aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-01-31audio: audio_generic_get_buffer_in should honor *sizeVolker Rümelin
The function generic_get_buffer_in currently ignores the *size parameter and may return a buffer larger than *size. As a result the variable samples in function audio_pcm_hw_run_in may underflow. The while loop then most likely will never termiate. Buglink: http://bugs.debian.org/948658 Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31ossaudio: disable poll mode can't be reachedVolker Rümelin
Currently there is no way to disable poll mode in oss_enable_out and oss_enable_in when it was enabled before. The enable code path always resets the poll mode state variable. Fixes: b027a538c6 "oss: Remove unused error handling of qemu_set_fd_handler" Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-8-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31ossaudio: prevent SIGSEGV in oss_enable_outVolker Rümelin
With audiodev parameter out.mixing-engine=off hw->mix_buf is NULL. This patch reverts a small part of dc88e38fa7 "audio: unify input and output mixeng buffer management". To reproduce the problem start qemu with -audiodev oss,id=audio0,try-mmap=on,out.mixing-engine=off Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-6-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31audio: fix bug 1858488Volker Rümelin
The combined generic buffer management code and buffer run out code in function audio_generic_put_buffer_out has a problematic behaviour. A few hundred milliseconds after playback starts the mixing buffer and the generic buffer are nearly full and the following pattern can be seen. On first call of audio_pcm_hw_run_out the buffer run code in audio_generic_put_buffer_out writes some data to the audio hardware but the generic buffer will fill faster and is full when audio_pcm_hw_run_out returns. This is because emulated audio devices can produce playback data at a higher rate than the audio backend hardware consumes this data. On next call of audio_pcm_hw_run_out the buffer run code in audio_generic_put_buffer_out writes some data to the audio hardware but no audio data is transferred to the generic buffer because the buffer is already full. Then the pattern repeats. For the emulated audio device this looks like the audio timer period has doubled. This patch splits the combined generic buffer management code and buffer run out code and calls the buffer run out code after buffer management code to break this pattern. The bug report is for the wav audio backend. But the problem is not limited to this backend. All audio backends which use the audio_generic_put_buffer_out function show this problem. Buglink: https://bugs.launchpad.net/qemu/+bug/1858488 Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-5-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31audio: prevent SIGSEGV in AUD_get_buffer_size_outVolker Rümelin
With audiodev parameter out.mixing-engine=off hw->mix_buf is NULL. This leads to a segmentation fault in AUD_get_buffer_size_out. This patch reverts a small part of dc88e38fa7 "audio: unify input and output mixeng buffer management". To reproduce the problem start qemu with -soundhw adlib -audiodev pa,id=audio0,out.mixing-engine=off Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-4-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31paaudio: remove unused variablesVolker Rümelin
The unused variables were last used before commit 49ddd7e122 "paaudio: port to the new audio backend api". Fixes: 49ddd7e122 Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-3-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31audio: fix audio_generic_readVolker Rümelin
It seems the function audio_generic_read started as a copy of function audio_generic_write and some necessary changes were forgotten. Fix the mixed up source and destination pointers and rename misnamed variables. Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-2-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31audio: fix audio_generic_writeVolker Rümelin
The pcm_ops function put_buffer_out expects the returned pointer of function get_buffer_out as argument. Fix this. Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200123074943.6699-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-31audio/oss: fix buffer pos calculationGerd Hoffmann
