to let the VCPU continue to execute (the WAIT PSW). Instead,
we have to put the VCPU back to sleep.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-8-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
e6505d5395 s390x/flic: factor out injection of floating interrupts
Let the flic device handle it internally. This will allow us to later
on store floating interrupts in the flic for the TCG case.

This now also simplifies kvm.c. All that's left is the fallback
interface for floating interrupts, which is now triggered directly via
the flic in case anything goes wrong.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-6-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
520db63f3a s390x/tcg: simplify machine check handling
We currently only support CRW machine checks. This is a preparation for
real floating interrupt support.

Get rid of the queue and handle it via the bit INTERRUPT_MCHK. We don't
rename it for now, as it will be soon gone (when moving crw machine checks
into the flic).

Please note that this is the same way also KVM handles it: only one
instance of a machine check can be pending at a time. So no need for a
queue.

While at it, make sure we try to deliver only if env->cregs[14]
actually indicates that CRWs are accepted.

Drop two unused defines on the way (we already have PSW_MASK_...).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-5-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
David Hildenbrand
ce204cba74 s390x/tcg: deliver multiple interrupts in a row
We have to consider all deliverable interrupts.

We now have to take care of the special scenario, where we first
inject an interrupt with a WAIT PSW, followed by a !WAIT PSW. (very
unlikely but possible)

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180129125623.21729-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-02-09 09:37:13 +01:00
Markus Armbruster
522ece32d2 Drop superfluous includes of qapi-types.h and test-qapi-types.h
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180201111846.21846-4-armbru@redhat.com>
2018-02-09 05:05:11 +01:00
Markus Armbruster
8f0a3716e4 Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes, with the change
to target/s390x/gen-features.c manually reverted, and blank lines
around deletions collapsed.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180201111846.21846-3-armbru@redhat.com>
2018-02-09 05:05:11 +01:00
Markus Armbruster
d8e39b7062 Use #include "..." for our own headers, <...> for others
System headers should be included with <...>, our own headers with
"...".  Offenders tracked down with an ugly, brittle and probably
buggy Perl script.  Previous iteration was commit a9c94277f0.

Delete inclusions of "string.h" and "strings.h" instead of fixing them
to <string.h> and <strings.h>, because we always include these via
osdep.h.

Put the cleaned up system header includes first.

While there, separate #include from file comment with exactly one
blank line.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180201111846.21846-2-armbru@redhat.com>
2018-02-09 05:05:11 +01:00
Richard Henderson
064e265d56 target/arm: Use vector infrastructure for aa64 orr/bic immediate
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:08 +00:00
Richard Henderson
0c7c55c492 target/arm: Use vector infrastructure for aa64 multiplies
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:08 +00:00
Richard Henderson
79d61de6bd target/arm: Use vector infrastructure for aa64 compares
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:07 +00:00
Richard Henderson
cdb45a6063 target/arm: Use vector infrastructure for aa64 constant shifts
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:07 +00:00
Richard Henderson
861a1ded24 target/arm: Use vector infrastructure for aa64 dup/movi
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:07 +00:00
Richard Henderson
377ef731a8 target/arm: Use vector infrastructure for aa64 mov/not/neg
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:07 +00:00
Richard Henderson
bc48092f58 target/arm: Use vector infrastructure for aa64 add/sub/logic
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:07 +00:00
Richard Henderson
8b3495ea19 target/arm: Align vector registers
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-02-08 15:54:06 +00:00
Peter Maydell
7b213bb475 * socket option parsing fix (Daniel)
* SCSI fixes (Fam)
 * Readline double-free fix (Greg)
 * More HVF attribution fixes (Izik)
 * WHPX (Windows Hypervisor Platform Extensions) support (Justin)
 * POLLHUP handler (Klim)
 * ivshmem fixes (Ladi)
 * memfd memory backend (Marc-André)
 * improved error message (Marcelo)
 * Memory fixes (Peter Xu, Zhecheng)
 * Remove obsolete code and comments (Peter M.)
 * qdev API improvements (Philippe)
 * Add CONFIG_I2C switch (Thomas)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJaexoYAAoJEL/70l94x66DVL0IAJC//aZCwwgyN9CRNDcOo10/
 UPtzprfezERkur77r1KvEYVNIfslRF6iTBou2+suOWkzoNL2LJ0XZ+wi+2u2sFIF
 ikvbQVk4dOWqJJQj7e1cmv5A2EZy2dcxjAoD1IG6CRy76+HzYqwjHVw+HkYY5CUS
 qwnUWjQddP6WtH9MsUHpX7p7atWo7T1tzkx4v8H+CIHBO3uUJQSZLkGYflvcstpj
 Fo04bZzSkDj2rnlqqBo/6UgJQXD8++Rs64vmiX2xwcK47TWO31Vbuwu+r8V9osWm
 LHFmRpL8ZkZfL0yqf0bpjmd688dirjVpHIJ5KE043Lo6AdI+K5xBfoBjXxtPiKE=
 =o90D
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* socket option parsing fix (Daniel)
* SCSI fixes (Fam)
* Readline double-free fix (Greg)
* More HVF attribution fixes (Izik)
* WHPX (Windows Hypervisor Platform Extensions) support (Justin)
* POLLHUP handler (Klim)
* ivshmem fixes (Ladi)
* memfd memory backend (Marc-André)
* improved error message (Marcelo)
* Memory fixes (Peter Xu, Zhecheng)
* Remove obsolete code and comments (Peter M.)
* qdev API improvements (Philippe)
* Add CONFIG_I2C switch (Thomas)

# gpg: Signature made Wed 07 Feb 2018 15:24:08 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (47 commits)
  Add the WHPX acceleration enlightenments
  Introduce the WHPX impl
  Add the WHPX vcpu API
  Add the Windows Hypervisor Platform accelerator.
  tests/test-filter-redirector: move close()
  tests: use memfd in vhost-user-test
  vhost-user-test: make read-guest-mem setup its own qemu
  tests: keep compiling failing vhost-user tests
  Add memfd based hostmem
  memfd: add hugetlbsize argument
  memfd: add hugetlb support
  memfd: add error argument, instead of perror()
  cpus: join thread when removing a vCPU
  cpus: hvf: unregister thread with RCU
  cpus: tcg: unregister thread with RCU, fix exiting of loop on unplug
  cpus: dummy: unregister thread with RCU, exit loop on unplug
  cpus: kvm: unregister thread with RCU
  cpus: hax: register/unregister thread with RCU, exit loop on unplug
  ivshmem: Disable irqfd on device reset
  ivshmem: Improve MSI irqfd error handling
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	cpus.c
2018-02-07 20:40:36 +00:00
Justin Terry (VM)
19306806ae Add the WHPX acceleration enlightenments
Implements the WHPX accelerator cpu enlightenments to actually use the whpx-all
accelerator on Windows platforms.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Message-Id: <1516655269-1785-5-git-send-email-juterry@microsoft.com>
[Register/unregister VCPU thread with RCU. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:26 +01:00
Justin Terry (VM)
812d49f2a3 Introduce the WHPX impl
Implements the Windows Hypervisor Platform accelerator (WHPX) target. Which
acts as a hypervisor accelerator for QEMU on the Windows platform. This enables
QEMU much greater speed over the emulated x86_64 path's that are taken on
Windows today.

1. Adds support for vPartition management.
2. Adds support for vCPU management.
3. Adds support for MMIO/PortIO.
4. Registers the WHPX ACCEL_CLASS.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Message-Id: <1516655269-1785-4-git-send-email-juterry@microsoft.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:26 +01:00
Peter Xu
0bbe435410 arm: postpone device listener unregister
It's a preparation for follow-up patch to call region_del() in
memory_listener_unregister(), otherwise all device addr attached with
kvm_devices_head will be reset before calling kvm_arm_set_device_addr.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180122060244.29368-3-peterx@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Alexey Kardashevskiy
9ded780c4c spapr/iommu: Enable in-kernel TCE acceleration via VFIO KVM device
In order to enable TCE operations support in KVM, we have to inform
the KVM about VFIO groups being attached to specific LIOBNs;
the necessary bits are implemented already by IOMMU MR and VFIO.

This defines get_attr() for the SPAPR TCE IOMMU MR which makes VFIO
call the KVM_DEV_VFIO_GROUP_SET_SPAPR_TCE ioctl and establish
LIOBN-to-IOMMU link.

This changes spapr_tce_set_need_vfio() to avoid TCE table reallocation
if the kernel supports the TCE acceleration.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
[aw - remove unnecessary sys/ioctl.h include]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-02-06 11:08:24 -07:00
Paolo Bonzini
4d98a8e5ec hvf: ept_emulation_fault() needs NetApp BSD attribution
Add the BSD license there.

Reported-by: Izik Eidus <izik@veertu.com>
Message-Id: <20180123123639.35255-3-izik@veertu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Izik Eidus
d781e24d05 Add missing hvdos public domain attribution:
hvf.c and vmx.h contain code from hvdos.c that is released as public domain:

from hvdos github: https://github.com/mist64/hvdos

"License

See LICENSE.txt (2-clause-BSD).

In order to simplify use of this code as a template, you can consider any parts from "hvdos.c" and "interface.h" as being in the public domain."

Signed-off-by: Izik Eidus <izik@veertu.com>
Message-Id: <20180123123639.35255-2-izik@veertu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Philippe Mathieu-Daudé
bf85388169 qdev: use device_class_set_parent_realize/unrealize/reset()
changes generated using the following Coccinelle patch:

  @@
  type DeviceParentClass;
  DeviceParentClass *pc;
  DeviceClass *dc;
  identifier parent_fn;
  identifier child_fn;
  @@
  (
  +device_class_set_parent_realize(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->realize;
  ...
  -dc->realize = child_fn;
  |
  +device_class_set_parent_unrealize(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->unrealize;
  ...
  -dc->unrealize = child_fn;
  |
  +device_class_set_parent_reset(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->reset;
  ...
  -dc->reset = child_fn;
  )

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20180114020412.26160-4-f4bug@amsat.org>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Richard Henderson
eed142195c target/hppa: Implement PROBE for system mode
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
fe0a69cca5 target/hppa: Fix 32-bit operand masks for 0E FCVT
We masked the wrong bits, which prevented some of the
32-bit R registers.  E.g. "fcnvxf,sgl,sgl fr22R,fr6R".

