Commit Graph

65884 Commits

Author SHA1 Message Date
Michael Roth
c13ee16911 pci: allow cleanup/unregistration of PCI root buses
This adds cleanup counterparts to pci_register_root_bus(),
pci_root_bus_new(), and pci_bus_irqs().

These cleanup routines are needed in the case of hotpluggable
PCIHostBridge implementations. Currently we can rely on the
object_unparent()'ing of the PCIHostState recursively unparenting
and cleaning up it's child buses, but we need explicit calls
to also:

  1) remove the PCIHostState from pci_host_bridges global list.
     otherwise, we risk accessing freed memory when we access
     the list later
  2) clean up memory allocated in pci_bus_irqs()

Both are handled outside the context of any particular bus or
host bridge's init/realize functions, making it difficult to
avoid the need for explicit cleanup functions without remodeling
how PCIHostBridges are created. So keep it simple and just add
them for now.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Greg Kurz
999c9caf2e spapr: move spapr_create_phb() to core machine code
This function is only used when creating the default PHB. Let's rename
it and move it to the core machine code for clarity.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
52804c60f1 MAINTAINERS: add qemu_vga.ndrv file entry for Mac machines
The VGA driver built from Ben's QemuMacDrivers repository is used exclusively
by the Mac machines.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Thomas Huth
2c6aba148c MAINTAINERS: Add some missing ppc-related files
hw/gpio/mpc8xxx.c is only used by the e500 machine, so add it there.
And the hw/input/adb* files are specific to the Mac machines, so
they should be assigned to these categories.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
2dea57db60 target/ppc: replace AVR* macros with Vsr* macros
Now that the VMX and VSR register sets have been combined, the same macros can
be used to access both AVR and VSR field members.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
ef96e3ae96 target/ppc: move FP and VMX registers into aligned vsr register array
The VSX register array is a block of 64 128-bit registers where the first 32
registers consist of the existing 64-bit FP registers extended to 128-bit
using new VSR registers, and the last 32 registers are the VMX 128-bit
registers as show below:

            64-bit               64-bit
    +--------------------+--------------------+
    |        FP0         |                    |  VSR0
    +--------------------+--------------------+
    |        FP1         |                    |  VSR1
    +--------------------+--------------------+
    |        ...         |        ...         |  ...
    +--------------------+--------------------+
    |        FP30        |                    |  VSR30
    +--------------------+--------------------+
    |        FP31        |                    |  VSR31
    +--------------------+--------------------+
    |                  VMX0                   |  VSR32
    +-----------------------------------------+
    |                  VMX1                   |  VSR33
    +-----------------------------------------+
    |                  ...                    |  ...
    +-----------------------------------------+
    |                  VMX30                  |  VSR62
    +-----------------------------------------+
    |                  VMX31                  |  VSR63
    +-----------------------------------------+

In order to allow for future conversion of VSX instructions to use TCG vector
operations, recreate the same layout using an aligned version of the existing
vsr register array.

Since the old fpr and avr register arrays are removed, the existing callers
must also be updated to use the correct offset in the vsr register array. This
also includes switching the relevant VMState fields over to using subarrays
to make sure that migration is preserved.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
05ee3e8aa0 target/ppc: merge ppc_vsr_t and ppc_avr_t union types
Since the VSX registers are actually a superset of the VMX registers then they
can be represented by the same type. Merge ppc_avr_t into ppc_vsr_t and change
ppc_avr_t to be a simple typedef alias.

Note that due to a difference in the naming of the float32 member between
ppc_avr_t and ppc_vsr_t, references to the ppc_avr_t f member must be replaced
with f32 instead.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
7329fb6240 target/ppc: switch FPR, VMX and VSX helpers to access data directly from cpu_env
Instead of accessing the FPR, VMX and VSX registers through static arrays of
TCGv_i64 globals, remove them and change the helpers to load/store data directly
within cpu_env.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
8b3b2d75c7 target/ppc: introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access
These helpers allow us to move VSR register values to/from the specified TCGv_i64
argument.

To prevent VSX helpers accessing the cpu_vsr array directly, add extra TCG
temporaries as required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Mark Cave-Ayland
c4a18dbf52 target/ppc: introduce get_avr64() and set_avr64() helpers for VMX register access
These helpers allow us to move AVR register values to/from the specified TCGv_i64
argument.