Fixes: 3ba4066d085f ("ossaudio: port to the new audio backend api") Reported-by: ziming zhang <ezrakiez@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20200120101804.29578-1-kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-01-30Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20200130' into staging target-arm queue: * hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES * target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr * aspeed: some minor bugfixes * aspeed: add eMMC controller model for AST2600 SoC * hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus' * New 3-phase reset API for device models * hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit * Arm KVM: stop/restart the guest counter when the VM is stopped and started # gpg: Signature made Thu 30 Jan 2020 16:14:45 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200130: (26 commits) target/arm/cpu: Add the kvm-no-adjvtime CPU property target/arm/kvm: Implement virtual time adjustment tests/arm-cpu-features: Check feature default values target/arm/kvm64: kvm64 cpus have timer registers hw/arm/virt: Add missing 5.0 options call to 4.2 options target/arm/kvm: trivial: Clean up header documentation hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit hw/s390x/ipl: replace deprecated qdev_reset_all registration vl: replace deprecated qbus_reset_all registration docs/devel/reset.rst: add doc about Resettable interface hw/core: deprecate old reset functions and introduce new ones hw/core/qdev: update hotplug reset regarding resettable hw/core/qdev: handle parent bus change regarding resettable hw/core/resettable: add support for changing parent hw/core: add Resettable support to BusClass and DeviceClass hw/core: create Resettable QOM interface hw/core/qdev: add trace events to help with resettable transition add device_legacy_reset function to prepare for reset api change hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus' misc/pca9552: Add qom set and get ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30target/arm/cpu: Add the kvm-no-adjvtime CPU propertyAndrew Jones
kvm-no-adjvtime is a KVM specific CPU property and a first of its kind. To accommodate it we also add kvm_arm_add_vcpu_properties() and a KVM specific CPU properties description to the CPU features document. Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 20200120101023.16030-7-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30target/arm/kvm: Implement virtual time adjustmentAndrew Jones
When a VM is stopped (such as when it's paused) guest virtual time should stop counting. Otherwise, when the VM is resumed it will experience time jumps and its kernel may report soft lockups. Not counting virtual time while the VM is stopped has the side effect of making the guest's time appear to lag when compared with real time, and even with time derived from the physical counter. For this reason, this change, which is enabled by default, comes with a KVM CPU feature allowing it to be disabled, restoring legacy behavior. This patch only provides the implementation of the virtual time adjustment. A subsequent patch will provide the CPU property allowing the change to be enabled and disabled. Reported-by: Bijan Mottahedeh <bijan.mottahedeh@oracle.com> Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 20200120101023.16030-6-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30tests/arm-cpu-features: Check feature default valuesAndrew Jones
If we know what the default value should be then we can test for that as well as the feature existence. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200120101023.16030-5-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30target/arm/kvm64: kvm64 cpus have timer registersAndrew Jones
Add the missing GENERIC_TIMER feature to kvm64 cpus. We don't currently use these registers when KVM is enabled, but it's probably best we add the feature flag for consistency and potential future use. There's also precedent, as we add the PMU feature flag to KVM enabled guests, even though we don't use those registers either. This change was originally posted as a hunk of a different, never merged patch from Bijan Mottahedeh. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200120101023.16030-4-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/arm/virt: Add missing 5.0 options call to 4.2 optionsAndrew Jones
Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 20200120101023.16030-3-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30target/arm/kvm: trivial: Clean up header documentationAndrew Jones
Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 20200120101023.16030-2-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bitZenghui Yu
If LPIs are disabled, KVM will just ignore the GICR_PENDBASER.PTZ bit when restoring GICR_CTLR. Setting PTZ here makes littlt sense in "reduce GIC initialization time". And what's worse, PTZ is generally programmed by guest to indicate to the Redistributor whether the LPI Pending table is zero when enabling LPIs. If migration is triggered when the PTZ has just been cleared by guest (and before enabling LPIs), we will see PTZ==1 on the destination side, which is not as expected. Let's just drop this hackish userspace behavior. Also take this chance to refine the comment a bit. Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions") Signed-off-by: Zenghui Yu <yuzenghui@huawei.com> Message-id: 20200119133051.642-1-yuzenghui@huawei.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/s390x/ipl: replace deprecated qdev_reset_all registrationDamien Hedde
