Commit Graph

27156 Commits

Author SHA1 Message Date
Peter Maydell
eec4682e99 SD/MMC patches
Fix two heap-overflow reported by Alexander Bulekov while fuzzing:
 - https://bugs.launchpad.net/qemu/+bug/1892960
 - https://bugs.launchpad.net/qemu/+bug/1895310
 
 CI jobs results:
 . https://cirrus-ci.com/build/6399328187056128
 . https://gitlab.com/philmd/qemu/-/pipelines/205701966
 . https://travis-ci.org/github/philmd/qemu/builds/737708930
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl+QcNQACgkQ4+MsLN6t
 wN5Bng/8C2xAFjxnXGbyDq3KKNX6+ag82pZc1+wI4PiYvjCNwQ3BL3FMU6Itu/xE
 8bqI5UMlVQGJ0npS8YL4AYdU1wuyk5kb30oXubj+uKreMLd7gVgZSi6rM0C3xDu1
 6atNYZK3BDbIdbKKoSx9cOAGnvsI0/gjei+OcmPRzyqQff7RLrOdIW0OaGqrKkjc
 ovvtV2gWxTo16HSe2pji4lfw6WkE4H8EshU1YA5ZgIhyQ6HvVz9qLd9QC3zyu9pl
 GfeHqEj9BQCnwGTpISewJVCAWdEQyygQxdbTpSEMYyN9A52WB3+Ne/AFESfoDYU4
 dc3lefUEjim+EiddB2cGtMjXER8m0Xrl3Z9raRLj5Mrb9bVx+gso1/0L9utQLCy6
 eVOGwSFZQ0Va64ng3z5w0tliLEB61B3nDNsIQSU2WLjQxGUVwli6YhHaGXbW9F39
 hU0yuqch2cHpUtlvZREymsTkV1cTr1NXmyXN/fzIiDyi8GQZ54AP16eVW/jrj1Bn
 Rf1Q0ywe0zb/+bFK/oq6tN9zIoV1/DaJlKQSjmDFdIUBqaSxcUrj53yUHsno/slh
 U7cj2ItvlpOljpUrKgV4bVbP7UWsOPC9RX9j5YbkwpHevyWdk/XNlzxoEJAe8Zj1
 3AdWsCtnxFdgLLEF3Y2tOENbVUI6Axo7If1oz83X0N782YZMbW8=
 =9A05
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sd-next-20201021' into staging

SD/MMC patches

Fix two heap-overflow reported by Alexander Bulekov while fuzzing:
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://bugs.launchpad.net/qemu/+bug/1895310

CI jobs results:
. https://cirrus-ci.com/build/6399328187056128
. https://gitlab.com/philmd/qemu/-/pipelines/205701966
. https://travis-ci.org/github/philmd/qemu/builds/737708930

# gpg: Signature made Wed 21 Oct 2020 18:33:08 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/sd-next-20201021:
  hw/sd/sdcard: Assert if accessing an illegal group
  hw/sd/sdcard: Do not attempt to erase out of range addresses
  hw/sd/sdcard: Reset both start/end addresses on error
  hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
  hw/sd/sdcard: Introduce the INVALID_ADDRESS definition
  hw/sd/sdcard: Add trace event for ERASE command (CMD38)
  hw/sd/sdhci: Yield if interrupt delivered during multiple transfer
  hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
  hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses
  hw/sd/sdhci: Stop multiple transfers when block count is cleared
  hw/sd/sdhci: Fix DMA Transfer Block Size field
  hw/sd/sdhci: Document the datasheet used
  hw/sd/sdhci: Fix qemu_log_mask() format string

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-22 11:13:25 +01:00
Peter Maydell
02aa56c4bc microvm: fix PCIe IRQs in APIC table.
microvm: add usb support.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfkEogAAoJEEy22O7T6HE4yBMP/1csWFbfJ6JWbqiLoH/ltMn5
 ojgGfcP6ErGNtNP6kBO/FupCzc26ejRDJuvYLmlJ6+Jkga/zCAXjdLyXrSMRbtKK
 Nk8KwYSo82ApK45yJuVKZonUoGV6l9sIMyipkctlUXFMrvVaPh0MtnLIFckxtkCJ
 npAUnakkke5fP5Bsluw/N+fApAKQlPyqSBlPoPgsjNQ3ODisCitaH6Fx5sGuNJnV
 RSCAynkVkJ+vRT5iEojR6nNEn3vei8KHzL7vGxSdVd6ypjUc16ARpaPyXs2+opdP
 jqtGArrLn8V94rOPnGBwpV5P5soUch/tllCZtzbBZDaFr3bCHo0kNytxufoZ7yzM
 3z+wLgEHm3ZVRhraKE/Ed0Fz99tHm13zBWM3HctNtaY1tP7/4MnjMXRYArLQFFIt
 SoG7hSOPQJ/9JgtMPLRwjne2kHqYWwQ7wrROmnTWvx7RlfsD5JhUqMPocBnEb4pq
 kl5r6ajtZ9D67IZYKtv1JxKBdOXy7VmoEQMsZPwIxuMb5EN4N+RBqdMXs9lzzNEG
 mNCDzW5jDUlVG3YWu1Zxbs8j0+Mvlk7yD5zj368DvZZIgAMR0OxlcNbLVEFMpu8u
 pndpELjb/A/zHZloJyMXfCz19ahKxQeKjF1n4H5Ja6PvC8olALzhIy0ikOA66At0
 2I7Qs8bfGahjOdz4HSnJ
 =LkZR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/microvm-20201021-pull-request' into staging

