Commit Graph

29525 Commits

Author SHA1 Message Date
David Hildenbrand
fd51e54fa1 virtio-balloon: don't start free page hinting if postcopy is possible
Postcopy never worked properly with 'free-page-hint=on', as there are
at least two issues:

1) With postcopy, the guest will never receive a VIRTIO_BALLOON_CMD_ID_DONE
   and consequently won't release free pages back to the OS once
   migration finishes.

   The issue is that for postcopy, we won't do a final bitmap sync while
   the guest is stopped on the source and
   virtio_balloon_free_page_hint_notify() will only call
   virtio_balloon_free_page_done() on the source during
   PRECOPY_NOTIFY_CLEANUP, after the VM state was already migrated to
   the destination.

2) Once the VM touches a page on the destination that has been excluded
   from migration on the source via qemu_guest_free_page_hint() while
   postcopy is active, that thread will stall until postcopy finishes
   and all threads are woken up. (with older Linux kernels that won't
   retry faults when woken up via userfaultfd, we might actually get a
   SEGFAULT)

   The issue is that the source will refuse to migrate any pages that
   are not marked as dirty in the dirty bmap -- for example, because the
   page might just have been sent. Consequently, the faulting thread will
   stall, waiting for the page to be migrated -- which could take quite
   a while and result in guest OS issues.

While we could fix 1) comparatively easily, 2) is harder to get right and
might require more involved RAM migration changes on source and destination
[1].

As it never worked properly, let's not start free page hinting in the
precopy notifier if the postcopy migration capability was enabled to fix
it easily. Capabilities cannot be enabled once migration is already
running.

Note 1: in the future we might either adjust migration code on the source
        to track pages that have actually been sent or adjust
        migration code on source and destination  to eventually send
        pages multiple times from the source and and deal with pages
        that are sent multiple times on the destination.

Note 2: virtio-mem has similar issues, however, access to "unplugged"
        memory by the guest is very rare and we would have to be very
        lucky for it to happen during migration. The spec states
        "The driver SHOULD NOT read from unplugged memory blocks ..."
        and "The driver MUST NOT write to unplugged memory blocks".
        virtio-mem will move away from virtio_balloon_free_page_done()
        soon and handle this case explicitly on the destination.

[1] https://lkml.kernel.org/r/e79fd18c-aa62-c1d8-c7f3-ba3fc2c25fc8@redhat.com

Fixes: c13c4153f7 ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Cc: qemu-stable@nongnu.org
Cc: Wei Wang <wei.w.wang@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210708095339.20274-2-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
2021-09-04 16:35:17 -04:00
Eduardo Habkost
b914e741e9 Use PCI_HOST_BRIDGE macro
OBJECT_CHECK(PciHostState, ..., TYPE_PCI_HOST_BRIDGE) is exactly
what the PCI_HOST_BRIDGE macro does.  We can just use the macro
instead of using OBJECT_CHECK manually.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210805193431.307761-7-ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:46 -04:00
Alyssa Ross
edb40732bf vhost-user: add missing space in error message
This would previously give error messages like

> Received unexpected msg type.Expected 0 received 1

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20210806143926.315725-1-hi@alyssa.is>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:46 -04:00
Tiberiu Georgescu
9b1d929adb hw/virtio: move vhost_set_backend_type() to vhost.c
Just a small refactor patch.

vhost_set_backend_type() gets called only in vhost.c, so we can move the
function there and make it static. We can then extern the visibility of
kernel_ops, to match the other VhostOps in vhost-backend.h.
The VhostOps constants now make more sense in vhost.h

Suggested-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Tiberiu Georgescu <tiberiu.georgescu@nutanix.com>
Message-Id: <20210809134015.67941-1-tiberiu.georgescu@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:46 -04:00
Ani Sinha
fe8adae345 hw/acpi: refactor acpi hp modules so that targets can just use what they need
Currently various acpi hotplug modules like cpu hotplug, memory hotplug, pci
hotplug, nvdimm hotplug are all pulled in when CONFIG_ACPI_X86 is turned on.
This brings in support for whole lot of subsystems that some targets like
mips does not need. They are added just to satisfy symbol dependencies. This
is ugly and should be avoided. Targets should be able to pull in just what they
need and no more. For example, mips only needs support for PIIX4 and does not
need acpi pci hotplug support or cpu hotplug support or memory hotplug support
etc. This change is an effort to clean this up.
In this change, new config variables are added for various acpi hotplug
subsystems. Targets like mips can only enable PIIX4 support and not the rest
of all the other modules which were being previously pulled in as a part of
CONFIG_ACPI_X86. Function stubs make sure that symbols which piix4 needs but
are not required by mips (for example, symbols specific to pci hotplug etc)
are available to satisfy the dependencies.

Currently, this change only addresses issues with mips malta targets. In future
we might be able to clean up other targets which are similarly pulling in lot
of unnecessary hotplug modules by enabling ACPI_X86.

This change should also address issues such as the following:
https://gitlab.com/qemu-project/qemu/-/issues/221
https://gitlab.com/qemu-project/qemu/-/issues/193

Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20210812071409.492299-1-ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:46 -04:00
Gerd Hoffmann
67cebca328 q35: catch invalid cpu hotplug configuration
Related: https://bugzilla.redhat.com//show_bug.cgi?id=1985924
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210812102341.3316254-1-kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:45 -04:00
Ani Sinha
aa29466b48 hw/acpi: define PIIX4 acpi pci hotplug property strings at a single place
Now that we have "acpi-pci-hotplug-with-bridge-support" PIIX4 PM property being
used for both q35 and i440fx machine types, it is better that we defined this
property string at a single place within a header file like other PIIX4
properties. We can then use this single definition at all the places that needs
it instead of duplicating the string everywhere. While at it, this change also
adds a definition for "acpi-root-pci-hotplug" PIIX4 PM property and uses
this definition at all places that were formally using the string value.

Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20210816083214.105740-1-ani@anisinha.ca>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:45 -04:00
Denis Plotnikov
699f2e535d vhost: make SET_VRING_ADDR, SET_FEATURES send replies
On vhost-user-blk migration, qemu normally sends a number of commands
to enable logging if VHOST_USER_PROTOCOL_F_LOG_SHMFD is negotiated.
Qemu sends VHOST_USER_SET_FEATURES to enable buffers logging and
VHOST_USER_SET_VRING_ADDR per each started ring to enable "used ring"
data logging.
The issue is that qemu doesn't wait for reply from the vhost daemon
for these commands which may result in races between qemu expectation
of logging starting and actual login starting in vhost daemon.

The race can appear as follows: on migration setup, qemu enables dirty page
logging by sending VHOST_USER_SET_FEATURES. The command doesn't arrive to a
vhost-user-blk daemon immediately and the daemon needs some time to turn the
logging on internally. If qemu doesn't wait for reply, after sending the
command, qemu may start migrateing memory pages to a destination. At this time,
the logging may not be actually turned on in the daemon but some guest pages,
which the daemon is about to write to, may have already been transferred
without logging to the destination. Since the logging wasn't turned on,
those pages won't be transferred again as dirty. So we may end up with
corrupted data on the destination.
The same scenario is applicable for "used ring" data logging, which is
turned on with VHOST_USER_SET_VRING_ADDR command.

To resolve this issue, this patch makes qemu wait for the command result
explicitly if VHOST_USER_PROTOCOL_F_REPLY_ACK is negotiated and logging enabled.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>

Message-Id: <20210809104824.78830-1-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:45 -04:00
Yajun Wu
1f89d3b91e hw/virtio: Fix leak of host-notifier memory-region
If call virtio_queue_set_host_notifier_mr fails, should free
host-notifier memory-region.

Fixes: 44866521bd ("vhost-user: support registering external host notifiers")
Signed-off-by: Yajun Wu <yajunw@nvidia.com>
Message-Id: <1629077555-19907-1-git-send-email-yajunw@nvidia.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:45 -04:00
Eugenio Pérez
e6db5df7e2 vhost-vdpa: Do not send empty IOTLB update batches
With the introduction of the batch hinting, meaningless batches can be
created with no IOTLB updates if the memory region was skipped by
vhost_vdpa_listener_skipped_section. This is the case of host notifiers
memory regions, device un/realize, and others. This causes the vdpa
device to receive dma mapping settings with no changes, a possibly
expensive operation for nothing.

To avoid that, VHOST_IOTLB_BATCH_BEGIN hint is delayed until we have a
meaningful (not skipped section) mapping or unmapping operation, and
VHOST_IOTLB_BATCH_END is not written unless at least one of _UPDATE /
_INVALIDATE has been issued.

v3:
  * Use a bool instead of a counter avoiding potential number wrapping
  * Fix bad check on _commit
  * Move VHOST_BACKEND_F_IOTLB_BATCH check to
    vhost_vdpa_iotlb_batch_begin_once

v2 (from RFC):
  * Rename misleading name
  * Abstract start batching function for listener_add/del

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20210812140933.226288-1-eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-09-04 09:07:45 -04:00
Peter Maydell
8880cc4362 9pfs: misc patches
* Fix an occasional crash when handling 'Twalk' requests.
 
