Commit Graph

83227 Commits

Author SHA1 Message Date
Eduardo Habkost
1b36e4f5a5 cpu: Move cpu_common_props to hw/core/cpu.c
There's no reason to keep the property list separate from the CPU
class code.  Move the variable to hw/core/cpu.c and make it
static.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201211220529.2290218-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
180c00dfc7 cs4231: Get rid of empty property array
An empty props array is unnecessary, we can just not call
device_class_set_props().

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201211220529.2290218-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
f0e34a06f6 netfilter: Use class properties
Instance properties make introspection hard and are not shown by
"-object ...,help".  Convert them to class properties.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20201111183823.283752-12-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
6d11ea6d8e netfilter: Reorder functions
Trivial code reordering in some filter backends, to make the next
changes easier to review.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20201111183823.283752-11-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
70b756674c can_host: Use class properties
Instance properties make introspection hard and are not shown by
"-object ...,help".  Convert them to class properties.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Message-Id: <20201111183823.283752-9-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
85cc807cbc arm/cpu64: Register "aarch64" as class property
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-8-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
27edeeaafe virt: Register "its" as class property
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Note: "its" is currently registered conditionally, but this makes
the feature be registered unconditionally.  The only side effect
is that it will be now possible to set its=on on virt-2.7 and
older.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-7-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
b91def7b83 arm/virt: Register most properties as class properties
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-6-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:02:07 -05:00
Eduardo Habkost
f5730c69f0 i386: Register feature bit properties as class properties
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Also, the hundreds of instance properties were having an impact
on QMP commands that create temporary CPU objects.  On my
machine, run time of qmp_query_cpu_definitions() changed
from ~200ms to ~16ms after applying this patch.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20201111183823.283752-5-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-15 10:01:32 -05:00
Peter Maydell
ffb1e2ed7c audio: coreaudio playback state fixes.
audio: misc cleanups.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJf2L6NAAoJEEy22O7T6HE4INYP/3pQcXUPqEMlJaMTqVcax9DF
 7+YqfH1g8+B5nCciJ36yPGYv5aH1XNkzJGhZVOCLcNu5/x9jk5NiKp1weEseba3r
 LRiRsFOJ6mm56L1Rm7LFIzmQKbtIInrO+Zwz70juGiWvytHYi7UzmlXSidQLsh6B
 /xDYfvPJlxe5K31hN7P5SXHvQDou8KO8a2YxP0FnDssv5o/tAJoUaayTAkw45b5+
 VpZAQdzSaeJd8DMTkvVkrAlKwrCym6vSKHHAY16kNiJBsnBLCgKKP8Fj7Him9qjw
 xJJplJ7aToA+yBQxGMZeckOXBLJMoXyilADnPBWdL/pfWUoq2mgQytdrXnE5WopC
 OI+I0ayVlx+v7MqqfGrahIW2MG+RBrZeivHKycZl2qjXBJaIRD0yIvX/YgqBfi6O
 trkFe80E2iRERGCZmZ2j5n+5AbSgJ1qzm/6dlufcv50qSW4VciaHG17pqCrDQSLF
 gDqd7KwTpwkLlwDI9It1xBBU8/XKVy4SWK7pfLH8K0ydPeqhHj7ScyHT4qriNnmC
 PFetbOqxFwJUjb3suYmR56jo2QIUCArEhiv8T41C+y9yV9f9pPn8EJ0NPW0PY7Tt
 B/gsQiR/bG/GUD1zthzbkZEXQK2drXPQ4dh80o7x9hM97PX2HV4hW2CI24AHe6Me
 rDyvmsPf7cS8NNcVXBg1
 =/p1y
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20201215-pull-request' into staging

audio: coreaudio playback state fixes.
audio: misc cleanups.

# gpg: Signature made Tue 15 Dec 2020 13:47:57 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20201215-pull-request:
  audio: add sanity check
  audio: Simplify audio_bug() removing old code
  cs4231: Get rid of empty property array
  audio: remove unused function audio_is_cleaning_up()
  coreaudio: always stop audio playback on shut down
  coreaudio: don't start playback in init routine
  coreaudio: rename misnamed variable fake_as

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:58:18 +00:00
Joe Komlodi
23af268566 hw/block/m25p80: Fix Numonyx fast read dummy cycle count
Numonyx chips determine the number of cycles to wait based on bits 7:4
in the volatile configuration register.