microvm: fix PCIe IRQs in APIC table.
microvm: add usb support.

# gpg: Signature made Wed 21 Oct 2020 15:48:00 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/microvm-20201021-pull-request:
  tests/acpi: update expected data files
  tests/acpi: add microvm rtc test
  tests/acpi: add microvm usb test
  tests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files
  tests/acpi: allow updates for expected data files
  microvm: add usb support
  usb/xhci: fixup xhci kconfig deps
  usb/xhci: add xhci_sysbus_build_aml() helper
  usb/xhci: add include/hw/usb/xhci.h header file
  acpi: add aml builder stubs
  tests/acpi: disallow changes for microvm/APIC.pcie
  tests/acpi: update expected data files
  apci: drop has_pci arg for acpi_build_madt
  microvm: set pci_irq_mask
  x86: make pci irqs runtime configurable
  tests/acpi: add empty microvm/APIC.pcie
  tests/acpi: allow changes for microvm/APIC.pcie

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21 21:45:46 +01:00
Peter Maydell
e06c687fdf QAPI patches patches for 2020-10-21
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl+PpJUSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTkT8P/iGv6mzciCEsEL1LrYIrHXCpUDeQyXoZ
 i+pXisOaUNXQzwb9HIcUzy95srWQjORVMCzanRkS/LIm7XziAAWJDKFQrNXK6S/6
 8DNkzymOQaswRRGpEEX7KqgJFWCwhy+RqGlWXAtVVQLPMIfMIkCnx/vOtEGrvItt
 USzWwXkOnqy+cd4yNYi7V3oidE8uHbaVFopXs1MQCiGJ49uUMBibdFt/KGC0tTwQ
 q/1hJOJyCQrAjzBh6cNwych+5QdOwhRMEVp8Lqly87hEyaTBJvXKdnf4LuFRWcaF
 PIh265CPqxsETc/rR7S2LWmFmsXj6ruPUwIPIWKQKjqTDaqseOCOcHvLI7I+5ccT
 i4La+tWmH6U/8VuyGfplYZ2CphA51bkBlIGZVWsXw/eGc2md9p19fUMyLM65WfBW
 /Oi98O+ZveqOvZbfOtEN4Sanxx5VJ9aCMOyr97GjER2W1Q2BkZjKz67qpFws1amX
 +pgS7GaMyN3vcy9CMQ3aCZx8LNJMTyBIzBsWYKtDJbaDzaMvAcsIPgSQVSDGkpy3
 d1dph7tgOLaamvVCn44J/R/DefrTZHK19NY3OG8BUm7lxBeWAaj+GeeCHlDDoF73
 q0CpcMeUdPGGFcS1XE0AlpRq95J+M/Cs+p080TYM4RUEzJumoKZwvJLurH2jhh4o
 9X3GzMMZ6cpu
 =fsLv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-10-21' into staging

QAPI patches patches for 2020-10-21

# gpg: Signature made Wed 21 Oct 2020 04:01:41 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-10-21:
  qapi: Restrict Xen migration commands to migration.json
  qapi: Restrict 'query-kvm' command to machine code
  qapi: Restrict '(p)memsave' command to machine code
  qapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json
  qapi: Restrict 'inject-nmi' command to machine code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21 16:56:35 +01:00
Philippe Mathieu-Daudé
84816fb63e hw/sd/sdcard: Assert if accessing an illegal group
We can not have more group than 'wpgrps_size'.
Assert if we are accessing a group above this limit.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-7-f4bug@amsat.org>
2020-10-21 13:34:27 +02:00
Philippe Mathieu-Daudé
1bd6fd8ed5 hw/sd/sdcard: Do not attempt to erase out of range addresses
While the Spec v3 is not very clear, v6 states:

  If the host provides an out of range address as an argument
  to CMD32 or CMD33, the card shall indicate OUT_OF_RANGE error
  in R1 (ERX) for CMD38.