 * Two code cleanup patches.
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmEwuKgXHHFlbXVfb3Nz
 QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5XBexAAzA8h4GhHKGXTMdJj9my94wfr
 qrcAp/ixQLqHwEPGS4HQi4qEvXJmqm/S9Jr5cbTgGdsq5VlmdvdW77HQVCXY/ECL
 h0ZbTYrjA1YGJWa/5TYGdsQhu15b6mplc3g7p35K+ZfwXx80qC/snQqMueX2l2yk
 JpMGMhTHlQTjIk6XYkMSUJ/0q60mgNEiiqpW5l7BnaFn3x5WQxtwUD85DLDBQBLU
 v9xtMYPy0WQ4acnqgY1ZeIRrBGGFLqcZgbaYdp05fYNGSO2yLT8wfVBfYu1FHEsZ
 E5biIqNJAorvWHLeytC8QzIJ+CWKDouZvyK3TFKU4mPEOEjDlrfxXTFT+VZycC/B
 v0RoIf2j5BNp4gVYcVIlrU3gDMr4DaC0gvgelbIe5R9lOg7iQ/TL6weazMabAGgw
 Q8Hqgd6ZPkvbKNzOIE5k7rMdrkoLETbV9FdmQjVa80g0T0veybiaKY4HHiU7QWM8
 NkQShABbi2YHCJIiTtKg3VRh1zCNl0Gch69Pbko4uXpnYLFvGQxMCU8spZ+7da8K
 b9Ya+u0cenCJiE6a5ywJaG8T2qL+wFtouDDBCbO8XiBmp/S6ZKJCA7PvphPXa+/z
 zTgTCZ4Tc76RBKBYxS4+/8Q9oyeGlxlHq2k+Dn3/wA16FkWkjCKFlpQ0jobiX5Ou
 uFPa19Ok9uGAt8oKzfQ=
 =q+nY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20210902' into staging

9pfs: misc patches

* Fix an occasional crash when handling 'Twalk' requests.

* Two code cleanup patches.

# gpg: Signature made Thu 02 Sep 2021 12:42:32 BST
# gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg:                issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
#      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395

* remotes/cschoenebeck/tags/pull-9p-20210902:
  9pfs: fix crash in v9fs_walk()
  hw/9pfs: use g_autofree in v9fs_walk() where possible
  hw/9pfs: avoid 'path' copy in v9fs_walk()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-03 08:27:38 +01:00
Peter Maydell
9093028dd4 Block patches:
- Make the backup-top filter driver available for user-created block
   nodes (i.e. via blockdev-add)
 - Allow running iotests with gdb or valgrind being attached to qemu
   instances
 - Fix the raw format driver's permissions: There is no metadata, so we
   only need WRITE or RESIZE when the parent needs it
 - Basic reopen implementation for win32 files (file-win32.c) so that
   qemu-img commit can work
 - uclibc/musl build fix for the FUSE export code
 - Some iotests delinting
 - block-hmp-cmds.c refactoring
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEy2LXoO44KeRfAE00ofpA0JgBnN8FAmEvleISHGhyZWl0ekBy
 ZWRoYXQuY29tAAoJEKH6QNCYAZzfdOEP/j4gutKzxqHEgaOxus3e1u77JnIX5OBO
 E3wr0W8IaILp3a3N8f8lcq8frw6aSvTmW8l2woKNbg/C1yuX4NFN9tyQ6jpoFAP9
 9X9GoPlU7YG5c1bEnJlO/ySt3xHRssIsZBpKWnzWwUI5nMpGUrNPem3rW8T2DaPy
 RwnRhBl2kzHYqyPXDx13lA3zKIunAISWRM9adWyKDdRo6Lqk0Us7ND+f6nRHJSG1
 uJ26uKWWXx+qYC7F8uc45vrOjesWwC0sqUn7RC/0pbBGp9L6Bgc3yWbnJWZBNEBM
 zbv47B6HsJs2tqHGj0T+EKkhqChGz3B/vMeSSw5c3dXFBfQ53Rjm4Nlr9YBzuCGV
 erMoq0j/Ytz8+T865N/kjzwdgkl+xcKWF/GIaM5rxiJ2syyCV9CY2SxD6AC+WPBk
 yCezNnZEAx2POS2ylRy+EQvJm3YdoWrXZr05Blj28TtqNLs3qCP7evG6IjH58idU
 A4YgmltwN5UdajOK9b7O7zFAFhCZCKqAVJNKI0NCTYaT3zEim5dduXfn3gHTu5Wl
 jgWvpicNgsEXC4/etp5jOVkbBXtelh66ibdDIQJEanAG1W0Br+gQIBLN84pf7gpY
 8R9BBpZRk2DzYJnYJS2FV6xRGKY+XjU4zd7yVfyq6jZYyvfUxBDhCghCB6M37EmJ
 oE64kzab7uVm
 =0tJJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/hreitz/tags/pull-block-2021-09-01' into staging

Block patches:
- Make the backup-top filter driver available for user-created block
  nodes (i.e. via blockdev-add)
- Allow running iotests with gdb or valgrind being attached to qemu
  instances
- Fix the raw format driver's permissions: There is no metadata, so we
  only need WRITE or RESIZE when the parent needs it
- Basic reopen implementation for win32 files (file-win32.c) so that
  qemu-img commit can work
- uclibc/musl build fix for the FUSE export code
- Some iotests delinting
- block-hmp-cmds.c refactoring

# gpg: Signature made Wed 01 Sep 2021 16:01:54 BST
# gpg:                using RSA key CB62D7A0EE3829E45F004D34A1FA40D098019CDF
# gpg:                issuer "hreitz@redhat.com"
# gpg: Good signature from "Hanna Reitz <hreitz@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: CB62 D7A0 EE38 29E4 5F00  4D34 A1FA 40D0 9801 9CDF

* remotes/hreitz/tags/pull-block-2021-09-01: (56 commits)
  block/file-win32: add reopen handlers
  block/export/fuse.c: fix fuse-lseek on uclibc or musl
  block/block-copy: block_copy_state_new(): drop extra arguments
  iotests/image-fleecing: add test-case for copy-before-write filter
  iotests/image-fleecing: prepare for adding new test-case
  iotests/image-fleecing: rename tgt_node
  iotests/image-fleecing: proper source device
  iotests.py: hmp_qemu_io: support qdev
  iotests: move 222 to tests/image-fleecing
  iotests/222: constantly use single quotes for strings
  iotests/222: fix pylint and mypy complains
  python:QEMUMachine: template typing for self returning methods
  python/qemu/machine: QEMUMachine: improve qmp() method
  python/qemu/machine.py: refactor _qemu_args()
  qapi: publish copy-before-write filter
  block/copy-before-write: make public block driver
  block/block-copy: make setting progress optional
  block/copy-before-write: initialize block-copy bitmap
  block/copy-before-write: cbw_init(): use options
  block/copy-before-write: bdrv_cbw_append(): drop unused compress arg
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-02 13:00:52 +01:00
Christian Schoenebeck
f83df00900 9pfs: fix crash in v9fs_walk()
v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the
supplied fs driver code block on a background worker thread.

When either the 'Twalk' client request was interrupted or if the client
requested fid for that 'Twalk' request caused a stat error then that
fs driver code block was left by 'break' keyword, with the intention to
return from worker thread back to main thread as well:

    v9fs_co_run_in_worker({
        if (v9fs_request_cancelled(pdu)) {
            err = -EINTR;
            break;
        }
        err = s->ops->lstat(&s->ctx, &dpath, &fidst);
        if (err < 0) {
            err = -errno;
            break;
        }
        ...
    });

However that 'break;' statement also skipped the v9fs_co_run_in_worker()
macro's final and mandatory

    /* re-enter back to qemu thread */
    qemu_coroutine_yield();

call and thus caused the rest of v9fs_walk() to be continued being
executed on the worker thread instead of main thread, eventually
leading to a crash in the transport virtio transport driver.

To fix this issue and to prevent the same error from happening again by
other users of v9fs_co_run_in_worker() in future, auto wrap the supplied
code block into its own

    do { } while (0);

loop inside the 'v9fs_co_run_in_worker' macro definition.

Full discussion and backtrace:
https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html
https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html

Fixes: 8d6cb10073
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1mLTBg-0002Bh-2D@lizzy.crudebyte.com>
2021-09-02 13:26:22 +02:00
Christian Schoenebeck
869605b5a0 hw/9pfs: use g_autofree in v9fs_walk() where possible
Suggested-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <b51670d2a39399535a035f6bc77c3cbeed85edae.1629208359.git.qemu_oss@crudebyte.com>
2021-09-02 13:26:22 +02:00
Christian Schoenebeck
97b1d8fdf6 hw/9pfs: avoid 'path' copy in v9fs_walk()
The v9fs_walk() function resolves all client submitted path nodes to the
local 'pathes' array. Using a separate string scalar variable 'path'
inside the background worker thread loop and copying that local 'path'
string scalar variable subsequently to the 'pathes' array (at the end of
each loop iteration) is not necessary.

Instead simply resolve each path directly to the 'pathes' array and
don't use the string scalar variable 'path' inside the fs worker thread
loop at all.

The only advantage of the 'path' scalar was that in case of an error
the respective 'pathes' element would not be filled. Right now this is
not an issue as the v9fs_walk() function returns as soon as any error
occurs.