To prevent VMX helpers accessing the cpu_avr{l,h} arrays directly, add extra TCG
temporaries as required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Mark Cave-Ayland
1a404c91bd target/ppc: introduce get_fpr() and set_fpr() helpers for FP register access
These helpers allow us to move FP register values to/from the specified TCGv_i64
argument in the VSR helpers to be introduced shortly.

To prevent FP helpers accessing the cpu_fpr array directly, add extra TCG
temporaries as required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Mark Cave-Ayland
4c23c2a538 target/ppc: switch EXTRACT_HELPER macros over to use sextract32/extract32
These ensure that we consistently handle signed and unsigned extensions correctly
when decoding immediates from instruction opcodes.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Mark Cave-Ayland
ffcd21acb4 target/ppc: fix typo in SIMM5 extraction helper
As the macro name suggests, the argument should be signed and not unsigned.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
BALATON Zoltan
33c6a8b58e MAINTAINERS: Add more files to sam460ex
The sm501 model belonged to SH before but that seems to be inactive
now and latest changes were for sam460ex which is the more active user
of this device at the moment so let's adopt sm501 for sam460ex.

Also add device tree and firmware sources and binaries.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
BALATON Zoltan
a0557225fe ppc4xx: Disable debug logging by default
Debug logs were left enabled in ppc4xx_devs.c whereas in other files
these are normally not enabled. Disable it here as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Alexey Kardashevskiy
fea35ca4b8 ppc/spapr: Receive and store device tree blob from SLOF
SLOF receives a device tree and updates it with various properties
before switching to the guest kernel and QEMU is not aware of any changes
made by SLOF. Since there is no real RTAS (QEMU implements it), it makes
sense to pass the SLOF final device tree to QEMU to let it implement
RTAS related tasks better, such as PCI host bus adapter hotplug.

Specifially, now QEMU can find out the actual XICS phandle (for PHB
hotplug) and the RTAS linux,rtas-entry/base properties (for firmware
assisted NMI - FWNMI).

This stores the initial DT blob in the sPAPR machine and replaces it
in the KVMPPC_H_UPDATE_DT (new private hypercall) handler.

This adds an @update_dt_enabled machine property to allow backward
migration.

SLOF already has a hypercall since
https://github.com/aik/SLOF/commit/e6fc84652c9c0073f9183

This makes use of the new fdt_check_full() helper. In order to allow
the configure script to pick the correct DTC version, this adjusts
the DTC presense test.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Laurent Vivier
c24ba3d0a3 spapr: Add H-Call H_HOME_NODE_ASSOCIATIVITY
H_HOME_NODE_ASSOCIATIVITY H-Call returns the associativity domain
designation associated with the identifier input parameter

This fixes a crash when we try to hotplug a CPU in memory-less and
CPU-less numa node. In this case, the kernel tries to online the
node, but without the information provided by this h-call, the node id,
it cannot and the CPU is started while the node is not onlined.

It also removes the warning message from the kernel:
  VPHN is not supported. Disabling polling..

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Peter Maydell
147923b1a9 usb: generic sysbus ehci, bugfixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNMeBAAoJEEy22O7T6HE4W48QAMi3iyjY4OUDSHyYwGD80wZ5
 A9vl8RYPQQYXZANGwMhr/uHZUBpH1V55WGd5CfKJ2IrVNwi4Q1T+3rmbB+V2ROaq
 MPWjHP7aJHyderdUycaVK7PmlrSJKdAC096+azYsMmxT+A5yhwlqr33EdHDSmOYz
 CQ/Fpn1waWXxG/Q9jnVIUqT6NP25j3CxgMU3jqUa+NauseIFr/6ZFPxukjbPQ4Yu
 bpcPoc+W/iL8ijhrCru+n4XqM8hU6JDavRKWzUQ+ljn8hhhh2aIbWqlVdHP9szpz
 wo2DtdzpbFdspVnXFCf7YPDrNZsZ31+bnfJHGFjSOghNq5jnvMOx5bvqux2WiZQj
 WcgN/Ej59aQzDkIuFASkC/E2KVl30Qw2u3WT11zG1VO6aIHe1oa8FMbL/ys0Xj4Q
 XW+TRhWXxK5GlR0WEaEUXPxrK+zsJmrjSj70XH9BaWj/A12FRwLYG5VSQC0PsuAB
 IoDzc4rgDNsm1Mig58Oklu8PJAenxJH573VM27+XMMfkj5/hpCvDQ6P5gi1TWffE
 L4ICP7CDy1eBj4L8IDcdPXcOWcrWGti4A+zBcIoshHzA5KWA6mg5QxlKCO3VDQ3R
 3bpWjxcHdelHLDaJ7qyemspvBdukfyOCJfieagtdCuwfw2GU5Uvx1wbu1G7vIhSh
 nL/gyaGei/buOhd45751
 =K5K4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190108-pull-request' into staging

usb: generic sysbus ehci, bugfixes.