If an address is out of range, do not attempt to erase it:
return R1 with the error bit set.

Buglink: https://bugs.launchpad.net/qemu/+bug/1895310
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-6-f4bug@amsat.org>
2020-10-21 13:34:04 +02:00
Philippe Mathieu-Daudé
c8c8b3f1c1 hw/sd/sdcard: Reset both start/end addresses on error
From the Spec "4.3.5 Erase":

  The host should adhere to the following command
  sequence: ERASE_WR_BLK_START, ERASE_WR_BLK_END and
  ERASE (CMD38).

  If an erase (CMD38) or address setting (CMD32, 33)
  command is received out of sequence, the card shall
  set the ERASE_SEQ_ERROR bit in the status register
  and reset the whole sequence.

Reset both addresses if the ERASE command occured
out of sequence (one of the start/end address is
not set).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-5-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
7dae0a1dd1 hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
As it is legal to WRITE/ERASE the address/block 0,
change the value of this definition to an illegal
address: UINT32_MAX.

Unfortunately this break the migration stream, so
bump the VMState version number. This affects some
ARM boards and the SDHCI_PCI device (which is only
used for testing).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-4-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
872b8fde6c hw/sd/sdcard: Introduce the INVALID_ADDRESS definition
'0' is used as a value to indicate an invalid (or unset)
address. Use a definition instead of a magic value.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-3-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
aafe6c5836 hw/sd/sdcard: Add trace event for ERASE command (CMD38)
Trace addresses provided to the ERASE command.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-2-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
9321c1f2d0 hw/sd/sdhci: Yield if interrupt delivered during multiple transfer
The Descriptor Table has a bit to allow the DMA to generates
Interrupt when the operation of the descriptor line is completed
(see "1.13.4. Descriptor Table" of 'SD Host Controller Simplified
Specification Version 2.00').

If we have pending interrupt and the descriptor requires it
to be generated as soon as it is completed, reschedule pending
transfers and yield to the CPU.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-5-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
2bd9ae7e30 hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-4-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
45e5dc43b3 hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses
If we have pending DMA requests scheduled, process them first.
So far we don't need to implement a bottom half to process them.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-3-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
6a9e5cc61c hw/sd/sdhci: Stop multiple transfers when block count is cleared
Clearing BlockCount stops multiple transfers.

See "SD Host Controller Simplified Specification Version 2.00":

- 2.2.3. Block Count Register (Offset 006h)
- Table 2-8 : Determination of Transfer Type

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-2-f4bug@amsat.org>
2020-10-21 13:19:01 +02:00
Philippe Mathieu-Daudé
dfba99f17f hw/sd/sdhci: Fix DMA Transfer Block Size field
The 'Transfer Block Size' field is 12-bit wide.

See section '2.2.2. Block Size Register (Offset 004h)' in datasheet.

Two different bug reproducer available:
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-3-f4bug@amsat.org>
2020-10-21 13:19:01 +02:00
Philippe Mathieu-Daudé
598a40b30f hw/sd/sdhci: Document the datasheet used
Add datasheet name in the file header.

We can not add the direct download link since there is a disclaimers
to agree first on the SD Association website (www.sdcard.org).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-3-f4bug@amsat.org>
2020-10-21 13:19:01 +02:00
Philippe Mathieu-Daudé
9227cc52cc hw/sd/sdhci: Fix qemu_log_mask() format string
Add missing newline character in qemu_log_mask() format.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200901140411.112150-2-f4bug@amsat.org>
2020-10-21 13:19:01 +02:00
Gerd Hoffmann
d4a42e8581 microvm: add usb support
Wire up "usb=on" machine option, when enabled add
a sysbus xhci controller with 8 ports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-6-kraxel@redhat.com
2020-10-21 11:36:19 +02:00
Gerd Hoffmann
7114f6eac3 usb/xhci: fixup xhci kconfig deps
USB_XHCI does not depend on PCI any more.
USB_XHCI_SYSBUS must select USB_XHCI not USB.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Message-id: 20201020074844.5304-5-kraxel@redhat.com
2020-10-21 11:36:19 +02:00
Gerd Hoffmann
8e9c0c079a usb/xhci: add xhci_sysbus_build_aml() helper
The helper generates an acpi dsdt device entry
for the xhci sysbus device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-4-kraxel@redhat.com
2020-10-21 11:36:19 +02:00
Gerd Hoffmann
848db5257d usb/xhci: add include/hw/usb/xhci.h header file
Move a bunch of defines which might be needed outside core xhci
code to that place.  Add XHCI_ prefixes to avoid name clashes.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Message-id: 20201020074844.5304-3-kraxel@redhat.com
2020-10-21 11:36:19 +02:00
Gerd Hoffmann
284e269d7e acpi: add aml builder stubs
Add stubs for aml_interrupt and aml_memory32_fixed,
these will be needed by followup patches,

