Commit Graph

75678 Commits

Author SHA1 Message Date
Robert Foley
c9de39355a tests/vm: increased max timeout for vm boot.
Add change to increase timeout waiting for VM to boot.
Needed for some emulation cases where it can take longer
than 5 minutes to boot.

Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200219163537.22098-4-robert.foley@linaro.org>
Message-Id: <20200303150622.20133-4-alex.bennee@linaro.org>
2020-03-04 09:57:25 +00:00
Robert Foley
89adc5b918 tests/vm: Debug mode shows ssh output.
Add changes to tests/vm/basevm.py so that during debug mode we show ssh output.

Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200219163537.22098-3-robert.foley@linaro.org>
Message-Id: <20200303150622.20133-3-alex.bennee@linaro.org>
2020-03-04 09:57:23 +00:00
Robert Foley
0bc72f9010 tests/vm: use $(PYTHON) consistently
Change Makefile.include to use $(PYTHON) so for vm-boot-ssh to be
consistent with other cases like vm-build.

Signed-off-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Puhov <peter.puhov@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200219163537.22098-2-robert.foley@linaro.org>
Message-Id: <20200303150622.20133-2-alex.bennee@linaro.org>
2020-03-04 09:57:19 +00:00
Peter Maydell
abfa865014 Virtiofsd pull 2020-03-03
xattr fixes from Misono.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAl5edHgACgkQBRYzHrxb
 /efp/hAAr48at6AwqxhW0e/tALyPT40LT9N88NOT1qyKWMdAPz8b6lM0P21wAgvf
 t4gfidPuwN7ySP5bnYUUJZPIe12z1FLxqiKLgB8vaUZxrVl8C3xE/HkqmQyqxOiv
 vn50WKKgv4lKVw/gX8JW9+occSeRIkLgDrOWE7rDtaCk7SkEzlbM83S4VVLfIbtD
 leRG/p0XoqF1z/nL8+X4pTx2TzJG5E02jWURrtWgS5O2MCzk0Axtq5L9qGdza2iK
 Fzpn6P0X5NW7pk0O4dZLxP70scVpSm7mTPVPcVGbFkMem2bQJh+bIVS6Q4uPl7Kc
 pANuFvnPSbaK1BeUGAHZ0ATbecBvBMk6Ysmf1oQNycs9xwhPErSoqtiF8V52uuqe
 mce7xKKAz9FZ1aGDWj81u5V69xeGtpu1GncdDgJo9A30EOXgJZzuEpL689+IBeKY
 xFcfrA0jWT4H4BOAjJ+hfhKYw9UD4OrozbY81z2U/sQg8nUyoEoZorgLe7YrjrXO
 4obTWBW4fH7O7aqpCKjyqJ2t/YsPrCL9nnWSlsx7LhD9npYywkfxupD/WTsS1Meh
 voetOecgtP2bpeA55NampMS8JrHz7fnY6OEE3fpirVvMRCOLkEtxWNKlvLtGC2Te
 SoVv9IW2XOX2dmWJEHXUCr0XbgCQPStC6yqHkUhPtpfXAuDT3Iw=
 =arLT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20200303' into staging

Virtiofsd pull 2020-03-03

xattr fixes from Misono.

# gpg: Signature made Tue 03 Mar 2020 15:15:04 GMT
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert-gitlab/tags/pull-virtiofs-20200303:
  virtiofsd: Fix xattr operations
  virtiofsd: passthrough_ll: cleanup getxattr/listxattr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-03 15:20:12 +00:00
Misono Tomohiro
bdfd667883 virtiofsd: Fix xattr operations
Current virtiofsd has problems about xattr operations and
they does not work properly for directory/symlink/special file.

The fundamental cause is that virtiofsd uses openat() + f...xattr()
systemcalls for xattr operation but we should not open symlink/special
file in the daemon. Therefore the function is restricted.

Fix this problem by:
 1. during setup of each thread, call unshare(CLONE_FS)
 2. in xattr operations (i.e. lo_getxattr), if inode is not a regular
    file or directory, use fchdir(proc_loot_fd) + ...xattr() +
    fchdir(root.fd) instead of openat() + f...xattr()

    (Note: for a regular file/directory openat() + f...xattr()
     is still used for performance reason)

With this patch, xfstests generic/062 passes on virtiofs.

This fix is suggested by Miklos Szeredi and Stefan Hajnoczi.
The original discussion can be found here:
  https://www.redhat.com/archives/virtio-fs/2019-October/msg00046.html

Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Message-Id: <20200227055927.24566-3-misono.tomohiro@jp.fujitsu.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-03-03 15:13:24 +00:00
Misono Tomohiro
16e15a7308 virtiofsd: passthrough_ll: cleanup getxattr/listxattr
This is a cleanup patch to simplify the following xattr fix and
there is no functional changes.