# gpg: Signature made Tue 08 Jan 2019 15:53:37 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20190108-pull-request:
  usb: move ehci_create_ich9_with_companions to hw/i386
  hw/usb: Add generic sys-bus EHCI controller
  usb: dev-mtp: fix memory leak in error path
  usb: drop unnecessary usb_device_post_load checks
  hw/usb: fix mistaken de-initialization of CCID state

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 16:07:32 +00:00
Roman Bolshakov
21a43af0f1 qemu-thread: Don't block SEGV, ILL and FPE
If any of these signals happen on macOS, they are not delivered to other
threads and signalfd_compat receives nothing. Indeed, POSIX reference
and sigprocmask(2) note that an attempt to block the signals results in
undefined behaviour. SEGV and FPE can't also be received by signalfd(2)
on Linux.

An ability to retrieve SIGBUS via signalfd(2) is used by QEMU for
memory preallocation therefore we can't unblock it without consequences.
But it's important to leave a remark that the signal is lost on macOS.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 12:34:46 +00:00
Roman Bolshakov
479a57475e util: Implement debug-threads for macOS
macOS provides pthread_setname_np that doesn't have thread id argument.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 12:34:46 +00:00
Markus Armbruster
16bf52346d ui/cocoa: Include less of the generated modular QAPI headers
Avoids pointless recompilation.  Missed in commit 112ed241f5.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20181220084559.13880-1-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 12:30:50 +00:00
Paolo Bonzini
efce3175fd usb: move ehci_create_ich9_with_companions to hw/i386
This function is only needed when Q35 is in use.  Moving it to
the same file that uses it lets you disable the entire USB
subsystem in x86_64-softmmu.mak; of course doing that will
cause -usb to break horribly, but one thing at a time.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1545064358-4601-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:43:41 +01:00
Hongbo Zhang
114529f79e hw/usb: Add generic sys-bus EHCI controller
This patch introduces a new system bus generic EHCI controller.
For the system bus EHCI controller, we've already had "xlnx",
"exynos4210", "tegra2", "ppc4xx" and "fusbh200", they are specific and
only suitable for their own platforms, platforms such as an Arm server,
may need a generic system bus EHCI controller, this patch creates it,
and the kernel driver ehci_platform.c works well on it.

Signed-off-by: Hongbo Zhang <hongbo.zhang@linaro.org>
Message-id: 1546077657-22637-1-git-send-email-hongbo.zhang@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:41:32 +01:00
Li Qiang
8e3759ef04 usb: dev-mtp: fix memory leak in error path
Spotted by Coverity: CID 1397074

Fixes: c52d46e041
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190103132605.49476-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:40:35 +01:00
Jonathan Davies
f30815390a usb: drop unnecessary usb_device_post_load checks
In usb_device_post_load, certain values of dev->setup_len or
dev->setup_index can cause -EINVAL to be returned. One example is when
setup_len exceeds 4096, the hard-coded value of sizeof(dev->data_buf).
This can happen through legitimate guest activity and will cause all
subsequent attempts to migrate the guest to fail in vmstate_load_state.

The values of these variables can be set by USB packets originating in
the guest. There are two ways in which they can be set: in
do_token_setup and in do_parameter in hw/usb/core.c.

It is easy to craft a USB packet in a guest that causes do_token_setup
to set setup_len to a value larger than 4096. When this has been done
once, all subsequent attempts to migrate the VM will fail in
usb_device_post_load until the VM is next power-cycled or a
smaller-sized USB packet is sent to the device.

Sample code for achieving this in a VM started with "-device usb-tablet"
running Linux with CONFIG_HIDRAW=y and HID_MAX_BUFFER_SIZE > 4096:

  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>

  int main() {
           char buf[4097];
           int fd = open("/dev/hidraw0", O_RDWR|O_NONBLOCK);

           buf[0] = 0x1;
           write(fd, buf, 4097);

           return 0;
  }

When this code is run in the VM, qemu will output:

  usb_generic_handle_packet: ctrl buffer too small (4097 > 4096)

A subsequent attempt to migrate the VM will fail and output the
following on the destination host:

  qemu-kvm: error while loading state for instance 0x0 of device '0000:00:06.7/1/usb-ptr'
  qemu-kvm: load of migration failed: Invalid argument

The idea behind checking the values of setup_len and setup_index before
they are used is correct, but doing it in usb_device_post_load feels
arbitrary, and will cause unnecessary migration failures. Indeed, none
of the commit messages for c60174e8, 9f8e9895 and 719ffe1f justify why
post_load is the right place to do these checks. They correctly point
out that the important thing to protect is the usb_packet_copy.