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201020074844.5304-2-kraxel@redhat.com
2020-10-21 11:36:19 +02:00
Gerd Hoffmann
a6518755a6 apci: drop has_pci arg for acpi_build_madt
Setting x86ms->pci_irq_mask to zero has the same effect,
so we don't need the has_pci argument any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-6-kraxel@redhat.com
2020-10-21 11:36:05 +02:00
Gerd Hoffmann
64b070dad3 microvm: set pci_irq_mask
Makes sure the PCI interrupt overrides are added to the
APIC table in case PCIe is enabled.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-5-kraxel@redhat.com
2020-10-21 11:36:05 +02:00
Gerd Hoffmann
1b2802c49f x86: make pci irqs runtime configurable
Add a variable to x86 machine state instead of
hard-coding the PCI interrupts.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20201016113835.17465-4-kraxel@redhat.com
2020-10-21 11:36:05 +02:00
Philippe Mathieu-Daudé
28af9ba260 qapi: Restrict Xen migration commands to migration.json
Restricting xen-set-global-dirty-log and xen-load-devices-state
commands migration.json pulls slightly less QAPI-generated code
into user-mode and tools.

Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201012121536.3381997-6-philmd@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-10-21 05:00:44 +02:00
Philippe Mathieu-Daudé
b3267ff675 hw/arm/nseries: Fix loading kernel image on n8x0 machines
Commit 7998beb9c2 removed the ram_size initialization in the
arm_boot_info structure, however it is used by arm_load_kernel().

Initialize the field to fix:

  $ qemu-system-arm -M n800 -append 'console=ttyS1' \
    -kernel meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0
  qemu-system-arm: kernel 'meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0' is too large to fit in RAM (kernel size 1964608, RAM size 0)

Noticed while running the test introduced in commit 050a82f0c5
("tests/acceptance: Add a test for the N800 and N810 arm machines").

Fixes: 7998beb9c2 ("arm/nseries: use memdev for RAM")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20201019095148.1602119-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:01 +01:00
Peng Liang
3cd27b58dd microbit_i2c: Fix coredump when dump-vmstate
VMStateDescription.fields should be end with VMSTATE_END_OF_LIST().
However, microbit_i2c_vmstate doesn't follow it.  Let's change it.

Fixes: 9d68bf564e ("arm: Stub out NRF51 TWI magnetometer/accelerometer detection")
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201019093401.2993833-1-liangpeng10@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
e7534f29b1 hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
The IRQ values are defined few lines earlier, use them instead of
the magic numbers.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201017180731.1165871-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
b68a92f4cb hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
Add trace events for GPU and CPU IRQs.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201017180731.1165871-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
722bde6789 hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
The SYS_timer is not directly wired to the ARM core, but to the
SoC (peripheral) interrupt controller.

Fixes: 0e5bbd7406 ("hw/arm/bcm2835_peripherals: Use the SYS_timer")
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
be95dffa32 hw/timer/bcm2835: Support the timer COMPARE registers
This peripheral has 1 free-running timer and 4 compare registers.

Only the free-running timer is implemented. Add support the
COMPARE registers (each register is wired to an IRQ).

Reference: "BCM2835 ARM Peripherals" datasheet [*]
            chapter 12 "System Timer":

  The System Timer peripheral provides four 32-bit timer channels
  and a single 64-bit free running counter. Each channel has an
  output compare register, which is compared against the 32 least
  significant bits of the free running counter values. When the
  two values match, the system timer peripheral generates a signal
  to indicate a match for the appropriate channel. The match signal
  is then fed into the interrupt controller.

This peripheral is used since Linux 3.7, commit ee4af5696720
("ARM: bcm2835: add system timer").

[*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20201010203709.3116542-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
cdb490da86 hw/timer/bcm2835: Rename variable holding CTRL_STATUS register
The variable holding the CTRL_STATUS register is misnamed
'status'. Rename it 'ctrl_status' to make it more obvious
this register is also used to control the peripheral.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
f3f69362fd hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
Use the BCM2835_SYSTIMER_COUNT definition instead of the
magic '4' value.

Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201010203709.3116542-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
b77a52a0c1 hw/arm: Restrict APEI tables generation to the 'virt' machine
While APEI is a generic ACPI feature (usable by X86 and ARM64), only
the 'virt' machine uses it, by enabling the RAS Virtualization. See
commit 2afa8c8519: "hw/arm/virt: Introduce a RAS machine option").