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
7b93dab51e target/hppa: Enable MTTCG
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
95412a6128 target/hppa: Implement STWA
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
b49572d373 target/hppa: Implement a pause instruction
This is an extension to the base ISA, but we can use this in
the kernel idle loop to reduce the host cpu time consumed.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Helge Deller
2330504cee target/hppa: Implement LDSID for system mode
Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <20180102203145.GA17059@ls3530.fritz.box>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Helge Deller
3f7367e2cc target/hppa: Fix comment
Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <20171212212319.GA31494@ls3530.fritz.box>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
5eecd37a93 target/hppa: Increase number of temp regs
HP-UX 10.20 CD contains "add r0, r0, r27" in a delay slot,
which uses at least 5 temps.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
46559e8184 target/hppa: Only use EXCP_DTLB_MISS
Unknown why this works, but if we return EXCP_ITLB_MISS we
will triple-fault the first userland instruction fetch.
Is it something to do with having a combined I/DTLB?

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
43e056522f target/hppa: Implement B,GATE insn
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:50 -08:00
Richard Henderson
c643603a85 target/hppa: Add migration for the cpu
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:49 -08:00
Richard Henderson
e33348a635 target/hppa: Add system registers to gdbstub
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:49 -08:00
Richard Henderson
494737b7a2 target/hppa: Optimize for flat addressing space
Linux sets sr4-sr7 all to the same value, which means that we
need not do any runtime computation to find out what space to
use in forming the GVA.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:49 -08:00
Helge Deller
6210db057a target/hppa: Implement halt and reset instructions
Real hardware would use an external device to control the power.
But for the moment let's invent instructions in reserved space,
to be used by our custom firmware.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-31 05:30:49 -08:00
Richard Henderson
e216a77e3b target/hppa: Implement SYNCDMA insn
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
43a97b81b5 target/hppa: Implement LCI
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
2dfcca9ffc target/hppa: Implement LPA
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
d0a851cc50 target/hppa: Implement LDWA
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
63300a00ab target/hppa: Implement P*TLB and P*TLBE insns
We now have all of the TLB manipulation instructions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
8d6ae7fb3a target/hppa: Implement I*TLBA and I*TLBP insns
The TLB can now be populated, but it cannot yet be cleared.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
b36942a698 target/hppa: Log unimplemented instructions
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
49c29d6c2e target/hppa: Implement the interval timer
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
4f5f254808 target/hppa: Implement external interrupts
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:26 -08:00
Richard Henderson
650cdb2a2e target/hppa: Implement tlb_fill
However since HPPA has a software-managed TLB, and the relevant
TLB manipulation instructions are not implemented, this does not
actually do anything.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:22:15 -08:00
Richard Henderson
c301f34e79 target/hppa: Implement IASQ
Any one TB will have only one space value.  If we change spaces,
we change TBs.  Thus BE and BEV must exit the TB immediately.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
660eefe1ca target/hppa: Avoid privilege level decrease during branches
These instructions force the destination privilege level
of the branch destination to be no higher than current.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
86f8d05fc0 target/hppa: Use space registers in data operations
This changes the system virtual address width to 64-bit and
incorporates the space registers into load/store operations.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
08aec8b53c target/hppa: Implement unaligned access trap
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
1a19da0da4 target/hppa: Fill in hppa_cpu_do_interrupt/hppa_cpu_exec_interrupt
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
f49b3537cb target/hppa: Implement rfi
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
7f221b0706 target/hppa: Adjust insn mask for mfctl,w
While the E bit is only used for pa2.0 mfctl,w from sar,
the otherwise reserved bit does not appear to be decoded.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
35136a77cb target/hppa: Add control registers
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
33423472f0 target/hppa: Add space registers
Not used where they should be yet, but we can copy them.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
e1b5a5ed6f target/hppa: Implement the system mask instructions
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
3d68ee7bbe target/hppa: Implement mmu_idx from IA privilege level
Most aspects of privilege are not yet handled.  But this
gives us the start from which to begin checking.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
eaa3783b68 target/hppa: Split address size from register size
For system mode, we will need 64-bit virtual addresses even when
we have 32-bit register sizes.  Since the rest of QEMU equates
TARGET_LONG_BITS with the address size, redefine everything
related to register size in terms of a new TARGET_REGISTER_BITS.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
2986721df7 target/hppa: Define hardware exception types
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
ba1d0b4482 target/hppa: Disable gateway page emulation for system mode
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Richard Henderson
fa57e3274d target/hppa: Define the rest of the PSW
We don't actually do anything with most of the bits yet,
but at least they have names and we have somewhere to
store them.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Helge Deller
813dff13bf target/hppa: Skeleton support for hppa-softmmu
With the addition of default-configs/hppa-softmmu.mak, this
will compile.  It is not enabled with this patch, however.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-01-30 10:08:18 -08:00
Suraj Jitindar Singh
8acc2ae5e9 target/ppc/kvm: Add cap_ppc_safe_[cache/bounds_check/indirect_branch]
Add three new kvm capabilities used to represent the level of host support
for three corresponding workarounds.

Host support for each of the capabilities is queried through the
new ioctl KVM_PPC_GET_CPU_CHAR which returns four uint64 quantities. The
first two, character and behaviour, represent the available
characteristics of the cpu and the behaviour of the cpu respectively.
The second two, c_mask and b_mask, represent the mask of known bits for
the character and beheviour dwords respectively.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[dwg: Correct some compile errors due to name change in final kernel
 patch version]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-29 14:24:55 +11:00
Peter Maydell
fca3dad533 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJaafR3AAoJEPMMOL0/L7483m4P/3GQil19zuj6EUbukR1kRv3T
 kYK9ciuGRkJ7qv3n16RgiobUREK8AziRiPi7fvC/T82wlhNbVIvOm/EQZj/yTlto
 Z18NLhYgSPu+zH6hymJVm/+ORpfXOzhgEZWXm2X6TIa+JMjXKdnn4+bxUCZSlnDM
 lQURK2XFv3F5didCMKDiFaAfWUFp3RUlfvo50n22hCIJa/GznsgHxnHbexHdrEXh
 NF5ES0pDMfoIG938XvLmJ6X8O+//G+02DrbRvsUBV948Lvx0bLCm7tiRC+kGRYmU
 i/QzcQzh6Zr2A4wR1WtItwQzYSJoJFp2/rxebXfNEPS5pMkR8UXtmtQ1WUMD2Xl3
 FITA5rHjw1W1pCOsq3vDkU4SyMjppKSyc8bA7iFHWSl/M1q7MHlx611TdMbYuXsX
 +GOOBVEYdD4VrLpTbcyYtA/fR1kJjPHDzdQx49mFLjPdVa+d5gXhxSJjRGPzvzgl
 O4WmARQvFyI6dumzYxVdYH2tJ2o5YCI17lv/HNcxlDXAW2Xa0peFqmxa/O1Bw6E3
 ayBixnIQUzAzS/fYfDtgWL2VyhruRiA0FTdW4OpXvdRRYsxmRFT1uzGMvAPSkBE2
 OSJmO0V/oRCHt/qmiMjCvDf/npo1GwRt/MADhGFa87d+D/gu6KlAzB1HhQ5t+yh4
 5vvbKRSK5Z2TZtUgniIA
 =YOpd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging

# gpg: Signature made Thu 25 Jan 2018 15:15:03 GMT
# gpg:                using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier/tags/m68k-for-2.12-pull-request:
  target/m68k: add HMP command "info tlb"
  target/m68k: add pflush/ptest
  target/m68k: add moves
  target/m68k: add index parameter to gen_load()/gen_store() and Co.
  target/m68k: add Transparent Translation
  target/m68k: add MC68040 MMU
  accel/tcg: add size paremeter in tlb_fill()
  target/m68k: fix TCG variable double free

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-26 10:08:53 +00:00
Laurent Vivier
2097dca6d3 target/m68k: add HMP command "info tlb"
Dump MMU state and address mappings.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-8-laurent@vivier.eu>
2018-01-25 16:02:25 +01:00
Laurent Vivier
e55886c334 target/m68k: add pflush/ptest
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-7-laurent@vivier.eu>
2018-01-25 16:02:25 +01:00
Laurent Vivier
5fa9f1f283 target/m68k: add moves
and introduce SFC and DFC control registers.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-6-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Laurent Vivier
54e1e0b5b5 target/m68k: add index parameter to gen_load()/gen_store() and Co.
The instruction "moves" can select source and destination
address space (user or kernel). This patch modifies
all the load/store functions to be able to provide
the address space the caller wants to use instead
of using the current one. All the callers are modified
to provide the default address space to these functions.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-5-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Laurent Vivier
c05c73b083 target/m68k: add Transparent Translation
Add ittr0, ittr1, dttr0, dttr1 and manage Transparent Translations

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-4-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Laurent Vivier
88b2fef6c3 target/m68k: add MC68040 MMU
Only add MC68040 MMU page table processing and related
registers (Special Status Word, Translation Control Register,
User Root Pointer and Supervisor Root Pointer).

Transparent Translation Registers, DFC/SFC and pflush/ptest
will be added later.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-3-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Laurent Vivier
98670d47cd accel/tcg: add size paremeter in tlb_fill()
The MC68040 MMU provides the size of the access that
triggers the page fault.

This size is set in the Special Status Word which
is written in the stack frame of the access fault
exception.

So we need the size in m68k_cpu_unassigned_access() and
m68k_cpu_handle_mmu_fault().

To be able to do that, this patch modifies the prototype of
handle_mmu_fault handler, tlb_fill() and probe_write().
do_unassigned_access() already includes a size parameter.

This patch also updates handle_mmu_fault handlers and
tlb_fill() of all targets (only parameter, no code change).