Replace deprecated qdev_reset_all by resettable_cold_reset_fn for the ipl registration in the main reset handlers. This does not impact the behavior for the following reasons: + at this point resettable just call the old reset methods of devices and buses in the same order than qdev/qbus. + resettable handlers registered with qemu_register_reset are serialized; there is no interleaving. + eventual explicit calls to legacy reset API (device_reset or qdev/qbus_reset) inside this reset handler will not be masked out by resettable mechanism; they do not go through resettable api. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200123132823.1117486-12-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30vl: replace deprecated qbus_reset_all registrationDamien Hedde
Replace deprecated qbus_reset_all by resettable_cold_reset_fn for the sysbus reset registration. Apart for the raspi machines, this does not impact the behavior because: + at this point resettable just calls the old reset methods of devices and buses in the same order as qdev/qbus. + resettable handlers registered with qemu_register_reset are serialized; there is no interleaving. + eventual explicit calls to legacy reset API (device_reset or qdev/qbus_reset) inside this reset handler will not be masked out by resettable mechanism; they do not go through resettable api. For the raspi machines, during the sysbus reset the sd-card is not reset twice anymore but only once. This is a consequence of switching both sysbus reset and changing parent to resettable; it detects the second reset is not needed. This has no impact on the state after reset; the sd-card reset method only reset local state and query information from the block backend. The raspi reset change can be observed by using the following command (reset will occurs, then do Ctrl-C to end qemu; no firmware is given here). qemu-system-aarch64 -M raspi3 \ -trace resettable_phase_hold_exec \ -trace qdev_update_parent_bus \ -trace resettable_change_parent \ -trace qdev_reset -trace qbus_reset Before the patch, the qdev/qbus_reset traces show when reset method are called. After the patch, the resettable_phase_hold_exec show when reset method are called. The traced reset order of the raspi3 is listed below. I've added empty lines and the tree structure. +->bcm2835-peripherals reset | | +->sd-card reset | +->sd-bus reset +->bcm2835_gpio reset | -> dev_update_parent_bus (move the sd-card on the sdhci-bus) | -> resettable_change_parent | +->bcm2835-dma reset | | +->bcm2835-sdhost-bus reset +->bcm2835-sdhost reset | | +->sd-card (reset ONLY BEFORE BEFORE THE PATCH) | +->sdhci-bus reset +->generic-sdhci reset | +->bcm2835-rng reset +->bcm2835-property reset +->bcm2835-fb reset +->bcm2835-mbox reset +->bcm2835-aux reset +->pl011 reset +->bcm2835-ic reset +->bcm2836-control reset System reset In both case, the sd-card is reset (being on bcm2835_gpio/sd-bus) then moved to generic-sdhci/sdhci-bus by the bcm2835_gpio reset method. Before the patch, it is then reset again being part of generic-sdhci/sdhci-bus. After the patch, it considered again for reset but its reset method is not called because it is already flagged as reset. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-11-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30docs/devel/reset.rst: add doc about Resettable interfaceDamien Hedde
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200123132823.1117486-10-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core: deprecate old reset functions and introduce new onesDamien Hedde
Deprecate device_legacy_reset(), qdev_reset_all() and qbus_reset_all() to be replaced by new functions device_cold_reset() and bus_cold_reset() which uses resettable API. Also introduce resettable_cold_reset_fn() which may be used as a replacement for qdev_reset_all_fn and qbus_reset_all_fn(). Following patches will be needed to look at legacy reset call sites and switch to resettable api. The legacy functions will be removed when unused. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-9-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core/qdev: update hotplug reset regarding resettableDamien Hedde
This commit make use of the resettable API to reset the device being hotplugged when it is realized. Also it ensures it is put in a reset state coherent with the parent it is plugged into. Note that there is a difference in the reset. Instead of resetting only the hotplugged device, we reset also its subtree (switch to resettable API). This is not expected to be a problem because sub-buses are just realized too. If a hotplugged device has any sub-buses it is logical to reset them too at this point. The recently added should_be_hidden and PCI's partially_hotplugged mechanisms do not interfere with realize operation: + In the should_be_hidden use case, device creation is delayed. + The partially_hotplugged mechanism prevents a device to be unplugged and unrealized from qdev POV and unrealized. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-8-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core/qdev: handle parent bus change regarding resettableDamien Hedde