Restrict the APEI tables generation code to the single user: the virt
machine. If another machine wants to use it, it simply has to 'select
ACPI_APEI' in its Kconfig.

Fixes: aa16508f1d ("ACPI: Build related register address fields via hardware error fw_cfg blob")
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dongjiu Geng <gengdongjiu@huawei.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201008161414.2672569-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Philippe Mathieu-Daudé
8ddd611a50 hw/arm/strongarm: Fix 'time to transmit a char' unit comment
The time to transmit a char is expressed in nanoseconds, not in ticks.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201014213601.205222-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20 16:12:00 +01:00
Jason Andryuk
8959e0a63a hw/xen: Set suppress-vmdesc for Xen machines
xen-save-devices-state doesn't currently generate a vmdesc, so restore
always triggers "Expected vmdescription section, but got 0".  This is
not a problem when restore comes from a file.  However, when QEMU runs
in a linux stubdom and comes over a console, EOF is not received.  This
causes a delay restoring - though it does restore.

Setting suppress-vmdesc skips looking for the vmdesc during restore and
avoids the wait.

The other approach would be generate a vmdesc in qemu_save_device_state.
Since COLO shared that function, and the vmdesc is just discarded on
restore, we choose to skip it.

Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20201013190506.3325-1-jandryuk@gmail.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19 16:33:28 +01:00
Paul Durrant
c4583c8c39 xen-bus: reduce scope of backend watch
Currently a single watch on /local/domain/X/backend is registered by each
QEMU process running in service domain X (where X is usually 0). The purpose
of this watch is to ensure that QEMU is notified when the Xen toolstack
creates a new device backend area.
Such a backend area is specific to a single frontend area created for a
specific guest domain and, since each QEMU process is also created to service
a specfic guest domain, it is unnecessary and inefficient to notify all QEMU
processes.
Only the QEMU process associated with the same guest domain need
receive the notification. This patch re-factors the watch registration code
such that notifications are targetted appropriately.

Reported-by: Jerome Leseinne <jerome.leseinne@gmail.com>
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20201001081500.1026-1-paul@xen.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19 16:32:41 +01:00
Michael Tokarev
5b6a8f4392 xen: xenguest is not used so is not needed
There's no references in only file which includes xenguest.h
to any xen definitions. And there's no references to -lxenguest
in qemu, either. Drop it.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200727140048.19779-1-mjt@msgid.tls.msk.ru>
[perard: rebased]
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19 16:22:58 +01:00
Peter Maydell
d76f4f97eb 9pfs: add tests using local fs driver
The currently existing 9pfs test cases are all solely using the 9pfs 'synth'
 fileystem driver, which is a very simple and purely simulated (in RAM only)
 filesystem. There are issues though where the 'synth' fs driver is not
 sufficient. For example the following two bugs need test cases running the
 9pfs 'local' fs driver:
 
 https://bugs.launchpad.net/qemu/+bug/1336794
 https://bugs.launchpad.net/qemu/+bug/1877384
 
 This patch set for that reason introduces 9pfs test cases using the 9pfs
 'local' filesystem driver along to the already existing tests on 'synth'.
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAl+NiOwXHHFlbXVfb3Nz
 QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5VkIw//fP5v3Wx8PUk03Vega7aDjtFN
 fpLG1hpyhv/aEYijSrvxNdwuEfT7eWae3yFnc3uEXAv+61sHCuzqsQVRYPi3mO6i
 9o2072shPQq5LDgYd8kSyqSOox/06r+9dIqrIFoLh9POYDN25fJGHHmQETXhXaCw
 /Vuhm0WvMryEJmuVS7kF4f9znX6dT4P9xgHpVod1tbIAB/vCKOFAqOWiNWS0vNdF
 OP0nYQWoYNey9TfX7ZJt1b8av0jLlYfDTcooojQKT70ihMqUSCdOvOIdlMbJj3pU
 P/z28xYwAQT1WxLCzV6DskNYCSTsxVakO4lW6JXPLSL2e4TQlzx2lwlUFGzuKKsg
 Tmgy5xIB1dXa0LMfjNJ5hQHawcCNQbIYLh2Jw3Qx4Q48SAvi4el9leUtrpXlYDPG
 nQ0iuwoaFGd4BHoRk9Q48AVlOj7XelkhsEpREmjXESDgdf2CTw7pQOkuc6Rx/9S6
 GjjjWNN4f7MjcfBkQhcmrHVMOWJGrBUn19kgdY4/suqmcR68Tqq56OHLAF9kL55+
 mWntjT3GBjML7IW3cWxLPSGvLzE3ydwCrJY8pvzZySJmVGwgeXQ5o25LtwWElmcj
 Jf1zXeHQM8+g5qEkpdt1zKH2CrRfkCUofp8N4fP9tFCMmaYS3/oLEDgzGp5dUFIU
 nUdUTdEUm/arxRFLd/8=
 =TZ2q
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201019' into staging