However, if these bits are 0x0 or 0xF, the number of dummy cycles to
wait is 10 for QIOR and QIOR4 commands or when in QIO mode, and otherwise 8 for
the currently supported fast read commands. [1]

[1]
https://www.micron.com/-/media/client/global/documents/products/data-sheet/nor-flash/serial-nor/mt25q/die-rev-b/mt25q_qlkt_u_02g_cbb_0.pdf?rev=9b167fbf2b3645efba6385949a72e453

Signed-off-by: Joe Komlodi <komlodi@xilinx.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com>
Message-id: 1605568264-26376-5-git-send-email-komlodi@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:39:30 +00:00
Joe Komlodi
2348623117 hw/block/m25p80: Check SPI mode before running some Numonyx commands
Some Numonyx flash commands cannot be executed in DIO and QIO mode, such as
trying to do DPP or DOR when in QIO mode.

Signed-off-by: Joe Komlodi <komlodi@xilinx.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com>
Message-id: 1605568264-26376-4-git-send-email-komlodi@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:39:30 +00:00
Joe Komlodi
fc5df349da hw/block/m25p80: Fix when VCFG XIP bit is set for Numonyx
VCFG XIP is set (disabled) when the NVCFG XIP bits are all set (disabled).

Signed-off-by: Joe Komlodi <komlodi@xilinx.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com>
Message-id: 1605568264-26376-3-git-send-email-komlodi@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:39:30 +00:00
Joe Komlodi
09414144cd hw/block/m25p80: Make Numonyx config field names more accurate
The previous naming of the configuration registers made it sound like that if
the bits were set the settings would be enabled, while the opposite is true.

Signed-off-by: Joe Komlodi <komlodi@xilinx.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com>
Message-id: 1605568264-26376-2-git-send-email-komlodi@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:39:30 +00:00
Philippe Mathieu-Daudé
98a8cc741d hw/misc/zynq_slcr: Avoid #DIV/0! error
Malicious user can set the feedback divisor for the PLLs
to zero, triggering a floating-point exception (SIGFPE).

As the datasheet [*] is not clear how hardware behaves
when these bits are zeroes, use the maximum divisor
possible (128) to avoid the software FPE.

[*] Zynq-7000 TRM, UG585 (v1.12.2)
    B.28 System Level Control Registers (slcr)
    -> "Register (slcr) ARM_PLL_CTRL"
    25.10.4 PLLs
    -> "Software-Controlled PLL Update"

Fixes: 38867cb7ec ("hw/misc/zynq_slcr: add clock generation for uarts")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20201210141610.884600-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 13:36:45 +00:00
Vikram Garhwal
144677d41b arm: xlnx-versal: Connect usb to virt-versal
Connect VersalUsb2 subsystem to xlnx-versal SOC, its placed
in iou of lpd domain and configure it as dual port host controller.
Add the respective guest dts nodes for "xlnx-versal-virt" machine.

Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1607023357-5096-5-git-send-email-sai.pavan.boddu@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 12:04:30 +00:00
Sai Pavan Boddu
e29c7db19d usb: xlnx-usb-subsystem: Add xilinx usb subsystem
This model is a top level integration wrapper for hcd-dwc3 and
versal-usb2-ctrl-regs modules, this is used by xilinx versal soc's and
future xilinx usb subsystems would also be part of it.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1607023357-5096-4-git-send-email-sai.pavan.boddu@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 12:04:30 +00:00
Vikram Garhwal
8bbe61f3c1 usb: Add DWC3 model
This patch adds skeleton model of dwc3 usb controller attached to
xhci-sysbus device. It defines global register space of DWC3 controller,
global registers control the AXI/AHB interfaces properties, external FIFO
support and event count support. All of which are unimplemented at
present,we are only supporting core reset and read of ID register.

Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1607023357-5096-3-git-send-email-sai.pavan.boddu@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 12:04:30 +00:00
Sai Pavan Boddu
50e76a73de usb: Add versal-usb2-ctrl-regs module
This module emulates control registers of versal usb2 controller, this is added
just to make guest happy. In general this module would control the phy-reset
signal from usb controller, data coherency of the transactions, signals
the host system errors received from controller.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1607023357-5096-2-git-send-email-sai.pavan.boddu@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-15 12:04:30 +00:00
Peter Maydell
311ca11e38 elf_ops.h: Be more verbose with ROM blob names
Instead of making the ROM blob name something like:
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf
make it a little more self-explanatory for people who don't know
ELF format details:
  /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf ELF program header segment 0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201129203923.10622-5-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
926c9063dc elf_ops.h: Don't truncate name of the ROM blobs we create
Currently the load_elf code assembles the ROM blob name into a
local 128 byte fixed-size array. Use g_strdup_printf() instead so
that we don't truncate the pathname if it happens to be long.
(This matters mostly for monitor 'info roms' output and for the
error messages if ROM blobs overlap.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201129203923.10622-4-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
837a059516 hw/core/loader.c: Improve reporting of ROM overlap errors
In rom_check_and_register_reset() we report to the user if there is
a "ROM region overlap". This has a couple of problems:
 * the reported information is not very easy to intepret
 * the function just prints the overlap to stderr (and relies on
   its single callsite in vl.c to do an error_report() and exit)
 * only the first overlap encountered is diagnosed

Make this function use error_report() and error_printf() and
report a more user-friendly report with all the overlaps
diagnosed.

