Commit Graph

77979 Commits

Author SHA1 Message Date
Bin Meng
cfa32630d9 hw/riscv: sifive_u: Add a new property msel for MSEL pin state
On SiFive FU540 SoC, the value stored at physical address 0x1000
stores the MSEL pin state that is used to control the next boot
location that ROM codes jump to.

Add a new property msel to sifive_u machine for this.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-12-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-12-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:25:27 -07:00
Bin Meng
3e9667cdaa hw/riscv: sifive_u: Rename serial property get/set functions to a generic name
In prepration to add more properties to this machine, rename the
existing serial property get/set functions to a generic name.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-11-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-11-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:25:27 -07:00
Bin Meng
5133ed1790 hw/riscv: sifive_u: Add reset functionality
The HiFive Unleashed board wires GPIO pin#10 to the input of the
system reset signal. Let's set up the GPIO pin#10 and insert a
"gpio-restart" device tree node so that reboot is now functional
with QEMU 'sifive_u' machine.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-10-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-10-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:25:27 -07:00
Bin Meng
621c1006d2 hw/riscv: sifive_gpio: Do not blindly trigger output IRQs
At present the GPIO output IRQs are triggered each time any GPIO
register is written. However this is not correct. We should only
trigger the output IRQ when the pin is configured as output enable.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-9-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-9-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:25:27 -07:00
Bin Meng
8a88b9f54f hw/riscv: sifive_u: Hook a GPIO controller
SiFive FU540 SoC integrates a GPIO controller with 16 GPIO lines.
This hooks the exsiting SiFive GPIO model to the SoC, and adds its
device tree data as well.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-8-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-8-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:25:23 -07:00
Bin Meng
4bb216f637 hw/riscv: sifive_gpio: Add a new 'ngpio' property
Add a new property to represent the number of GPIO pins supported
by the GPIO controller.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-7-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-7-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
2e30ccb425 hw/riscv: sifive_gpio: Clean up the codes
Do various minor clean-ups to the exisiting codes for:

- coding convention conformance
- remove unnecessary blank lines
- spell SiFive correctly

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-6-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-6-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
ea85f27d41 hw/riscv: sifive_u: Generate device tree node for OTP
Upstream U-Boot v2020.07 codes switch to access SiFive FU540 OTP
based on device tree information. Let's generate the device tree
node for OTP.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-5-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-5-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
5874f0a715 hw/riscv: sifive_u: Simplify the GEM IRQ connect code a little bit
There is no need to retrieve all PLIC IRQ information in order to
just connect the GEM IRQ. Use qdev_get_gpio_in() directly like
what is done for other peripherals.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-4-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-4-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
894944624b hw/riscv: opentitan: Remove the riscv_ prefix of the machine* and soc* functions
This was done in the virt & sifive_u codes, but opentitan codes were
missed. Remove the riscv_ prefix of the machine* and soc* functions.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-3-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-3-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
8f8c6c1a64 hw/riscv: sifive_e: Remove the riscv_ prefix of the machine* and soc* functions
This was done in the virt & sifive_u codes, but sifive_e codes were
missed. Remove the riscv_ prefix of the machine* and soc* functions.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591625864-31494-2-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591625864-31494-2-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
1145188e09 target/riscv: Use a smaller guess size for no-MMU PMP
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
cc4112605e riscv/opentitan: Connect the UART device
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-19 08:24:07 -07:00
Alistair Francis
b9fc51354c riscv/opentitan: Connect the PLIC device
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-19 08:24:07 -07:00
Alistair Francis
879f60f01c hw/intc: Initial commit of lowRISC Ibex PLIC
The Ibex core contains a PLIC that although similar to the RISC-V spec
is not RISC-V spec compliant.

This patch implements a Ibex PLIC in a somewhat generic way.

As the current RISC-V PLIC needs tidying up, my hope is that as the Ibex
PLIC move towards spec compliance this PLIC implementation can be
updated until it can replace the current PLIC.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
a7d2d98c59 hw/char: Initial commit of Ibex UART
This is the initial commit of the Ibex UART device. Serial TX is
working, while RX has been implemeneted but untested.