- Move memory allocation to head of the function
- Unify fgetxattr/flistxattr call for both size == 0 and
  size != 0 case
- Remove redundant lo_inode_put call in error path
  (Note: second call is ignored now since @inode is already NULL)

Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Message-Id: <20200227055927.24566-2-misono.tomohiro@jp.fujitsu.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-03-03 15:13:24 +00:00
Peter Maydell
104933c4a9 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJeXiwOAAoJEO8Ells5jWIRvD4H/2acXnglnA2wrCUcIq9j/8/D
 QvzPh77LSzTTvgvyF2n/K2Z7gtM9HwVq0i159fYYJCqZSy330gK//qe8yE37qx5Z
 Rgqu/p1VKxasnN8jwaiOaneNx/O/B89BvPfG5Azi7HVO9Zdep+d3VrbWWjQymEoM
 yf90XUu/DX1PPiNJkEUlsrjCZrzBU5zfyNr7CpFOfi1gzbJMV1wblHIcOIadyisY
 tvMfGfp+K2TgKBlSkrJd7TSZrnqmPi5NKQ8hJRlXDuNFrXsgxuUa2WbNqOwzArKn
 ZL4eXPRB+Sp2/Zy8BVENgSjOvU5Tho8dJm2rSdGXKfF78Ox8uAHbZ8LeTAYUlpM=
 =jL0I
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 03 Mar 2020 10:06:06 GMT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request: (23 commits)
  l2tpv3: fix RFC number typo in qemu-options.hx
  colo: Update Documentation for continuous replication
  net/filter.c: Add Options to insert filters anywhere in the filter list
  tests/test-replication.c: Add test for for secondary node continuing replication
  block/replication.c: Ignore requests after failover
  hw: net: cadence_gem: Fix build errors in DB_PRINT()
  NetRxPkt: fix hash calculation of IPV6 TCP
  NetRxPkt: Introduce support for additional hash types
  e1000e: Avoid hw_error if legacy mode used
  dp8393x: Don't stop reception upon RBE interrupt assertion
  dp8393x: Don't reset Silicon Revision register
  dp8393x: Always update RRA pointers and sequence numbers
  dp8393x: Clear descriptor in_use field to release packet
  dp8393x: Pad frames to word or long word boundary
  dp8393x: Use long-word-aligned RRA pointers in 32-bit mode
  dp8393x: Don't clobber packet checksum
  dp8393x: Implement packet size limit and RBAE interrupt
  dp8393x: Clear RRRA command register bit only when appropriate
  dp8393x: Update LLFA and CRDA registers from rx descriptor
  dp8393x: Have dp8393x_receive() return the packet size
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-03 12:03:59 +00:00
Peter Maydell
2ac031d171 RISC-V Patches for the 5.0 Soft Freeze, Part 3
This pull request is almost entirely an implementation of the draft hypervisor
 extension.  This extension is still in draft and is expected to have
 incompatible changes before being frozen, but we've had good luck managing
 other RISC-V draft extensions in QEMU so far.
 
 Additionally, there's a fix to PCI addressing and some improvements to the
 M-mode timer.
 
 This boots linux and passes make check for me.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAl5do3gTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiXhlD/9gtiGUT9QxnwygSAck2rLYJHN0rWLC
 7FRUar9egPDQ9rtwYKYM5H9fqFzfAxoWc2CTGPPxm75fS49gmEU06p6jBM3gdnNf
 WGXPdwefeBhWHxuS0LoQodoLybNmB1H+prrZA6LjoQFbp6BHEdOzSeGBvrUvoYuZ
 MCX++mA39h3gRvuXQdMYdPec2DdP07cMRirpXUgzlGtQ5WYUK8fNMDYDNkc0vKQc
 aDFDnL7KHRgKt74Fs9LnlEUuZg5r8vEsf4h80SWwBxqDLbSUf9Sh/F8K1abxDUEo
 tAm/45mPwTXEbFtEGG9f7uHD6ul0GyoTnybCf/1EQgWUtrm6yhw9b69UUdziOW7/
 LVFNjuX4zI175PP6pANb9QnPJnr+VRaCaBg+rXeju3OypkFNsQi6EwefkZFnn1Ye
 9hteMOKNaiuYY5qcNXqskJ3j/lnoPTzNpsZKbDinyXARr/tslRqZdn1MU8J9FVUS
 M+w0qVgrHPHojmFAbzwKQIONExApiKBkhrV+K5tkbxNNnp3tYBqoLXW8HYpu4MWh
 PavscLRVdLzzBJ7AQHnSNmJVlgiAz/VwJh/v0KNhfwrQzE0XAxcCyUQ/1NMLTkjY
 CGP3jxV3Wnxf6BQObqrUEUKG0UOOwWmGhYe28suVt8ni4c8eDvZ/z6P+yxFj/v9q
 cn03WY6J3beQlw==
 =5W7J
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging

RISC-V Patches for the 5.0 Soft Freeze, Part 3

This pull request is almost entirely an implementation of the draft hypervisor
extension.  This extension is still in draft and is expected to have
incompatible changes before being frozen, but we've had good luck managing
other RISC-V draft extensions in QEMU so far.