9pfs: add tests using local fs driver

The currently existing 9pfs test cases are all solely using the 9pfs 'synth'
fileystem driver, which is a very simple and purely simulated (in RAM only)
filesystem. There are issues though where the 'synth' fs driver is not
sufficient. For example the following two bugs need test cases running the
9pfs 'local' fs driver:

https://bugs.launchpad.net/qemu/+bug/1336794
https://bugs.launchpad.net/qemu/+bug/1877384

This patch set for that reason introduces 9pfs test cases using the 9pfs
'local' filesystem driver along to the already existing tests on 'synth'.

# gpg: Signature made Mon 19 Oct 2020 13:39:08 BST
# gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg:                issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
#      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395

* remotes/cschoenebeck/tags/pull-9p-20201019:
  tests/9pfs: add local Tmkdir test
  tests/9pfs: add virtio_9p_test_path()
  tests/9pfs: wipe local 9pfs test directory
  tests/9pfs: introduce local tests
  tests/9pfs: change qtest name prefix to synth
  9pfs: suppress performance warnings on qtest runs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19 14:39:27 +01:00
Peter Maydell
000f5b8f46 usb: fixes for dwc2 + ehci.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfjYeMAAoJEEy22O7T6HE4OJ4P/jfLNSd+IEYjZ/bExbFkRo8C
 fkP6S6Q73T0h+kx2YkazotcERduxCx8hwBCrV5yRoVLyfVreYCso154KXW8fADdq
 N8ejZeTQDgtinfwM7sF0XpbaG2JSp/mi9h0GBYAyBl7VtGoVr2vU2WlKuJXRaU/G
 zZ48Cn0AXCJwLUELOyil05vIBWzdv6cFOg9PGvl7GAn2AxVqicE2Q895A2SsN3+j
 1zcZfgF37xeB2+CzaozggLxsmdjEHBmK4/v1+T62COjpFZp4FKM4YDb409dKDXFm
 Ld6ZgQnchL+7Hfs6Imh/7Y8xnoVew5nrNw/iwe5qUoc3vOXW9v7WCdgFJxYWuDWT
 VO8HKWSPGW5xcKNeBzswOw00POwvMsOc90ExkrLHX4s5613ITpv8JWUaoOIUygqU
 MeO5lcy7XnCzRdyhT9Bp7Asfn3chYEIaxG74YY1JOMiLhQLR+z79c1Tm6xiLZ6nH
 zueAG3+wHduMvE43+5y2e+1IRbyrhPlWWuuJBnMHkVEVe3FACfO14Ai1vkLy3D9J
 nF06F0O3QuxahmJuGaGemj6C1aI165Lj9hh27qRw/PEtq7qyXgtRvzWXgKMc+PSp
 xaVTTjuHl8jyOpBAPbyjM81xGqietimSHcHrXMABCzUNXiXuFEr3P1r0WkV4jifs
 77S1ndygtpitLpgZFwtx
 =etZw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20201019-pull-request' into staging

usb: fixes for dwc2 + ehci.

# gpg: Signature made Mon 19 Oct 2020 13:33:16 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20201019-pull-request:
  hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
  usb/hcd-ehci: Fix error handling on missing device for iTD
  usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19 13:43:43 +01:00
Christian Schoenebeck
b036d9ac69 9pfs: suppress performance warnings on qtest runs
Don't trigger any performance warning if we're just running test cases,
because tests intentionally run for edge cases.

So far performance warnings were suppressed for the 'synth' fs driver
backend only. This patch suppresses them for all 9p fs driver backends.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <a2d2ff2163f8853ea782a7a1d4e6f2afd7c29ffe.1603106145.git.qemu_oss@crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2020-10-19 14:25:40 +02:00
Peter Maydell
ba2a9a9e63 qemu-macppc updates
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAl+NPIweHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIf22AH/0e9QXSd2g7YRK2D
 3NY/HuHr+lZNkDtNJanIQ9FUbmyzB9fMux4xg7BabpyY89Zwd9viivc6DrkM5fGM
 12Yuq1IX/JOvolRvAMszAxUdnlLcB6OHDGrNBDyNFPK4Y87DLm86RJMTviiN/J/G
 vsnCDjuxyHYtBruBbB4e6W/0nYJsfFXsopZxfV9Baain3W1uytRUW8WnjHJsvhhe
 c7Dl4j5LcmXINtLn577kJIiVgZruk9FqADAnAcUM7+I0QRnhebshAoTpTzYCPAIy
 LmUkr5NHtujBsa3m1zI8tjevFhCjvHOYvH6vdrMG6WO8m5DnAnv1iYYuM4xzI0yB
 puOyz48=
 =ShX6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201019' into staging