This is based on the documentation from:
https://docs.opentitan.org/hw/ip/uart/doc/

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: LIU Zhiwei<zhiwei_liu@c-sky.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
888c9af23f riscv/opentitan: Fix the ROM size
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reported-by: Damien Hedde <damien.hedde@greensocs.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
2761db5fc2 target/riscv: Implement checks for hfence
Call the helper_hyp_tlb_flush() function on hfence instructions which
will generate an illegal insruction execption if we don't have
permission to flush the Hypervisor level TLBs.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-19 08:24:07 -07:00
Alistair Francis
b8429ded72 target/riscv: Move the hfence instructions to the rvh decode
Also correct the name of the VVMA instruction.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-19 08:24:07 -07:00
Alistair Francis
88914473e7 target/riscv: Report errors validating 2nd-stage PTEs
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-19 08:24:07 -07:00
Alistair Francis
efe9f9c820 target/riscv: Set access as data_load when validating stage-2 PTEs
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-19 08:24:07 -07:00
Bin Meng
2fdd2c094a riscv: Keep the CPU init routine names consistent
Adding a _ to keep some consistency among the CPU init routines.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1591837729-27486-4-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
d8e72bd161 riscv: Generalize CPU init routine for the imacu CPU
There is no need to have two functions that have almost the same
codes for 32-bit and 64-bit imacu CPUs.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1591837729-27486-3-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
4c56793f59 riscv: Generalize CPU init routine for the gcsu CPU
There is no need to have two functions that have almost the same
codes for 32-bit and 64-bit gcsu CPUs.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1591837729-27486-2-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Bin Meng
e7b5dfd34f riscv: Generalize CPU init routine for the base CPU
There is no need to have two functions that have exactly the same
codes for 32-bit and 64-bit base CPUs.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1591837729-27486-1-git-send-email-bmeng.cn@gmail.com
Message-Id: <1591837729-27486-1-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Alistair Francis
5a842062b9 sifive_e: Support the revB machine
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Ian Jiang
354908cee1 riscv: Add helper to make NaN-boxing for FP register
The function that makes NaN-boxing when a 32-bit value is assigned
to a 64-bit FP register is split out to a helper gen_nanbox_fpr().
Then it is applied in translating of the FLW instruction.

Signed-off-by: Ian Jiang <ianjiang.ict@gmail.com>
Message-Id: <20200128003707.17028-1-ianjiang.ict@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-06-19 08:24:07 -07:00
Peter Maydell
4d285821c5 s390x update:
- update Linux headers to 5.8-rc1 (for vfio-ccw path handling)
 - vfio-ccw: add support for path handling
 - documentation fix
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl7rieQSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vOn0P/iOCCMhOTPNEfDF7JandmBV2sp+ZKbVq
 zrMJzybWSwu1YD8tILUiB/G8K9iVK/dpnccbiH/OfHHnW6x88Q8Ggrs4yxBDggOg
 4v/CfoaPR9/0CxhE68OOVz+Wl+6nly1tJu7l8f/8zTkKZhb0WLrn2NypvTIH3n0Q
 cBMmNCoas15YYkKMCWb68McXWThB3BNAeo0gUZsNH+DayQbHna34zI274xQIXhhM
 pZynKyxOjYm1BTYqyIEGwXP+IGdJwC1SgknExE93NF/2QW/ZPkrruZuh7BKJQBm1
 v2Zix0uR7tuXzuf1DNNLIPm+/sXcVUOq+h/GOtT+HpdrpNixW8qDOuOl9UAAhTSU
 Gb0EOHbh2X9ypopYswi4nVSuMVQwqXXyWTn/i2XfCQhoIQL/BQ750uacQPaO2W7u
 zaqEqUdezG6AyYACW2juhqs2jGGOL4/4Vlu7drQFNTm5lAOzfqtE5B7AJ6t71P8k
 xcKcgEzWL5qTB4kFyFDahKCH2BLluSOa+mshHaZmYZUvSnpFBKWsdEkuPTwXhnl6
 FtHjFAfv2a6EsAKsa3rZBR43Kv3pHsSqhdyJczA7AlfL5abUxvU0H86JWVXQEl90
 zVbSOqwd3uu2zGUqfVdvCT5+FT3SujpmKujZHXkJuZRcm5AKOXz97aihbJzjoIDf
 xa3T2/8xWLvJ
 =qr0y
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200618' into staging

s390x update:
- update Linux headers to 5.8-rc1 (for vfio-ccw path handling)
- vfio-ccw: add support for path handling
- documentation fix

# gpg: Signature made Thu 18 Jun 2020 16:36:04 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [marginal]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [marginal]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20200618:
  docs/s390x: fix vfio-ap device_del description
  vfio-ccw: Add support for the CRW region and IRQ
  s390x/css: Refactor the css_queue_crw() routine
  vfio-ccw: Refactor ccw irq handler
  vfio-ccw: Add support for the schib region
  vfio-ccw: Refactor cleanup of regions
  Linux headers: update