Sample old output:

rom: requested regions overlap (rom dtb. free=0x0000000000008000, addr=0x0000000000000000)
qemu-system-aarch64: rom check and register reset failed

Sample new output:

qemu-system-aarch64: Some ROM regions are overlapping
These ROM regions might have been loaded by direct user request or by default.
They could be BIOS/firmware images, a guest kernel, initrd or some other file loaded into guest memory.
Check whether you intended to load all this guest code, and whether it has been built to load to the correct addresses.

The following two regions overlap (in the cpu-memory-0 address space):
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf (addresses 0x0000000000000000 - 0x0000000000008000)
  dtb (addresses 0x0000000000000000 - 0x0000000000100000)

The following two regions overlap (in the cpu-memory-0 address space):
  phdr #1: /home/petmay01/linaro/qemu-misc-tests/bad-psci-call.axf (addresses 0x0000000040000000 - 0x0000000040000010)
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/bp-test.elf (addresses 0x0000000040000000 - 0x0000000040000020)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201129203923.10622-3-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
5b1de52047 hw/core/loader.c: Track last-seen ROM in rom_check_and_register_reset()
In rom_check_and_register_reset() we detect overlaps by looking at
whether the ROM blob we're currently examining is in the same address
space and starts before the previous ROM blob ends.  (This works
because the ROM list is kept sorted in order by AddressSpace and then
by address.)

Instead of keeping the AddressSpace and last address of the previous ROM
blob in local variables, just keep a pointer to it.

This will allow us to print more useful information when we do detect
an overlap.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201129203923.10622-2-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
05bcbcf279 target/nios2: Use deposit32() to update ipending register
In nios2_cpu_set_irq(), use deposit32() rather than raw shift-and-mask
operations to set the appropriate bit in the ipending register.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201129174022.26530-4-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
2c87548ef4 target/nios2: Move nios2_check_interrupts() into target/nios2
The function nios2_check_interrupts)() looks only at CPU-internal
state; it belongs in target/nios2, not hw/nios2.  Move it into the
same file as its only caller, so it can just be local to that file.

This removes the only remaining code from cpu_pic.c, so we can delete
that file entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201129174022.26530-3-peter.maydell@linaro.org
Reviewed-by: Wentong Wu <wentong.wu@intel.com>
Tested-by: Wentong Wu <wentong.wu@intel.com>
2020-12-15 12:04:30 +00:00
Peter Maydell
cd2528de2c target/nios2: Move IIC code into CPU object proper
The Nios2 architecture supports two different interrupt controller
options:

 * The IIC (Internal Interrupt Controller) is part of the CPU itself;
   it has 32 IRQ input lines and no NMI support.  Interrupt status is
   queried and controlled via the CPU's ipending and istatus
   registers.

 * The EIC (External Interrupt Controller) interface allows the CPU
   to connect to an external interrupt controller.  The interface
   allows the interrupt controller to present a packet of information
   containing:
    - handler address
    - interrupt level
    - register set
    - NMI mode

QEMU does not model an EIC currently.  We do model the IIC, but its
implementation is split across code in hw/nios2/cpu_pic.c and
hw/intc/nios2_iic.c.  The code in those two files has no state of its
own -- the IIC state is in the Nios2CPU state struct.

Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they
can have GPIO input lines themselves, so we can implement the IIC
directly in the CPU object the same way that real hardware does.

Create named "IRQ" GPIO inputs to the Nios2 CPU object, and make the
only user of the IIC wire up directly to those instead.

Note that the old code had an "NMI" concept which was entirely unused
and also as far as I can see not architecturally correct, since only
the EIC has a concept of an NMI.

This fixes a Coverity-reported trivial memory leak of the IRQ array
allocated in nios2_cpu_pic_init().