Additionally, there's a fix to PCI addressing and some improvements to the
M-mode timer.

This boots linux and passes make check for me.

# gpg: Signature made Tue 03 Mar 2020 00:23:20 GMT
# gpg:                using RSA key 2B3C3747446843B24A943A7A2E1319F35FBB1889
# gpg:                issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg:                 aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg:                 aka "Palmer Dabbelt <palmerdabbelt@google.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88  6DF8 EF4C A150 2CCB AB41
#      Subkey fingerprint: 2B3C 3747 4468 43B2 4A94  3A7A 2E13 19F3 5FBB 1889

* remotes/palmer/tags/riscv-for-master-5.0-sf3: (38 commits)
  hw/riscv: Provide rdtime callback for TCG in CLINT emulation
  target/riscv: Emulate TIME CSRs for privileged mode
  riscv: virt: Allow PCI address 0
  target/riscv: Allow enabling the Hypervisor extension
  target/riscv: Add the MSTATUS_MPV_ISSET helper macro
  target/riscv: Add support for the 32-bit MSTATUSH CSR
  target/riscv: Set htval and mtval2 on execptions
  target/riscv: Raise the new execptions when 2nd stage translation fails
  target/riscv: Implement second stage MMU
  target/riscv: Allow specifying MMU stage
  target/riscv: Respect MPRV and SPRV for floating point ops
  target/riscv: Mark both sstatus and msstatus_hs as dirty
  target/riscv: Disable guest FP support based on virtual status
  target/riscv: Only set TB flags with FP status if enabled
  target/riscv: Remove the hret instruction
  target/riscv: Add hfence instructions
  target/riscv: Add Hypervisor trap return support
  target/riscv: Add hypvervisor trap support
  target/riscv: Generate illegal instruction on WFI when V=1
  target/ricsv: Flush the TLB on virtulisation mode changes
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-03 11:06:39 +00:00
Stefan Hajnoczi
21843dc48e l2tpv3: fix RFC number typo in qemu-options.hx
The L2TPv3 RFC number is 3931:
https://tools.ietf.org/html/rfc3931

Reported-by: Henrik Johansson <henrikjohansson@rocketmail.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Lukas Straub
90dfe59b33 colo: Update Documentation for continuous replication
Document the qemu command-line and qmp commands for continuous replication

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Lukas Straub
1973136532 net/filter.c: Add Options to insert filters anywhere in the filter list
To switch the Secondary to Primary, we need to insert new filters
before the filter-rewriter.

Add the options insert= and position= to be able to insert filters
anywhere in the filter list.

position should be "head" or "tail" to insert at the head or
tail of the filter list or it should be "id=<id>" to specify
the id of another filter.
insert should be either "before" or "behind" to specify where to
insert the new filter relative to the one specified with position.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Lukas Straub
7b9e215ed6 tests/test-replication.c: Add test for for secondary node continuing replication
This simulates the case that happens when we resume COLO after failover.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Lukas Straub
08ddb4eb6d block/replication.c: Ignore requests after failover
After failover the Secondary side of replication shouldn't change state, because
it now functions as our primary disk.

In replication_start, replication_do_checkpoint, replication_stop, ignore
the request if current state is BLOCK_REPLICATION_DONE (sucessful failover) or
BLOCK_REPLICATION_FAILOVER (failover in progres i.e. currently merging active
and hidden images into the base image).

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Bin Meng
dda8f1854b hw: net: cadence_gem: Fix build errors in DB_PRINT()
When CADENCE_GEM_ERR_DEBUG is turned on, there are several
compilation errors in DB_PRINT(). Fix them.

While we are here, update to use appropriate modifiers in
the same DB_PRINT() call.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Yuri Benditovich
2683a927ff NetRxPkt: fix hash calculation of IPV6 TCP
When requested to calculate the hash for TCPV6 packet,
ignore overrides of source and destination addresses
in in extension headers.
Use these overrides when new hash type NetPktRssIpV6TcpEx
requested.
Use this type in e1000e hash calculation for IPv6 TCP, which
should take in account overrides of the addresses.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Acked-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Yuri Benditovich
33bbc05eab NetRxPkt: Introduce support for additional hash types
Add support for following hash types:
IPV6 TCP with extension headers
IPV4 UDP
IPV6 UDP
IPV6 UDP with extension headers

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Acked-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Yuri Benditovich
b559ea95ea e1000e: Avoid hw_error if legacy mode used
https://bugzilla.redhat.com/show_bug.cgi?id=1787142
The emulation issues hw_error if PSRCTL register
is written, for example, with zero value.
Such configuration does not present any problem when
DTYP bits of RCTL register define legacy format of
transfer descriptors. Current commit discards check
for BSIZE0 and BSIZE1 when legacy mode used.

Acked-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
c2279bd0a1 dp8393x: Don't stop reception upon RBE interrupt assertion
Section 3.4.7 of the datasheet explains that,

    The RBE bit in the Interrupt Status register is set when the
    SONIC finishes using the second to last receive buffer and reads
    the last RRA descriptor. Actually, the SONIC is not truly out of
    resources, but gives the system an early warning of an impending
    out of resources condition.