qemu-macppc updates

# gpg: Signature made Mon 19 Oct 2020 08:13:16 BST
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-macppc-20201019:
  mac_oldworld: Change PCI address of macio to match real hardware
  mac_oldworld: Drop some variables
  mac_oldworld: Drop a variable, use get_system_memory() directly
  mac_newworld: Allow loading binary ROM image
  mac_oldworld: Allow loading binary ROM image
  m48t59: remove legacy m48t59_init() function
  ppc405_boards: use qdev properties instead of legacy m48t59_init() function
  sun4u: use qdev properties instead of legacy m48t59_init() function
  sun4m: use qdev properties instead of legacy m48t59_init() function
  m48t59-isa: remove legacy m48t59_init_isa() function
  uninorth: use qdev gpios for PCI IRQs
  grackle: use qdev gpios for PCI IRQs
  macio: don't reference serial_hd() directly within the device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19 11:46:03 +01:00
Peter Maydell
22d30b340a MIPS patches queue
. Fix some comment spelling errors
 . Demacro some TCG helpers
 . Add loongson-ext lswc2/lsdc2 group of instructions
 . Log unimplemented cache opcode
 . Increase number of TLB entries on the 34Kf core
 . Allow the CPU to use dynamic frequencies
 . Calculate the CP0 timer period using the CPU frequency
 . Set CPU frequency for each machine
 . Fix Malta FPGA I/O region size
 . Allow running qtests when ROM is missing
 . Add record/replay acceptance tests
 . Update MIPS CPU documentation
 . MAINTAINERS updates
 
 CI jobs results:
   https://gitlab.com/philmd/qemu/-/pipelines/203931842
   https://travis-ci.org/github/philmd/qemu/builds/736491461
   https://cirrus-ci.com/build/6272264062631936
   https://app.shippable.com/github/philmd/qemu/runs/886/summary/console
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl+K+NkACgkQ4+MsLN6t
 wN4oPRAArZ5v0fjGrylt9g4xCAygLoSMkH3sZxltB77UVN/dCawSTLK2seKKO5g/
 UtGt/j4/OAt8Ms+nF8FT+UZbknkgq+h7coOorHvz6gDEAx9UIg6/S2TRZJEx28+l
 LbzkqdxvNSoHRrQDpGo43xoaxjzCxSTSOKpPfje6p2YDxWjkxdr/ahcsbKHSKc+x
 uGdVdEAlLiAs/fBhkaJD3yy1VfqJKu8V5JJo1g4gSQOD1worRbZ4Us9QfuYr79Q7
 Kce1Z1MQSf/TceZuDubhzZBep5lF1uW4lTywcaDby0LvGNK4K+RnH+i+t7CNhtKs
 LH5j6iFQY1ecjb1Vh0IgKNAFaM2sTtO7A6fbBSOkVTO60wEp7i9fpbI5TRIjv7z/
 EBkzP3n00hhbFFDci6Lnh/Ko0Xy0ODe3Um5l410sTnJe9+LK0HR5V6WH8PD/wKV2
 nnKzSgb1U51KS6+FzLGLbQzDEvCgRKAJ9mwiQ+dlRfFHj+rEM6a9rlQmtsADBhKi
 sEx62BKe6mM/+qQL9AOwZ5xBmFAn6wquuLYoA2Bwfg0wPIiAiFTwrz/eVSm9qYsw
 O9Fer+1IMmd06T1REUtSDAh8+D2ekknKmFA3AG0818WvluD0Qm3KZp8uLLHJ/XkO
 jiRtmeW+hApeh8hP4E0bzmrfJPKseBCYYP1By7XavIOoCxlqhew=
 =BOxw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20201017' into staging

MIPS patches queue

. Fix some comment spelling errors
. Demacro some TCG helpers
. Add loongson-ext lswc2/lsdc2 group of instructions
. Log unimplemented cache opcode
. Increase number of TLB entries on the 34Kf core
. Allow the CPU to use dynamic frequencies
. Calculate the CP0 timer period using the CPU frequency
. Set CPU frequency for each machine
. Fix Malta FPGA I/O region size
. Allow running qtests when ROM is missing
. Add record/replay acceptance tests
. Update MIPS CPU documentation
. MAINTAINERS updates