Fixes: Coverity CID 1421916
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201129174022.26530-2-peter.maydell@linaro.org
Reviewed-by: Wentong Wu <wentong.wu@intel.com>
Tested-by: Wentong Wu <wentong.wu@intel.com>
2020-12-15 12:04:30 +00:00
Peter Maydell
71b3254dd2 target/openrisc: Move pic_cpu code into CPU object proper
The openrisc code uses an old style of interrupt handling, where a
separate standalone set of qemu_irqs invoke a function
openrisc_pic_cpu_handler() which signals the interrupt to the CPU
proper by directly calling cpu_interrupt() and cpu_reset_interrupt().
Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they
can have GPIO input lines themselves, and the neater modern way to
implement this is to simply have the CPU object itself provide the
input IRQ lines.

Create GPIO inputs to the OpenRISC CPU object, and make the only user
of cpu_openrisc_pic_init() wire up directly to those instead.

This allows us to delete the hw/openrisc/pic_cpu.c file entirely.

This fixes a trivial memory leak reported by Coverity of the IRQs
allocated in cpu_openrisc_pic_init().

Fixes: Coverity CID 1421934
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stafford Horne <shorne@gmail.com>
Message-id: 20201127225127.14770-4-peter.maydell@linaro.org
2020-12-15 12:04:30 +00:00
Peter Maydell
eaca43a0f7 hw/openrisc/openrisc_sim: Abstract out "get IRQ x of CPU y"
We're about to refactor the OpenRISC pic_cpu code in a way that means
that just grabbing the whole qemu_irq[] array of inbound IRQs for a
CPU won't be possible any more.  Abstract out a function for "return
the qemu_irq for IRQ x input of CPU y" so we can more easily replace
the implementation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stafford Horne <shorne@gmail.com>
Message-id: 20201127225127.14770-3-peter.maydell@linaro.org
2020-12-15 12:04:29 +00:00
Peter Maydell
1eeffbeb11 hw/openrisc/openrisc_sim: Use IRQ splitter when connecting IRQ to multiple CPUs
openrisc_sim_net_init() attempts to connect the IRQ line from the
ethernet device to both CPUs in an SMP configuration by simply caling
sysbus_connect_irq() for it twice.  This doesn't work, because the
second connection simply overrides the first.

Fix this by creating a TYPE_SPLIT_IRQ to split the IRQ in the SMP
case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stafford Horne <shorne@gmail.com>
Message-id: 20201127225127.14770-2-peter.maydell@linaro.org
2020-12-15 12:04:29 +00:00
Peter Maydell
3ddd903638 gdbstub: Correct misparsing of vCont C/S requests
In the vCont packet, two of the command actions (C and S) take an
argument specifying the signal to be sent to the process/thread, which is
sent as an ASCII string of two hex digits which immediately follow the
'C' or 'S' character.

Our code for parsing this packet accidentally skipped the first of the
two bytes of the signal value, because it started parsing the hex string
at 'p + 1' when the preceding code had already moved past the 'C' or
'S' with "cur_action = *p++".

This meant that we would only do the right thing for signals below
10, and would misinterpret the rest.  For instance, when the debugger
wants to send the process a SIGPROF (27 on x86-64) we mangle this into
a SIGSEGV (11).

Remove the accidental double increment.

Fixes: https://bugs.launchpad.net/qemu/+bug/1773743
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20201121210342.10089-1-peter.maydell@linaro.org
2020-12-15 12:04:29 +00:00
Gerd Hoffmann
06c8c37538 audio: add sanity check
Check whenever we actually found the spiceaudio driver
before flipping the can_be_default field.

Fixes: f0c4555edf ("audio: remove qemu_spice_audio_init()")
Buglink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977301
Reported-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20201215081151.20095-1-kraxel@redhat.com>
2020-12-15 09:28:52 +01:00
Philippe Mathieu-Daudé
ab32b78cd1 audio: Simplify audio_bug() removing old code
This code (introduced in commit 1d14ffa97e, Oct 2005)
is likely unused since years. Time to remove it.  If
the condition is true, simply call abort().

Suggested-by: Gerd Hoffmann <gerd@kraxel.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201210223506.263709-1-philmd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:23:14 +01:00
Eduardo Habkost
44ba603937 cs4231: Get rid of empty property array
An empty props array is unnecessary, we can just not call
device_class_set_props().

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20201211220529.2290218-2-ehabkost@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:21:09 +01:00
Volker Rümelin
ba6371b0c3 audio: remove unused function audio_is_cleaning_up()
The previous commit removed the last call site of
audio_is_cleaning_up(). Remove the now unused function.

Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20201213130528.5863-4-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:14:17 +01:00
Volker Rümelin
ceb1165e9d coreaudio: always stop audio playback on shut down
Always stop audio playback and remove the playback callback when
QEMU exits.