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-19 11:44:03 +01:00
Peter Maydell
292ef18a38 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJe62kmAAoJEO8Ells5jWIRZfUH/2bPZrhG4QEKNWbm1LXzam+0
 4dzG3A7vYTKWjfbpzcWtUAELO+4SiUe/IU3gYMiyeWNDKjwm5hX/FMCFjnR1IZXl
 wQ7cvr/7TIsxt9HyrjIkh03PkJBGpCD3uO0DkGd1siDmKLOFNRt0uLsmSvA7Ydvo
 2hH/tc/plYoQAxPSbXBmIqg9hRrks/QAw2kfPba7Adhtzg5x2XrUrP+UOW8NmWcL
 xSo02ExPUSdzPX6I4Enwm1c1KiytlQ77LvazpI2NBlejsI4nqa0Y1WJW7WJ4RMGo
 E1kWDiKt69MoT1SgH7UJnF/ISyUuldksD4fuual5UOysCpwpbAIBKh6/Yod6k0M=
 =3+ix
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 18 Jun 2020 14:16:22 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request: (33 commits)
  net: Drop the NetLegacy structure, always use Netdev instead
  net: Drop the legacy "name" parameter from the -net option
  hw/net/e1000e: Do not abort() on invalid PSRCTL register value
  colo-compare: Fix memory leak in packet_enqueue()
  net/colo-compare.c: Correct ordering in complete and finalize
  net/colo-compare.c: Check that colo-compare is active
  net/colo-compare.c: Only hexdump packets if tracing is enabled
  net/colo-compare.c: Fix deadlock in compare_chr_send
  chardev/char.c: Use qemu_co_sleep_ns if in coroutine
  net/colo-compare.c: Create event_bh with the right AioContext
  net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
  net: cadence_gem: Fix RX address filtering
  net: cadence_gem: TX_LAST bit should be set by guest
  net: cadence_gem: Update the reset value for interrupt mask register
  net: cadnece_gem: Update irq_read_clear field of designcfg_debug1 reg
  net: cadence_gem: Add support for jumbo frames
  net: cadence_gem: Fix up code style
  net: cadence_gem: Move tx/rx packet buffert to CadenceGEMState
  net: cadence_gem: Set ISR according to queue in use
  net: cadence_gem: Define access permission for interrupt registers
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-18 16:52:10 +01:00
Peter Maydell
eefe34ea4b Migration (and HMP and virtiofs) pull 2020-06-17
Migration:
    HMP/migration and test changes from Mao Zhongyi
    multifd fix from Laurent Vivier
 HMP
    qom-set partial reversion/change from David Hildenbrand
       now you need -j to pass json format, but it's regained the
       old 100M type format.
   Memory leak fix from Pan Nengyuan
 
 Virtiofs
   fchmod seccomp fix from Max Reitz
 
 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAl7qYlIACgkQBRYzHrxb
 /efT/A//eSmxz0m4LB3Vz3pmwKQosVlvLNYgLgfs/dthdM8f3YyhpnY/bCyEmgL2
 J/TJevJvzBinVjiGJZkp1nv3wShcf1gpDGKvuhPpStavEajZoxStfGdiGGSvv/sX
 XuzQW8efmphoah8qL7J9xE9eC+WOWDATGDlaYIQv4oDG9Ef/OpBOcoYzdwj90ZhR
 Gl5AqPf3Bn2Xt2TpWK2aIaBfQtRSTu7xGSB/G8BQNzrJOraoALQmCZKvQYbQtlaq
 Guqj7Ad/x7kic5RGG9I5vxy1rQnM0fQvHG57uNvj+Gvi3lLfsCqI77O3gZZmdTmt
 mxjHn3OcIiwFmlptM9lNyWaZlrIniB3Di3K7VobHpvnuXbfkXGTElhD2CPNzErNY
 QDit9I/ZJxHu9kauyoWBuhKKRfn4S9jpmrEiyIe51v3Gr9r2dkfZlFzYyk1wBJi8
 caR7g5QVQFm+3TI5LgnVRisv/FQlLsPXiBaRN2rv6dE+CZIVs/7lbwzwOshpbtxR
 NWv0FOvlIyQhdkZrCo+FIVbRK0vRJNZwpHOQ1ZwdlAbIbKBwyfqitMmHHCAJnpI4
 CqLg9Bao8VYf/mynaTYt6h+azVnByBgSpj2KJlDUstPxKFhv+0SDgVXdHCnbOEya
 6mknqBy4k/9To2g5Y3spJUinf5H4mcIuCWB0jEAioyZ6CjUfifg=
 =KYWs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20200617a' into staging