Suggested-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <7dacbecf25b2c9b4a0ce12d689a8a535f09a31e3.1629208359.git.qemu_oss@crudebyte.com>
2021-09-02 13:26:22 +02:00
Peter Maydell
079b1252e9 * Refactor M-profile systick to use Clocks instead of system_clock_scale global
* clock: Provide builtin multiplier/divider
  * Add A64FX processor model
  * Enable MVE emulation in Cortex-M55
  * hw: Add compat machines for 6.2
  * hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
  * hw/arm/raspi: Remove deprecated raspi2/raspi3 aliases
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmEvV40ZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gO9EACbRq2XN67/3n8icVlCA/R0
 c1NKdar5yngG7EUoKg8rIHWSG4nlvGQxEsInjqccWpXUBwhRbmjIoI7OWOTVcNKL
 IxZPDgS619CPpUrOPtOouYYl3RiKpNS6v1BAne1IsZrMtydrioRCZIh8Wiz1cAod
 Ok8ts1hZIyg+n5gpYjeXs57Afsms4SCnt0zJT/4/VZXZmi+ohHVOzFX/ZGKmZyMP
 2lUHX8DcBCPW6JPt4poIP9MVs+44v9RajSMHfHFkNkJb0Q8sh+fgKbAdnxOW/6d+
 B381tMPtT5D1FZ5UmIwJl6XzY3JLJyU2ySQOtXlnkGWniuihxIwG0qBxwMsbPFrl
 bcTuJK5C20DmjFNH9jk9LMzKD4rDrLcADfoo/AfPe/JqTpE1t6zXcOzAgVTrPNx/
 tSDAXHAsmnJ2Y5O7h5MRUSG6R4h7+PRoutXQyGRi39VMNkiPmqltQtM9N1UaguOe
 +X3w3yjtsCotN1cLWq0u/UuC7FoDoCge/uBSzYIKoeu/WyJFGjuocWGg7TmwOJyd
 TzqrSOqCsAx9DhVJ1trO82qb31zpyFf4B1C05PMaoudzlgMfWfvXVDrtcRmO+kjn
 DmUB4vqz5g2jGroJWAVuN+wz245KqkSaHA6RRI5wf9n57H56T0Rfxa2o73A9TLZy
 M4T9XiJxDByGODYTu8ejXQ==
 =D5pQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210901' into staging

 * Refactor M-profile systick to use Clocks instead of system_clock_scale global
 * clock: Provide builtin multiplier/divider
 * Add A64FX processor model
 * Enable MVE emulation in Cortex-M55
 * hw: Add compat machines for 6.2
 * hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
 * hw/arm/raspi: Remove deprecated raspi2/raspi3 aliases

# gpg: Signature made Wed 01 Sep 2021 11:35:57 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210901: (51 commits)
  arm: Remove system_clock_scale global
  hw/timer/stellaris-gptm: Use Clock input instead of system_clock_scale
  hw/arm/stellaris: Split stellaris-gptm into its own file
  hw/arm/stellaris: Fix code style issues in GPTM code
  hw/timer/armv7m_systick: Use clock inputs instead of system_clock_scale
  hw/arm/msf2-soc: Wire up refclk
  hw/arm/msf2: Use Clock input to MSF2_SOC instead of m3clk property
  hw/arm/msf2_soc: Don't allocate separate MemoryRegions
  hw/arm/stellaris: Wire sysclk up to armv7m
  hw/arm/stellaris: split stellaris_sys_init()
  hw/arm/nrf51: Wire up sysclk
  hw/arm/stm32vldiscovery: Delete trailing blank line
  hw/arm/stm32f405: Wire up sysclk and refclk
  hw/arm/stm32f205: Wire up sysclk and refclk
  hw/arm/stm32f100: Wire up sysclk and refclk
  hw/arm: Don't allocate separate MemoryRegions in stm32 SoC realize
  clock: Provide builtin multiplier/divider
  hw/arm/mps2.c: Connect up armv7m clocks
  armsse: Wire up systick cpuclk clock
  hw/arm/armv7m: Create input clocks
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 17:45:38 +01:00
Peter Maydell
4c41a1c595 usb: bugfixes.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmEvI20ACgkQTLbY7tPo
 cTgn0w/8D6q00AJLux/xU65314uzibch7KpYFLaIUNnFl/Njuw+44RW2kUkmUVyC
 fzvsTLi3bmHgqQkYmKz3zAwoSQgKIMwepMxxulfZzp5ieSwETdTPWE9rOkelmeXT
 iL2B4zjHAuFKd3zQM/DBI2LrVDMfRMcJzTsgswE8eNPdHcFviHB1roqOivS4ET6T
 rBqlyBUJA7nmHYhx3L/PWlQeXCB/Zozn5lfGvp+adPYm1+wwSreseolEmuhHKyPm
 oDzV7TS7WWI8Nxr5w1wK9kHOz6ouKDulb4lw+YYQPaGQfQrNImxg5IXYFGCwtcAz
 zoKmFmzI84+2OI5Pl4iUkaWb2BkuB6NrZ25rhqG53sTxqPF22focwmTxGzxxyUb0
 V1+7mOhvcz6Hwtqd17VTzkWTY3K+2Qr8QPoVQ1MQO0Cw2S+Rdqa4Eizn2KvH3tVB
 Uui97V16OMG4UqzwJusIpvirB/2PND0c0HH0Yh09+Dh3TaR7pU35DcraPjo1o0dh
 pQ9EB8IFUej6cdid1psx2sGh3q6cXPDO4rMEdibSLzJVFnSqwsYXPXNauZ9RmEWf
 CvkrkspKVcgIcEKDnT4MgzIhpW/hEybXx9gKho7ltZlPoEVQQvukBy1DAj8ZD03i
 lTJ6ryS75l8/PJZs9G4qdNtdd1Onf/PhMoxVIyrIoJxW9DHnlSA=
 =Hfou
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20210901-pull-request' into staging

usb: bugfixes.

# gpg: Signature made Wed 01 Sep 2021 07:53:33 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20210901-pull-request:
  hw/usb: Fix typo in comments and print
  uas: add stream number sanity checks.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 15:13:07 +01:00
Vladimir Sementsov-Ogievskiy
d1a58c176a qdev: allow setting drive property for realized device
We need an ability to insert filters above top block node, attached to
block device. It can't be achieved with blockdev-reopen command. So, we
want do it with help of qom-set.

Intended usage:

Assume there is a node A that is attached to some guest device.

1. blockdev-add to create a filter node B that has A as its child.

2. qom-set to change the node attached to the guest device’s
   BlockBackend from A to B.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210824083856.17408-5-vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2021-09-01 12:57:31 +02:00
Vladimir Sementsov-Ogievskiy
deb2bb163f qdev-properties: PropertyInfo: add realized_set_allowed field
Add field, so property can declare support for setting the property
when device is realized. To be used in the following commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210824083856.17408-4-vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2021-09-01 12:57:31 +02:00
Peter Maydell
683754c7b6 arm: Remove system_clock_scale global
All the devices that used to use system_clock_scale have now been
converted to use Clock inputs instead, so the global is no longer
needed; remove it and all the code that sets it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210812093356.1946-26-peter.maydell@linaro.org
2021-09-01 11:08:21 +01:00
Peter Maydell
d18fdd69d0 hw/timer/stellaris-gptm: Use Clock input instead of system_clock_scale
The stellaris-gptm timer currently uses system_clock_scale for one of
its timer modes where the timer runs at the CPU clock rate.  Make it
use a Clock input instead.

We don't try to make the timer handle changes in the clock frequency
while the downcounter is running.  This is not a change in behaviour
from the previous system_clock_scale implementation -- we will pick
up the new frequency only when the downcounter hits zero.  Handling
dynamic clock changes when the counter is running would require state
that the current gptm implementation doesn't have.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-25-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
f3eb755728 hw/arm/stellaris: Split stellaris-gptm into its own file
The implementation of the Stellaris general purpose timer module
device stellaris-gptm is currently in the same source file as the
board model.  Split it out into its own source file in hw/timer.

Apart from the new file comment headers and the Kconfig and
meson.build changes, this is just code movement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-24-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
0d883c5404 hw/arm/stellaris: Fix code style issues in GPTM code
Fix the code style issues in the Stellaris general purpose timer
module code, so that when we move it to a different file in a
following patch checkpatch doesn't complain.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-23-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
a40e10f1dc hw/timer/armv7m_systick: Use clock inputs instead of system_clock_scale
Now that all users of the systick devices wire up the clock inputs,
use those instead of the system_clock_scale and the hardwired 1MHz
value for the reference clock.

This will fix various board models where we were incorrectly
providing a 1MHz reference clock instead of some other value or
instead of providing no reference clock at all.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-22-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
3b76e18520 hw/arm/msf2-soc: Wire up refclk
Wire up the refclk for the msf2 SoC.  This SoC runs the refclk at a
frequency which is programmably either /4, /8, /16 or /32 of the main
CPU clock.  We don't currently model the register which allows the
guest to set the divisor, so implement the refclk as a fixed /32 of
the CPU clock (which is the value of the divisor at reset).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-21-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
9bfaf3754b hw/arm/msf2: Use Clock input to MSF2_SOC instead of m3clk property
Instead of passing the MSF2 SoC an integer property specifying the
CPU clock rate, pass it a Clock instead.  This lets us wire that
clock up to the armv7m object.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-20-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
a4b1e9d3f8 hw/arm/msf2_soc: Don't allocate separate MemoryRegions
In the realize method of the msf2-soc SoC object, we call g_new() to
create new MemoryRegion objects for the nvm, nvm_alias, and sram.
This is unnecessary; make these MemoryRegions member fields of the
device state struct instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-19-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
8ecda75f72 hw/arm/stellaris: Wire sysclk up to armv7m
Connect the sysclk to the armv7m object.  This board's SoC does not
connect up the systick reference clock, so we don't need to connect a
refclk.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-18-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
a861b3e94e hw/arm/stellaris: split stellaris_sys_init()
Currently the stellaris_sys_init() function creates the
TYPE_STELLARIS_SYS object, sets its properties, realizes it, maps its
MMIO region and connects its IRQ.  In order to support wiring the
sysclk up to the armv7m object, we need to split this function apart,
because to connect the clock output of the STELLARIS_SYS object to
the armv7m object we need to create the STELLARIS_SYS object before
the armv7m object, but we can't wire up the IRQ until after we've
created the armv7m object.

Remove the stellaris_sys_init() function, and instead put the
create/configure/realize parts before we create the armv7m object and
the mmio/irq connection parts afterwards.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-17-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
c08e612662 hw/arm/nrf51: Wire up sysclk
Wire up the sysclk input to the armv7m object.

Strictly this SoC should not have a systick device at all, but our
armv7m container object doesn't currently support disabling the
systick device.  For the moment, add a TODO comment, but note that
this is why we aren't wiring up a refclk (no need for one).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Message-id: 20210812093356.1946-16-peter.maydell@linaro.org
2021-09-01 11:08:20 +01:00
Peter Maydell
7580384b34 hw/arm/stm32vldiscovery: Delete trailing blank line
Delete the trailing blank line at the end of the source file.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-15-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
66e6a43818 hw/arm/stm32f405: Wire up sysclk and refclk
Wire up the sysclk and refclk for the stm32f405 SoC.  This SoC always
runs the systick refclk at 1/8 the frequency of the main CPU clock,
so the board code only needs to provide a single sysclk clock.