On shut down the function coreaudio_fini_out() destroys the
coreaudio mutex but fails to stop audio playback and to remove the
audio playback callback, because function audio_is_cleaning_up()
always returns true when called from coreaudio_fini_out(). Now
there is a time window from pthread_mutex_destroy() to program
exit where Core Audio may call the audio playback callback which
tries to lock the destroyed coreaudio mutex. This leads to the
following error.

coreaudio: Could not lock voice for audioDeviceIOProc
Reason: Invalid argument

This bug was reported on the qemu-discuss mailing list.
https://lists.nongnu.org/archive/html/qemu-discuss/2020-10/msg00018.html

Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20201213130528.5863-3-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:14:17 +01:00
Volker Rümelin
53e78d1cfb coreaudio: don't start playback in init routine
Every emulated audio device has a way to enable audio playback. Don't
start playback until the guest enables the audio device to keep the
Core Audio device run state in sync with hw->enabled.

Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20201213130528.5863-2-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:14:17 +01:00
Volker Rümelin
1d47067394 coreaudio: rename misnamed variable fake_as
While the variable once was used to fake audio settings, since
commit ed2a4a7941 "audio: proper support for float samples in
mixeng" this is no longer true. Rename the variable to obt_as.
This is the same naming scheme as in audio/sdlaudio.c

Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20201213130528.5863-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-15 09:14:17 +01:00
Peter Maydell
5bfbd8170c Pull request trivial-patches 20201214
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl/XiicSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748bygP/2JohvciAFlaIi3WzPdfhk92lqspDmS1
 GAuPFtAw0RUVVbbGKo0xjJtWA4i4c/WbSbdSF7ideNJe8Pz18F5yC94HyMpRAAc7
 rD5gEk4bNjn4JHlI7vUsGIe5f7fb/KeEs139DKow2HuKY7guIA/FB8VIBks80ru7
 jUAffuEV7/Ok+3SySIf6j8HxgwG/EoClxyfG0KQAuQeRq3w4ztibY25g5fE7TJtV
 np5cHAkw7sjbhfWXWudqq451JiTVY5SNPyK7/4dPknw/HuVJOroyfXVdtKcNkj+7
 PhaNjZe/JHWLwjDStVXh69dnJ2KCVtXNt0nTv9/tU3ZtwsLWGDbzlbvHXDtPB7AC
 2ede7cu996PJ1zC40x2TMo4Jm1jjTVWpeaNA9RAEE9uEbj4RkYOcnS4iZcCe1a75
 9bILtIpiXyFbCQseAQbR+nWE0YPZj4r6O4euifAqExIUnGePMKUDCtziN+asGVxZ
 2FticT38Pt92cgPJJnIblO0LYqjjjUDIolhw9O+v1ZHHU2caUJTQA0Xp/SMRWpuo
 0WBrXZ32TjaGq8DbSzsIfdtrqEsO6vnsaMtQLyJLiPChWjiU/0MjV515khdOd9yF
 gCGU5661IoNV/LfdXjMgJrVVzVA2oL9XkZTdjElNbQUDwSwuyFEZcmCJBuAVv3zf
 ozrnQmzl8m8P
 =aOV/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.0-pull-request' into staging

Pull request trivial-patches 20201214

# gpg: Signature made Mon 14 Dec 2020 15:52:07 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-6.0-pull-request:
  configure / meson: Move check for linux/btrfs.h to meson.build
  configure / meson: Move check for sys/kcov.h to meson.build
  configure / meson: Move check for sys/signal.h to meson.build
  configure / meson: Move check for drm.h to meson.build
  configure / meson: Move check for pty.h to meson.build
  configure: Remove the obsolete check for ifaddrs.h
  blockdev: Fix a memleak in drive_backup_prepare()
  block/file-posix: fix a possible undefined behavior
  elf2dmp/pdb: Plug memleak in pdb_init_from_file
  elf2dmp/qemu_elf: Plug memleak in QEMU_Elf_init
  configure: Test if $make actually exists
  ads7846: moves from the hw/display folder to the hw/input folder.
  CODING_STYLE.rst: Be less strict about 80 character limit
  fsdev: open brace '{' following struct go on the same line
  hw/pci-host/pam: Replace magic number by PAM_REGIONS_COUNT definition
  hw/xen: Don't use '#' flag of printf format
  MAINTAINERS: update my email address
  qemu-options.hx: Fix minor issues in icount documentation
  target/i386: tracing: format length values as hex

