* more A64 Neon instructions
* AArch32 VCVTB and VCVTT ARMv8 instructions
* fixes to inaccuracies in GIC emulation
* libvixl disassembler for A64
* Allwinner SoC ethernet controller
* zynq software system reset support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCAAGBQJS9lLhAAoJEDwlJe0UNgzewoEP/1ilCOwrepJ4zkIfhzoFpyu6
OtS/H6ORzE/pAr3r890CPEMPCgQZ4Fw5BdUloo/BtIC/fETEPaxAxIdDFvvVwSo6
atX/RSHdSHbJwcwzJ2YW3sHFeZrHX2V0Qzx/bKPu20qcFE39eG4+b3tJfoSURClE
o3Jis32j5MLTGphp9ulhfOVVt14ToTqk6M2mDpBVkK2XofKD3ytYMG6els2n04D4
6JTdXDRN53+MfF9B5VoQGlc90OsIQHYycnEMjVGSr1Clxd3AHNYaMNZ+kSLbILZi
uYE3s6xwQHBh5L3NuQU6zIrx7MBtA2flNA2BiQiabJaN76qkvZHlkxTIm9D0UlRC
xVbSEp3pwu/KZGCtZobcK/dkrJOsGxOJeswDxEQy/MJUneSMnpDRuOwKO/zG7pW5
nXV+fUAVH+xR9PZUvLzpZAxSFLH4A5kR7ezQkl8SLX6+zTN6bH1e7If/Z0c0WffH
XNvEarVCbKkbBh/8FOvhJoYuz902ZFnaje1pi26dmxpd7fyswlHkR3ewLYJLlOXq
26lG/aVqMJ+JqzvzL0PpWX9+Am43sVkRhNiedT7RWyu20eCGWjwVvl0TISw7gFge
0yRUhdMQtcdVhREqUScxDyGQrtN0+5U77yIRs+SVH3hjDu6riTbeHQ4uJakJssVn
03Fs0aFWNIv9g7cGhg8C
=6kX6
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140208' into staging
target-arm queue:
* more A64 Neon instructions
* AArch32 VCVTB and VCVTT ARMv8 instructions
* fixes to inaccuracies in GIC emulation
* libvixl disassembler for A64
* Allwinner SoC ethernet controller
* zynq software system reset support
# gpg: Signature made Sat 08 Feb 2014 15:53:05 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140208: (29 commits)
arm/zynq: Add software system reset via SCLR
hw/arm/allwinner-a10: initialize EMAC
hw/net: add support for Allwinner EMAC Fast Ethernet controller
util/fifo8: clear fifo head upon reset
util/fifo8: implement push/pop of multiple bytes
disas: Implement disassembly output for A64
disas/libvixl: Fix upstream libvixl compilation issues
disas: Add subset of libvixl sources for A64 disassembler
rules.mak: Link with C++ if we have a C++ compiler
rules.mak: Support .cc as a C++ source file suffix
arm_gic: Add GICC_APRn state to the GICState
vmstate: Add uint32 2D-array support
arm_gic: Support setting/getting binary point reg
arm_gic: Keep track of SGI sources
arm_gic: Fix GIC pending behavior
target-arm: Add support for AArch32 64bit VCVTB and VCVTT
target-arm: A64: Add FNEG and FABS to the SIMD 2-reg-misc group
target-arm: A64: Add 2-reg-misc REV* instructions
target-arm: A64: Add narrowing 2-reg-misc instructions
target-arm: A64: Implement 2-reg-misc CNT, NOT and RBIT
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kvaneesh/for-upstream:
hw/9pfs: fix P9_STATS_GEN handling
hw/9pfs: make get_st_gen() return ENOTTY error on special files
hw/9pfs: handle undefined FS_IOC_GETVERSION case in handle_ioc_getversion()
hw/9pfs: fix error handing in local_ioc_getversion()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 360e607 (address_space_translate: do not cross page boundaries,
2014-01-30) broke MMIO accesses in cases where the section is shorter
than the full register width. This can happen for example with the
Bochs DISPI registers, which are 16 bits wide but have only a 1-byte
long MemoryRegion (if you write to the "second byte" of the register
your access is discarded; it doesn't write only to half of the register).