Because there is only one board using this SoC, we convert the SoC
and the board together, rather than splitting it into "add clock to
SoC; connect clock in board; add error check in SoC code that clock
is wired up".

When the systick device starts honouring its clock inputs, this will
fix an emulation inaccuracy in the netduinoplus2 board where the
systick reference clock was running at 1MHz rather than 21MHz.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-14-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
68ba05fba4 hw/arm/stm32f205: Wire up sysclk and refclk
Wire up the sysclk and refclk for the stm32f205 SoC.  This SoC always
runs the systick refclk at 1/8 the frequency of the main CPU clock,
so the board code only needs to provide a single sysclk clock.

Because there is only one board using this SoC, we convert the SoC
and the board together, rather than splitting it into "add clock to
SoC; connect clock in board; add error check in SoC code that clock
is wired up".

When the systick device starts honouring its clock inputs, this will
fix an emulation inaccuracy in the netduino2 board where the systick
reference clock was running at 1MHz rather than 15MHz.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-13-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
b5ff0c6183 hw/arm/stm32f100: Wire up sysclk and refclk
Wire up the sysclk and refclk for the stm32f100 SoC.  This SoC always
runs the systick refclk at 1/8 the frequency of the main CPU clock,
so the board code only needs to provide a single sysclk clock.

Because there is only one board using this SoC, we convert the SoC
and the board together, rather than splitting it into "add clock to
SoC; connect clock in board; add error check in SoC code that clock
is wired up".

When the systick device starts honouring its clock inputs, this will
fix an emulation inaccuracy in the stm32vldiscovery board where the
systick reference clock was running at 1MHz rather than 3MHz.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-12-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
cabc613f78 hw/arm: Don't allocate separate MemoryRegions in stm32 SoC realize
In the realize methods of the stm32f100 and stm32f205 SoC objects, we
call g_new() to create new MemoryRegion objects for the sram, flash,
and flash_alias.  This is unnecessary (and leaves open the
possibility of leaking the allocations if we exit from realize with
an error).  Make these MemoryRegions member fields of the device
state struct instead, as stm32f405 already does.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-11-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
99abcbc760 clock: Provide builtin multiplier/divider
It is quite common for a clock tree to involve possibly programmable
clock multipliers or dividers, where the frequency of a clock is for
instance divided by 8 to produce a slower clock to feed to a
particular device.

Currently we provide no convenient mechanism for modelling this.  You
can implement it by having an input Clock and an output Clock, and
manually setting the period of the output clock in the period-changed
callback of the input clock, but that's quite clunky.

This patch adds support in the Clock objects themselves for setting a
multiplier or divider.  The effect of setting this on a clock is that
when the clock's period is changed, all the children of the clock are
set to period * multiplier / divider, rather than being set to the
same period as the parent clock.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-10-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
a860df4f54 hw/arm/mps2.c: Connect up armv7m clocks
Connect up the armv7m clocks on the mps2-an385/386/500/511.

Connect up the armv7m object's clocks on the MPS boards defined in
mps2.c.  The documentation for these FPGA images doesn't specify what
systick reference clock is used (if any), so for the moment we
provide a 1MHz refclock, which will result in no behavioural change
from the current hardwired 1MHz clock implemented in
armv7m_systick.c:systick_scale().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-9-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
712bd17f3e armsse: Wire up systick cpuclk clock
Wire up the cpuclk for the systick devices to the SSE object's
existing mainclk clock.

We do not wire up the refclk because the SSE subsystems do not
provide a refclk.  (This is documented in the IoTKit and SSE-200
TRMs; the SSE-300 TRM doesn't mention it but we assume it follows the
same approach.) When we update the systick device later to honour "no
refclk connected" this will fix a minor emulation inaccuracy for the
SSE-based boards.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-8-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
d5093d9615 hw/arm/armv7m: Create input clocks
Create input clocks on the armv7m container object which pass through
to the systick timers, so that users of the armv7m object can specify
the clocks being used.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-7-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
5c6e1a1cf9 hw/timer/armv7m_systick: Add input clocks
The v7M systick timer can be programmed to run from either of
two clocks:
 * an "external reference clock" (when SYST_CSR.CLKSOURCE == 0)
 * the main CPU clock (when SYST_CSR.CLKSOURCE == 1)

Our implementation currently hardwires the external reference clock
to be 1MHz, and allows boards to set the main CPU clock frequency via
the global 'system_clock_scale'.  (Most boards set that to a constant
value; the Stellaris boards allow the guest to reprogram it via the
board-specific RCC registers).

As the first step in converting this to use the Clock infrastructure,
add input clocks to the systick device for the reference clock and
the CPU clock.  The device implementation ignores them; once we have
made all the users of the device correctly wire up the new Clocks we
will switch the implementation to use them and ignore the old
system_clock_scale.

This is a migration compat break for all M-profile boards, because of
the addition of the new clock objects to the vmstate struct.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-6-peter.maydell@linaro.org
2021-09-01 11:08:19 +01:00
Peter Maydell
2089c0102d arm: Move system PPB container handling to armv7m
Instead of having the NVIC device provide a single sysbus memory
region covering the whole of the "System PPB" space, which implements
the default behaviour for unimplemented ranges and provides the NS
alias window to the sysregs as well as the main sysreg MR, move this
handling to the container armv7m device.  The NVIC now provides a
single memory region which just implements the system registers.
This consolidates all the handling of "map various devices in the
PPB" into the armv7m container where it belongs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-4-peter.maydell@linaro.org
2021-09-01 11:08:18 +01:00
Peter Maydell
e36a25cb47 arm: Move systick device creation from NVIC to ARMv7M object
There's no particular reason why the NVIC should be owning the
SysTick device objects; move them into the ARMv7M container object
instead, as part of consolidating the "create the devices which are
built into an M-profile CPU and map them into their architected
locations in the address space" work into one place.

This involves temporarily creating a duplicate copy of the
nvic_sysreg_ns_ops struct and its read/write functions (renamed as
v7m_sysreg_ns_*), but we will delete the NVIC's copy of this code in
a subsequent patch.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Message-id: 20210812093356.1946-3-peter.maydell@linaro.org
2021-09-01 11:08:18 +01:00
Peter Maydell
2f9db77ea8 arm: Move M-profile RAS register block into its own device
Currently we implement the RAS register block within the NVIC device.
It isn't really very tightly coupled with the NVIC proper, so instead
move it out into a sysbus device of its own and have the top level
ARMv7M container create it and map it into memory at the right
address.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20210812093356.1946-2-peter.maydell@linaro.org
2021-09-01 11:08:18 +01:00
Shuuichirou Ishii
4d39fcd8af hw/arm/virt: target-arm: Add A64FX processor support to virt machine
Add -cpu a64fx to use A64FX processor when -machine virt option is
specified.  In addition, add a64fx to the Supported guest CPU types
in the virt.rst document.

Signed-off-by: Shuuichirou Ishii <ishii.shuuichir@fujitsu.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 11:08:18 +01:00
Yanan Wang
52e64f5b1f hw: Add compat machines for 6.2
Add 6.2 machine types for arm/i440fx/q35/s390x/spapr.

Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 11:08:16 +01:00
Philippe Mathieu-Daudé
5dcf0d3ae2 hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
Quoting Peter Maydell:

  These MEMTX_* aren't from the memory transaction API functions;
  they're just being used by gicd_readl() and friends as a way to
  indicate a success/failure so that the actual MemoryRegionOps
  read/write fns like gicv3_dist_read() can log a guest error.
  Arguably this is a bit of a misuse of the MEMTX_* constants and
  perhaps we should have gicd_readl etc return a bool instead.

Follow his suggestion and replace the MEMTX_* constants by
boolean values, simplifying a bit the gicv3_dist_read() /
gicv3_dist_write() handlers.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210826180704.2131949-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 11:08:16 +01:00
Philippe Mathieu-Daudé
c0bb7d6114 hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffix
QEMU load/store API (docs/devel/loads-stores.rst) uses the 'q'
suffix for 64-bit accesses. Rename the current 'll' suffix to
have the GIC dist accessors better match the rest of the codebase.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210826180704.2131949-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 11:08:15 +01:00
Philippe Mathieu-Daudé
57469ed384 hw/arm/raspi: Remove deprecated raspi2/raspi3 aliases
Remove the raspi2/raspi3 machine aliases,
deprecated since commit 155e1c82ed.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210827060815.2384760-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 11:08:15 +01:00
Peter Maydell
783aa010ad vga: misc fixes and cleanups.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmEu/yYACgkQTLbY7tPo
 cTjIAg/+NrlO1qjyohAgr7z/szqH3T1/6tNdMkUzhdlk3eg39o4zYHhEdMnAY0Yd
 q4Pdd2cqMvjqvISpXw7K7LhcsGEfkURkBaGOE9Kp76ZJZYDGfCrftsnDBTy/nrVr
 CgdAru6i8kuxbOgnEmZ7ArPCgSCCxlSO/Ko+kUK/IHrLTB2wn9nNsUQ4S0OkMUaZ
 gRhGclBugs64Ud5Zd0vqev+4HZYXiNngHPu2IZBiK1NaSZ5yWG7dRxz/5L9O6+Kf
 PZwhq2usKhaSEI9QuQ7n1ZRqQeqQ/f9mnJFJ5XdoB39d65y62cOvyrfoagLtV9kg
 Cm6Iy+kPOI7yH7lgRw5xy7wOuJTZd1E9fF+U8X+1qKN5U11GNRpDTCvP8/oafMVM
 Oa6xe/lB6E+sZ2iI78ThKTi1q5WV/vFWZlGon6JqaCnMOuRViTrWVa3fhZU5mqIi
 1Ulq08I0HxvTPtH7HeFWoOyovLKWUZW0xGooLVQANDBtAnwVItOAETZ1tdv2Rfgt
 N7okpgMBJdpFarBkUUrNJsOGX7MVS8DDXpGxJ1Xfgz0sbIuktqe3ZTBxL1PneQl4
 b7srzy/hvZVkaBQihv1ueuYb0KdLRTR2rXVVjGUL5NOkxSNErwxViyLYKVcj1fSx
 4dCiwGjtRbtJtmUfXrFqt3fzHMEZVpP3O2e/XXZ4GDXq/YU8a4Q=
 =Q0ZR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20210901-pull-request' into staging

vga: misc fixes and cleanups.