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-2-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Laurent Vivier
39e3e113bd target/m68k: fix TCG variable double free
t64 is also unconditionally freed after the switch () { ... }

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180119114444.7590-1-laurent@vivier.eu>
2018-01-25 16:02:24 +01:00
Richard Henderson
55faa21273 target/arm: Simplify fp_exception_el for user-only
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-16-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:29 +00:00
Richard Henderson
b9adaa70a0 target/arm: Hoist store to flags output in cpu_get_tb_cpu_state
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-15-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:29 +00:00
Richard Henderson
a9e013112f target/arm: Move cpu_get_tb_cpu_state out of line
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-14-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:29 +00:00
Richard Henderson
0d0a16c647 target/arm: Add ARM_FEATURE_SVE
Not enabled anywhere so far.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-11-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:29 +00:00
Richard Henderson
9a2b5256ea target/arm: Add aa{32, 64}_vfp_{dreg, qreg} helpers
Helpers that return a pointer into env->vfp.regs so that we isolate
the logic of how to index the regs array for different cpu modes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-7-richard.henderson@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:29 +00:00
Richard Henderson
3f68b8a5a6 target/arm: Change the type of vfp.regs
All direct users of this field want an integral value.  Drop all
of the extra casting between uint64_t and float64.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-6-richard.henderson@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Richard Henderson
e7c06c4e4c target/arm: Use pointers in neon tbl helper
Rather than passing a regno to the helper, pass pointers to the
vector register directly.  This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180119045438.28582-5-richard.henderson@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Richard Henderson
b13708bbbd target/arm: Use pointers in neon zip/uzp helpers
Rather than passing regnos to the helpers, pass pointers to the
vector registers directly.  This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180119045438.28582-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Richard Henderson
1a66ac61af target/arm: Use pointers in crypto helpers
Rather than passing regnos to the helpers, pass pointers to the
vector registers directly.  This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180119045438.28582-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Richard Henderson
cf96a68248 target/arm: Mark disas_set_insn_syndrome inline
If it isn't used when translate.h is included,
we'll get a compiler Werror.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180119045438.28582-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Ard Biesheuvel
9aea1ea31a target/arm: Fix 32-bit address truncation
Commit ("3b39d734141a target/arm: Handle page table walk load failures
correctly") modified both versions of the page table walking code (i.e.,
arm_ldl_ptw and arm_ldq_ptw) to record the result of the translation in
a temporary 'data' variable so that it can be inspected before being
returned. However, arm_ldq_ptw() returns an uint64_t, and using a
temporary uint32_t variable truncates the upper bits, corrupting the
result. This causes problems when using more than 4 GB of memory in
a TCG guest. So use a uint64_t instead.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-id: 20180119194648.25501-1-ard.biesheuvel@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-25 11:45:28 +00:00
Peter Maydell
82de978a8b target/xtensa updates:
- make mini-bootloader independent of the initial CPU state;
 - add noMMU XTFPGA variants;
 - add two noMMU cores: de212 and sample_controller;
 - fix issues reported by coverity against xtensa translator and disassembler.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJaZkLBAAoJEFH5zJH4P6BE6mIQAJT1hjEhfgm3xiGfVJZYGo34
 Eo/KeyKC7QOUbr0R+E+J3h2yxSXWYbweoAZvFXkH5V4w/fhdvrCXZPVvDW0QjYY/
 wG0h+YfV/8cgVxq8AiaPHie//bLhKvJKpqH4A0HnCE4pBcslKwjOtFcG20RfOgk8
 PeQSa15QsyhOtTgdlg8rdRDECL6Lm8mXTWtOdxx8HQsl73REmNgkOZzQDSK6D5gM
 EcAJQTCcPNoDKblJKae/msSG/Vbv3PxECGaj6B72pKDSUW5Z/OqzxXDnwWXQyOgu
 q1WoPwL5U0u7uH5JE5wdD0EqwypQAbMAuzFTsove5pQlaCWdxDJzK+74NFOh6BcL
 JmLZbA4UIlA19KXiZdNKRbeH5O1U1E9xBe0wxLsqVagrwkBfpRAhI3MG1qZE1Id3
 3O6qsk26ATBGmJgTb80Wk1lPKZgKzdgcCJpzj+nz7slXp4uIQ6R3rU+6huONsGNJ
 bvz+25RAMzbFLd1l0sDsEegxmQ2BqC2Y8JqO5EKgKtT72Aooax3X6pWc8GCPuwxd
 1MCoi/ZfDcYQXNS++A3hpiKI6+qrn2t51TuyB2aUnHXtFrhlBDN1W+d+tcxl23gr
 pHIaOKbZ0nL1TmUOklAZicFMoxbDz1uebqetNS3OIYkpmuf7hMrAnKkbXUeqq9qo
 gy8+yJrXbEWPHeWZ4MtX
 =qf0K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20180122-xtensa' into staging

target/xtensa updates:

- make mini-bootloader independent of the initial CPU state;
- add noMMU XTFPGA variants;
- add two noMMU cores: de212 and sample_controller;
- fix issues reported by coverity against xtensa translator and disassembler.

# gpg: Signature made Mon 22 Jan 2018 20:00:01 GMT
# gpg:                using RSA key 0x51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <filippov@cadence.com>"
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20180122-xtensa:
  target/xtensa: disas/xtensa: fix coverity warnings
  target/xtensa: add sample_controller core
  target/xtensa: allow different default CPU for MMU/noMMU
  target/xtensa: add de212 core
  hw/xtensa/xtfpga: support noMMU cores
  hw/xtensa/xtfpga: extract flash configuration
  hw/xtensa: extract xtensa_create_memory_regions
  target/xtensa: fix default sysrom/sysram addresses
  hw/xtensa/xtfpga: clean up function/structure names
  hw/xtensa/xtfpga: rewrite mini bootloader

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-24 16:59:36 +00:00
Peter Maydell
238e2d93c9 Various fixes/improvements, and support for the new 81/82
facility bits.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaZdEGAAoJEN7Pa5PG8C+vVq4P/04/hQMMhlYjscydro35dwLT
 8pjhJ1QNxoAhfCd3Mmb9finl+rC1KQHbxDwJlzbtjNUVVP6y6k4lAFaISwL5Gqui
 b/L5luBBdSpBBsL7IWIfXnL+yJUTgkvt6goc3x0rlLm7SCKjzBbPbXKPYvrfRLFO
 Km6kMMx4zwG7qJEmDrrdDSeGGw1lviyWuGiRutxLYR52Mvd+U6m1/G/53e5oqj2v
 XZLbS1mPty/jbFENm850dAXiDY7DHgIawYuqLcdjA50KYymCyaZP/dOvrf0pAeUc
 /eVp6xAz7S4bqW9/rM8/PUpyqx3Mug1TFk0ePbJEtt+/JtN2AC7wKFXvTi56n9aa
 RFLV+2WaDnY8+vcOhZkb5ptAKsDBkAzJw5hbXKM/elnUjPk8o326fDMrCyoMhj84
 JyyqLWEeVCdiCP1xdz0D8WnBq33+FDqJ7P2YHWBpcSyodG+udS1Qttc38JxUKstH
 9olJk+atnAdmTU+KmZuF6CnBbGIBxXqJrIXnroMT3Ycp6qdQzHmNq4UrTv/tQM+B
 PLR14kWNvEiGVEGBPc65JUJjLM3MoXzmnY5c/C7cmSGRMgLCSjnpSW6tBNEn470J
 nTfca/PLaUzhbIjPDwmB+AYjKZ/y+Pl5pz8e5rY6qt+7C8/qaOYrPtVy0VRt2smW
 ki1fawgWY6I00i9a1z5l
 =bvX/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180122' into staging

Various fixes/improvements, and support for the new 81/82
facility bits.

# gpg: Signature made Mon 22 Jan 2018 11:54:46 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20180122:
  s390x/kvm: provide stfle.81
  s390x/kvm: Handle bpb feature
  linux-headers: update
  s390x/tcg: fixup TEST PROTECTION
  s390x: fix storage attributes migration for non-small guests
  hw/s390x: Replace fprintf(stderr, "*\n" with qemu_log_mask()
  s390x/sclp: fix missing be conversion
  s390x/tcg: implement TEST PROTECTION
  s390x/sclp: fixup highest CPU address

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-23 13:10:24 +00:00
Max Filippov
847a647320 target/xtensa: disas/xtensa: fix coverity warnings
Coverity warnings CID 1385146, 1385148 1385149 and 1385150 point that
xtensa_opcode_num_operands and xtensa_format_num_slots may return -1
even when xtensa_opcode_decode and xtensa_format_decode succeed. In that
case unsigned counters used to iterate through operands/slots will not
do the right thing.
Make counters and loop bounds signed to fix the warnings.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-22 11:54:58 -08:00
Max Filippov
251634f4ce target/xtensa: add sample_controller core
The sample_controller core is a simple noMMU general purpose core, modern
analog of de212. It is used as a default core in the xtensa port of
Zephyr.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-22 11:54:58 -08:00
Max Filippov
a3c5e49da9 target/xtensa: allow different default CPU for MMU/noMMU
Define default core for noMMU configurations and use that core as
machine default with noMMU XTFPGA machines.
This is done to avoid offering non-working configuration (MMU core on a
noMMU machine) as a default.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-22 11:54:23 -08:00
Christian Borntraeger
9f0d13f4f1 s390x/kvm: provide stfle.81
stfle.81 (ppa15) is a transparent facility that can be passed to the
guest without the need to implement hypervisor support. As this feature
can be provided by firmware we add it to all full models.

Cc: qemu-stable@nongnu.org
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20180118085628.40798-4-borntraeger@de.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-01-22 11:22:43 +01:00
Christian Borntraeger
b073c87517 s390x/kvm: Handle bpb feature
We need to handle the bpb control on reset and migration. Normally
stfle.82 is transparent (and the normal guest part works without
hypervisor activity). To prevent any issues we require full
host kernel support for this feature.

Cc: qemu-stable@nongnu.org
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20180118085628.40798-3-borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
[CH: 'Branch Prediction Blocking' -> 'Branch prediction blocking']
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-01-22 11:22:30 +01:00
David Hildenbrand
b5e8532902 s390x/tcg: fixup TEST PROTECTION
CC == 2 can only happen due to a protection exception, not if memory is
not available (PGM_ADDRESSING). So all PGM_ADDRESSING exceptions have to
be forwarded to the guest.

Since the initial definition of TEST PROTECTION, we now read globals
(e.g. PSW mask), so we have to correctly mark the instruction
(otherwise, e.g. booting fedora 27 fails).

Also, the architecture explicitly specifies which exceptions are
forwarded to the guest, this makes the code a little nicer.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180112125452.8569-1-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-01-22 11:04:52 +01:00
David Hildenbrand
bb87943072 s390x/tcg: implement TEST PROTECTION
Linux uses TEST PROTECTION to sense for available memory locations.