RBE does not mean actual receive buffer exhaustion, and reception should
not be stopped. This is important because Linux will not check and clear
the RBE interrupt until it receives another packet. But that won't
happen if can_receive returns false. This bug causes the SONIC to become
deaf (until reset).

Fix this with a new flag to indicate actual receive buffer exhaustion.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
083e21bbdd dp8393x: Don't reset Silicon Revision register
The jazzsonic driver in Linux uses the Silicon Revision register value
to probe the chip. The driver fails unless the SR register contains 4.
Unfortunately, reading this register in QEMU usually returns 0 because
the s->regs[] array gets wiped after a software reset.

Fixes: bd8f1ebce4 ("net/dp8393x: fix hardware reset")
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
80b60673ea dp8393x: Always update RRA pointers and sequence numbers
These operations need to take place regardless of whether or not
rx descriptors have been used up (that is, EOL flag was observed).

The algorithm is now the same for a packet that was withheld as for
a packet that was not.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
d9fae13196 dp8393x: Clear descriptor in_use field to release packet
When the SONIC receives a packet into the last available descriptor, it
retains ownership of that descriptor for as long as necessary.

Section 3.4.7 of the datasheet says,

    When the system appends more descriptors, the SONIC releases ownership
    of the descriptor after writing 0000h to the RXpkt.in_use field.

The packet can now be processed by the host, so raise a PKTRX interrupt,
just like the normal case.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
350e7d9a77 dp8393x: Pad frames to word or long word boundary
The existing code has a bug where the Remaining Buffer Word Count (RBWC)
is calculated with a truncating division, which gives the wrong result
for odd-sized packets.

Section 1.4.1 of the datasheet says,

    Once the end of the packet has been reached, the serializer will
    fill out the last word (16-bit mode) or long word (32-bit mode)
    if the last byte did not end on a word or long word boundary
    respectively. The fill byte will be 0FFh.

Implement buffer padding so that buffer limits are correctly enforced.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
ea2270279b dp8393x: Use long-word-aligned RRA pointers in 32-bit mode
Section 3.4.1 of the datasheet says,

    The alignment of the RRA is confined to either word or long word
    boundaries, depending upon the data width mode. In 16-bit mode,
    the RRA must be aligned to a word boundary (A0 is always zero)
    and in 32-bit mode, the RRA is aligned to a long word boundary
    (A0 and A1 are always zero).

This constraint has been implemented for 16-bit mode; implement it
for 32-bit mode too.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
bae112b80c dp8393x: Don't clobber packet checksum
A received packet consumes pkt_size bytes in the buffer and the frame
checksum that's appended to it consumes another 4 bytes. The Receive
Buffer Address register takes the former quantity into account but
not the latter. So the next packet written to the buffer overwrites
the frame checksum. Fix this.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
ada7431527 dp8393x: Implement packet size limit and RBAE interrupt
Add a bounds check to prevent a large packet from causing a buffer
overflow. This is defensive programming -- I haven't actually tried
sending an oversized packet or a jumbo ethernet frame.

The SONIC handles packets that are too big for the buffer by raising
the RBAE interrupt and dropping them. Linux uses that interrupt to
count dropped packets.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
a3cce2825a dp8393x: Clear RRRA command register bit only when appropriate
It doesn't make sense to clear the command register bit unless the
command was actually issued.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
5b0c98fcb7 dp8393x: Update LLFA and CRDA registers from rx descriptor
Follow the algorithm given in the National Semiconductor DP83932C
datasheet in section 3.4.7:

    At the next reception, the SONIC re-reads the last RXpkt.link field,
    and updates its CRDA register to point to the next descriptor.

The chip is designed to allow the host to provide a new list of
descriptors in this way.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
9e3cd456d8 dp8393x: Have dp8393x_receive() return the packet size
This function re-uses its 'size' argument as a scratch variable.
Instead, declare a local 'size' variable for that purpose so that the
function result doesn't get messed up.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
46ffee9ad4 dp8393x: Clean up endianness hacks
According to the datasheet, section 3.4.4, "in 32-bit mode ... the SONIC
always writes long words".

Therefore, use the same technique for the 'in_use' field that is used
everywhere else, and write the full long word.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:47 +08:00
Finn Thain
3fe9a838ec dp8393x: Always use 32-bit accesses
The DP83932 and DP83934 have 32 data lines. The datasheet says,

    Data Bus: These bidirectional lines are used to transfer data on the
    system bus. When the SONIC is a bus master, 16-bit data is transferred
    on D15-D0 and 32-bit data is transferred on D31-D0. When the SONIC is
    accessed as a slave, register data is driven onto lines D15-D0.
    D31-D16 are held TRI-STATE if SONIC is in 16-bit mode. If SONIC is in
    32-bit mode, they are driven, but invalid.

Always use 32-bit accesses both as bus master and bus slave.