CI jobs results:
  https://gitlab.com/philmd/qemu/-/pipelines/203931842
  https://travis-ci.org/github/philmd/qemu/builds/736491461
  https://cirrus-ci.com/build/6272264062631936
  https://app.shippable.com/github/philmd/qemu/runs/886/summary/console

# gpg: Signature made Sat 17 Oct 2020 14:59:53 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/mips-next-20201017: (44 commits)
  target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)
  MAINTAINERS: Remove duplicated Malta test entries
  MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail
  MAINTAINERS: Put myself forward for MIPS target
  MAINTAINERS: Remove myself
  docs/system: Update MIPS CPU documentation
  tests/acceptance: Add MIPS record/replay tests
  hw/mips: Remove exit(1) in case of missing ROM
  hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON
  hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)
  hw/mips: Simplify loading 64-bit ELF kernels
  hw/mips/malta: Use clearer qdev style
  hw/mips/malta: Move gt64120 related code together
  hw/mips/malta: Fix FPGA I/O region size
  target/mips/cpu: Display warning when CPU is used without input clock
  hw/mips/cps: Do not allow use without input clock
  hw/mips/malta: Set CPU frequency to 320 MHz
  hw/mips/boston: Set CPU frequency to 1 GHz
  hw/mips/cps: Expose input clock and connect it to CPU cores
  hw/mips/jazz: Correct CPU frequencies
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19 10:52:57 +01:00
Mauro Matteo Cascella
bea2a9e3e0 hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
Check the value of mps to avoid potential divide-by-zero later in the function.
Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest
from crashing the QEMU process on the host.

Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Paul Zimmerman <pauldzim@gmail.com>
Reported-by: Gaoning Pan <gaoning.pgn@antgroup.com>
Reported-by: Xingwei Lin <linyi.lxw@antfin.com>
Message-id: 20201015075957.268823-1-mcascell@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19 09:17:21 +02:00
Anthony PERARD
ccee80c68d usb/hcd-ehci: Fix error handling on missing device for iTD
The EHCI Host Controller emulation attempt to locate the device
associated with a periodic isochronous transfer description (iTD) and
when this fail the host controller is reset.

But according the EHCI spec 1.0 section 5.15.2.4 Host System
Error, the host controller is supposed to reset itself only when it
failed to communicate with the Host (Operating System), like when
there's an error on the PCI bus. If a transaction fails, there's
nothing in the spec that say to reset the host controller.

This patch rework the error path so that the host controller can keep
working when the OS setup a bogus transaction, it also revert to the
behavior of the EHCI emulation to before commits:
e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()")
7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()")

The issue has been found while trying to passthrough a USB device to a
Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB
device from working in Windows. ("usb-ehci" alone works, windows only
setup this weird periodic iTD to device 127 endpoint 15 when the USB
device is passthrough.)

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19 09:17:08 +02:00
Paul Zimmerman
69958d8a3d usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)
Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...),
to prevent the guest from causing Qemu to assert. Also fix up
several existing qemu_log_mask()s to include the function name in
the message.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200920021449.830-1-pauldzim@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19 09:12:20 +02:00
BALATON Zoltan
bb997e5c96 mac_oldworld: Change PCI address of macio to match real hardware
The board firmware expect these to be at fixed addresses and programs
them without probing, this patch puts the macio device at the expected
PCI address.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <f14bcaf3cf129500710ba5289980a134086bd949.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19 08:11:21 +01:00
BALATON Zoltan
b8df32555c mac_oldworld: Drop some variables
Values not used frequently enough may not worth putting in a local
variable, especially with names almost as long as the original value
because that does not improve readability, to the contrary it makes it
harder to see what value is used. Drop a few such variables.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <d67bc8d914a366ca6822b5190c1308d31af5c9b3.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19 08:11:21 +01:00
BALATON Zoltan
c3481ab096 mac_oldworld: Drop a variable, use get_system_memory() directly
Half of the occurances already use get_system_memory() directly
instead of sysmem variable, convert the two other uses to
get_system_memory() too which seems to be more common and drop the
variable.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <b4c714e03690deb6f94f80f7a5b2af47d90550ae.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19 08:11:21 +01:00
BALATON Zoltan
31a6f3534a mac_newworld: Allow loading binary ROM image
Fall back to load binary ROM image if loading ELF fails. This also
moves PROM_BASE and PROM_SIZE defines to board as these are matching
the ROM size and address on this board and removes the now unused
PROM_ADDR and BIOS_SIZE defines from common mac.h.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <4d58ffe7645a0c746c8fed6aa8775c0867b624e0.1602805637.git.balaton@eik.bme.hu>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19 08:11:21 +01:00