Let's implement what we can for now (just as for the other instructions,
excluding AR mode and special protection mechanisms).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171218224616.21030-2-david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-01-22 11:04:52 +01:00
Cédric Le Goater
7af1e7b022 target/ppc: add support for hypervisor doorbells on book3s CPUs
The hypervisor doorbells are used by skiboot and Linux on POWER9
processors to wake up secondaries.

This adds processor control support to the Server architecture by
reusing the Embedded support. They are very similar, only the bits
definition of the CPU identifier differ.

Still to be done is message broadcast to all threads of the same
processor.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-20 17:15:05 +11:00
pbonzini@redhat.com
b62b368627 target-ppc: optimize cmp translation
We know that only one bit (in addition to SO) is going to be set in
the condition register, so do two movconds instead of three setconds,
three shifts and two ORs.

For ppc64-linux-user, the code size reduction is around 5% and the
performance improvement slightly less than 10%.  For softmmu, the
improvement is around 5%.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-20 17:15:05 +11:00
Cédric Le Goater
ebca5e6d5e target/ppc: msgsnd and msgclr instructions need hypervisor privilege
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-20 17:15:05 +11:00
Cédric Le Goater
1414c75d54 target/ppc: fix doorbell and hypervisor doorbell definitions
commit f03a1af581 ("ppc: Fix POWER7 and POWER8 exception definitions")
introduced definitions for the server doorbell exceptions by reusing
the embedded definitions but this adds complexity in the powerpc_excp()
routine. Let's introduce specific definitions for the Server doorbells
exception.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-20 17:15:05 +11:00
Peter Maydell
5cad8ca516 x86 queue, 2018-01-17
Highlight: new CPU models that expose CPU features that guests
 can use to mitigate CVE-2017-5715 (Spectre variant #2).
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJaX/+jAAoJECgHk2+YTcWmlzIP/i0oKKTtMccOozXQ8XbxfGs/
 Ek+k1joJSBRixUEB+hHHLraRmtw0b94R6uWXRF1KK9CPD06annHdr4tOAsryrQmp
 /lJfs7weGKi8o4Jz/YJW83NzNdNie0XloiS3+JGfu8fRh2EJDW3lv0j2CT3ytRlf
 rbal/j2E8lsmSsdL1lGbwb3E3DWDWIesWOGQMd3tu3WiMBMSgDqZa8RZo7hNiRsE
 7Vdj2yAWuj3vKRLSipIsSSOimr2P1hZsCMP2CI43BIvl6gW1S5ymExEppLNxruH6
 mqjAC96It3kqEZHVMPJg4evhwZitNxgqGtgrEbVfeZj+DTO/ZP6X6pcqtLdPA553
 dMrspDkYgU/OvE1ZQSMEXUm2IDt6fmpRiC4LvkWjMkvOOADIIBzL6LTzBd4k6fZ2
 hxQi+nc/IrIkQpq3f51YRVxwOs8otTBJzyqokxRvB3tOhg/I+NMxCvz5dyRjj5sN
 33eVdIuyndHiPTyvvv8eCjFeQG+wFFptPXMUhUEvJvQobJ/ZW76E+On8Kz3aYEF8
 lz++g3HvN7b7YPx3fqAvRfX/nZtDt04MDXvvnccXRt55Cn8tblQ92y84Wjc84SNZ
 lkgKhl4uOg6k7A1TblIhrk93eew/hSqaW8R8+y6qTUMkS6teAFsMrT0BSKETi1do
 GWTTbgH/3OECAQYFopBz
 =GtpX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

x86 queue, 2018-01-17

Highlight: new CPU models that expose CPU features that guests
can use to mitigate CVE-2017-5715 (Spectre variant #2).

# gpg: Signature made Thu 18 Jan 2018 02:00:03 GMT
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  i386: Add EPYC-IBPB CPU model
  i386: Add new -IBRS versions of Intel CPU models
  i386: Add FEAT_8000_0008_EBX CPUID feature word
  i386: Add spec-ctrl CPUID bit
  i386: Add support for SPEC_CTRL MSR
  i386: Change X86CPUDefinition::model_id to const char*
  target/i386: add clflushopt to "Skylake-Server" cpu model
  pc: add 2.12 machine types

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-18 12:59:24 +00:00
Eduardo Habkost
6cfbc54e89 i386: Add EPYC-IBPB CPU model
EPYC-IBPB is a copy of the EPYC CPU model with
just CPUID_8000_0008_EBX_IBPB added.

Cc: Jiri Denemark <jdenemar@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-7-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:54:39 -02:00
Eduardo Habkost
ac96c41354 i386: Add new -IBRS versions of Intel CPU models
The new MSR IA32_SPEC_CTRL MSR was introduced by a recent Intel
microcode updated and can be used by OSes to mitigate
CVE-2017-5715.  Unfortunately we can't change the existing CPU
models without breaking existing setups, so users need to
explicitly update their VM configuration to use the new *-IBRS
CPU model if they want to expose IBRS to guests.

The new CPU models are simple copies of the existing CPU models,
with just CPUID_7_0_EDX_SPEC_CTRL added and model_id updated.

Cc: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-6-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Eduardo Habkost
1b3420e1c4 i386: Add FEAT_8000_0008_EBX CPUID feature word
Add the new feature word and the "ibpb" feature flag.

Based on a patch by Paolo Bonzini.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-5-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Eduardo Habkost
a2381f0934 i386: Add spec-ctrl CPUID bit
Add the feature name and a CPUID_7_0_EDX_SPEC_CTRL macro.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-4-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Paolo Bonzini
a33a2cfe2f i386: Add support for SPEC_CTRL MSR
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Eduardo Habkost
807e9869b8 i386: Change X86CPUDefinition::model_id to const char*
It is valid to have a 48-character model ID on CPUID, however the
definition of X86CPUDefinition::model_id is char[48], which can
make the compiler drop the null terminator from the string.

If a CPU model happens to have 48 bytes on model_id, "-cpu help"
will print garbage and the object_property_set_str() call at
x86_cpu_load_def() will read data outside the model_id array.

We could increase the array size to 49, but this would mean the
compiler would not issue a warning if a 49-char string is used by
mistake for model_id.

To make things simpler, simply change model_id to be const char*,
and validate the string length using an assert() on
x86_register_cpudef_type().

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180109154519.25634-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Haozhong Zhang
c68bcb3a99 target/i386: add clflushopt to "Skylake-Server" cpu model
CPUID_7_0_EBX_CLFLUSHOPT is missed in current "Skylake-Server" cpu
model. Add it to "Skylake-Server" cpu model on pc-i440fx-2.12 and
pc-q35-2.12. Keep it disabled in "Skylake-Server" cpu model on older
machine types.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Message-Id: <20171219033730.12748-3-haozhong.zhang@intel.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-17 23:04:31 -02:00
Luc MICHEL
2e569845bd target-ppc: Fix booke206 tlbwe TLB instruction
When overwritting a valid TLB entry with a new one, the previous page
were not flushed in QEMU TLB, leading to incoherent mapping. This commit
fixes this.

Signed-off-by: Luc MICHEL <luc.michel@git.antfield.fr>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-17 09:35:24 +11:00
Cédric Le Goater
0bfc0cf0af target/ppc: add support for POWER9 HILE
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-17 09:35:24 +11:00
David Gibson
abbc124753 target/ppc: Clarify compat mode max_threads value
We recently had some discussions that were sidetracked for a while, because
nearly everyone misapprehended the purpose of the 'max_threads' field in
the compatiblity modes table.  It's all about guest expectations, not host
expectations or support (that's handled elsewhere).

In an attempt to avoid a repeat of that confusion, rename the field to
'max_vthreads' and add an explanatory comment.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
2018-01-17 09:35:24 +11:00
Jose Ricardo Ziviani
03ee51d354 ppc: Change Power9 compat table to support at most 8 threads/core
Increases the max smt mode to 8 for Power9. That's because KVM supports
smt emulation in this platform so QEMU should allow users to use it as
well.

Today if we try to pass -smp ...,threads=8, QEMU will silently truncate
it to smt4 mode and may cause a crash if we try to perform a cpu
hotplug.

Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
[dwg: Added an explanatory comment]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-17 09:35:24 +11:00
David Gibson
3f2ca480eb target/ppc: Clean up probing of VMX, VSX and DFP availability on KVM
When constructing the "host" cpu class we modify whether the VMX and VSX
vector extensions and DFP (Decimal Floating Point) are available
based on whether KVM can support those instructions.  This can depend on
policy in the host kernel as well as on the actual host cpu capabilities.

However, the way we probe for this is not very nice: we explicitly check
the host's device tree.  That works in practice, but it's not really
correct, since the device tree is a property of the host kernel's platform
which we don't really know about.  We get away with it because the only
modern POWER platforms happen to encode VMX, VSX and DFP availability in
the device tree in the same way.

Arguably we should have an explicit KVM capability for this, but we haven't
needed one so far.  Barring specific KVM policies which don't yet exist,
each of these instruction classes will be available in the guest if and
only if they're available in the qemu userspace process.  We can determine
that from the ELF AUX vector we're supplied with.

Once reworked like this, there are no more callers for kvmppc_get_vmx() and
kvmppc_get_dfp() so remove them.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
2018-01-17 09:35:24 +11:00
Alexey Kardashevskiy
a36593e167 target/ppc: Yet another fix for KVM-HV HPTE accessors
As stated in the 1ad9f0a464 commit log, the returned entries are not
a whole PTEG. It was not a problem before 1ad9f0a464 as it would read
a single record assuming it contains a whole PTEG but now the code tries
reading the entire PTEG and "if ((n - i) < invalid)" produces negative
values which then are converted to size_t for memset() and that throws
seg fault.

This fixes the math.

While here, fix the last @i increment as well.