Force the MSW to zero in bus master mode.

This gets the Linux 'jazzsonic' driver working, and avoids the need for
prior hacks to make the NetBSD 'sn' driver work.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-03 18:04:35 +08:00
Peter Maydell
c81acb643a vga: bugfixes for qxl and edid generator.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJeXM7sAAoJEEy22O7T6HE4Yh0P/R5MgUPgIcdD86Egid94tatL
 odDc56C01ejsYGwIcchK4rEVeLIDvfISIuKhRc7FIUoutuyffWl8lTk6jVrYAboF
 5D6X9jYwncTluDpttTNldUgZDbv/zQSa5TAKhB7NegKMIAjr3WaW1yY2YW9bb1FJ
 gwfq1Eaksidd1axtUoRMyE372MLVvDhaIJtFS9481OTuQ41Pb70Gn9BwnihzJiG1
 JBos9p09XUI1YTSnqqXggpdAaQTcsFEBI6D+xRyClBHo0o5UQ1NEEpqBE0fgetsn
 Hu4WXY1rwNYHuGpOGx6HIccqhvQhKY7uOZiq9g+Br6tmWucS/WL2YnrFWe8Ihr0i
 UCPKqydu59AaEgxsWZfuNRs/2jLje/4OEc1NrzYBPZrBXK2CqsQf5bIULiQljUvC
 MjpcvNI9e3pCxJfciXtnLLwVHWHIElH9kXevM61/BjEapS/xr6SRwdUwp8uuWBmw
 O+RvmYHaPwO6a+KObtzF+VYPaqA/lTHMEfuAIJ+AnSYhorMY0uvnOww4a9kKUETR
 F7wxUs1bRSUZZRSfe8/Ceen1UEwRQJs9aj4HuVWS9zJqYnamczHgeCtqg+JZkhjH
 Nz5ynSG2JMNrg1nQKo8mCRHL53nHfBRFcbWc5PKIfuohyOlaENPFEVKAchjXFUl+
 Z+/HKJ3LoIa2GS5G0xiK
 =jUo0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200302-pull-request' into staging

vga: bugfixes for qxl and edid generator.

# gpg: Signature made Mon 02 Mar 2020 09:16:28 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20200302-pull-request:
  qxl: map rom r/o
  Arithmetic error in EDID generation fixed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-02 14:11:54 +00:00
Peter Maydell
9f1750ed68 Fix race in cpu_exec_step_atomic.
Work around compile failure with -fno-inine.
 Expand tcg/arm epilogue inline.
 Adjustments to the default code gen buffer size.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAl5ZyNcdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+K7ggAuTNt3TKyn59OqJJY
 u3iNNpNmIxtqIJQEJ6HuapPzGdc9pzmgOXC4I6zXxkebKiybp1BWYe82yCysrjwH
 C1al0ukw9kmaUdBBfiFZ7BqzclGCvIA8CtagP/26oQMAAkBaMbRTmKBvRsb20uNC
 aGKmeVYLWeeArHjVx5tNMbfOHKm8vmpNt8tIVNvj4Uw2Vu09T0Mvqa6LppOYhjJj
 UvNpq+qYePeNbe57FomYLaVdCZvrwe+lHdh6TiC3fFoetEidojA+vncVS/ksZ6rX
 EnP74AVYgz+Qa2+pN+9aj3wD4yNqQNvShvXiPY74eqwztFWYwWljUietsUTnW216
 F9p6LA==
 =Rj1p
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20200228' into staging

Fix race in cpu_exec_step_atomic.
Work around compile failure with -fno-inine.
Expand tcg/arm epilogue inline.
Adjustments to the default code gen buffer size.