In qdev_set_parent_bus(), when changing the parent bus of a realized device, if the source and destination buses are not in the same reset state, some adaptations are required. This patch adds needed call to resettable_change_parent() to make sure a device reset state stays coherent with its parent bus. The addition is a no-op if: 1. the device being parented is not realized. 2. the device is realized, but both buses are not under reset. Case 2 means that as long as qdev_set_parent_bus() is called during the machine realization procedure (which is before the machine reset so nothing is in reset), it is a no op. There are 52 call sites of qdev_set_parent_bus(). All but one fall into the no-op case: + 29 trivial calls related to virtio (in hw/{s390x,display,virtio}/ {vhost,virtio}-xxx.c) to set a vdev(or vgpu) composing device parent bus just before realizing the same vdev(vgpu). + hw/core/qdev.c: when creating a device in qdev_try_create() + hw/core/sysbus.c: when initializing a device in the sysbus + hw/i386/amd_iommu.c: before realizing AMDVIState/pci + hw/isa/piix4.c: before realizing PIIX4State/rtc + hw/misc/auxbus.c: when creating an AUXBus + hw/misc/auxbus.c: when creating an AUXBus child + hw/misc/macio/macio.c: when initializing a MACIOState child + hw/misc/macio/macio.c: before realizing NewWorldMacIOState/pmu + hw/misc/macio/macio.c: before realizing NewWorldMacIOState/cuda + hw/net/virtio-net.c: Used for migration when using the failover mechanism to migration a vfio-pci/net. It is a no-op because at this point the device is already on the bus. + hw/pci-host/designware.c: before realizing DesignwarePCIEHost/root + hw/pci-host/gpex.c: before realizing GPEXHost/root + hw/pci-host/prep.c: when initialiazing PREPPCIState/pci_dev + hw/pci-host/q35.c: before realizing Q35PCIHost/mch + hw/pci-host/versatile.c: when initializing PCIVPBState/pci_dev + hw/pci-host/xilinx-pcie.c: before realizing XilinxPCIEHost/root + hw/s390x/event-facility.c: when creating SCLPEventFacility/ TYPE_SCLP_QUIESCE + hw/s390x/event-facility.c: ditto with SCLPEventFacility/ TYPE_SCLP_CPU_HOTPLUG + hw/s390x/sclp.c: Not trivial because it is called on a SLCPDevice just after realizing it. Ok because at this point the destination bus (sysbus) is not in reset; the realize step is before the machine reset. + hw/sd/core.c: Not OK. Used in sdbus_reparent_card(). See below. + hw/ssi/ssi.c: Used to put spi slave on spi bus and connect the cs line in ssi_auto_connect_slave(). Ok because this function is only used in realize step in hw/ssi/aspeed_smc.ci, hw/ssi/imx_spi.c, hw/ssi/mss-spi.c, hw/ssi/xilinx_spi.c and hw/ssi/xilinx_spips.c. + hw/xen/xen-legacy-backend.c: when creating a XenLegacyDevice device + qdev-monitor.c: in device hotplug creation procedure before realize Note that this commit alone will have no effect, right now there is no use of resettable API to reset anything. So a bus will never be tagged as in-reset by this same API. The one place where side-effect will occurs is in hw/sd/core.c in sdbus_reparent_card(). This function is only used in the raspi machines, including during the sysbus reset procedure. This case will be carrefully handled when doing the multiple phase reset transition. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-7-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core/resettable: add support for changing parentDamien Hedde
Add a function resettable_change_parent() to do the required plumbing when changing the parent a of Resettable object. We need to make sure that the reset state of the object remains coherent with the reset state of the new parent. We make the 2 following hypothesis: + when an object is put in a parent under reset, the object goes in reset. + when an object is removed from a parent under reset, the object leaves reset. The added function avoids any glitch if both old and new parent are already in reset. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-6-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core: add Resettable support to BusClass and DeviceClassDamien Hedde
This commit adds support of Resettable interface to buses and devices: + ResettableState structure is added in the Bus/Device state + Resettable methods are implemented. + device/bus_is_in_reset function defined This commit allows to transition the objects to the new multi-phase interface without changing the reset behavior at all. Object single reset method can be split into the 3 different phases but the 3 phases are still executed in a row for a given object. From the qdev/qbus reset api point of view, nothing is changed. qdev_reset_all() and qbus_reset_all() are not modified as well as device_legacy_reset(). Transition of an object must be done from parent class to child class. Care has been taken to allow the transition of a parent class without requiring the child classes to be transitioned at the same time. Note that SysBus and SysBusDevice class do not need any transition because they do not override the legacy reset method. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-5-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core: create Resettable QOM interfaceDamien Hedde