Fixes: 1ad9f0a464 "target/ppc: Fix KVM-HV HPTE accessors"
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-17 09:35:24 +11:00
Peter Maydell
c1d5b9add7 * QemuMutex tracing improvements (Alex)
* ram_addr_t optimization (David)
 * SCSI fixes (Fam, Stefan, me)
 * do {} while (0) fixes (Eric)
 * KVM fix for PMU (Jan)
 * memory leak fixes from ASAN (Marc-André)
 * migration fix for HPET, icount, loadvm (Maria, Pavel)
 * hflags fixes (me, Tao)
 * block/iscsi uninitialized variable (Peter L.)
 * full support for GMainContexts in character devices (Peter Xu)
 * more boot-serial-test (Thomas)
 * Memory leak fix (Zhecheng)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJaXgkRAAoJEL/70l94x66DA3EIAI8z8Y+1NAmbLqiHhrrN9Ji/
 b8EHQ8wf0pwwrHuRVKYZvKUU8yvp/CRIoVWZwfeGjRbZC+l7l+BAwdOx42Bj/dUW
 VopNzcJMu3s5SNwoYLvs01OjhciBYNXWTXBkIiErwurF0Ow7oYR7trkLwOw0veSO
 L4qFAGoIBI/7b6BZ3YRQXshhzdSQ6dvHrDness2V1c0crLG+yhvjKJ8PJ2tJyNZO
 DbsrCd7hS6e6liSUqdLj9XgRySFj9R5kgjaLjckjg1SC6kmhLN9hyke8iXgH7uvz
 WGnRPmKjKexFHVYgR0rRFlazcQclAczHuIi/OZe0HLi6trg2YKBkolMaQLQdgfk=
 =HTyS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* QemuMutex tracing improvements (Alex)
* ram_addr_t optimization (David)
* SCSI fixes (Fam, Stefan, me)
* do {} while (0) fixes (Eric)
* KVM fix for PMU (Jan)
* memory leak fixes from ASAN (Marc-André)
* migration fix for HPET, icount, loadvm (Maria, Pavel)
* hflags fixes (me, Tao)
* block/iscsi uninitialized variable (Peter L.)
* full support for GMainContexts in character devices (Peter Xu)
* more boot-serial-test (Thomas)
* Memory leak fix (Zhecheng)

# gpg: Signature made Tue 16 Jan 2018 14:15:45 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (51 commits)
  scripts/analyse-locks-simpletrace.py: script to analyse lock times
  util/qemu-thread-*: add qemu_lock, locked and unlock trace events
  cpu: flush TB cache when loading VMState
  block/iscsi: fix initialization of iTask in iscsi_co_get_block_status
  find_ram_offset: Align ram_addr_t allocation on long boundaries
  find_ram_offset: Add comments and tracing
  cpu_physical_memory_sync_dirty_bitmap: Another alignment fix
  checkpatch: Enforce proper do/while (0) style
  maint: Fix macros with broken 'do/while(0); ' usage
  tests: Avoid 'do/while(false); ' in vhost-user-bridge
  chardev: Clean up previous patch indentation
  chardev: Use goto/label instead of do/break/while(0)
  mips: Tweak location of ';' in macros
  net: Drop unusual use of do { } while (0);
  irq: fix memory leak
  cpus: unify qemu_*_wait_io_event
  icount: fixed saving/restoring of icount warp timers
  scripts/qemu-gdb/timers.py: new helper to dump timer state
  scripts/qemu-gdb: add simple tcg lock status helper
  target-i386: update hflags on Hypervisor.framework
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-16 15:45:15 +00:00
Eric Blake
2562755ee7 maint: Fix macros with broken 'do/while(0); ' usage
The point of writing a macro embedded in a 'do { ... } while (0)'
loop (particularly if the macro has multiple statements or would
otherwise end with an 'if' statement) is so that the macro can be
used as a drop-in statement with the caller supplying the
trailing ';'.  Although our coding style frowns on brace-less 'if':
  if (cond)
    statement;
  else
    something else;
that is the classic case where failure to use do/while(0) wrapping
would cause the 'else' to pair with any embedded 'if' in the macro
rather than the intended outer 'if'.  But conversely, if the macro
includes an embedded ';', then the same brace-less coding style
would now have two statements, making the 'else' a syntax error
rather than pairing with the outer 'if'.  Thus, even though our
coding style with required braces is not impacted, ending a macro
with ';' makes our code harder to port to projects that use
brace-less styles.

The change should have no semantic impact.  I was not able to
fully compile-test all of the changes (as some of them are
examples of the ugly bit-rotting debug print statements that are
completely elided by default, and I didn't want to recompile
with the necessary -D witnesses - cleaning those up is left as a
bite-sized task for another day); I did, however, audit that for
all files touched, all callers of the changed macros DID supply
a trailing ';' at the callsite, and did not appear to be used
as part of a brace-less conditional.

Found mechanically via: $ git grep -B1 'while (0);' | grep -A1 \\\\

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20171201232433.25193-7-eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:52 +01:00
Eric Blake
94f5c480e9 mips: Tweak location of ';' in macros
It is more typical to provide the ';' by the caller of a macro
than to embed it in the macro itself; this is because syntax
highlight engines can get confused if a macro is called without
a semicolon before the closing '}'.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20171201232433.25193-3-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
linzhecheng
01960e6d21 irq: fix memory leak
entry is moved from list but is not freed.

Signed-off-by: linzhecheng <linzhecheng@huawei.com>

Message-Id: <20171225024704.19540-1-linzhecheng@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
Paolo Bonzini
809092f313 target-i386: update hflags on Hypervisor.framework
This ensures that x86_cpu_dump_state shows registers with the correct
size.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
Tao Wu
df16af8741 target/i386: hax: Move x86_update_hflags.
x86_update_hflags reference env->efer which is updated in hax_get_msrs,
so it has to be called after hax_get_msrs. This fix the bug that sometimes
dump_state show 32 bits regs even in 64 bits mode.

Signed-off-by: Tao Wu <lepton@google.com>
Message-Id: <20180110195056.85403-3-lepton@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
Tao Wu
e527f86e3e target/i386: hax: change to use x86_update_hflags
Change to use x86_update_hflags instead of keeping another copy
at hax side. This also fix bug like HF_CPL_MASK should be SS.DPL,
not CS.DPL.

Signed-off-by: Tao Wu <lepton@google.com>
Message-Id: <20180110195056.85403-2-lepton@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
Tao Wu
35b1b92751 target/i386: move hflags update code to a function
We will share the same code for hax/kvm.

Signed-off-by: Tao Wu <lepton@google.com>
Message-Id: <20180110195056.85403-1-lepton@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-16 14:54:51 +01:00
Richard Henderson
8081796a75 target/arm: Add fp16 support to vfp_expand_imm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180110063337.21538-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-16 13:28:14 +00:00
Richard Henderson
e90a99fe6b target/arm: Split out vfp_expand_imm
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180110063337.21538-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-16 13:28:13 +00:00
Peter Maydell
3b39d73414 target/arm: Handle page table walk load failures correctly
Instead of ignoring the response from address_space_ld*()
(indicating an attempt to read a page table descriptor from
an invalid physical address), use it to report the failure
correctly.

Since this is another couple of locations where we need to
decide the value of the ARMMMUFaultInfo ea bit based on a
MemTxResult, we factor out that operation into a helper
function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-16 13:28:11 +00:00
Peter Maydell
8638f1ad74 get_phys_addr_pmsav7: Support AP=0b111 for v7M
For PMSAv7, the v7A/R Arm ARM defines that setting AP to 0b111
is an UNPREDICTABLE reserved combination. However, for v7M
this value is documented as having the same behaviour as 0b110:
read-only for both privileged and unprivileged. Accept this
value on an M profile core rather than treating it as a guest
error and a no-access page.

Reported-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1512742402-31669-1-git-send-email-peter.maydell@linaro.org
2018-01-16 13:28:10 +00:00
Peter Maydell
a3380cf658 target/xtensa: Remove duplicate typedef of DisasContext
Some older versions of gcc complain if a typedef is defined twice:

target/xtensa/translate.c:81: error: redefinition of typedef 'DisasContext'
target/xtensa/cpu.h:339: note: previous declaration of 'DisasContext' was here

Remove the now-redundant typedef from the definition of the struct in
translate.c.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1515762528-22818-1-git-send-email-peter.maydell@linaro.org
2018-01-12 14:36:41 +00:00
Jan Dakinevich
0b368a10c7 i386/cpu/kvm: look at PMU's CPUID before setting MSRs
Certain PMU-related MSRs are not supported for CPUs with PMU
architecture below version 2. KVM rejects any access to them (see
intel_is_valid_msr_idx routine in KVM), and QEMU fails on the following
assertion:

  kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

QEMU also could fail if KVM exposes less fixed counters then 3. It could
happen if host system run inside another hypervisor, which is tweaking
PMU-related CPUID. To prevent possible fail, number of fixed counters now is
obtained in the same way as number of GP counters.

Reviewed-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
Message-Id: <1514383466-7257-1-git-send-email-jan.dakinevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-12 13:22:02 +01:00
Max Filippov
7ddaee6d08 target/xtensa: add de212 core
DE212 is a noMMU core supported in linux. Import this core to provide
true noMMU configuration for xtensa linux to run on QEMU.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-11 12:45:27 -08:00
Max Filippov
29b39bc712 target/xtensa: fix default sysrom/sysram addresses
noMMU configs had wrong sysrom and sysram base addresses, fix them.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-11 09:31:26 -08:00
Peter Maydell
997eba28a3 target-arm queue:
* add aarch64_be linux-user target
  * Virt: ACPI: fix qemu assert due to re-assigned table data address
  * imx_fec: various bug fixes and cleanups
  * hw/timer/pxa2xx_timer: replace hw_error() -> qemu_log_mask()
  * hw/sd/pxa2xx_mmci: add read/write() trace events
  * linux-user/arm/nwfpe: Check coprocessor number for FPA emulation
  * target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions
  * hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI
  * hw/intc/arm_gic: reserved register addresses are RAZ/WI
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaV2iVAAoJEDwlJe0UNgzeLmEQAJ3A9m42/ZI6z3zSjnu27q13
 8UvLlXimJuABK9cav5EvqXz6j+LwqBs7psJ6tvNXV3L2A+lBPYPHsTqnS7T0BSts
 36r1IepRA1Gw8nIdKDpK4ZwNQ2EkkipairtWq7OV4Q3Ouh5TRuVX2Sm8iKdz0tm5
 cd6LAQjynPfe4oeZXgJU6TlulSaWxSrUhhc0VGsv6Q9L5tZR4C1lFYP8Ijv3xPfh
 5pKWccTJktywahrFrdr0mWOWnRgkZ3Fm63r0JeyoHeT7olLLp91zk/d+C7+QYoEn
 vkJwvPrhYru349Inq8T7X7jg3aWdh28Ivajm11EQ9l+uFjwdbR/jbVUHCQn3QXzE
 +SN1Kmk3U8IiAPoc9hjTjHnYG6OSKEBgJautgmxQZjWaMm7RvwVPvJTULyZTQi27
 0NxHl9Uh2dlc8Msj6DfGfd0XOdf1crqtAGERKfJBsyrN0whiugH9Hn+AEnjf17zt
 M6lJbkwF8P8oG0DmnbZcxvh9QIHv0eaAW5ksR5wwnPIHsvSLQv/wgiwRdTjNh/JM
 KNH/F4+H2O7bbK2Dh/Y20RGiip0XhpelRFfoN507Uh4YgE+NEmV1CnN1gbk/P+y6
 f1PJ5Dt+H3m3dSyzyUsie4foO5BVTxhPE6dQKz2nsTWjNJRbIRLJx82A5GSF2Cip
 ZDCn6DGcMXtbAoseeu9l
 =imOw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180111' into staging