Instead, the right place to do the checks is in do_token_setup and
do_parameter. Indeed, there are already some checks here. We can examine
each of the disjuncts currently tested in usb_device_post_load to see
whether any need adding to do_token_setup or do_parameter to improve
safety there:

  * dev->setup_index < 0
     - This test is not needed because setup_index is explicitly set to
0 in do_token_setup and do_parameter.

  * dev->setup_len < 0
     - In both do_token_setup and do_parameter, the value of setup_len
is computed by (s->setup_buf[7] << 8) | s->setup_buf[6]. Since
s->setup_buf is a byte array and setup_len is an int32_t, it's
impossible for this arithmetic to set setup_len's top bit, so it can
never be negative.

  * dev->setup_index > dev->setup_len
     - Since setup_index is 0, this is equivalent to the previous test,
so is redundant.

  * dev->setup_len > sizeof(dev->data_buf)
     - This condition is already explicitly checked in both
do_token_setup and do_parameter.

Hence there is no need to bolster the existing checks in do_token_setup
or do_parameter, and we can safely remove these checks from
usb_device_post_load without reducing safety but allowing migrations to
proceed regardless of what USB packets have been generated by the guest.

Signed-off-by: Jonathan Davies <jonathan.davies@nutanix.com>
Message-Id: <20190107175117.23769-1-jonathan.davies@nutanix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:37:52 +01:00
Peter Maydell
625fa8de78 Queued target/alpha patches
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcNAd6AAoJEGTfOOivfiFfAeIH/3CpuNBFyoiFJ634L60i1B64
 cwM3BMz4RnWyfGYPUzZls2vNjMMNUKGi2WQswjWj2DJBcimVk3sYdxcjBzVKngzz
 fhZLXfw672baa+0/8fQmp3lLmxm5nHqP0ZDOqBAO1VD+5myJY9UgX0fxgxKtz6DH
 VYm6flMmRssXNKgtEWvtdTjrBbfGbLFTlpLRkC6rvQX1s+AdxUawSqpnm98cyXJx
 2rZVY8A3wf6cgts9LyXE2Bs6CjHa7x15BlnU/0MvDtLeuScijZGmMF4FWBkFMwEV
 A9aDBXjbePTL4Bp9kptzJ0sDwVldmLKDRpm/YumCrvc/B2ENBm2RU849v8qpwsw=
 =NU+W
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-axp-20190108' into staging

Queued target/alpha patches

# gpg: Signature made Tue 08 Jan 2019 02:14:18 GMT
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-axp-20190108:
  pc-bios: Update palcode-clipper
  target/alpha: Fix user-only initialization of fpcr
  hw/alpha/typhoon: Stop calling cpu_unassigned_access()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 10:40:55 +00:00
Richard Henderson
ac89de40ef pc-bios: Update palcode-clipper
Do not double-update the PC after OPCDEC.

Fixes: https://bugs.launchpad.net/bugs/1810545
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-08 12:12:51 +10:00
Richard Henderson
29eb528078 target/alpha: Fix user-only initialization of fpcr
When the representation of fpcr was changed, the user-only
initialization was not updated to match.  Oops.

Fixes: f3d3aad4a9
Fixes: https://bugs.launchpad.net/bugs/1701835
Reported-by: Bruno Haible <bruno@clisp.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-08 09:04:30 +10:00
Peter Maydell
b7ed683a8d hw/alpha/typhoon: Stop calling cpu_unassigned_access()
The typhoon MemoryRegionOps callbacks directly call
cpu_unassigned_access(), presumably as the old-fashioned way
to provoke a CPU exception.  This won't work since commit
6ad4d7eed0 when we switched Alpha over to the
transaction_failed hook API, because now cpu_unassigned_access()
is a no-op for Alpha.