Restrict the action of commit 360e607 to direct RAM accesses. This
is enough for Xen, since MMIO will not go through the mapcache.
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
While ISA address space in prep machine is currently the one returned
by get_system_io(), this depends of the implementation of i82378/raven
devices, and this may not be the case forever.
Use the right ISA address space when adding some more ports to it.
We can use whatever ISA device on the right ISA bus, as all ISA devices
on the same ISA bus share the same ISA address space.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
As described in https://bugzilla.redhat.com/show_bug.cgi?id=987441 ,
libcacard currently links to all the libraries QEMU is linking to,
including glusterfs libraries, libiscsi, ... libcacard does not need all of
these. This patch ensures it's only linked with the libraries it needs.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Signed-off-by: Alon Levy <alevy@redhat.com>
On 32 bit hosts, size_t is too small for align as the bitmask
~(align - 1) will zero out the higher 32 bits of the offset.
While at it, change the local overlap_bytes variable to unsigned to
match the field in BdrvTrackedRequest.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The behaviour of the ROUND_UP macro with negative numbers isn't obvious.
It happens to do the right thing in this please, but better avoid it.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This adds assertions that the request that we actually end up passing to
the block driver (which includes RMW data and has therefore potentially
been rounded to alignment boundaries) is fully covered by the
overlap_{offset,size} fields of the associated BdrvTrackedRequest.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The error path for a failure in one of the two bdrv_aligned_preadv()
calls leaked head_buf or tail_buf, respectively. This fixes the memory
leak.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
raw copies over the BlockLimits of bs->file during bdrv_open().
However, since commit d34682cd it is immediately overwritten during
bdrv_refresh_limits(). This caused all fields except for
opt_transfer_length and opt_mem_alignment (which happen to be correctly
inherited in generic code) to be zeroed.
Move the BlockLimit assignment to a .bdrv_refresh_limits() callback to
make it work again for all fields.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
In the case of a metadata preallocation with a large cluster size,
qcow2_alloc_cluster_offset() can allocate nothing and returns a
NULL l2meta. This patch checks for it and link2 l2 with only valid
l2meta.
Replace 9 and 512 with BDRV_SECTOR_BITS, BDRV_SECTOR_SIZE
respectively while at the function.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When cluster size is big enough it can lead to an offset overflow
in qcow2_alloc_clusters_at(). This patch fixes it.
The allocation is stopped each time at L2 table boundary
(see handle_alloc()), so the possible maximum bytes could be
2^(cluster_bits - 3 + cluster_bits)
cluster_bits - 3 is used to compute the number of entry by L2
and the additional cluster_bits is to take into account each
clusters referenced by the L2 entries.
so int is safe for cluster_bits<=17, unsafe otherwise.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
n_start can be actually calculated from offset. The number of
sectors to be allocated(n_end - n_start) can be passed in in
num. By removing n_start and n_end, we can save two parameters.
The side effect is there is a bug in qcow2.c:preallocate() that
passes incorrect n_start to qcow2_alloc_cluster_offset() is
fixed. The bug can be triggerred by a larger cluster size than
the default value(65536), for example:
./qemu-img create -f qcow2 \
-o 'cluster_size=131072,preallocation=metadata' file.img 4G
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
the opt_transfer_length has nothing to do with logical
block provisioning stuff so always copy it from
the block limits VPD page.
Reported-By: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This fixes a regression introduced in commit 2a05cbe42 ('block: Allow
block devices without files'):
$ qemu-system-x86_64 -drive driver=file
qemu-system-x86_64: block.c:892: bdrv_open_common: Assertion
`!drv->bdrv_needs_filename || filename != ((void *)0)' failed.