This commit defines an interface allowing multi-phase reset. This aims to solve a problem of the actual single-phase reset (built in DeviceClass and BusClass): reset behavior is dependent on the order in which reset handlers are called. In particular doing external side-effect (like setting an qemu_irq) is problematic because receiving object may not be reset yet. The Resettable interface divides the reset in 3 well defined phases. To reset an object tree, all 1st phases are executed then all 2nd then all 3rd. See the comments in include/hw/resettable.h for a more complete description. The interface defines 3 phases to let the future possibility of holding an object into reset for some time. The qdev/qbus reset in DeviceClass and BusClass will be modified in following commits to use this interface. A mechanism is provided to allow executing a transitional reset handler in place of the 2nd phase which is executed in children-then-parent order inside a tree. This will allow to transition devices and buses smoothly while keeping the exact current qdev/qbus reset behavior for now. Documentation will be added in a following commit. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-4-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/core/qdev: add trace events to help with resettable transitionDamien Hedde
Adds trace events to reset procedure and when updating the parent bus of a device. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-3-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30add device_legacy_reset function to prepare for reset api changeDamien Hedde
Provide a temporary device_legacy_reset function doing what device_reset does to prepare for the transition with Resettable API. All occurrence of device_reset in the code tree are also replaced by device_legacy_reset. The new resettable API has different prototype and semantics (resetting child buses as well as the specified device). Subsequent commits will make the changeover for each call site individually; once that is complete device_legacy_reset() will be removed. Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Cornelia Huck <cohuck@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200123132823.1117486-2-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'Philippe Mathieu-Daudé
Since we enabled parallel TCG code generation for softmmu (see commit 3468b59 "tcg: enable multiple TCG contexts in softmmu") and its subsequent fix (commit 72649619 "add .min_cpus and .default_cpus fields to machine_class"), the raspi machines are restricted to always use their 4 cores: See in hw/arm/raspi2 (with BCM283X_NCPUS set to 4): 222 static void raspi2_machine_init(MachineClass *mc) 223 { 224 mc->desc = "Raspberry Pi 2"; 230 mc->max_cpus = BCM283X_NCPUS; 231 mc->min_cpus = BCM283X_NCPUS; 232 mc->default_cpus = BCM283X_NCPUS; 235 }; 236 DEFINE_MACHINE("raspi2", raspi2_machine_init) We can no longer use the -smp option, as we get: $ qemu-system-arm -M raspi2 -smp 1 qemu-system-arm: Invalid SMP CPUs 1. The min CPUs supported by machine 'raspi2' is 4 Since we can not set the TYPE_BCM283x SOC "enabled-cpus" with -smp, remove the unuseful code. We can achieve the same by using the '-global bcm2836.enabled-cpus=1' option. Reported-by: Laurent Bonnans <laurent.bonnans@here.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20200120235159.18510-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30misc/pca9552: Add qom set and getJoel Stanley
Following the pattern of the work recently done with the ASPEED GPIO model, this adds support for inspecting and modifying the PCA9552 LEDs from the monitor. (qemu) qom-set /machine/unattached/device[17] led0 on (qemu) qom-set /machine/unattached/device[17] led0 off (qemu) qom-set /machine/unattached/device[17] led0 pwm0 (qemu) qom-set /machine/unattached/device[17] led0 pwm1 Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 20200114103433.30534-6-clg@kaod.org [clg: - removed the "qom-get" examples from the commit log - merged memory leak fixes from Joel ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/arm/aspeed: add a 'execute-in-place' property to boot directly from CE0Cédric Le Goater
The overhead for the OpenBMC firmware images using the a custom U-Boot is around 2 seconds, which is fine, but with a U-Boot from mainline, it takes an extra 50 seconds or so to reach Linux. A quick survey on the number of reads performed on the flash memory region gives the following figures : OpenBMC U-Boot 922478 (~ 3.5 MBytes) Mainline U-Boot 20569977 (~ 80 MBytes) QEMU must be trashing the TCG TBs and reloading text very often. Some addresses are read more than 250.000 times. Until we find a solution to improve boot time, execution from MMIO is not activated by default. Setting this option also breaks migration compatibility. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200114103433.30534-5-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30ftgmac100: check RX and TX buffer alignmentCédric Le Goater