Make the MemoryRegionOps callbacks use the read_with_attrs
and write_with_attrs hooks, so they can signal a failure
that should cause a CPU exception by returning MEMTX_ERROR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20181210173350.13073-1-peter.maydell@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-08 09:04:30 +10:00
Peter Maydell
c102d9471f target-arm queue:
* Support u-boot 'noload' images for Arm (as used by NetBSD/evbarm GENERIC kernel)
  * hw/misc/tz-mpc: Fix value of BLK_MAX register
  * target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
  * nRF51 SoC: add timer, GPIO, RNG peripherals
  * hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
  * cpus.c: Fix race condition in cpu_stop_current()
  * hw/arm: versal: Plug memory leaks
  * Allow M profile boards to run even if -kernel not specified
  * gdbstub: Add multiprocess extension support for use when the
    board has multiple CPUs of different types (like the Xilinx Zynq boards)
  * target/arm: Don't decode S bit in SVE brk[ab] merging insns
  * target/arm: Convert ARM_TBFLAG_* to FIELDs
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJcM36AAAoJEDwlJe0UNgzepuMP/A6umcXRrO+vOZgkW+cvJ8cD
 JkDdb8H/u3S6zqNokABI3Ya/areX1P30sRV7e7mC5IsknVNZe0MqQX6TW5477HMP
 Oz/m1AbyByWMLVILFiWfte5dtRRLfs3axzrmhu6HwJXe0NIUiYQofoJzCZEDMxDn
 71cehgeNkUGA36HViPyqzHZYADFkCX3Tfmh1FEh2jD7taK9GNsff8p6cHTb05W7d
 wWk68PS8VKTb5VrYH6SyiAHW8gBVrrUkYlkPKHzemK5fwlgDOSfxVLthf8mo08SH
 QxEXI430tagdmrGNO/nKOTA2NQwMzvCk/OLf0Qwg9I9F9pYtiOJ7nXXbtqDC8eKy
 DdHsL57W0F7sFkoVt+YNHSeylyLRluDh+D+Q7OHnlvwsEYmecqsWkW/A2CYC0uWs
 8ajxPBNpGG1lIvo63YK5/4kOy0DE/6ISljYOSlYYg3iXeAZPkQZMTlUxoYmJQ+Zr
 h1tLg1N9SuyQK5g5Uuluw2GwgzIv/Bt1LFo7pnvsA2X6PKiv6nno40T8q0Lw6ah4
 lmAUWx0OUilTrvQwterHlr6hfWu2RLiRoxCg06a3C93YlRjsR3vZOBeQ5ByaE+ho
 5ItKn58EerO+UaweVoc6MDhJFPC8b16Eee281BCec8Ks4GR1tIcpP/0z2lUwhBu6
 hoPmkoPtFtu1dKBgF8Ma
 =x1jv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190107' into staging

target-arm queue:
 * Support u-boot 'noload' images for Arm (as used by NetBSD/evbarm GENERIC kernel)
 * hw/misc/tz-mpc: Fix value of BLK_MAX register
 * target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
 * nRF51 SoC: add timer, GPIO, RNG peripherals
 * hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
 * cpus.c: Fix race condition in cpu_stop_current()
 * hw/arm: versal: Plug memory leaks
 * Allow M profile boards to run even if -kernel not specified
 * gdbstub: Add multiprocess extension support for use when the
   board has multiple CPUs of different types (like the Xilinx Zynq boards)
 * target/arm: Don't decode S bit in SVE brk[ab] merging insns
 * target/arm: Convert ARM_TBFLAG_* to FIELDs

# gpg: Signature made Mon 07 Jan 2019 16:29:52 GMT
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190107: (37 commits)
  Support u-boot noload images for arm as used by, NetBSD/evbarm GENERIC kernel.
  hw/misc/tz-mpc: Fix value of BLK_MAX register
  target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
  arm: Add Clock peripheral stub to NRF51 SOC
  tests/microbit-test: Add Tests for nRF51 Timer
  arm: Instantiate NRF51 Timers
  hw/timer/nrf51_timer: Add nRF51 Timer peripheral
  tests/microbit-test: Add Tests for nRF51 GPIO
  arm: Instantiate NRF51 general purpose I/O
  hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
  arm: Instantiate NRF51 random number generator
  hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
  arm: Add header to host common definition for nRF51 SOC peripherals
  qtest: Add set_irq_in command to set IRQ/GPIO level
  hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
  cpus.c: Fix race condition in cpu_stop_current()
  MAINTAINERS: Add ARM-related files for hw/[misc|input|timer]/
  hw/arm: versal: Plug memory leaks
  Revert "armv7m: Guard against no -kernel argument"
  arm/xlnx-zynqmp: put APUs and RPUs in separate CPU clusters
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 16:56:33 +00:00
Nick Hudson
f831f955d4 Support u-boot noload images for arm as used by, NetBSD/evbarm GENERIC kernel.
noload kernels are loaded with the u-boot image header and as a result
the header size needs adding to the entry point.  Fake up a hdr so the
kernel image is loaded at the right address and the entry point is
adjusted appropriately.