Now the respective check must be performed not only in bdrv_file_open(),
but also in bdrv_open().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
all these tests do anything of the following and thus fail with any
protocol other than file:
- the tests use rm, cp or mv shell commands which only work on file
- the tests use qcow2.py
- the images construct new filenames (e.g. backing file names) and
the logic is broken for anything else than file
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds native support for accessing images on NFS
shares without the requirement to actually mount the entire
NFS share on the host.
NFS Images can simply be specified by an url of the form:
nfs://<host>/<export>/<filename>[?param=value[¶m2=value2[&...]]]
For example:
qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2
You need LibNFS from Ronnie Sahlberg available at:
git://github.com/sahlberg/libnfs.git
for this to work.
During configure it is automatically probed for libnfs and support
is enabled on-the-fly. You can forbid or enforce libnfs support
with --disable-libnfs or --enable-libnfs respectively.
Due to NFS restrictions you might need to execute your binaries
as root, allow them to open priviledged ports (<1024) or specify
insecure option on the NFS server.
For additional information on ROOT vs. non-ROOT operation and URL
format + parameters see:
https://raw.github.com/sahlberg/libnfs/master/README
Supported by qemu are the uid, gid and tcp-syncnt URL parameters.
LibNFS currently support NFS version 3 only.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The qemu-io command sequences make the assumption that an unaligned
request on the format layer will be unaligned on the blkdebug layer as
well. This doesn't necessarily hold true for drivers other than raw.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoît Canet <benoit@irqsave.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlLxNdwACgkQEdFA3D+Yo3h0MQCgkqd4o4LdamOYxQqP0CgD+ET8
QFgAn19l7zj69bPiYEsl1kPxinIduZnd
=ff/s
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mwalle/tags/lm32-fixes/20140204' into staging
target-lm32: fixes
# gpg: Signature made Tue 04 Feb 2014 18:47:56 GMT using DSA key ID 3F98A378
# gpg: Can't check signature: public key not found
* remotes/mwalle/tags/lm32-fixes/20140204:
hw/lm32: print error if cpu model is not found
target-lm32: stop VM on illegal or unknown instruction
lm32_sys: dump cpu state if test case fails
lm32_sys: print test result on stderr
target-lm32: add breakpoint/watchpoint support
target-lm32: move model features to LM32CPU
target-lm32: kill cpu_abort() calls
milkymist-vgafb: swap pixel data in source buffer
lm32_uart/lm32_juart: use qemu_chr_fe_write_all()
milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()
tests: lm32: new rule for single test cases
lm32_sys: increase test case name length limit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Support software-driven system reset via the register in the SCLR.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds support for the Fast Ethernet MAC found on Allwinner
SoCs, together with a basic emulation of Realtek RTL8201CP PHY.
Since there is no public documentation of the Allwinner controller, the
implementation is based on Linux kernel driver.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
To improve the predictability of fifo8_pop_buf(), the fifo head is set
to the start of data buffer upon a reset so that the first call to the
function will be able to retrieve all data in the fifo.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The patch adds functions fifo8_push_all() and fifo8_pop_buf() which
can be used respectively to push the content of a memory buffer to the
fifo and to pop multiple bytes obtaining a pointer to the fifo backing
buffer.
In addition, it implements fifo8_num_free() and fifo8_num_used() which
allow to check if a multi-byte operation can be performed.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use libvixl to implement disassembly output in debug
logs for A64, for use with both AArch64 hosts and targets.