These buffers should be aligned on 16 bytes. Ignore invalid RX and TX buffer addresses and log an error. All incoming and outgoing traffic will be dropped because no valid RX or TX descriptors will be available. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 20200114103433.30534-4-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/arm: ast2600: Wire up the eMMC controllerAndrew Jeffery
Initialise another SDHCI model instance for the AST2600's eMMC controller and use the SDHCI's num_slots value introduced previously to determine whether we should create an SD card instance for the new slot. Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 20200114103433.30534-3-clg@kaod.org [ clg : - removed ternary operator from sdhci_attach_drive() - renamed SDHCI objects with a '-controller' prefix ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30hw/sd: Configure number of slots exposed by the ASPEED SDHCI modelAndrew Jeffery
The AST2600 includes a second cut-down version of the SD/MMC controller found in the AST2500, named the eMMC controller. It's cut down in the sense that it only supports one slot rather than two, but it brings the total number of slots supported by the AST2600 to three. The existing code assumed that the SD controller always provided two slots. Rework the SDHCI object to expose the number of slots as a property to be set by the SoC configuration. Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 20200114103433.30534-2-clg@kaod.org [PMM: fixed up to use device_class_set_props()] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30target/arm/arm-semi: Don't let the guest close stdin/stdout/stderrPeter Maydell
The guest can use the semihosting API to open a handle corresponding to QEMU's own stdin, stdout, or stderr. When the guest closes this handle, we should not close the underlying host stdin/stdout/stderr the way we would do if the handle corresponded to a host fd we'd opened on behalf of the guest in SYS_OPEN. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200124172954.28481-1-peter.maydell@linaro.org
2020-01-30hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINESPeter Maydell
The num-lines property of the TYPE_OR_GATE device sets the number of input lines it has. An assert() in or_irq_realize() restricts this to the maximum supported by the implementation. However we got the condition in the assert wrong: it should be using <=, because num-lines == MAX_OR_LINES is permitted, and means that all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array are used. We didn't notice this previously because no user has so far needed that many input lines. Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20200120142235.10432-1-peter.maydell@linaro.org
2020-01-30Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jan-29-2020' ↵Peter Maydell
into staging MIPS queue for January 29th, 2020 # gpg: Signature made Wed 29 Jan 2020 18:29:43 GMT # gpg: using RSA key D4972A8967F75A65 # gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [full] # Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01 DD75 D497 2A89 67F7 5A65 * remotes/amarkovic/tags/mips-queue-jan-29-2020: target/mips: Add implementation of GINVT instruction target/mips: Amend CP0 WatchHi register implementation hw/core/loader: Let load_elf() populate a field with CPU-specific flags target/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting() disas: Add a field for target-dependant data to disassemble_info target/mips: Rectify documentation on deprecating MIPS r4k machine Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30Merge remote-tracking branch ↵Peter Maydell
'remotes/stefanberger/tags/pull-tpm-2020-01-29-1' into staging Merge tpm 2020/01/29 v1 # gpg: Signature made Wed 29 Jan 2020 13:01:37 GMT # gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211 # gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211 * remotes/stefanberger/tags/pull-tpm-2020-01-29-1: tpm-ppi: page-align PPI RAM Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-30Merge remote-tracking branch ↵Peter Maydell