Migration (and HMP and virtiofs) pull 2020-06-17

Migration:
   HMP/migration and test changes from Mao Zhongyi
   multifd fix from Laurent Vivier
HMP
   qom-set partial reversion/change from David Hildenbrand
      now you need -j to pass json format, but it's regained the
      old 100M type format.
  Memory leak fix from Pan Nengyuan

Virtiofs
  fchmod seccomp fix from Max Reitz

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

# gpg: Signature made Wed 17 Jun 2020 19:34:58 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20200617a:
  migration: fix multifd_send_pages() next channel
  docs/xbzrle: update 'cache miss rate' and 'encoding rate' to docs
  monitor/hmp-cmds: improvements for the 'info migrate'
  monitor/hmp-cmds: add 'goto end' to reduce duplicate code.
  monitor/hmp-cmds: delete redundant Error check before invoke hmp_handle_error()
  monitor/hmp-cmds: don't silently output when running 'migrate_set_downtime' fails
  monitor/hmp-cmds: add units for migrate_parameters
  tests/migration: fix unreachable path in stress test
  tests/migration: mem leak fix
  hmp: Make json format optional for qom-set
  qom-hmp-cmds: fix a memleak in hmp_qom_get
  virtiofsd: Whitelist fchmod

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-18 15:30:13 +01:00
Thomas Huth
71830d8430 net: Drop the NetLegacy structure, always use Netdev instead
Now that the "name" parameter is gone, there is hardly any difference
between NetLegacy and Netdev anymore, so we can drop NetLegacy and always
use Netdev to simplify the code quite a bit.

The only two differences that were really left between Netdev and NetLegacy:

1) NetLegacy does not allow a "hubport" type. We can continue to block
   this with a simple check in net_client_init1() for this type.

2) The "id" parameter was optional in NetLegacy (and an internal id
   was chosen via assign_name() during initialization), but it is mandatory
   for Netdev. To avoid that the visitor code bails out here, we have to
   add an internal id to the QemuOpts already earlier now.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Thomas Huth
9d903f30cb net: Drop the legacy "name" parameter from the -net option
It's been deprecated since QEMU v3.1, so it's time to finally
remove it. The "id" parameter can simply be used instead.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Philippe Mathieu-Daudé
fda43b1204 hw/net/e1000e: Do not abort() on invalid PSRCTL register value
libFuzzer found using 'qemu-system-i386 -M q35':

qemu: hardware error: e1000e: PSRCTL.BSIZE0 cannot be zero
CPU #0:
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000663
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
DR6=ffff0ff0 DR7=00000400
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
==1988== ERROR: libFuzzer: deadly signal
    #6 0x7fae4d3ea894 in __GI_abort (/lib64/libc.so.6+0x22894)
    #7 0x563f4cc59a1d in hw_error (qemu-fuzz-i386+0xe8ca1d)
    #8 0x563f4d7c93f2 in e1000e_set_psrctl (qemu-fuzz-i386+0x19fc3f2)
    #9 0x563f4d7b798f in e1000e_core_write (qemu-fuzz-i386+0x19ea98f)
    #10 0x563f4d7afc46 in e1000e_mmio_write (qemu-fuzz-i386+0x19e2c46)
    #11 0x563f4cc9a0a7 in memory_region_write_accessor (qemu-fuzz-i386+0xecd0a7)
    #12 0x563f4cc99c13 in access_with_adjusted_size (qemu-fuzz-i386+0xeccc13)
    #13 0x563f4cc987b4 in memory_region_dispatch_write (qemu-fuzz-i386+0xecb7b4)

It simply sent the following 2 I/O command to the e1000e
PCI BAR #2 I/O region:

  writew 0x0100 0x0c00 # RCTL =   E1000_RCTL_DTYP_MASK
  writeb 0x2170 0x00   # PSRCTL = 0

2813 static void
2814 e1000e_set_psrctl(E1000ECore *core, int index, uint32_t val)
2815 {
2816     if (core->mac[RCTL] & E1000_RCTL_DTYP_MASK) {
2817
2818         if ((val & E1000_PSRCTL_BSIZE0_MASK) == 0) {
2819             hw_error("e1000e: PSRCTL.BSIZE0 cannot be zero");
2820         }

Instead of calling hw_error() which abort the process (it is
meant for CPU fatal error condition, not for device logging),
log the invalid request with qemu_log_mask(LOG_GUEST_ERROR)
and return, ignoring the request.

Cc: qemu-stable@nongnu.org
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Derek Su
bdadbb0f74 colo-compare: Fix memory leak in packet_enqueue()
The patch is to fix the "pkt" memory leak in packet_enqueue().
The allocated "pkt" needs to be freed if the colo compare
primary or secondary queue is too big.