# gpg: Signature made Wed 01 Sep 2021 05:18:46 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20210901-pull-request:
  hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write()
  hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
  vga: don't abort when adding a duplicate isa-vga device
  ui/console: Restrict udmabuf_fd() to Linux
  hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux
  virtio-gpu: no point of checking res->iov

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 10:57:30 +01:00
Cai Huoqing
ae420c957a hw/usb: Fix typo in comments and print
Fix typo:
*informations  ==> information
*enougth  ==> enough
*enouth  ==> enough
*registy  ==> registry
*releated  ==> related
*Ouptut  ==> Output
*manualy  ==> manually
*Attemping  ==> Attempting
*contine  ==> continue
*tranceiver  ==> transceiver
*Tranceiver  ==> Transceiver

Signed-off-by: Cai Huoqing <caihuoqing@baidu.com>
Message-Id: <20210730012720.2246-1-caihuoqing@baidu.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-09-01 06:37:13 +02:00
Gerd Hoffmann
13b250b12a uas: add stream number sanity checks.
The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields.  Add the missing checks.

Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>
2021-09-01 06:34:00 +02:00
Joe Komlodi
4d63ef20cf hw/core/register: Add more 64-bit utilities
We already have some utilities to handle 64-bit wide registers, so this just
adds some more for:
- Initializing 64-bit registers
- Extracting and depositing to an array of 64-bit registers

Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1626805903-162860-2-git-send-email-joe.komlodi@xilinx.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
David Hoppenbrouwers
4dc06bb816 hw/intc/sifive_clint: Fix muldiv64 overflow in sifive_clint_write_timecmp()
`muldiv64` would overflow in cases where the final 96-bit value does not
fit in a `uint64_t`. This would result in small values that cause an
interrupt to be triggered much sooner than intended.

The overflow can be detected in most cases by checking if the new value is
smaller than the previous value. If the final result is larger than
`diff` it is either correct or it doesn't matter as it is effectively
infinite anyways.

`next` is an `uint64_t` value, but `timer_mod` takes an `int64_t`. This
resulted in high values such as `UINT64_MAX` being converted to `-1`,
which caused an immediate timer interrupt.

By limiting `next` to `INT64_MAX` no overflow will happen while the
timer will still be effectively set to "infinitely" far in the future.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/493
Signed-off-by: David Hoppenbrouwers <david@salt-inc.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210827152324.5201-1-david@salt-inc.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Peter Maydell
33fcedfac8 hw/riscv/virt.c: Assemble plic_hart_config string with g_strjoinv()
In the riscv virt machine init function, We assemble a string
plic_hart_config which is a comma-separated list of N copies of the
VIRT_PLIC_HART_CONFIG string.  The code that does this has a
misunderstanding of the strncat() length argument.  If the source
string is too large strncat() will write a maximum of length+1 bytes
(length bytes from the source string plus a trailing NUL), but the
code here assumes that it will write only length bytes at most.

This isn't an actual bug because the code has correctly precalculated
the amount of memory it needs to allocate so that it will never be
too small (i.e.  we could have used plain old strcat()), but it does
mean that the code looks like it has a guard against accidental
overrun when it doesn't.

Rewrite the string handling here to use the glib g_strjoinv()
function, which means we don't need to do careful accountancy of
string lengths, and makes it clearer that what we're doing is
"create a comma-separated string".

Fixes: Coverity 1460752
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210812144647.10516-1-peter.maydell@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Bin Meng
58bde469ba hw/riscv: virt: Move flash node to root
The flash is not inside the SoC, so it's inappropriate to put it
under the /soc node. Move it to root instead.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210807035641.22449-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Vijai Kumar K
46b3e2548b hw/char: Add config for shakti uart
Use a dedicated UART config(CONFIG_SHAKTI_UART) to select
shakti uart.

Signed-off-by: Vijai Kumar K <vijai@behindbytes.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210731190229.137483-1-vijai@behindbytes.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Helge Deller
01f750f5fe hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write()
The CDE desktop on HP-UX 10 shows wrongly rendered pixels when the local screen
menu is closed. This bug was introduced by commit c7050f3f16
("hw/display/artist: Refactor x/y coordination extraction") which converted the
coordinate extraction in artist_vram_read() and artist_vram_write() to use the
ADDR_TO_X and ADDR_TO_Y macros, but forgot to right-shift the address by 2 as
it was done before.

Signed-off-by: Helge Deller <deller@gmx.de>
Fixes: c7050f3f16 ("hw/display/artist: Refactor x/y coordination extraction")
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Sven Schnelle <svens@stackframe.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <YK1aPb8keur9W7h2@ls3530>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 14:38:53 +02:00
Qiang Liu
2b3a98255c hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
xlnx_dp_read allows an out-of-bounds read at its default branch because
of an improper index.

According to
https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html
(DP Module), registers 0x3A4/0x3A4/0x3AC are allowed.

DP_INT_MASK     0x000003A4      32      mixed   0xFFFFF03F      Interrupt Mask Register for intrN.
DP_INT_EN       0x000003A8      32      mixed   0x00000000      Interrupt Enable Register.
DP_INT_DS       0x000003AC      32      mixed   0x00000000      Interrupt Disable Register.

In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device
will write s->core_registers[0x3A4
>> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4
>> 2) + 1). However, the current size of s->core_registers is (0x3AF >>
>> 2), that is ((0x3A4 >> 2) + 2), which is out of the range.
In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to
the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read)
rather than 0x3A4.

This patch enforces the read access to offset 0x3A8 and 0x3AC to 0x3A4,
but does not adjust the size of s->core_registers to avoid breaking
migration.

Fixes: 58ac482a66 ("introduce xlnx-dp")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <1628059910-12060-1-git-send-email-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 14:34:36 +02:00
Jose R. Ziviani
7852a77f59 vga: don't abort when adding a duplicate isa-vga device
If users try to add an isa-vga device that was already registered,
still in command line, qemu will crash:

$ qemu-system-mips64el -M pica61 -device isa-vga
RAMBlock "vga.vram" already registered, abort!
Aborted (core dumped)

That particular board registers the device automaticaly, so it's
not obvious that a VGA device already exists. This patch changes
this behavior by displaying a message and exiting without crashing.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/44
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210817192629.12755-1-jziviani@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 14:32:28 +02:00
Philippe Mathieu-Daudé
cdb1fba084 hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux
When using qemu configured with --enabled-modules, the
generic stubs are used instead of the module symbols:

  qemu-system-x86_64: -device virtio-vga,blob=on: cannot enable blob resources without udmabuf

Restrict the stubs to Linux and only link them when
CONFIG_VIRTIO_GPU is disabled (only the modularized
version is available when it is enabled).

Reported-by: Maxim R. <mrom06@ya.ru>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/553
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210823100454.615816-2-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 14:31:43 +02:00
Dongwon Kim
fc4d3f35f8 virtio-gpu: no point of checking res->iov
The code should check the opposite condition of res->iov because it will be null
if virtio_gpu_create_mapping_iov fails and actually this checking is not even
required because checking on ret covers all failing cases.

Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20210830175033.29233-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 14:31:22 +02:00
Peter Maydell
ad22d05833 ppc patch queue 2021-08-27
First ppc pull request for qemu-6.2.  As usual, there's a fair bit
 here, since it's been queued during the 6.1 freeze.  Highlights are:
 
  * Some fixes for 128 bit arithmetic and some vector opcodes that use
    them
  * Significant improvements to the powernv to support POWER10 cpus
    (more to come though)
  * Several cleanups to the ppc softmmu code
  * A few other assorted fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAmEoj5gACgkQbDjKyiDZ
 s5JFPw/+JOmi1G6eY3u/kYJ8TJhe65s6TJDQhGQiQSBoBShRBJ1+bro3fPGA8pkT
 48NAb9RnTnLqys+vhScF7qt2wIxXJFVoVyMhAj2Xv11VQzDPpbLGg6+2Qt7WFraQ
 zyeEKBQQTV29RtV7UBUEmx4ZGmnoc0cmzl3QGO3Jq17ucOHNTSW19QpxU60wClU1
 PZIUDoWdt7FBS8lvj/55736H3z6ZRnBqZtW9m64ln+CBQuuKo5UkAkaooaJhEFJx
 OUZYeo+zky8YaYSWwTFGIxBYhwptnAWCsqkzeJUxPw1ICAzwj/kQX7ckVhbgTpbE
 CADpgkATXTbQzLFipzxJ45UMP0yMsk5IOPZ6FS9G+JfsP2T92RMwy7XhqPfWCoov
 WKqX/xpmGTnJONuQ7SO/bWUyPH4K7hYgSPPlLAcwDYCg4szWRIbTCs9Yr9rzAPhk
 KqKUGLb7D7Rbi1ulSC2ieqsTqVmp6plfnjxR2gPcbp0FltqGln6tVZEHEyPjTEv0
 5b7w+3AHDwh9a4NyzULaxxBKktNU1KXKe74/U86qhJtx4kXFSkAhoeztcR30zmUX
 W1xjb5eoRgFbHnoDTCtDYAUwuz2w1/I2OLA5kfnSQnRQS0YiqUeicbBkW6iIE61z
 oM86ZwEQX1lyf7agECRgpfdcPa6uyAQ72QUR5wgvXDW59PSNNxk=
 =C5XY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.2-20210827' into staging

ppc patch queue 2021-08-27

First ppc pull request for qemu-6.2.  As usual, there's a fair bit
here, since it's been queued during the 6.1 freeze.  Highlights are:

 * Some fixes for 128 bit arithmetic and some vector opcodes that use
   them
 * Significant improvements to the powernv to support POWER10 cpus
   (more to come though)
 * Several cleanups to the ppc softmmu code
 * A few other assorted fixes

# gpg: Signature made Fri 27 Aug 2021 08:09:12 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dg-gitlab/tags/ppc-for-6.2-20210827:
  target/ppc: fix vector registers access in gdbstub for little-endian
  include/qemu/int128.h: introduce bswap128s
  target/ppc: fix vextu[bhw][lr]x helpers
  include/qemu/int128.h: define struct Int128 according to the host endianness
  ppc/xive: Export xive_presenter_notify()
  ppc/xive: Export PQ get/set routines
  ppc/pnv: add a chip topology index for POWER10
  ppc/pnv: Distribute RAM among the chips
  ppc/pnv: Use a simple incrementing index for the chip-id
  ppc/pnv: powerpc_excp: Do not discard HDECR exception when entering power-saving mode
  ppc/pnv: Change the POWER10 machine to support DD2 only
  ppc: Add a POWER10 DD2 CPU
  ppc/pnv: update skiboot to commit 820d43c0a775.
  target/ppc: moved store_40x_sler to helper_regs.c
  target/ppc: moved ppc_store_sdr1 to mmu_common.c
  target/ppc: divided mmu_helper.c in 2 files
  spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with g_autofree
  xive: Remove extra '0x' prefix in trace events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-27 11:34:12 +01:00
Peter Maydell
0289f62335 Error reporting patches for 2021-08-26
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmEnsHESHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTFAAP/0zO4CPElnMRjNEZcUaEldrW3aaOzB9b
 bcBIbZIe8VzM7elQIbvSYRjHDcMIFfLzSz3N1YmRbdbO5xUJ4bTJstVarrcdCo/X
 0DUjF1gDR8w+C2sc/1Bg8mbkY0tgC+GBv4QbfU7uZXEr4FgDMxmPXRvv67rOqdCf
 Cd6AXK0Q0fMcNO//s/RaWosBdEu5kzR7RXvkmLbpBBIO69Jed1yRslfNxKoVhM/P
 v4cuhMXGxzmBVJizj4rASvJZvtqJJOVRVf+pbOsnPqxKIDUyh/LXz7eWWBINYf7i
 /CejSCGyZDQBOPMT3FmC4k6Q2GoYmTd3nlSfp9+oI494ciwHv/s6dGCA5rTgIohw
 I0GnT030osNWQvXNtIeiAzVBKSVjZtYgpdxe+kzkWw4HcueZLS/lPUC64cta4zoA
 DaHDTXFoTDtAkLqIfRUdpyCvtwvfc8f7EUW+qZMoHQ+vVLpAxy5JPEEwlKqo9m7E
 BB3ih8Dl13Kw9irU6JLaD1qGr/wHlgYHwJ2iA1C33M31+7viA9bPL7kgOoK7odkC
 aPBYcV+huzpk8o6UYj4Xh1a4su09YBqywCuJQLXvoS0SEHef6GXDRunMa0aNSICc
 G5p0gFn4gKlO9orOsfoOBPa6JRCcypluOkPVMVFI2PVYCx2+tFFt+d9fVeXh2vGT
 Nf8yLL/ir4FX
 =ZVbi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2021-08-26' into staging

Error reporting patches for 2021-08-26

# gpg: Signature made Thu 26 Aug 2021 16:17:05 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2021-08-26:
  vl: Clean up -smp error handling
  Remove superfluous ERRP_GUARD()
  vhost: Clean up how VhostOpts method vhost_backend_init() fails
  vhost: Clean up how VhostOpts method vhost_get_config() fails
  microvm: Drop dead error handling in microvm_machine_state_init()
  migration: Handle migration_incoming_setup() errors consistently
  migration: Unify failure check for migrate_add_blocker()
  whpx nvmm: Drop useless migrate_del_blocker()
  vfio: Avoid error_propagate() after migrate_add_blocker()
  i386: Never free migration blocker objects instead of sometimes
  vhost-scsi: Plug memory leak on migrate_add_blocker() failure
  multi-process: Fix pci_proxy_dev_realize() error handling
  spapr: Explain purpose of ->fwnmi_migration_blocker more clearly
  spapr: Plug memory leak when we can't add a migration blocker
  error: Use error_fatal to simplify obvious fatal errors (again)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-27 09:57:28 +01:00
Cédric Le Goater
dd4e4d1296 ppc/xive: Export xive_presenter_notify()
It's generic enough to be used from the XIVE2 router and avoid more
duplication.

Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-9-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
Cédric Le Goater
fb8dc327f4 ppc/xive: Export PQ get/set routines
These will be shared with the XIVE2 router.

Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-8-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
Cédric Le Goater
379090306c ppc/pnv: add a chip topology index for POWER10
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-7-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
Cédric Le Goater
458c6f0180 ppc/pnv: Distribute RAM among the chips
But always give the first 1GB to chip 0 as skiboot requires it.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-6-clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
Cédric Le Goater
ab17a3fe74 ppc/pnv: Use a simple incrementing index for the chip-id
When the QEMU PowerNV machine was introduced, multi chip support
modeled a two socket system with dual chip modules as found on some P8
Tuleta systems (8286-42A). But this is hardly used and not relevant
for QEMU. Use a simple index instead.

With this change, we can now increase the max socket number to 16 as
found on high end systems.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-5-clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
Cédric Le Goater
6bc8c04648 ppc/pnv: Change the POWER10 machine to support DD2 only
There is no need to keep the DD1 chip model as it will never be
publicly available.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809134547.689560-3-clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:13 +10:00
David Gibson
a4e4c4b45f spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with g_autofree
This uses g_autofree to simplify logic in spapr_phb_vfio_get_loc_code(),
in the process fixing a leak in one of the paths.  I'm told this fixes
Coverity error CID 1460454

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 16b0ea1d85 ("spapr_pci: populate ibm,loc-code")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:12 +10:00
Cédric Le Goater
585edbb0a1 xive: Remove extra '0x' prefix in trace events
Cc: thuth@redhat.com
Fixes: 4e960974d4 ("xive: Add trace events")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/519
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210809085227.288523-1-clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27 12:41:12 +10:00
Tong Ho
d2e6f37013 hw/arm/xlnx-zynqmp: Add unimplemented APU mmio
Add unimplemented APU mmio region to xlnx-zynqmp for booting
bare-metal guests built with standalone bsp, which access the
region from one of the following places:
  https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/armclang/boot.S#L139
  https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/gcc/boot.S#L183

Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Message-id: 20210823173818.201259-3-tong.ho@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:02:01 +01:00
Tong Ho
9a0fcb7f5f hw/arm/xlnx-versal: Add unimplemented APU mmio
Add unimplemented APU mmio region to xlnx-versal for booting
bare-metal guests built with standalone bsp, which access the
region from one of the following places:
  https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/armclang/boot.S#L139
  https://github.com/Xilinx/embeddedsw/blob/release-2020.2/lib/bsp/standalone/src/arm/ARMv8/64bit/gcc/boot.S#L183

Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Message-id: 20210823173818.201259-2-tong.ho@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:02:01 +01:00
Peter Maydell
665cddbe15 hw/arm/virt: Delete EL3 error checksnow provided in CPU realize
Now that the CPU realize function will fail cleanly if we ask for EL3
when KVM is enabled, we don't need to check for errors explicitly in
the virt board code. The reported message is slightly different;
it is now:
  qemu-system-aarch64: Cannot enable KVM when guest CPU has EL3 enabled
instead of:
  qemu-system-aarch64: mach-virt: KVM does not support Security extensions

We don't delete the MTE check because there the logic is more
complex; deleting the check would work but makes the error message
less helpful, as it would read:
  qemu-system-aarch64: MTE requested, but not supported by the guest CPU
instead of:
  qemu-system-aarch64: mach-virt: KVM does not support providing MTE to the guest CPU

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210816135842.25302-4-peter.maydell@linaro.org
2021-08-26 17:02:01 +01:00
Peter Maydell
33c20e3caf raspi: Use error_fatal for SoC realize errors, not error_abort
The SoC realize can fail for legitimate reasons, because it propagates
errors up from CPU realize, which in turn can be provoked by user
error in setting commandline options. Use error_fatal so we report
the error message to the user and exit, rather than asserting
via error_abort.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210816135842.25302-2-peter.maydell@linaro.org
2021-08-26 17:02:01 +01:00
Peter Maydell
312c496a95 hw/core/loader: In gunzip(), check index is in range before use, not after
The gunzip() function reads various fields from a passed in source
buffer in order to skip a header before passing the actual compressed
data to the zlib inflate() function.  It does check whether the
passed in buffer is too small, but unfortunately it checks that only
after reading bytes from the src buffer, so it could read off the end
of the buffer.