# gpg: Signature made Sat 29 Feb 2020 02:13:43 GMT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-tcg-20200228:
  accel/tcg: increase default code gen buffer size for 64 bit
  accel/tcg: only USE_STATIC_CODE_GEN_BUFFER on 32 bit hosts
  accel/tcg: remove link between guest ram and TCG cache size
  accel/tcg: use units.h for defining code gen buffer sizes
  tcg/arm: Expand epilogue inline
  tcg/arm: Split out tcg_out_epilogue
  compiler.h: Don't use compile-time assert when __NO_INLINE__ is defined
  accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-02 10:45:46 +00:00
Peter Maydell
a4c7ed8b89 Machine queue, 2020-02-28
Cleanups:
 * Fix NMI() macro (Philippe Mathieu-Daudé)
 * Make MachineClass::is_default boolean, refuse multiple
   default machines (Philippe Mathieu-Daudé)
 -----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEEWjIv1avE09usz9GqKAeTb5hNxaYFAl5ZgBgUHGVoYWJrb3N0
 QHJlZGhhdC5jb20ACgkQKAeTb5hNxaae4xAApbKvd0KtOVMkLvXX/F84hft2P/s1
 txIYb2vlLgO7yC3CLmAUuC8v9iiBPZvSUMQEOaLRXpVMtN9Twss81/g+u5GauUlI
 prnyDggb/V1qbvFuN2zKivHYwXDAMXBQr2SsuyLBc98RFwkR/pXHcnUqnmat99qB
 /XQeu1ApPAb68vR5O8xmmACPeIy+CMdjdGKCVxdV13wQFN9YhmsJ2oTlhtLwGD88
 nwehWJCt4imiPknE58QFOfIZjSE5s5w8OTTb9eDEYCtL3dk543tkwO/8awyV/023
 M0Pp4g3Y5CW8BFZ2N0cYpvv/4ME4ITgGGQ7TKkIOWxWZnEqsNPL1IY72Bw+a1isF
 KqaqLKzGYtZ8O6oSFL5MkukCMl2jXffwSQotSM4TqFLlnTvn8aeGNdqOiRbL0Il3
 nN6/i7NHgiZxOLafLbpPEEF4TVo6y4bEPlHqZeVmpW5W/tW/fZ/Rv7kvWQE0SIPq
 oXNExtL3t9HVrxIc1E+ELnpWAFGAcfslv0tXz2zUgK3GF1+kP2UUKap/vaVW1hLd
 pC8v82pnJXp5unyFUZoTPMnhdQ6JqMrZ7SzKQWIZihrt1m+q7cWB3tWlY3kQU9Ee
 lYCZJyHUlb7vQE18Qv4UUm3CPsk2rED4ZPgeXqWvHUZttpabk6utZyjxVpCVD+jz
 R5xqy9gfrcpi9dc=
 =yDIH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine queue, 2020-02-28

Cleanups:
* Fix NMI() macro (Philippe Mathieu-Daudé)
* Make MachineClass::is_default boolean, refuse multiple
  default machines (Philippe Mathieu-Daudé)

# gpg: Signature made Fri 28 Feb 2020 21:03:20 GMT
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  vl: Abort if multiple machines are registered as default
  hw: Make MachineClass::is_default a boolean type
  hw: Do not initialize MachineClass::is_default to 0
  hw/nmi: Fix the NMI() macro, based on INTERFACE_CHECK()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-02 09:37:06 +00:00
Finn Thain
88f632fbb1 dp8393x: Mask EOL bit from descriptor addresses
The Least Significant bit of a descriptor address register is used as
an EOL flag. It has to be masked when the register value is to be used
as an actual address for copying memory around. But when the registers
are to be updated the EOL bit should not be masked.

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-02 15:30:08 +08:00
Gerd Hoffmann
44b5c1ebfa qxl: map rom r/o
Map qxl rom read-only into the guest, so the guest can't tamper with the
content.  qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list.  A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
2020-03-02 08:24:36 +01:00
Anton V. Boyarshinov
cd8fef8d4b Arithmetic error in EDID generation fixed
To calculate screen size in centimeters we should calculate:
pixels/dpi*2.54
but not
pixels*dpi/2540

Using wrong formula we actually get 65 DPI and very small fonts.

Signed-off-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
Message-id: 20200226122054.366b9cda@table.localdomain
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-02 08:20:30 +01:00
Alex Bennée
600e17b261 accel/tcg: increase default code gen buffer size for 64 bit
While 32mb is certainly usable a full system boot ends up flushing the
codegen buffer nearly 100 times. Increase the default on 64 bit hosts
to take advantage of all that spare memory. After this change I can
boot my tests system without any TB flushes.

As we usually run more CONFIG_USER binaries at a time in typical usage
we aren't quite as profligate for user-mode code generation usage. We
also bring the static code gen defies to the same place to keep all
the reasoning in the comments together.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-Id: <20200228192415.19867-5-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 17:43:31 -08:00
Alex Bennée
21f2f447ad accel/tcg: only USE_STATIC_CODE_GEN_BUFFER on 32 bit hosts
There is no particular reason to use a static codegen buffer on 64 bit
hosts as we have address space to burn. Allow the common CONFIG_USER
case to use the mmap'ed buffers like SoftMMU.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-Id: <20200228192415.19867-4-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 17:43:25 -08:00
Alex Bennée
47a2def453 accel/tcg: remove link between guest ram and TCG cache size
Basing the TB cache size on the ram_size was always a little heuristic
and was broken by a1b18df9a4 which caused ram_size not to be fully
realised at the time we initialise the TCG translation cache.

The current DEFAULT_CODE_GEN_BUFFER_SIZE may still be a little small
but follow-up patches will address that.

Fixes: a1b18df9a4
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-Id: <20200228192415.19867-3-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 17:42:48 -08:00
Alex Bennée
a2fa63a8f5 accel/tcg: use units.h for defining code gen buffer sizes
It's easier to read.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200228192415.19867-2-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 17:42:39 -08:00
Philippe Mathieu-Daudé
6db1857ec9 vl: Abort if multiple machines are registered as default
It would be confusing to have multiple default machines.
Abort if this ever occurs.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200207161948.15972-4-philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
2020-02-28 14:57:19 -05:00
Philippe Mathieu-Daudé
ea0ac7f6f8 hw: Make MachineClass::is_default a boolean type
There's no good reason for it to be type int, change it to bool.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200207161948.15972-3-philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-02-28 14:57:19 -05:00
Philippe Mathieu-Daudé
abcbc4eeca hw: Do not initialize MachineClass::is_default to 0
The MachineClass is already zeroed on creation.