target-arm queue:
 * add aarch64_be linux-user target
 * Virt: ACPI: fix qemu assert due to re-assigned table data address
 * imx_fec: various bug fixes and cleanups
 * hw/timer/pxa2xx_timer: replace hw_error() -> qemu_log_mask()
 * hw/sd/pxa2xx_mmci: add read/write() trace events
 * linux-user/arm/nwfpe: Check coprocessor number for FPA emulation
 * target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions
 * hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI
 * hw/intc/arm_gic: reserved register addresses are RAZ/WI

# gpg: Signature made Thu 11 Jan 2018 13:37:25 GMT
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180111: (26 commits)
  hw/intc/arm_gic: reserved register addresses are RAZ/WI
  hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI
  target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions
  linux-user/arm/nwfpe: Check coprocessor number for FPA emulation
  hw/sd/pxa2xx_mmci: add read/write() trace events
  hw/timer/pxa2xx_timer: replace hw_error() -> qemu_log_mask()
  imx_fec: Reserve full FSL_IMX25_FEC_SIZE page for the register file
  imx_fec: Fix a typo in imx_enet_receive()
  imx_fec: Use correct length for packet size
  imx_fec: Add support for multiple Tx DMA rings
  imx_fec: Emulate SHIFT16 in ENETx_RACC
  imx_fec: Use MIN instead of explicit ternary operator
  imx_fec: Use ENET_FTRL to determine truncation length
  imx_fec: Move Tx frame buffer away from the stack
  imx_fec: Change queue flushing heuristics
  imx_fec: Refactor imx_eth_enable_rx()
  imx_fec: Do not link to netdev
  Virt: ACPI: fix qemu assert due to re-assigned table data address
  target/arm: Fix stlxp for aarch64_be
  linux-user: Activate armeb handler registration
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-11 14:34:41 +00:00
Peter Maydell
2eea841c11 target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions
Refactor disas_thumb2_insn() so that it generates the code for raising
an UNDEF exception for invalid insns, rather than returning a flag
which the caller must check to see if it needs to generate the UNDEF
code. This brings the function in to line with the behaviour of
disas_thumb_insn() and disas_arm_insn().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1513080506-17703-1-git-send-email-peter.maydell@linaro.org
2018-01-11 13:25:40 +00:00
Michael Weiser
0785557f88 target/arm: Fix stlxp for aarch64_be
ldxp loads two consecutive doublewords from memory regardless of CPU
endianness. On store, stlxp currently assumes to work with a 128bit
value and consequently switches order in big-endian mode. With this
change it packs the doublewords in reverse order in anticipation of the
128bit big-endian store operation interposing them so they end up in
memory in the right order. This makes it work for both MTTCG and !MTTCG.
It effectively implements the ARM ARM STLXP operation pseudo-code:

data = if BigEndian() then el1:el2 else el2:el1;

With this change an aarch64_be Linux 4.14.4 kernel succeeds to boot up
in system emulation mode.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-11 13:25:33 +00:00
Peter Maydell
e890966d60 ppc patch queue 2018-01-11
This pull request supersedes ppc-for-2.12-20180108 and several before
 it.  The earlier pull request included a patch which exposed a bug in
 the ARM TCG backend.  I've pulled that out and will repost once the
 ARM bug is fixed (a patch has been posted by Richard Henderson).
 
 Higlights from this series:
   * SLOF update
   * Several new devices for embedded platforms
   * Fix to correctly set compatiblity mode for hotplugged CPUs
   * dtc compile fix for older MacOS versions
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlpW7uMACgkQbDjKyiDZ
 s5JBRQ//Ybt5KgnY0WVEJDVjeIuNBJUD6brVSIYr39tQPe1XdLgeVESxY8NFHy/A
 +vEuTXeneJw6ShkfQFoyvMKpMi/vUmdCW9I7JL0VSFL1DlnpQqonH2EXUWRR4ox9
 DF54+Q/KUFyUS3ENN5FSLDSYKhHZ2lgS5ViNuk5rmOlsrfEsjwqi5hCyMN7DXDv+
 XY/kv2WWLHtXx6W8ci42jYeTDXnLTA2qLh2pCywakJa3vJkmxkBedotBOBA4A2lo
 ThhwwPqBN1Ui0mR5faVXRAnzOYv2bduv4srdtiYmaWESDx6iDmBcVIedbI/ls7ux
 xikU5ix/GGfX74Bg/mrxGC4+i6mc0lifyGMKyyRle3lD1KrMUuI8ceGuxpzNENgQ
 uwpAnnLx6wwLk2BSsBGz7nXIwI5ZKVJf0u/zVjKkIh4BDn/nDTkPqM8aKweG+XbY
 1ahJp0mlmvBbPLWdiK+bmJR453tlvSLp+Xk/YmIw0g+9tORS6ET2StH5InrM04/J
 in2aQ1Tf7cOu5F+emg11UY33l2MZ6hgKcqMbRi2wGDtSTBVe2VUkXRKz6oKsTvXk
 Yx12+DweC1oK3Gmw/qv/xs/QnrMp7Au50jYHvpLEY7MuHSG2CdmP8hiCYP6HGi0W
 ZhF3khXlZ/Dw7Rkq6W3TGUyTRXhDoI73SB716SbScSgSluEzovs=
 =W8lr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.12-20180111' into staging

ppc patch queue 2018-01-11

This pull request supersedes ppc-for-2.12-20180108 and several before
it.  The earlier pull request included a patch which exposed a bug in
the ARM TCG backend.  I've pulled that out and will repost once the
ARM bug is fixed (a patch has been posted by Richard Henderson).

Higlights from this series:
  * SLOF update
  * Several new devices for embedded platforms
  * Fix to correctly set compatiblity mode for hotplugged CPUs
  * dtc compile fix for older MacOS versions

# gpg: Signature made Thu 11 Jan 2018 04:58:11 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.12-20180111:
  spapr: Correct compatibility mode setting for hotplugged CPUs
  hw/ppc: Remove the deprecated spapr-pci-vfio-host-bridge device
  Update dtc to fix compilation problem on Mac OS 10.6
  target/ppc: more use of the PPC_*() macros
  ppc/pnv: change powernv_ prefix to pnv_ for overall naming consistency
  hw/ide: Emulate SiI3112 SATA controller
  spapr_pci: use warn_report()
  ppc4xx_i2c: Implement basic I2C functions
  sm501: Add some more unimplemented registers
  sm501: Add panel hardware cursor registers also to read function
  pseries: Update SLOF firmware image to qemu-slof-20171214

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-11 13:24:17 +00:00
Peter Maydell
7642f96e60 qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCAA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAlpVPkYeHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIf27MIAIxw7dIYn9ez/uNv
 7iQpTp+aJjEnPhsjcshfzHfPej7d1h6ot6midy75hKb3NfyOG3RN23N5mzK4Mzjf
 ybHtXhTjYJl5gndaM0jCdaU5EYDq3BU6kkXS3WJy2hNayfFkRpeLWBR7pdxAGrP3
 bp1r064tl3sA8ALYVWFyldgf3o2AuJSxjDFRgbRRIbX1KRLnMwB2gM7ix4FCykcK
 YVIG113J4BAkTuD9vfBRz2f/Gs+zdqjprFVGccyej70qvhjnW7bgL78uYvHMzbST
 CuLULx9v3es8/s7fd1GSxZj45YTkivUPzFI4n2I0qWApTcJVBoGqj5f8EvwD/y67
 A4eiFAQ=
 =EPl3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Tue 09 Jan 2018 22:12:22 GMT
# gpg:                using RSA key 0x5BC2C56FAE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-sparc-signed: (25 commits)
  sun4u_iommu: add trace event for IOMMU translations
  sun4u_iommu: convert from IOMMU_DPRINTF to trace-events
  sun4u_iommu: update to reflect IOMMU is no longer part of the APB device
  sun4u: split IOMMU device out from apb.c to sun4u_iommu.c
  apb: QOMify IOMMU
  sun4m: remove include/hw/sparc/sun4m.h and all references to it
  sun4m: move IOMMU declarations from sun4m.h to sun4m_iommu.h
  sun4m: move sun4m_iommu.c from hw/dma to hw/sparc
  sun4u: switch from EBUS_DPRINTF() macro to trace-events
  sparc64: introduce trace-events for hw/sparc64
  apb: replace OBIO interrupt numbers in pci_pbmA_map_irq() with constants
  ebus: wire up OBIO interrupts to APB pbm via qdev GPIOs
  apb: remove busA property from PBMPCIBridge state
  apb: split pci_pbm_map_irq() into separate functions for bus A and bus B
  apb: remove pci_apb_init() and instantiate APB device using qdev
  apb: move the two secondary PCI bridges objects into APBState
  apb: use gpios to wire up the apb device to the SPARC CPU IRQs
  apb: return APBState from pci_apb_init() rather than PCIBus
  apb: APB QOMify tidy-up
  sun4u: move initialisation of all ISABus devices into ebus_realize()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-11 09:54:15 +00:00
Cédric Le Goater
a6a444a87a target/ppc: more use of the PPC_*() macros
Also introduce utilities to manipulate bitmasks (originaly from OPAL)
which be will be used in the model of the XIVE interrupt controller.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-01-10 12:53:00 +11:00
Jean-Christophe Dubois
7e450a8f50 target/sparc: remove MemoryRegionSection check code from sparc_cpu_get_phys_page_debug()
This code is preventing the MMU debug code from displaying virtual
mappings of IO devices (anything that is not located in the RAM).