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-14 20:32:38 +00:00
Eduardo Habkost
0b43b6e534 tmp421: Register properties as class properties
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-4-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-14 14:25:44 -05:00
Eduardo Habkost
fdfe5ba4a8 vexpress-a15: Register "virtualization" as class property
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-14 14:25:44 -05:00
Eduardo Habkost
4433bb3d83 vexpress: Register "secure" as class property
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201111183823.283752-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-12-14 14:25:44 -05:00
Peter Maydell
aa14de0866 MIPS patches queue
. Allow executing MSA instructions on Loongson-3A4000
 . Update Huacai Chen email address
 . Various cleanups:
   - unused headers removal
   - use definitions instead of magic values
   - remove dead code
   - avoid calling unused code
 . Various code movements
 
 CI jobs results:
   https://gitlab.com/philmd/qemu/-/pipelines/229120169
   https://cirrus-ci.com/build/4857731557359616
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl/WdywACgkQ4+MsLN6t
 wN4uTBAAzixGUFev/av6nKdy1gGY/ZUfA5wC+FwZDIbdiEB2gYrxwcKGWoq5bu4V
 5oGVR/de5NgJRY+cX/YKdI4sYdu19a4uj8ntZZnBNM/GmQ+4CpLuykWRbzwlSnDf
 bDKvxNXtVdVmIf/8TkQ9vARWh9KvvRPxGt5HE6XFxws+Ky859Zf/YOdDTCefjCmQ
 GO0QaBOssGhs5LdFDOUCTBJ9C+J657nKU+0SIJbAlkB3LWq5cND3cZk+g3VFUdER
 ZnK+gJiDaTomo0F6HT9xbVy+lDoMqtJ7PV6QENpjTYU/bq67ddbGY3/wZL22XBLX
 penGD+MqMJhQBqVhsQE3NPn+K8GwlP/7Cg5w0xWW3h5mz5o98hBuqsTUqe2IPeVv
 wdx8e/OGAfTn9Qx0DE1iHd0V1VgV/Iq9/GShQDXulMBUHr2AcbgiYI5GEwuKLsrB
 uTUA6x6V8VlAz4U+34FMFIViJmrPv+8kF4S22kTfV7U20X06ralGBkx8wq6HqMwJ
 LSYPiglzrMfiWUKyPr2HixbqicWotyYq2+++pSrvy3xsrQDfy9OHCOoCj4z0VGn7
 YPkX/4UfIoxhOo+37QN5uAkZMFA/z9fij01YYd70yuNJqulD2Hwn25oeo90WVO98
 pPExXE2ABw02hcHHAV0iYZpYK34k65Ewii57xLA+CE081ezdqyc=
 =tGmL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-20201213' into staging

MIPS patches queue

. Allow executing MSA instructions on Loongson-3A4000
. Update Huacai Chen email address
. Various cleanups:
  - unused headers removal
  - use definitions instead of magic values
  - remove dead code
  - avoid calling unused code
. Various code movements

CI jobs results:
  https://gitlab.com/philmd/qemu/-/pipelines/229120169
  https://cirrus-ci.com/build/4857731557359616

# gpg: Signature made Sun 13 Dec 2020 20:18:52 GMT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/mips-20201213: (26 commits)
  target/mips: Use FloatRoundMode enum for FCR31 modes conversion
  target/mips: Remove unused headers from fpu_helper.c
  target/mips: Inline cpu_mips_realize_env() in mips_cpu_realizefn()
  target/mips: Move cpu definitions, reset() and realize() to cpu.c
  target/mips: Move mips_cpu_add_definition() from helper.c to cpu.c
  target/mips: Extract cpu_supports*/cpu_set* translate.c
  hw/mips/malta: Rewrite CP0_MVPConf0 access using deposit()
  hw/mips/malta: Do not initialize MT registers if MT ASE absent
  target/mips: Do not initialize MT registers if MT ASE absent
  target/mips: Introduce ase_mt_available() helper
  target/mips: Remove mips_def_t unused argument from mvp_init()
  target/mips: Remove unused headers from op_helper.c
  target/mips: Remove unused headers from translate.c
  hw/mips: Move address translation helpers to target/mips/
  target/mips: Introduce cpu_supports_isa() taking CPUMIPSState argument
  target/mips: Rename cpu_supports_FEAT() as cpu_type_supports_FEAT()
  target/mips: Explicit Release 6 MMU types
  target/mips: Allow executing MSA instructions on Loongson-3A4000
  target/mips: Also display exception names in user-mode
  target/mips: Remove unused headers from cp0_helper.c
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-14 18:53:30 +00:00
Peter Maydell
37f04b71a9 ppc patch queue 2020-12-14
Here's my first pull request for qemu-6.0, with a bunch of things
 queued over the freeze.  Highlights are:
  * A bunch of cleanups to hotplug error paths from Greg Kurz
  * A number of TCG fixes from new contributor Giuseppe Musacchio
  * Added Greg Kurz as co-maintainer
  * Assorted other bugfixes and cleanups
 