Note: The code setting is_default=0 in hw/i386/pc_piix.c is
      different (related to compat options). When adding a
      new versioned machine, we want it to be the new default,
      so we have to mark the previous one as not default.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200207161948.15972-2-philmd@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-02-28 14:57:19 -05:00
Philippe Mathieu-Daudé
64bc77eb2c hw/nmi: Fix the NMI() macro, based on INTERFACE_CHECK()
There is no declaration of the 'NMI' type. INTERFACE_CHECK()
returns an abstract type (see commit aa1b35b975). The abstract
type corresponding to the TYPE_NMI interface is 'NMIState'.

Fixes: 9cb805fd26
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20191207094823.20707-1-philmd@redhat.com>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-02-28 14:57:19 -05:00
Richard Henderson
fc1bfdfd0c tcg/arm: Expand epilogue inline
It is, after all, just two instructions.

Profiling on a cortex-a15, using -d nochain to increase the number
of exit_tb that are executed, shows a minor improvement of 0.5%.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2020-02-28 10:58:41 -08:00
Richard Henderson
d6fa50f536 tcg/arm: Split out tcg_out_epilogue
We will shortly use this function from tcg_out_op as well.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2020-02-28 10:58:41 -08:00
Zenghui Yu
b59ea3640c compiler.h: Don't use compile-time assert when __NO_INLINE__ is defined
Our robot reported the following compile-time warning while compiling
Qemu with -fno-inline cflags:

In function 'load_memop',
    inlined from 'load_helper' at /qemu/accel/tcg/cputlb.c:1578:20,
    inlined from 'full_ldub_mmu' at /qemu/accel/tcg/cputlb.c:1624:12:
/qemu/accel/tcg/cputlb.c:1502:9: error: call to 'qemu_build_not_reached' declared with attribute error: code path is reachable
         qemu_build_not_reached();
         ^~~~~~~~~~~~~~~~~~~~~~~~
    [...]

It looks like a false-positive because only (MO_UB ^ MO_BSWAP) will
hit the default case in load_memop() while need_swap (size > 1) has
already ensured that MO_UB is not involved.

So the thing is that compilers get confused by the -fno-inline and
just can't accurately evaluate memop_size(op) at compile time, and
then the qemu_build_not_reached() is wrongly triggered by (MO_UB ^
MO_BSWAP).  Let's carefully don't use the compile-time assert when
no functions will be inlined into their callers.

Reported-by: Euler Robot <euler.robot@huawei.com>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-Id: <20200205141545.180-1-yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 10:58:41 -08:00
Alex Bennée
886cc68943 accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)
The bug describes a race whereby cpu_exec_step_atomic can acquire a TB
which is invalidated by a tb_flush before we execute it. This doesn't
affect the other cpu_exec modes as a tb_flush by it's nature can only
occur on a quiescent system. The race was described as:

  B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
  B3. tcg_tb_alloc obtains a new TB

      C3. TB obtained with tb_lookup__cpu_state or tb_gen_code
          (same TB as B2)

          A3. start_exclusive critical section entered
          A4. do_tb_flush is called, TB memory freed/re-allocated
          A5. end_exclusive exits critical section

  B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
  B3. tcg_tb_alloc reallocates TB from B2

      C4. start_exclusive critical section entered
      C5. cpu_tb_exec executes the TB code that was free in A4

The simplest fix is to widen the exclusive period to include the TB
lookup. As a result we can drop the complication of checking we are in
the exclusive region before we end it.