Before this patch, Qemu would output 0xffffffffffffffff (-1) as the
physical address corresponding to an IO device virtual address.

With this patch the intended physical address is displayed.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2018-01-09 21:31:31 +00:00
Peter Maydell
76302a95e7 target/xtensa updates:
- add libisa to the xtensa target;
 - change xtensa instruction translator to use it;
 - switch existing xtensa cores to use it;
 - add support for a number of instructions: salt/saltu, const16,
   GPIO32 group, debug mode and MMU-related;
 - add disassembler for Xtensa.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJaVQW2AAoJEFH5zJH4P6BEQ4EP/01BnD+SoHkDDRx8O59RgvUa
 r4kkJIqRNpObzzjhoHmh9RbGstir9r1u3ZYKbdlhPgZWK/ItUVzS8yJp8KcQ8x4B
 Z+4JzwX82PwAvvVdP7TD6iB23jqgUcoEdCtpaUb1jsK0tyvVHwIHnwF3qINY6Nsn
 yIzmupdIc47MEFlQNSxF/ZuvQI6CT8uDFuRJlK02dv8lEozUXCi9UHotICnqOybY
 ezgXCoMrOv7UqBdSEX7SQHvs5CD8zRbfhrwpeMc59YsbWp4j5JmQi1QI2ihFHyDN
 wp5vBDMI31SRdIqpEJiNEP5J+VnVg2oaJZcFP12JGXfTvSyB2WWSfqvQX+go394r
 4NbWu1rA/a0vQVUfI7xVqY9mXqGnRbDS01ILYHbjRl14o7kZY0IpX2UIoGXI2eO9
 toC+shIv/yNIJoaTlQf3ER+0nUvNFEGbBq3LNB+dlom8yqv7UY2LgpRy4zGqEfyL
 bB4pfEkaZVqP8vAJeq0TALMTmpvPjgFs1XxnHJAcpoAF3NM8dHiuGpO3li1jPiVu
 ZxN/8rWSWdJX7IvXFmu3Cy2ogLpdTxsTPIdtpKc+OLHNW6b5wx28Godig7JlfNil
 8p9F1t6ZNvs4fPM2JFWP9VTXhzSuynWYz/UEr1+OF7vxni/x7dgrX2h9Houx36/e
 3fn34SXgQUqhgtN+8BFR
 =PNwZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20180109-xtensa' into staging

target/xtensa updates:

- add libisa to the xtensa target;
- change xtensa instruction translator to use it;
- switch existing xtensa cores to use it;
- add support for a number of instructions: salt/saltu, const16,
  GPIO32 group, debug mode and MMU-related;
- add disassembler for Xtensa.

# gpg: Signature made Tue 09 Jan 2018 18:11:02 GMT
# gpg:                using RSA key 0x51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <filippov@cadence.com>"
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20180109-xtensa:
  target/xtensa: implement disassembler
  target/xtensa: implement const16
  target/xtensa: implement GPIO32
  target/xtensa: implement salt/saltu
  target/xtensa: add internal/noop SRs and opcodes
  target/xtensa: drop DisasContext::litbase
  target/xtensa: tests: fix memctl SR test
  target/xtensa: use libisa for instruction decoding
  target/xtensa: switch fsf to libisa
  target/xtensa: switch dc233c to libisa
  target/xtensa: switch dc232b to libisa
  target/xtensa: update import_core.sh script for libisa
  target/xtensa: extract FPU2000 opcode translators
  target/xtensa: extract core opcode translators
  target/xtensa: import libisa source
  target/xtensa: pass actual frame size to the entry helper

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-09 18:23:27 +00:00
Max Filippov
5a6539e627 target/xtensa: implement disassembler
Add disas/xtensa.c and use libisa for instruction decoding/opcode name
lookup.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:39 -08:00
Max Filippov
c5ac936e5e target/xtensa: implement const16
const16 is an opcode that shifts 16 lower bits of an address register
to the 16 upper bits and puts its immediate operand into the lower 16
bits. It is not controlled by an Xtensa option and doesn't have a fixed
opcode.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:39 -08:00
Max Filippov
e98727417a target/xtensa: implement GPIO32
GPIO32 is not in the core ISA, but it was widely used in Diamond Cores.
This implementation doesn't do actual I/O and doesn't handle the case of
GPIO32 state being a part of coprocessor.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:39 -08:00
Max Filippov
d1e9b0068a target/xtensa: implement salt/saltu
SALT/SALTU are recent additions to the core Xtensa ISA that do
signed/unsigned setcond.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:39 -08:00
Max Filippov
13f6a7cd3a target/xtensa: add internal/noop SRs and opcodes
Add two special registers: MMID and DDR:
- MMID is write-only and the only side effect of writing to it is output
  to the trace port, which is not emulated;
- DDR is only accessible in debug mode, which is not emulated.

Add two debug-mode-only opcodes:
- rfdd and rfdo do return from the debug mode, which is not emulated.

Add three internal opcodes for full MMU:
- hwwdtlba and hwwitlba are the internal opcodes that write a value into
  autoupdate DTLB or ITLB entry.
- ldpte is internal opcode that loads PTE entry that covers the most
  recent page fault address.
None of these three opcodes may appear in a valid instruction.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:39 -08:00
Max Filippov
5b9b27639e target/xtensa: drop DisasContext::litbase
It doesn't help much, always-set bit 0 of the LITBASE SR is easy to
compensate with decrement of the l32r immediate argument.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:38 -08:00
Max Filippov
33071f6888 target/xtensa: use libisa for instruction decoding
Replace manual opcode analysis with libisa-based code. This makes it
possible to support variable-encoding instructions of the core ISA, like
const16, and will allow to support advanced Xtensa features, like FLIX
and TIE.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-01-09 09:55:38 -08:00
Peter Maydell
232e5537e4 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJaTlhMAAoJEPMMOL0/L748xsMQAIcRxsab41rsDuTVE3LU9OlW
 DKVO8O8gqG/l2QlFVAHphg5/w1d1CqTVQE5pFu6qf+/O1V2mcO95g9ZaIRQ2Rt/C
 blstw+D6xxxqaBe3EFnbuWUGrfdp6Mc8rfR/HtG8J5quNucMX/IpnKVSYxDqql6m
 gCDwT/N9hGMfEIW+QdcTh3tSpT4D1fWyJSbWWpM02necmAvg+mSvcJ8qQ8uYVyA5
 Yc0OjSMZix9SFTn/QSKeh2+ofv+0HpauOLIGBcZ44xw0N40NiRhMFDITwyuv/rY6
 tA8cQFw2OhwX7J9tbW4h4Jq8zyFjlarZfHFAij+X0mC2Id58KZaCcsCLlOhbR3x9
 EA6Rtd9UKLHlrQfSLuB/bcJ3LgjxkiEjoooBHeFYofqhcW5A3Uk5FxxnMO5kYodZ
 yWOLZ3r7i9mzDHPECfNvKRIyC0IWp+hsZqC9UQt51/vupwAMq1EGYOJ2HBBpa0PS
 QSIAQX2XhKj/0yCAXM4nTKqAE9h6UKHNNmYoxJvPUsF7/Bobahr3sDZAepuuGADP
 b4l95pZ/Gjqm5d8S9I/A6zIm5vV8Fp0BMozhigNQ4e9yGpKapyOYZPiIgNb8wj0L
 /6Pqq9zoD8jbszg2H9/0kPTt57NjSMgqgHNRWfvvY8zL2LkvGxzpLmOe80BQcjYe
 CxWyb6Y53IWR6F3CXpnj
 =42iq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging

# gpg: Signature made Thu 04 Jan 2018 16:37:32 GMT
# gpg:                using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier/tags/m68k-for-2.12-pull-request:
  target/m68k: fix m68k_cpu_dump_state()
  target/m68k: add the Interrupt Stack Pointer
  target/m68k: add andi/ori/eori to SR/CCR
  target/m68k: add 680x0 "move to SR" instruction
  target/m68k: move CCR/SR functions
  target/m68k: implement fsave/frestore
  target/m68k: add reset
  target/m68k: add cpush/cinv
  target/m68k: softmmu cleanup
  target/m68k: add move16
  target/m68k: add chk and chk2
  target/m68k: manage 680x0 stack frames
  target/m68k: add CPU_LOG_INT trace
  target/m68k: use insn_pc to generate instruction fault address
  linux-user, m68k: correctly manage SR in context
  target/m68k: fix gen_get_ccr()
  target-m68k: sync CC_OP before gen_jmp_tb()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-08 21:39:44 +00:00
Peter Maydell
4124ea4f5b Queued TCG patches
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaRqkWAAoJEGTfOOivfiFfSaUIAJcR/RK5ikTbmxK1AvBfdP76
 eXLMe4i6l1i46ftzOIE5wjXu0U+A8kLmzZTFly11fLiGtYT/3JNHLZ5kOMgR8VS4
 NcthBe00Kwm7XwWyt9Q++bRNc2VV1M357x10eX71PdsZM6fZ/1jHNH3ArOEo0lJH
 s/jHRU1QBG680aLtDIowE2GFtOzHoHPNbCoUrb8NbeCixjJVZC7gS0twohictn23
 +iMV2TkA9SLzJwhuWNQk91KaKbwJk6Dk1asprNVMXZyRxLB0pZNOOH5yeIwr5vrl
 Dcfj5seYTF+0OpQGpR/Te+k8PV7rrwfYWulvr/J1UTXPYmgES6AB03l8pNDrthY=
 =Gwy1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171229' into staging

Queued TCG patches

# gpg: Signature made Fri 29 Dec 2017 20:44:06 GMT
# gpg:                using RSA key 0x64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-tcg-20171229:
  tcg: add cs_base and flags to -d exec output
  tcg: Allow 6 arguments to TCG helpers
  tcg: Add tcg_signed_cond
  tcg: Generalize TCGOp parameters
  tcg: Dynamically allocate TCGOps
  tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*
  target/moxie: Fix tlb_fill
  target/*helper: don't check retaddr before calling cpu_restore_state