 This supersedes ppc-for-6.0-20201211, the only change are some patch
 authors to better match qemu conventions.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl/W8KUACgkQbDjKyiDZ
 s5Jt4RAAhbYnMCPTj9zFsUwp1baJkDk8MYpDYGhcqvsYNPzejfTVSGFa3Db1t2JA
 JFGx1PU5tejpQx7BmwJnVAyzADIEuaeNbCSIx4RB8suVYA27YiTJLw16ycfp0sxh
 jgnCAOa9GJgZth3MBoaBtu5gsF1Ym3qf5vcMC+OwMTsLMSO0A343l+gOiiwZdQfl
 PAgV+Eu7BJWa8/lLAV1uh4Z0218Zp+PlHac0Kajz87gfzVGmAZ0Dp11HjxGnBInB
 6toRE4vnttzIbTcHaHynB43uMHHUCTI3z3RjLTXGIbCdMLebr7K5XENG5bDH2Rkx
 OqO2+Fu+Gs16D/Cc8F56kpMFKGG3sdC9dV+gx9V16tA19zlRfjXpSmziOyPzkyGU
 VyT7p0WwmFc8PUkTAvtfAAHKpqKzw3ucwr1tPdKo/Cynt6SllBrAwTY8vTOq3caI
 n1kAtWVCxCZ9H3VXSOizbs7gM8LLpVjpY1WDpzgqCviaFZk8I0h38Qs/M3TpB4aT
 Nv7nyjT6zRIOYHKtrVSN5YLmEq5c8+OOyN2cH9Q05Jp2l3/A7faHHrOePwWrnIxn
 I54FCnBA0pm/xHv5Ho4bkstzshSXbaqP35SnwJ1ucJRWam/0tybxXNKCSOIdKIql
 y267445WfJruRoq1SkaCDeDopJ//d/dxvgNT65KpjV8Chih4uq4=
 =KLS8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20201214' into staging

ppc patch queue 2020-12-14

Here's my first pull request for qemu-6.0, with a bunch of things
queued over the freeze.  Highlights are:
 * A bunch of cleanups to hotplug error paths from Greg Kurz
 * A number of TCG fixes from new contributor Giuseppe Musacchio
 * Added Greg Kurz as co-maintainer
 * Assorted other bugfixes and cleanups

This supersedes ppc-for-6.0-20201211, the only change are some patch
authors to better match qemu conventions.

# gpg: Signature made Mon 14 Dec 2020 04:57:09 GMT
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dg-gitlab/tags/ppc-for-6.0-20201214: (30 commits)
  spapr.c: set a 'kvm-type' default value instead of relying on NULL
  spapr: Pass sPAPR machine state to some RTAS events handling functions
  spapr: Don't use qdev_get_machine() in spapr_msi_write()
  spapr: Pass sPAPR machine state down to spapr_pci_switch_vga()
  target/ppc: Introduce an mmu_is_64bit() helper
  ppc/translate: Use POWERPC_MMU_64 to detect 64-bit MMU models
  ppc/e500: Free irqs array to avoid memleak
  MAINTAINERS: Add Greg Kurz as co-maintainer for ppc
  hw/ppc: Do not re-read the clock on pre_save if doing savevm
  target/ppc: Remove "compat" property of server class POWER CPUs
  spapr: spapr_drc_attach() cannot fail
  spapr: Simplify error path of spapr_core_plug()
  spapr: Abort if ppc_set_compat() fails for hot-plugged CPUs
  spapr: Fix pre-2.10 dummy ICP hack
  xive: Add trace events
  hw/ppc/spapr_tpm_proxy: Fix hexadecimal format string specifier
  ppc/translate: Rewrite gen_lxvdsx to use gvec primitives
  ppc/translate: Raise exceptions after setting the cc
  ppc/translate: Delay NaN checking after comparison
  ppc/translate: Turn the helper macros into functions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-14 16:31:15 +00:00
Peter Maydell
a930cadd83 tests/tcg/multiarch/Makefile.target: Disable run-gdbstub-sha1 test
Disable the run-gdbstub-sha1 test: it provokes an internal error
assertion failure in Ubuntu gdb 8.1.1-0ubuntu1 (Ubuntu gdb
8.1-0ubuntu3.2 also has this assert but we were previously skipping
this test because it doesn't support connection over local domain
sockets) :

timeout 60  /home/petmay01/linaro/qemu-for-merges/tests/guest-debug/run-test.py --gdb /usr/bin/gdb-multiar
/build/gdb-veKdC1/gdb-8.1.1/gdb/regcache.c:122: internal-error: void* init_regcache_descr(gdbarch*): Asser
A problem internal to GDB has been detected,
further debugging may prove unreliable.