Signed-off-by: Claudio Fontana <claudio.fontana@linaro.org>
[PMM:
* added support for target disassembly
* switched to custom QEMUDisassembler so the output format
matches what QEMU expects
* make sure we correctly fall back to "just print hex"
if we didn't build the AArch64 disassembler because of
lack of a C++ compiler
* rename from 'aarch64' to 'arm-a64' because this is a
disassembler for the A64 instruction set
* merge aarch64.c and aarch64-cxx.cc into one C++ file
* simplify the aarch64.c<->aarch64-cxx.cc interface]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix various minor issues with upstream libvixl so that it will compile
successfully on the platforms QEMU cares about:
* remove unused GBytes constant (it clashes with the glib headers)
* fix suffixes on constants to use 'LL' for 64 bit constants so
we can compile on 32 bit hosts
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Add the subset of the libvixl sources that are needed for the
A64 disassembler support. These sources come from
https://github.com/armvixl/vixl commit 578645f14e122d2b
which is VIXL release 1.1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
If we have a C++ compiler available, link with it, because we might be
linking some C++ files in. This allows us to include C++ object files
in the QEMU binary proper.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The A64 disassembler libvixl uses .cc as its suffix for
C++ source files, so add support for it (we already support
.cpp).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The GICC_APRn registers are not currently supported by the ARM GIC v2.0
emulation. This patch adds the missing state.
Note that we also change the number of APRs to use a define GIC_NR_APRS
based on the maximum number of preemption levels. This patch also adds
RAZ/WI accessors for the four registers on the emulated CPU interface.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add support for saving VMState of 2D arrays of uint32 values.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a binary_point field to the gic emulation structure and support
setting/getting this register now when we have it. We don't actually
support interrupt grouping yet, oh well.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Right now the arm gic emulation doesn't keep track of the source of an
SGI (which apparently Linux guests don't use, or they're fine with
assuming CPU 0 always).
Add the necessary matrix on the GICState structure and maintain the data
when setting and clearing the pending state of an IRQ and make the state
visible to the guest.
Note that we always choose to present the source as the lowest-numbered
CPU in case multiple cores have signalled the same SGI number to a core
on the system.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The existing implementation of the pending behavior in gic_set_irq,
gic_complete_irq, and the distributor pending set/clear registers does
not follow the semantics of the GICv2.0 specs, but may implement the
11MPCore support. Therefore, maintain the existing semantics for
11MPCore and v7M NVIC and change the behavior to be in accordance with
the GICv2.0 specs for "generic implementations" (s->revision == 1 ||
s->revision == 2).
Generic implementations distinguish between setting a level-triggered
interrupt pending through writes to the GICD_ISPENDR and when hardware
raises the interrupt line. Writing to the GICD_ICPENDR will not cause
the interrupt to become non-pending if the line is still active, and
conversely, if the line is deactivated but the interrupt is marked as
pending through a write to GICD_ISPENDR, the interrupt remains pending.
Handle this situation in the GIC_TEST_PENDING (which now becomes a
static inline named gic_test_pending) and let the 'pending' field
correspond only to the latched state of the D-flip flop in the GICv2.0
specs Figure 4-10.
The following changes are added:
gic_test_pending:
Make this a static inline and split out the 11MPCore from the generic
behavior. For the generic behavior, consider interrupts pending if:
((s->irq_state[irq].pending & (cm) != 0) ||
(!GIC_TEST_EDGE_TRIGGER(irq) && GIC_TEST_LEVEL(irq, cm))
gic_set_irq:
Split out the 11MPCore from the generic behavior. For the generic
behavior, always GIC_SET_LEVEL() on positive level, but only
GIC_SET_PENDING for edge-triggered interrupts and always simply
GIC_CLEAR_LEVEL() on negative level.
gic_complete_irq:
Only resample the line for line-triggered interrupts on an 11MPCore.
Generic implementations will sample the line directly in
gic_test_pending().
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add support for the AArch32 floating-point half-precision to double-
precision conversion VCVTB and VCVTT instructions.
Signed-off-by: Will Newton <will.newton@linaro.org>
[PMM: fixed a minor missing-braces style issue]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add the SIMD FNEG and FABS instructions in the SIMD 2-reg-misc group.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