You can see this with valgrind:

 $ printf "%b" '\x1f\x8b' > /tmp/image
 $ valgrind qemu-system-aarch64 -display none -M virt -cpu max -kernel /tmp/image
 [...]
 ==19224== Invalid read of size 1
 ==19224==    at 0x67302E: gunzip (loader.c:558)
 ==19224==    by 0x673907: load_image_gzipped_buffer (loader.c:788)
 ==19224==    by 0xA18032: load_aarch64_image (boot.c:932)
 ==19224==    by 0xA18489: arm_setup_direct_kernel_boot (boot.c:1063)
 ==19224==    by 0xA18D90: arm_load_kernel (boot.c:1317)
 ==19224==    by 0x9F3651: machvirt_init (virt.c:2114)
 ==19224==    by 0x794B7A: machine_run_board_init (machine.c:1272)
 ==19224==    by 0xD5CAD3: qemu_init_board (vl.c:2618)
 ==19224==    by 0xD5CCA6: qmp_x_exit_preconfig (vl.c:2692)
 ==19224==    by 0xD5F32E: qemu_init (vl.c:3713)
 ==19224==    by 0x5ADDB1: main (main.c:49)
 ==19224==  Address 0x3802a873 is 0 bytes after a block of size 3 alloc'd
 ==19224==    at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
 ==19224==    by 0x61E7657: g_file_get_contents (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
 ==19224==    by 0x673895: load_image_gzipped_buffer (loader.c:771)
 ==19224==    by 0xA18032: load_aarch64_image (boot.c:932)
 ==19224==    by 0xA18489: arm_setup_direct_kernel_boot (boot.c:1063)
 ==19224==    by 0xA18D90: arm_load_kernel (boot.c:1317)
 ==19224==    by 0x9F3651: machvirt_init (virt.c:2114)
 ==19224==    by 0x794B7A: machine_run_board_init (machine.c:1272)
 ==19224==    by 0xD5CAD3: qemu_init_board (vl.c:2618)
 ==19224==    by 0xD5CCA6: qmp_x_exit_preconfig (vl.c:2692)
 ==19224==    by 0xD5F32E: qemu_init (vl.c:3713)
 ==19224==    by 0x5ADDB1: main (main.c:49)

Check that we have enough bytes of data to read the header bytes that
we read before we read them.

Fixes: Coverity 1458997
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210812141803.20913-1-peter.maydell@linaro.org
2021-08-26 17:02:00 +01:00
Peter Maydell
7f4c520dac arch_init.h: Don't include arch_init.h unnecessarily
arch_init.h only defines the QEMU_ARCH_* enumeration and the
arch_type global. Don't include it in files that don't use those.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210730105947.28215-8-peter.maydell@linaro.org
2021-08-26 17:02:00 +01:00
Ani Sinha
0659e4680e hw/arm/Kconfig: no need to enable ACPI_MEMORY_HOTPLUG/ACPI_NVDIMM explicitly
Since commit
36b79e3219 ("hw/acpi/Kconfig: Add missing Kconfig dependencies (build error)"),
ACPI_MEMORY_HOTPLUG and ACPI_NVDIMM is implicitly turned on when
ACPI_HW_REDUCED is selected. ACPI_HW_REDUCED is already enabled. No need to
turn on ACPI_MEMORY_HOTPLUG or ACPI_NVDIMM explicitly. This is a minor cleanup.

Signed-off-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210819162637.518507-1-ani@anisinha.ca
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:01:59 +01:00
Philippe Mathieu-Daudé
783dbab19f hw/dma/xlnx-zdma Always expect 'dma' link property to be set
Simplify by always passing a MemoryRegion property to the device.
Doing so we can move the AddressSpace field to the device struct,
removing need for heap allocation.

Update the Xilinx ZynqMP / Versal SoC models to pass the default
system memory instead of a NULL value.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210819163422.2863447-5-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:01:59 +01:00
Philippe Mathieu-Daudé
c31b7f5901 hw/dma/xlnx_csu_dma: Always expect 'dma' link property to be set
Simplify by always passing a MemoryRegion property to the device.
Doing so we can move the AddressSpace field to the device struct,
removing need for heap allocation.

Update the Xilinx ZynqMP SoC model to pass the default system
memory instead of a NULL value.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210819163422.2863447-4-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:01:59 +01:00
Philippe Mathieu-Daudé
348ba7bede hw/dma/xlnx_csu_dma: Run trivial checks early in realize()
If some property are not set, we'll return indicating a failure,
so it is pointless to allocate / initialize some fields too early.
Move the trivial checks earlier in realize().

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210819163422.2863447-3-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:01:59 +01:00
Philippe Mathieu-Daudé
34a3a71db6 hw/arm/xlnx-zynqmp: Realize qspi controller *after* qspi_dma
If we link QOM object (a) as a property of QOM object (b),
we must set the property *before* (b) is realized.

Move QSPI realization *after* QSPI DMA.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210819163422.2863447-2-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-26 17:01:59 +01:00
Markus Armbruster
fff0e451f3 Remove superfluous ERRP_GUARD()
Macro ERRP_GUARD() is only needed when we want to dereference @errp or
pass it to error_prepend() or error_append_hint().  Delete superfluous
ones.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-15-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
998647dc8f vhost: Clean up how VhostOpts method vhost_backend_init() fails
vhost_user_backend_init() can fail without setting an error.  Unclean.
Its caller vhost_dev_init() compensates by substituting a generic
error then.  Goes back to commit 28770ff935 "vhost: Distinguish errors
in vhost_backend_init()".

Clean up by moving the generic error from vhost_dev_init() to all the
failure paths that neglect to set an error.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-14-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
66647ed459 vhost: Clean up how VhostOpts method vhost_get_config() fails
vhost_user_get_config() can fail without setting an error.  Unclean.
Its caller vhost_dev_get_config() compensates by substituting a
generic error then.  Goes back to commit 50de51387f "vhost:
Distinguish errors in vhost_dev_get_config()".

Clean up by moving the generic error from vhost_dev_get_config() to
all the failure paths that neglect to set an error.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-13-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[Sign of error_setg_errno()'s second argument fixed in both calls]
2021-08-26 17:15:28 +02:00
Markus Armbruster
0d9a665451 microvm: Drop dead error handling in microvm_machine_state_init()
Stillborn in commit 0ebf007dda "hw/i386: Introduce the microvm machine
type".

Cc: Sergio Lopez <slp@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-12-armbru@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
436c831a28 migration: Unify failure check for migrate_add_blocker()
Most callers check the return value.  Some check whether it set an
error.  Functionally equivalent, but the former tends to be easier on
the eyes, so do that everywhere.

Prior art: commit c6ecec43b2 "qemu-option: Check return value instead
of @err where convenient".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-10-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
eb24a23e15 vfio: Avoid error_propagate() after migrate_add_blocker()
When migrate_add_blocker(blocker, &err) is followed by
error_propagate(errp, err), we can often just as well do
migrate_add_blocker(..., errp).  This is the case in
vfio_migration_probe().

Prior art: commit 386f6c07d2 "error: Avoid error_propagate() after
migrate_add_blocker()".

Cc: Kirti Wankhede <kwankhede@nvidia.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-8-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed by: Kirti Wankhede <kwankhede@nvidia.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
aa6f7448eb vhost-scsi: Plug memory leak on migrate_add_blocker() failure
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-6-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
96ac971933 multi-process: Fix pci_proxy_dev_realize() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL.  Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.

pci_proxy_dev_realize() is wrong that way: it passes @errp to
qio_channel_new_fd() without checking for failure.  If it runs into
another failure, it trips error_setv()'s assertion.

Fix it to check for failure properly.

Fixes: 9f8112073a
Cc: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Cc: Jagannathan Raman <jag.raman@oracle.com>
Cc: John G Johnson <john.g.johnson@oracle.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-5-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Jagannathan Raman <jag.raman@oracle.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
d7f5013e12 spapr: Explain purpose of ->fwnmi_migration_blocker more clearly
spapr_mce_req_event() makes an effort to prevent migration from
degrading the reporting of FWNMIs.  It adds a migration blocker when
it receives one, and deletes it when it's done handling it.  This is a
best effort.

Commit 2500fb423a "migration: Include migration support for machine
check handling" tried to explain this in a comment.  Rewrite the
comment for clarity, and reposition it to make it clear it applies to
all failure modes, not just "migration already in progress".

Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Aravinda Prasad <arawinda.p@gmail.com>
Cc: Ganesh Goudar <ganeshgr@linux.ibm.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-4-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
e2ef4fc7ae spapr: Plug memory leak when we can't add a migration blocker
Fixes: 2500fb423a
Cc: Aravinda Prasad <arawinda.p@gmail.com>
Cc: Ganesh Goudar <ganeshgr@linux.ibm.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-3-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-26 17:15:28 +02:00
Markus Armbruster
f9734d5d40 error: Use error_fatal to simplify obvious fatal errors (again)
We did this with scripts/coccinelle/use-error_fatal.cocci before, in
commit 50beeb6809 and 007b06578a.  This commit cleans up rarer
variations that don't seem worth matching with Coccinelle.

Cc: Thomas Huth <thuth@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210720125408.387910-2-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-26 17:15:28 +02:00
Guenter Roeck
6f287c700c fsl-imx7: Instantiate SAI1/2/3 as unimplemented devices
Instantiate SAI1/2/3 as unimplemented devices to avoid Linux kernel crashes
such as the following.