Replace the error_report of full queue with a trace event.

Signed-off-by: Derek Su <dereksu@qnap.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
5bd57eba04 net/colo-compare.c: Correct ordering in complete and finalize
In colo_compare_complete, insert CompareState into net_compares
only after everything has been initialized.
In colo_compare_finalize, remove CompareState from net_compares
before anything is deinitialized.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
45942b79b9 net/colo-compare.c: Check that colo-compare is active
If the colo-compare object is removed before failover and a
checkpoint happens, qemu crashes because it tries to lock
the destroyed event_mtx in colo_notify_compares_event.

Fix this by checking if everything is initialized by
introducing a new variable colo_compare_active which
is protected by a new mutex colo_compare_mutex. The new mutex
also protects against concurrent access of the net_compares
list and makes sure that colo_notify_compares_event isn't
active while we destroy event_mtx and event_complete_cond.

With this it also is again possible to use colo without
colo-compare (periodic mode) and to use multiple colo-compare
for multiple network interfaces.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Tested-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
76658541f3 net/colo-compare.c: Only hexdump packets if tracing is enabled
Else the log will be flooded if there is a lot of network
traffic.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
9c55fe9408 net/colo-compare.c: Fix deadlock in compare_chr_send
The chr_out chardev is connected to a filter-redirector
running in the main loop. qemu_chr_fe_write_all might block
here in compare_chr_send if the (socket-)buffer is full.
If another filter-redirector in the main loop want's to
send data to chr_pri_in it might also block if the buffer
is full. This leads to a deadlock because both event loops
get blocked.

Fix this by converting compare_chr_send to a coroutine and
putting the packets in a send queue.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Tested-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
2158fa1be7 chardev/char.c: Use qemu_co_sleep_ns if in coroutine
To be able to convert compare_chr_send to a coroutine in the
next commit, use qemu_co_sleep_ns if in coroutine.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Lukas Straub
5893c7383e net/colo-compare.c: Create event_bh with the right AioContext
qemu_bh_new will set the bh to be executed in the main
loop. This causes crashes as colo_compare_handle_event assumes
that it has exclusive access the queues, which are also
concurrently accessed in the iothread.

Create the bh with the AioContext of the iothread to fulfill
these assumptions and fix the crashes. This is safe, because
the bh already takes the appropriate locks.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Derek Su <dereksu@qnap.com>
Tested-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Jason Wang
5fe19fb818 net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
The sender of packet will be checked in the qemu_net_queue_purge() but
we use NetClientState not its peer when trying to purge the incoming
queue in qemu_flush_or_purge_packets(). This will trigger the assert
in virtio_net_reset since we can't pass the sender check:

hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion
`!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
#9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
#10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
#11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
#12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
#13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13
#14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
#15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
#16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16

Reproducer:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html

Fix by using the peer.

Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: ca77d85e1d ("net: complete all queued packets on VM stop")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Tong Ho
fbc14a098d net: cadence_gem: Fix RX address filtering
Two defects are fixed:

1/ Detection of multicast frames
2/ Treating drop of mis-addressed frames as non-error

Signed-off-by: Tong Ho <tong.ho@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:52 +08:00
Sai Pavan Boddu
fdd35195c5 net: cadence_gem: TX_LAST bit should be set by guest
TX_LAST bit should not be set by hardware, its set by guest to inform
the last bd of the frame.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
15baf5e237 net: cadence_gem: Update the reset value for interrupt mask register
Mask all interrupt on reset.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
d48cb519b3 net: cadnece_gem: Update irq_read_clear field of designcfg_debug1 reg
Advertise support of clear-on-read for ISR registers.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
7ca151c381 net: cadence_gem: Add support for jumbo frames
Add a property "jumbo-max-len", which sets default value of jumbo frames
up to 16,383 bytes. Add Frame length checks for standard and jumbo
frames.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
88dba7ed84 net: cadence_gem: Fix up code style
Fix the code style for register definitions.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
24d62fd502 net: cadence_gem: Move tx/rx packet buffert to CadenceGEMState
Moving this buffers to CadenceGEMState, as their size will be increased
more when JUMBO frames support is added.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
68dbee3bf9 net: cadence_gem: Set ISR according to queue in use
Set ISR according to queue in use, added interrupt support for
all queues.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00
Sai Pavan Boddu
4c70e32f05 net: cadence_gem: Define access permission for interrupt registers
Q1 to Q7 ISR's are clear-on-read, IER/IDR registers
are write-only, mask reg are read-only.

Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-06-18 21:05:51 +08:00