Cc: Yifan <me@yifanlu.com>
Buglink: https://bugs.launchpad.net/qemu/+bug/1863025
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200214144952.15502-1-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 10:58:41 -08:00
Peter Maydell
e0175b7163 target-arm queue:
* hw/arm: Use TYPE_PL011 to create serial port
  * target/arm: Set ID_MMFR4.HPDS for aarch64_max_initfn
  * hw/arm/integratorcp: Map the audio codec controller
  * GICv2: Correctly implement the limited number of priority bits
  * target/arm: refactoring of VFP related feature checks and decode
  * xilinx_zynq: Fix USB port instantiation
  * acceptance tests for n800, n810, integratorcp
  * Implement v8.3-RCPC, v8.4-RCPC, v8.3-CCIDX
  * arm_gic_kvm: Don't assume kernel can provide a GICv2
    (provide better error message for user error)
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl5ZQewZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3k8KEACTvyek0uVQ58fuj4wITjjO
 9c9PautseST6o/jylY1SUYma66dm+ID77f3XqwTu4wVAI7zoM+bPUkBiDqe2rgAa
 gCgNn4eWo9ZWgGfvyUXE4pXAsCBoUZ+tTaaxGdMvHMJTClOZNv7X9AV1pRPcYPAO
 /PpbmZwYe+as/S19CqqiBl4/k2jM0bw2+vQYdK+cgmL89FrGSpqLrpSm98PVoLBX
 IwrlkG/QHjZbMuAas0LEueIIig0zZrObzGzwHbnLpYn4jWwpkPRGvT/zdRMcCr2u
 HU1nBfMh6M1Q0HkLlQ70qzRiq/IC2Tk2jR7eneWraY5yZIhh7dFwAhR5rUcEtskG
 loJn68N8IUHrkZ4xEYsXeAQtlerrlCrpaLzA2nwAe7b7wUsRqhjSC5yulWmecz0D
 V1p9fCXP7TlHlEsQcxU4Di/D57zEjHuhshHjHbt33yIevC/+oh8ObWLRKQ1tnIsC
 R6YEBEQ2Ti0PjNsN7C0KMLh1fgweBRpPYesmsULDqB0Fg78AM9JNmX0Z58lQ10f0
 VO5RTrygRshp2PpY6imSvfdz1cDw2jyOCtKHyi7kV7qxFbnnS6aLQHwHAFhyyxK4
 +2x9Ax0TTNK5wvEQCHajJS+THO1y8LTvfg9d5hiQ1ZmNww1M5g/2ToRhvsdg6MN0
 2HVcAPNIktk2dsHL63y4mg==
 =OqHC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200228' into staging

target-arm queue:
 * hw/arm: Use TYPE_PL011 to create serial port
 * target/arm: Set ID_MMFR4.HPDS for aarch64_max_initfn
 * hw/arm/integratorcp: Map the audio codec controller
 * GICv2: Correctly implement the limited number of priority bits
 * target/arm: refactoring of VFP related feature checks and decode
 * xilinx_zynq: Fix USB port instantiation
 * acceptance tests for n800, n810, integratorcp
 * Implement v8.3-RCPC, v8.4-RCPC, v8.3-CCIDX
 * arm_gic_kvm: Don't assume kernel can provide a GICv2
   (provide better error message for user error)

# gpg: Signature made Fri 28 Feb 2020 16:38:04 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200228: (33 commits)
  hw/intc/arm_gic_kvm: Don't assume kernel can provide a GICv2
  target/arm: Implement ARMv8.3-CCIDX
  target/arm: Implement v8.4-RCPC
  target/arm: Implement v8.3-RCPC
  target/arm: Fix wrong use of FIELD_EX32 on ID_AA64DFR0
  tests/acceptance/integratorcp: Verify Tux is displayed on framebuffer
  tests/acceptance: Extract boot_integratorcp() from test_integratorcp()
  tests/acceptance: Add a test for the integratorcp arm machine
  tests/acceptance: Add a test for the N800 and N810 arm machines
  hw/usb/hcd-ehci-sysbus: Remove obsolete xlnx, ps7-usb class
  hw/arm/xilinx_zynq: Fix USB port instantiation
  target/arm: Split VMINMAXNM decode
  target/arm: Split VFM decode
  target/arm: Add formats for some vfp 2 and 3-register insns
  target/arm: Remove ARM_FEATURE_VFP*
  linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
  target/arm: Move the vfp decodetree calls next to the base isa
  target/arm: Move VLLDM and VLSTM to vfp.decode
  target/arm: Remove ARM_FEATURE_VFP check from disas_vfp_insn
  target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-02-28 16:39:27 +00:00
Peter Maydell
1904f9b5f1 hw/intc/arm_gic_kvm: Don't assume kernel can provide a GICv2
In our KVM GICv2 realize function, we try to cope with old kernels
that don't provide the device control API (KVM_CAP_DEVICE_CTRL): we
try to use the device control, and if that fails we fall back to
assuming that the kernel has the old style KVM_CREATE_IRQCHIP and
that it will provide a GICv2.

This doesn't cater for the possibility of a kernel and hardware which
only provide a GICv3, which is very common now.  On that setup we
will abort() later on in kvm_arm_pmu_set_irq() when we try to wire up
an interrupt to the GIC we failed to create:

qemu-system-aarch64: PMU: KVM_SET_DEVICE_ATTR: Invalid argument
qemu-system-aarch64: failed to set irq for PMU
Aborted

If the kernel advertises KVM_CAP_DEVICE_CTRL we should trust it if it
says it can't create a GICv2, rather than assuming it has one.  We
can then produce a more helpful error message including a hint about
the most probable reason for the failure.

If the kernel doesn't advertise KVM_CAP_DEVICE_CTRL then it is truly
ancient by this point but we might as well still fall back to a
KVM_CREATE_IRQCHIP GICv2.

With this patch then the user misconfiguration which previously
caused an abort now prints:
qemu-system-aarch64: Initialization of device kvm-arm-gic failed: error creating in-kernel VGIC: No such device
Perhaps the host CPU does not support GICv2?

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Tested-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200225182435.1131-1-peter.maydell@linaro.org
2020-02-28 16:14:57 +00:00