The default location for the uboot file is 32MiB above bottom of DRAM.
This matches the recommendation in Documentation/arm/Booting.

Clarify the load_uimage API to state the passing of a load address when an
image doesn't specify one, or when loading a ramdisk is expected.

Adjust callers of load_uimage, etc.

Signed-off-by: Nick Hudson <skrll@netbsd.org>
Message-id: 11488a08-1fe0-a278-2210-deb64731107f@gmx.co.uk
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:46:20 +00:00
Peter Maydell
31ed41889e Generalize machine compatibility properties
During "[PATCH v2 05/10] qom/globals: generalize
 object_property_set_globals()" review, Eduardo suggested to rework the
 GlobalProperty handling, so that -global is limited to QDev only and
 we avoid mixing the machine compats and the user-provided -global
 properties (instead of generalizing -global to various object kinds,
 like I proposed in v2).
 
 "qdev: do not mix compat props with global props" patch decouples a
 bit user-provided -global from machine compat properties. This allows
 to get rid of "user_provided" and "errp" fields in following patches.
 
 A new compat property "x-use-canonical-path-for-ramblock-id" is added
 to hostmem for legacy canonical path names, set to true for -file and
 -memfd with qemu < 4.0.
 
 (this series was initially titled "[PATCH v2 00/10] hostmem: use
 object "id" for memory region name with >= 3.1", but its focus is more
 in refactoring the global and compatilibity properties handling now)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcM0STAAoJENro4Ql1lpzlqVIP/2xdIYWu4cKzkTZjI/xunPHl
 ccTxc8gkj3AYZozKR4qK9MIhRE7NmtX/kYF52WJpg1/G9xtXQboy44Lc61ke+c7s
 4zL3d20qpNy9jEMQYEB5zVPbn+fKUMm64FsJ8bHZRPryRxjDp+I+8Elt6u9dLTxC
 jGk17vY4RN9oCyFg/GZztzANNSNAcOHSW8VOut9nO/xDL4SkqKJ1CA6kQXX5Zdrz
 DuyyUGRFcyeGqr6WwIswuTlLkqYxHp1X1BejzWPtJMZWsWQGw/uPyO2kwGAqVcSy
 FaiekB2rdfvaXsbl6BaUB7kEGqJberib+kwTN+Z+YoKPKHDAIVzOd2zDW+mwmjZC
 YW7MGks1KwoyrPs3XV1M0m3c83h1U/SlGOk7s2uCNL/0f5NpHEWehrQRAzFgMmfX
 GvI7sO5btY6c50Ry5qaPg+NicpTNr/7bqLJ7tOHq0JP0l9ckRh/4u+deJyjwW5xx
 H3O8uC6pm/Q3S1JTMs9Iu+YrbIvt75SLjUxF0jU8fG2/3XrXwfcvbD7R+sNJrGJJ
 7nvjOTXC4K9VjZpFFzYK3k+HdUaE03LSaF1dTTTby0ANI63keQJEItDXuv5vZBNj
 jZb2WRtelwgKvQhkhwr7ks8r0j7E5cdZEkU1nvejW84S4ksXc4bbT3CPZrzfV22M
 MCJ3WRMFUG6fNxCORucJ
 =mx+3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/elmarco/tags/machine-props-pull-request' into staging

Generalize machine compatibility properties

During "[PATCH v2 05/10] qom/globals: generalize
object_property_set_globals()" review, Eduardo suggested to rework the
GlobalProperty handling, so that -global is limited to QDev only and
we avoid mixing the machine compats and the user-provided -global
properties (instead of generalizing -global to various object kinds,
like I proposed in v2).

"qdev: do not mix compat props with global props" patch decouples a
bit user-provided -global from machine compat properties. This allows
to get rid of "user_provided" and "errp" fields in following patches.

A new compat property "x-use-canonical-path-for-ramblock-id" is added
to hostmem for legacy canonical path names, set to true for -file and
-memfd with qemu < 4.0.