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-08 16:17:04 +00:00
Peter Maydell
1e10eb532c Initial support for the HVF accelerator
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAlo+CvYUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPZpAf9E93cRgy+l7EyjLYp1jNrRVbE/57N
 g3Z0l9VN3QIErtVpvysp3nrfwSlPCrNdc2tFNq58HHUIrwqTsi2dQeBMXv1zLLUp
 BscjBF6XgG35lVZG/mUngYeUlZMI+ERhkMa8clYcW7zPEbmGRQB5fhvsR4eak3Ub
 j3b1ydZiQF6sooJIOJq/7Qpn2YkPaNOYOKV+VkEZQJhQkJMV9BzEEbjzbrzmBN/u
 xsUBwIJRHfdiyHKv6VwxdMvH9bB1LE7X6hpfXmsep71PYA4YJM7GmotbwjODGszq
 PKNOnrVqHfdvxBKkgfGypuEI4D9tczDgducfq0hcpjpNF+x3lMgPXS/qtg==
 =+nhI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-hvf' into staging

Initial support for the HVF accelerator

# gpg: Signature made Sat 23 Dec 2017 07:51:18 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream-hvf:
  i386: hvf: cleanup x86_gen.h
  i386: hvf: remove VM_PANIC from "in"
  i386: hvf: remove addr_t
  i386: hvf: simplify flag handling
  i386: hvf: abort on decoding error
  i386: hvf: remove ZERO_INIT macro
  i386: hvf: remove more dead emulator code
  i386: hvf: unify register enums between HVF and the rest
  i386: hvf: header cleanup
  i386: hvf: move all hvf files in the same directory
  i386: hvf: inject General Protection Fault when vmexit through vmcall
  i386: hvf: refactor event injection code for hvf
  i386: hvf: implement vga dirty page tracking
  i386: refactor KVM cpuid code so that it applies to hvf as well
  i386: hvf: implement hvf_get_supported_cpuid
  i386: hvf: use new helper functions for put/get xsave
  i386: hvf: fix licensing issues; isolate task handling code (GPL v2-only)
  i386: hvf: add code base from Google's QEMU repository
  apic: add function to apic that will be used by hvf

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-08 11:39:50 +00:00
Laurent Vivier
cc52302676 target/m68k: fix m68k_cpu_dump_state()
Display correctly the Trace bits for 680x0
(2 bits instead of 1 for Coldfire).

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-18-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
6e22b28e22 target/m68k: add the Interrupt Stack Pointer
Add the third stack pointer, the Interrupt Stack Pointer (ISP)
(680x0 only). This stack will be needed in softmmu mode.

Update movec to set/get the value of the three stacks.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-17-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
b5ae1edc29 target/m68k: add andi/ori/eori to SR/CCR
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-16-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
b6a21d8d8f target/m68k: add 680x0 "move to SR" instruction
Some cleanup, and allows SR to be moved from any addressing mode.
Previous code was wrong for coldfire: coldfire also allows to
use addressing mode to set SR/CCR. It only supports Data register
to get SR/CCR (move from)

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-15-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
01490ea8f5 target/m68k: move CCR/SR functions
The following patches will be clearer if we move
functions before adding new ones.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-14-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
fff3b4b0e1 target/m68k: implement fsave/frestore
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-13-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
0bdb2b3bf5 target/m68k: add reset
The instruction traps if the CPU is not in
Supervisor state but the helper is empty because
there is no easy way to reset all the peripherals
without resetting the CPU itself.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-12-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
f58ed1c50a target/m68k: add cpush/cinv
Add cache lines invalidate and cache lines push
as no-op operations, as we don't have cache.

These instructions are 68040 only.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-11-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
6ad257641d target/m68k: softmmu cleanup
don't compile supervisor only instructions in linux-user mode

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-10-laurent@vivier.eu>
2018-01-04 17:24:35 +01:00
Laurent Vivier
9d4f0429f3 target/m68k: add move16
move16 moves the source line to the destination line. Lines are aligned
to 16-byte boundaries and are 16 bytes long.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-9-laurent@vivier.eu>
2018-01-04 17:24:34 +01:00
Laurent Vivier
8bf6cbaf39 target/m68k: add chk and chk2
chk and chk2 compare a value to boundaries, and
trigger a CHK exception if the value is out of bounds.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-8-laurent@vivier.eu>
2018-01-04 17:24:31 +01:00
Laurent Vivier
d2f8fb8e7f target/m68k: manage 680x0 stack frames
680x0 manages several stack frame formats:
  - format 0: four-word stack frame
  - format 1: four-word throwaway stack frame
  - format 2: six-word stack frame
  - format 3: Floating-Point post-instruction stack frame
  - format 4: eight-word stack frame
  - format 7: access-error stack frame

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-7-laurent@vivier.eu>
2018-01-04 17:22:36 +01:00
Laurent Vivier
5beb144e04 target/m68k: add CPU_LOG_INT trace
Display the interrupts/exceptions information
in QEMU logs (-d int)

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-6-laurent@vivier.eu>
2018-01-04 16:53:13 +01:00
Laurent Vivier
16a14cdf57 target/m68k: use insn_pc to generate instruction fault address
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-5-laurent@vivier.eu>
2018-01-04 16:46:59 +01:00
Laurent Vivier
4131c242cc target/m68k: fix gen_get_ccr()
As gen_helper_get_ccr() is able to compute CCR from cc_op and
flags, we don't need to flush flags before to call it.
flush_flags() and get_ccr() use COMPUTE_CCR() to compute
flags. get_ccr() computes CCR value,
whereas flush_flags update live cc_op and flags.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-3-laurent@vivier.eu>
2018-01-04 16:44:48 +01:00
Laurent Vivier
7cd7b5ca9b target-m68k: sync CC_OP before gen_jmp_tb()
And remove update_cc_op() from gen_exception() because there is
one in gen_jmp_im().

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180104012913.30763-2-laurent@vivier.eu>
2018-01-04 16:43:24 +01:00
Richard Henderson
15fa08f845 tcg: Dynamically allocate TCGOps
With no fixed array allocation, we can't overflow a buffer.
This will be important as optimizations related to host vectors
may expand the number of ops used.

Use QTAILQ to link the ops together.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-29 12:43:39 -08:00
Richard Henderson
f764718d0c tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*
These are now trivial sets and tests against NULL.  Unwrap.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-29 12:43:39 -08:00
Richard Henderson
1f5940e464 target/moxie: Fix tlb_fill
We should not exit unless moxie_cpu_handle_mmu_fault has failed.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-27 17:20:44 -08:00
Alex Bennée
65255e8efd target/*helper: don't check retaddr before calling cpu_restore_state
cpu_restore_state officially supports being passed an address it can't
resolve the state for. As a result the checks in the helpers are
superfluous and can be removed. This makes the code consistent with
other users of cpu_restore_state.

Of course this does nothing to address what to do if cpu_restore_state
can't resolve the state but so far it seems this is handled elsewhere.

The change was made with included coccinelle script.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[rth: Fixed up comment indentation.  Added second hunk to script to
combine cpu_restore_state and cpu_loop_exit.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-27 17:20:44 -08:00
Paolo Bonzini
895f9fdf3a i386: hvf: cleanup x86_gen.h
This only includes VM_PANIC now.  No need to include it from headers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
da20f5cd0d i386: hvf: remove VM_PANIC from "in"
Just give the obvious meaning to a 64-bit port, even though it
should not really happen.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
ff2de1668c i386: hvf: remove addr_t
Use target_ulong for virtual addresses and uint64_t for physical
addresses.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
e8a632579d i386: hvf: simplify flag handling
Remove much indirection and duplicate code, and provide a cleaner interface
out of x86_flags.c.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
e62963bf48 i386: hvf: abort on decoding error
Rather than unsupported situations, some VM_PANIC calls actually
are caused by internal errors.  Convert them to just abort.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
715f396dfb i386: hvf: remove ZERO_INIT macro
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
746827825d i386: hvf: remove more dead emulator code
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
6701d81d74 i386: hvf: unify register enums between HVF and the rest
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
f9fea77740 i386: hvf: header cleanup
Remove inclusions of system headers and avoid "pragma once".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:07 +01:00
Paolo Bonzini
69e0a03c3f i386: hvf: move all hvf files in the same directory
Just call it hvf/, no need for the "utils" suffix.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:02:05 +01:00
Sergio Andres Gomez Del Real
3010460fb9 i386: hvf: inject General Protection Fault when vmexit through vmcall
This patch injects a GP fault when the guest vmexit's by executing a
vmcall instruction.

Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com>
Message-Id: <20170913090522.4022-15-Sergio.G.DelReal@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:01:48 +01:00
Sergio Andres Gomez Del Real
b7394c8394 i386: hvf: refactor event injection code for hvf
This patch refactors the event-injection code for hvf by using the
appropriate fields already provided by CPUX86State. At vmexit, it fills
these fields so that hvf_inject_interrupts can just retrieve them without
calling into hvf.

Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com>
Message-Id: <20170913090522.4022-14-Sergio.G.DelReal@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:01:48 +01:00
Sergio Andres Gomez Del Real
babfa20ca4 i386: hvf: implement vga dirty page tracking
This patch implements setting the tracking of dirty vga pages, using hvf's
interface to protect guest memory. It uses the MemoryListener callback
mechanism through .log_start/stop/sync

Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com>
Message-Id: <20170913090522.4022-13-Sergio.G.DelReal@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:01:48 +01:00
Sergio Andres Gomez Del Real
d6dcc5583e i386: refactor KVM cpuid code so that it applies to hvf as well
This patch generalizes some code in cpu.c for hypervisor-based
accelerators, calling the new hvf_get_supported_cpuid where
KVM used kvm_get_supported_cpuid.

Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com>
Message-Id: <20170913090522.4022-12-Sergio.G.DelReal@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:01:48 +01:00
Sergio Andres Gomez Del Real
db5cb9a032 i386: hvf: implement hvf_get_supported_cpuid
This patch implements hvf_get_supported_cpuid, which returns the set of
features supported by both the host processor and the hypervisor.

Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com>
Message-Id: <20170913090522.4022-11-Sergio.G.DelReal@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22 15:01:48 +01:00