Unhandled fault: external abort on non-linefetch (0x808) at 0xd19b0000
pgd = (ptrval)
[d19b0000] *pgd=82711811, *pte=308a0653, *ppte=308a0453
Internal error: : 808 [#1] SMP ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.14.0-rc5 #1
...
[<c095e974>] (regmap_mmio_write32le) from [<c095eb48>] (regmap_mmio_write+0x3c/0x54)
[<c095eb48>] (regmap_mmio_write) from [<c09580f4>] (_regmap_write+0x4c/0x1f0)
[<c09580f4>] (_regmap_write) from [<c0959b28>] (regmap_write+0x3c/0x60)
[<c0959b28>] (regmap_write) from [<c0d41130>] (fsl_sai_runtime_resume+0x9c/0x1ec)
[<c0d41130>] (fsl_sai_runtime_resume) from [<c0942464>] (__rpm_callback+0x3c/0x108)
[<c0942464>] (__rpm_callback) from [<c0942590>] (rpm_callback+0x60/0x64)
[<c0942590>] (rpm_callback) from [<c0942b60>] (rpm_resume+0x5cc/0x808)
[<c0942b60>] (rpm_resume) from [<c0942dfc>] (__pm_runtime_resume+0x60/0xa0)
[<c0942dfc>] (__pm_runtime_resume) from [<c0d4231c>] (fsl_sai_probe+0x2b8/0x65c)
[<c0d4231c>] (fsl_sai_probe) from [<c0935b08>] (platform_probe+0x58/0xb8)
[<c0935b08>] (platform_probe) from [<c0933264>] (really_probe.part.0+0x9c/0x334)
[<c0933264>] (really_probe.part.0) from [<c093359c>] (__driver_probe_device+0xa0/0x138)
[<c093359c>] (__driver_probe_device) from [<c0933664>] (driver_probe_device+0x30/0xc8)
[<c0933664>] (driver_probe_device) from [<c0933c88>] (__driver_attach+0x90/0x130)
[<c0933c88>] (__driver_attach) from [<c0931060>] (bus_for_each_dev+0x78/0xb8)
[<c0931060>] (bus_for_each_dev) from [<c093254c>] (bus_add_driver+0xf0/0x1d8)
[<c093254c>] (bus_add_driver) from [<c0934a30>] (driver_register+0x88/0x118)
[<c0934a30>] (driver_register) from [<c01022c0>] (do_one_initcall+0x7c/0x3a4)
[<c01022c0>] (do_one_initcall) from [<c1601204>] (kernel_init_freeable+0x198/0x22c)
[<c1601204>] (kernel_init_freeable) from [<c0f5ff2c>] (kernel_init+0x10/0x128)
[<c0f5ff2c>] (kernel_init) from [<c010013c>] (ret_from_fork+0x14/0x38)

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20210810175607.538090-1-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-25 10:48:51 +01:00
Eduardo Habkost
80d60a6d1e sbsa-ref: Rename SBSA_GWDT enum value
The SBSA_GWDT enum value conflicts with the SBSA_GWDT() QOM type
checking helper, preventing us from using a OBJECT_DEFINE* or
DEFINE_INSTANCE_CHECKER macro for the SBSA_GWDT() wrapper.

If I understand the SBSA 6.0 specification correctly, the signal
being connected to IRQ 16 is the WS0 output signal from the
Generic Watchdog.  Rename the enum value to SBSA_GWDT_WS0 to be
more explicit and avoid the name conflict.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20210806023119.431680-1-ehabkost@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-25 10:48:50 +01:00
Wen, Jianxian
77844cc51a hw/dma/pl330: Add memory region to replace default
Add property memory region which can connect with IOMMU region to support SMMU translate.

Signed-off-by: Jianxian Wen <jianxian.wen@verisilicon.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 4C23C17B8E87E74E906A25A3254A03F4FA1FEC31@SHASXM03.verisilicon.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-25 10:48:50 +01:00
Guenter Roeck
ff31cca71e fsl-imx6ul: Instantiate SAI1/2/3 and ASRC as unimplemented devices
Instantiate SAI1/2/3 and ASRC as unimplemented devices to avoid random
Linux kernel crashes, such as

Unhandled fault: external abort on non-linefetch (0x808) at 0xd1580010
pgd = (ptrval)
[d1580010] *pgd=8231b811, *pte=02034653, *ppte=02034453
Internal error: : 808 [#1] SMP ARM
...
[<c095e974>] (regmap_mmio_write32le) from [<c095eb48>] (regmap_mmio_write+0x3c/0x54)
[<c095eb48>] (regmap_mmio_write) from [<c09580f4>] (_regmap_write+0x4c/0x1f0)
[<c09580f4>] (_regmap_write) from [<c095837c>] (_regmap_update_bits+0xe4/0xec)
[<c095837c>] (_regmap_update_bits) from [<c09599b4>] (regmap_update_bits_base+0x50/0x74)
[<c09599b4>] (regmap_update_bits_base) from [<c0d3e9e4>] (fsl_asrc_runtime_resume+0x1e4/0x21c)
[<c0d3e9e4>] (fsl_asrc_runtime_resume) from [<c0942464>] (__rpm_callback+0x3c/0x108)
[<c0942464>] (__rpm_callback) from [<c0942590>] (rpm_callback+0x60/0x64)
[<c0942590>] (rpm_callback) from [<c0942b60>] (rpm_resume+0x5cc/0x808)
[<c0942b60>] (rpm_resume) from [<c0942dfc>] (__pm_runtime_resume+0x60/0xa0)
[<c0942dfc>] (__pm_runtime_resume) from [<c0d3ecc4>] (fsl_asrc_probe+0x2a8/0x708)
[<c0d3ecc4>] (fsl_asrc_probe) from [<c0935b08>] (platform_probe+0x58/0xb8)
[<c0935b08>] (platform_probe) from [<c0933264>] (really_probe.part.0+0x9c/0x334)
[<c0933264>] (really_probe.part.0) from [<c093359c>] (__driver_probe_device+0xa0/0x138)
[<c093359c>] (__driver_probe_device) from [<c0933664>] (driver_probe_device+0x30/0xc8)
[<c0933664>] (driver_probe_device) from [<c0933c88>] (__driver_attach+0x90/0x130)
[<c0933c88>] (__driver_attach) from [<c0931060>] (bus_for_each_dev+0x78/0xb8)
[<c0931060>] (bus_for_each_dev) from [<c093254c>] (bus_add_driver+0xf0/0x1d8)
[<c093254c>] (bus_add_driver) from [<c0934a30>] (driver_register+0x88/0x118)
[<c0934a30>] (driver_register) from [<c01022c0>] (do_one_initcall+0x7c/0x3a4)
[<c01022c0>] (do_one_initcall) from [<c1601204>] (kernel_init_freeable+0x198/0x22c)
[<c1601204>] (kernel_init_freeable) from [<c0f5ff2c>] (kernel_init+0x10/0x128)
[<c0f5ff2c>] (kernel_init) from [<c010013c>] (ret_from_fork+0x14/0x38)

or

Unhandled fault: external abort on non-linefetch (0x808) at 0xd19b0000
pgd = (ptrval)
[d19b0000] *pgd=82711811, *pte=308a0653, *ppte=308a0453
Internal error: : 808 [#1] SMP ARM
...
[<c095e974>] (regmap_mmio_write32le) from [<c095eb48>] (regmap_mmio_write+0x3c/0x54)
[<c095eb48>] (regmap_mmio_write) from [<c09580f4>] (_regmap_write+0x4c/0x1f0)
[<c09580f4>] (_regmap_write) from [<c0959b28>] (regmap_write+0x3c/0x60)
[<c0959b28>] (regmap_write) from [<c0d41130>] (fsl_sai_runtime_resume+0x9c/0x1ec)
[<c0d41130>] (fsl_sai_runtime_resume) from [<c0942464>] (__rpm_callback+0x3c/0x108)
[<c0942464>] (__rpm_callback) from [<c0942590>] (rpm_callback+0x60/0x64)
[<c0942590>] (rpm_callback) from [<c0942b60>] (rpm_resume+0x5cc/0x808)
[<c0942b60>] (rpm_resume) from [<c0942dfc>] (__pm_runtime_resume+0x60/0xa0)
[<c0942dfc>] (__pm_runtime_resume) from [<c0d4231c>] (fsl_sai_probe+0x2b8/0x65c)
[<c0d4231c>] (fsl_sai_probe) from [<c0935b08>] (platform_probe+0x58/0xb8)
[<c0935b08>] (platform_probe) from [<c0933264>] (really_probe.part.0+0x9c/0x334)
[<c0933264>] (really_probe.part.0) from [<c093359c>] (__driver_probe_device+0xa0/0x138)
[<c093359c>] (__driver_probe_device) from [<c0933664>] (driver_probe_device+0x30/0xc8)
[<c0933664>] (driver_probe_device) from [<c0933c88>] (__driver_attach+0x90/0x130)
[<c0933c88>] (__driver_attach) from [<c0931060>] (bus_for_each_dev+0x78/0xb8)
[<c0931060>] (bus_for_each_dev) from [<c093254c>] (bus_add_driver+0xf0/0x1d8)
[<c093254c>] (bus_add_driver) from [<c0934a30>] (driver_register+0x88/0x118)
[<c0934a30>] (driver_register) from [<c01022c0>] (do_one_initcall+0x7c/0x3a4)
[<c01022c0>] (do_one_initcall) from [<c1601204>] (kernel_init_freeable+0x198/0x22c)
[<c1601204>] (kernel_init_freeable) from [<c0f5ff2c>] (kernel_init+0x10/0x128)
[<c0f5ff2c>] (kernel_init) from [<c010013c>] (ret_from_fork+0x14/0x38)

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20210810160318.87376-1-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-25 10:48:50 +01:00
Jan Luebbe
d60af909d5 hw/char/pl011: add support for sending break
Break events are currently only handled by chardev/char-serial.c, so we
just ignore errors, which results in no behaviour change for other
chardevs.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Message-id: 20210806144700.3751979-1-jlu@pengutronix.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-25 10:48:50 +01:00
Daniel P. Berrangé
ea0aa1752c hw/core: fix error checking in smp_parse
machine_set_smp() mistakenly checks 'errp' not '*errp',
and so thinks there is an error every single time it runs.
This causes it to jump to the end of the method, skipping
the max CPUs checks. The caller meanwhile sees no error
and so carries on execution. The result of all this is:

 $ qemu-system-x86_64 -smp -1
 qemu-system-x86_64: GLib: ../glib/gmem.c:142: failed to allocate 481036337048 bytes

instead of

 $ qemu-system-x86_64 -smp -1
 qemu-system-x86_64: Invalid SMP CPUs -1. The max CPUs supported by machine 'pc-i440fx-6.1' is 255

This is a regression from

  commit fe68090e8f
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   Thu May 13 09:03:48 2021 -0400

    machine: add smp compound property

Closes: https://gitlab.com/qemu-project/qemu/-/issues/524
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210812175353.4128471-1-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-08-13 14:43:42 +02:00
Philippe Mathieu-Daudé
0b46318170 hw/core: Add missing return on error
If dies is not supported by this machine's CPU topology, don't
keep processing options and return directly.

Fixes: 0aebebb561 ("machine: reject -smp dies!=1 for non-PC machines")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210813112608.1452541-2-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-08-13 14:43:35 +02:00