This is a bug, please report it.  For instructions, see:
<http://www.gnu.org/software/gdb/bugs/>.

Aborted (core dumped)
/home/petmay01/linaro/qemu-for-merges/tests/tcg/multiarch/Makefile.target:51: recipe for target 'run-gdbst

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20201214133702.24088-1-peter.maydell@linaro.org
2020-12-14 15:31:31 +00:00
Daniel Henrique Barboza
07b10bc42c spapr.c: set a 'kvm-type' default value instead of relying on NULL
spapr_kvm_type() is considering 'vm_type=NULL' as a valid input, where
the function returns 0. This is relying on the current QEMU machine
options handling logic, where the absence of the 'kvm-type' option
will be reflected as 'vm_type=NULL' in this function.

This is not robust, and will break if QEMU options code decides to propagate
something else in the case mentioned above (e.g. an empty string instead
of NULL).

Let's avoid this entirely by setting a non-NULL default value in case of
no user input for 'kvm-type'. spapr_kvm_type() was changed to handle 3 fixed
values of kvm-type: "auto", "hv", and "pr", with "auto" being the default
if no kvm-type was set by the user. This allows us to always be predictable
regardless of any enhancements/changes made in QEMU options mechanics.

While we're at it, let's also document in 'kvm-type' description the
already existing default mode, now named 'auto'. The information provided
about it is based on how the pseries kernel handles the KVM_CREATE_VM
ioctl(), where the default value '0' makes the kernel choose an available
KVM module to use, giving precedence to kvm_hv. This logic is described in
the kernel source file arch/powerpc/kvm/powerpc.c, function kvm_arch_init_vm().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20201210145517.1532269-2-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
2020-12-14 15:54:12 +11:00
Greg Kurz
0ff6b52094 spapr: Pass sPAPR machine state to some RTAS events handling functions
Some functions in hw/ppc/spapr_events.c get a pointer to the machine
state using qdev_get_machine(). Convert them to get it from their
caller when possible.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201209170052.1431440-6-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-14 15:54:12 +11:00
Greg Kurz
56cca10eb5 spapr: Don't use qdev_get_machine() in spapr_msi_write()
spapr_phb_realize() passes the sPAPR machine state as opaque data
for the I/O callbacks:

memory_region_init_io(&sphb->msiwindow, OBJECT(sphb), &spapr_msi_ops, spapr,
                                                                      ^^^^^
                      "msi", msi_window_size);

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201209170052.1431440-5-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-14 15:54:12 +11:00
Greg Kurz
c4c81d7d51 spapr: Pass sPAPR machine state down to spapr_pci_switch_vga()
This allows to drop a user of qdev_get_machine().

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201209170052.1431440-4-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-14 15:54:12 +11:00
Greg Kurz
d57d72a874 target/ppc: Introduce an mmu_is_64bit() helper
Callers don't really need to know how 64-bit MMU model enums are
computed. Hide this in a helper.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201209173536.1437351-3-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-14 15:54:12 +11:00
Stephane Duverger
d55dfd446c ppc/translate: Use POWERPC_MMU_64 to detect 64-bit MMU models
The ppc_tr_init_disas_context() function currently checks whether the
MMU is 64-bit by ANDing its model type with POWERPC_MMU_64B. This is
wrong : POWERPC_MMU_64B isn't a mask, it is the generic MMU model for
pre-PowerISA-2.03 64-bit CPUs (ie. PowerPC 970 in QEMU).

Use POWERPC_MMU_64 instead of POWERPC_MMU_64B. This should fix a
potential bug with some 32-bit CPUs for which 'need_access_type'
was mis-computed because (POWERPC_MMU_32B & POWERPC_MMU_64B)
happens to be equal to 1. The end result being a crash in
ppc_hash32_direct_store() because the access type isn't set:

        cpu_abort(cs, "ERROR: instruction should not need "
                 "address translation\n");

This doesn't change anything for 'lazy_tlb_flush' since POWERPC_MMU_32B
is checked first.

Fixes: 5f2a625452 ("ppc: Don't set access_type on all load/stores on hash64")
Signed-off-by: Stephane Duverger <stephane.duverger@free.fr>
[groug: - extended patch to address another misuse of POWERPC_MMU_64B
        - updated title and changelog accordingly]
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201209173536.1437351-2-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-14 15:54:12 +11:00