(this series was initially titled "[PATCH v2 00/10] hostmem: use
object "id" for memory region name with >= 3.1", but its focus is more
in refactoring the global and compatilibity properties handling now)

# gpg: Signature made Mon 07 Jan 2019 12:22:43 GMT
# gpg:                using RSA key DAE8E10975969CE5
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/machine-props-pull-request: (28 commits)
  hostmem: use object id for memory region name with >= 4.0
  arm: replace instance_post_init()
  qdev-props: call object_apply_global_props()
  qdev-props: remove errp from GlobalProperty
  qdev-props: convert global_props to GPtrArray
  qdev: all globals are now user-provided
  qdev: make a separate helper function to apply compat properties
  compat: remove remaining PC_COMPAT macros
  include: remove compat.h
  compat: replace PC_COMPAT_2_1 & HW_COMPAT_2_1 macros
  compat: replace PC_COMPAT_2_2 & HW_COMPAT_2_2 macros
  compat: replace PC_COMPAT_2_3 & HW_COMPAT_2_3 macros
  compat: replace PC_COMPAT_2_4 & HW_COMPAT_2_4 macros
  compat: replace PC_COMPAT_2_5 & HW_COMPAT_2_5 macros
  compat: replace PC_COMPAT_2_6 & HW_COMPAT_2_6 macros
  compat: replace PC_COMPAT_2_7 & HW_COMPAT_2_7 macros
  compat: replace PC_COMPAT_2_8 & HW_COMPAT_2_8 macros
  compat: replace PC_COMPAT_2_9 & HW_COMPAT_2_9 macros
  compat: replace PC_COMPAT_2_10 & HW_COMPAT_2_10 macros
  compat: replace PC_COMPAT_2_11 & HW_COMPAT_2_11 macros
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:32:24 +00:00
Peter Maydell
619d54a8d8 hw/misc/tz-mpc: Fix value of BLK_MAX register
In the TZ Memory Protection Controller, the BLK_MAX register is supposed
to return the maximum permitted value of the BLK_IDX register. Our
implementation incorrectly returned max+1 (ie the total number of
valid index values, since BLK_IDX is zero-based).

Correct this off-by-one error. Since we consistently initialize
and use s->blk_max throughout the implementation as the 'size'
of the LUT, just adjust the value we return when the guest reads
the BLK_MAX register, rather than trying to change the semantics
of the s->blk_max internal struct field.

Fixes: https://bugs.launchpad.net/qemu/+bug/1806824
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20181213183249.3468-1-peter.maydell@linaro.org
2019-01-07 15:23:48 +00:00
Peter Maydell
96c552958d target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
Now that MTTCG is here, the comment in the 32-bit Arm decoder that
"Since the emulation does not have barriers, the acquire/release
semantics need no special handling" is no longer true. Emit the
correct barriers for the load-acquire/store-release insns, as
we already do in the A64 decoder.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2019-01-07 15:23:48 +00:00
Steffen Görtz
b39dced66a arm: Add Clock peripheral stub to NRF51 SOC
This stubs enables the microbit-micropython firmware to run
on the microbit machine.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-12-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
7ec543e4b9 tests/microbit-test: Add Tests for nRF51 Timer
Basic tests for nRF51 Timer Peripheral.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-11-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
60facd906b arm: Instantiate NRF51 Timers
Instantiates TIMER0 - TIMER2

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-10-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
c5a4829c08 hw/timer/nrf51_timer: Add nRF51 Timer peripheral
This patch adds the model for the nRF51 timer peripheral.
Currently, only the TIMER mode is implemented.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-9-stefanha@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
17ff8e18cc tests/microbit-test: Add Tests for nRF51 GPIO
The test suite for the nRF51 GPIO peripheral for now
only tests initial state. Additionally a set of
tests testing an implementation detail of the model
are included.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-8-stefanha@redhat.com
[PMM: fixed stray space at start of file]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
bb42c4cb2a arm: Instantiate NRF51 general purpose I/O
Instantiates GPIO peripheral model

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-7-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
805f61bbb3 hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
This adds a model of the nRF51 GPIO peripheral.

Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

The nRF51 series microcontrollers support up to 32 GPIO pins in various configurations.
The pins can be used as input pins with pull-ups or pull-down.
Furthermore, three different output driver modes per level are
available (disconnected, standard, high-current).

The GPIO-Peripheral has a mechanism for detecting level changes which is
not featured in this model.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-6-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
f30890def5 arm: Instantiate NRF51 random number generator
Use RNG in SOC.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-5-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
90c58941f6 hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
Add a model of the NRF51 random number generator peripheral.
This is a simple random generator that continuously generates
new random values after startup.

Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-4-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
659b85e413 arm: Add header to host common definition for nRF51 SOC peripherals
Adds a header that provides definitions that are used
across nRF51 peripherals

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-3-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Steffen Görtz
9813dc6ac3 qtest: Add set_irq_in command to set IRQ/GPIO level
Adds a new qtest command "set_irq_in" which allows
to set qemu gpio lines to a given level.

Based on https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02363.html
which never got merged.

Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103091119.9367-2-stefanha@redhat.com
Originally-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Philippe Mathieu-Daudé
ead07aa4ef hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
From the "A10 User Manual V1.20" p.29: "3.2. Memory Mapping" and:

 7. System Control
  7.1. Overview

  A10 embeds a high-speed SRAM which has been split into five segments.
  See detailed memory mapping in following table:

  Area          Address        Size (Bytes)
   A1    0x00000000-0x00003FFF 16K
   A2    0x00004000-0x00007FFF 16K
   A3    0x00008000-0x0000B3FF 13K
   A4    0x0000B400-0x0000BFFF  3K

Since for emulation purpose we don't need the segmentations, we simply define
the 'A' area as a single 48KB SRAM.

We don't implement the following others areas:
- 'B': 'Secure RAM' (64K),
- 'C': Debug/ISP SRAM
- 'D': USB SRAM

(qemu) info mtree
address-space: memory
  0000000000000000-ffffffffffffffff (prio 0, i/o): system
    0000000000000000-000000000000bfff (prio 0, ram): sram A
    0000000001c00000-0000000001c00fff (prio -1000, i/o): a10-sram-ctrl
    0000000001c0b000-0000000001c0bfff (prio 0, i/o): aw_emac
    0000000001c18000-0000000001c18fff (prio 0, i/o): ahci
      0000000001c18080-0000000001c180ff (prio 0, i/o): allwinner-ahci
    0000000001c20400-0000000001c207ff (prio 0, i/o): allwinner-a10-pic
    0000000001c20c00-0000000001c20fff (prio 0, i/o): allwinner-A10-timer
    0000000001c28000-0000000001c2801f (prio 0, i/o): serial
    0000000040000000-0000000047ffffff (prio 0, ram): cubieboard.ram

Reported-by: Charlie Smurthwaite <charlie@atech.media>
Tested-by: Charlie Smurthwaite <charlie@atech.media>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20190104142921.878-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Peter Maydell
0ec7e6779f cpus.c: Fix race condition in cpu_stop_current()
We use cpu_stop_current() to ensure the current CPU has stopped
from places like qemu_system_reset_request(). Unfortunately its
current implementation has a race. It calls qemu_cpu_stop(),
which sets cpu->stopped to true even though the CPU hasn't
actually stopped yet. The main thread will look at the flags
set by qemu_system_reset_request() and call pause_all_vcpus().
pause_all_vcpus() waits for every cpu to have cpu->stopped true,
so it can continue (and we will start the system reset operation)
before the vcpu thread has got back to its top level loop.

Instead, just set cpu->stop and call cpu_exit(). This will
cause the vcpu to exit back to the top level loop, and there
(as part of the wait_io_event code) it will call qemu_cpu_stop().

This fixes bugs where the reset request appeared to be ignored
or the CPU misbehaved because the reset operation started
to change vcpu state while the vcpu thread was still using it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Tested-by: Jaap Crezee <jaap@jcz.nl>
Message-id: 20181207155911.12710-1-peter.maydell@linaro.org
2019-01-07 15:23:47 +00:00
Thomas Huth
b7f301141d MAINTAINERS: Add ARM-related files for hw/[misc|input|timer]/
Some of the files in hw/input/, hw/misc/ and hw/timer/ are only
used by one of the ARM machines, so we can assign these files to
the corresponding boards.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 1546433583-18397-1-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:47 +00:00
Edgar E. Iglesias
aee63b07fd hw/arm: versal: Plug memory leaks
Plug a couple of "board creation time" memory leaks.

Fixes: 6f16da53ff ("hw/arm: versal: Add a virtual Xilinx Versal board")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190104104749.5314-2-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:46 +00:00
Stefan Hajnoczi
c38c37ac97 Revert "armv7m: Guard against no -kernel argument"
This reverts commit 01fd41ab3f.

The generic loader device (-device loader,file=kernel.bin) can be used
to load a kernel instead of the -kernel option.  Some boards have flash
memory (pflash) that is set via the -pflash or -drive options.

Allow starting QEMU without the -kernel option to accommodate these
scenarios.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190103144124.18917-1-stefanha@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-07 15:23:46 +00:00