'remotes/juanquintela/tags/pull-migration-pull-request' into staging Migration pull request # gpg: Signature made Wed 29 Jan 2020 10:57:23 GMT # gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full] # gpg: aka "Juan Quintela <quintela@trasno.org>" [full] # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * remotes/juanquintela/tags/pull-migration-pull-request: migration/compress: compress QEMUFile is not writable migration: Simplify get_qlist multifd: Split multifd code into its own file multifd: Make multifd_load_setup() get an Error parameter multifd: Make multifd_save_setup() get an Error parameter migration: Make checkpatch happy with comments multifd: Use qemu_target_page_size() multifd: multifd_send_sync_main only needs the qemufile multifd: multifd_queue_page only needs the qemufile multifd: multifd_send_pages only needs the qemufile ram_addr: Split RAMBlock definition migration/multifd: fix nullptr access in multifd_send_terminate_threads migration: Create migration_is_running() migration-test: Make sure that multifd and cancel works migration: Don't send data if we have stopped qemu-file: Don't do IO after shutdown multifd: Make sure that we don't do any IO after an error migration-test: Use g_free() instead of free() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-29target/mips: Add implementation of GINVT instructionYongbok Kim
Implement emulation of GINVT instruction. As QEMU doesn't support caches and virtualization, this implementation covers only one instruction (GINVT - Global Invalidate TLB) among all TLB-related MIPS instructions. Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Yongbok Kim <yongbok.kim@mips.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-5-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29target/mips: Amend CP0 WatchHi register implementationYongbok Kim
WatchHi is extended by the field MemoryMapID with the GINVT instruction. The field is accessible by MTHC0/MFHC0 in 32-bit architectures and DMTC0/ DMFC0 in 64-bit architectures. Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Yongbok Kim <yongbok.kim@mips.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-4-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29hw/core/loader: Let load_elf() populate a field with CPU-specific flagsAleksandar Markovic
While loading the executable, some platforms (like AVR) need to detect CPU type that executable is built for - and, with this patch, this is enabled by reading the field 'e_flags' of the ELF header of the executable in question. The change expands functionality of the following functions: - load_elf() - load_elf_as() - load_elf_ram() - load_elf_ram_sym() The argument added to these functions is called 'pflags' and is of type 'uint32_t*' (that matches 'pointer to 'elf_word'', 'elf_word' being the type of the field 'e_flags', in both 32-bit and 64-bit variants of ELF header). Callers are allowed to pass NULL as that argument, and in such case no lookup to the field 'e_flags' will happen, and no information will be returned, of course. CC: Richard Henderson <rth@twiddle.net> CC: Peter Maydell <peter.maydell@linaro.org> CC: Edgar E. Iglesias <edgar.iglesias@gmail.com> CC: Michael Walle <michael@walle.cc> CC: Thomas Huth <huth@tuxfamily.org> CC: Laurent Vivier <laurent@vivier.eu> CC: Philippe Mathieu-Daudé <f4bug@amsat.org> CC: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> CC: Aurelien Jarno <aurelien@aurel32.net> CC: Jia Liu <proljc@gmail.com> CC: David Gibson <david@gibson.dropbear.id.au> CC: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: BALATON Zoltan <balaton@eik.bme.hu> CC: Christian Borntraeger <borntraeger@de.ibm.com> CC: Thomas Huth <thuth@redhat.com> CC: Artyom Tarasenko <atar4qemu@gmail.com> CC: Fabien Chouteau <chouteau@adacore.com> CC: KONRAD Frederic <frederic.konrad@adacore.com> CC: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Michael Rolnik <mrolnik@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1580079311-20447-24-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29target/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting()Daniel Henrique Barboza
The label 'uhi_done' is a simple 'return' call and can be removed for a bit more clarity in the code. CC: Aurelien Jarno <aurelien@aurel32.net> CC: Aleksandar Markovic <amarkovic@wavecomp.com> CC: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20200106182425.20312-7-danielhb413@gmail.com>
2020-01-29disas: Add a field for target-dependant data to disassemble_infoAleksandar Markovic
This patch adds a field "target_info" to the structure disassemble_info. The purpose of this field is to enable targets to pass to disassembler code any additional data thet deem suitable. Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-6-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29target/mips: Rectify documentation on deprecating MIPS r4k machineAleksandar Markovic
Correct file qemu-deprecated.texi with respect to the release since MIPS r4k machine is deprecated from 4.2 to 5.0. Fixes: d32dc61421b Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-2-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29tpm-ppi: page-align PPI RAMMarc-André Lureau
post-copy migration fails on destination with error such as: 2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range: Unaligned start address: 0x559d2afae9a0 Use qemu_memalign() to constrain the PPI RAM memory alignment. Cc: qemu-stable@nongnu.org Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com
2020-01-29migration/compress: compress QEMUFile is not writableWei Yang
We open a file with empty_ops for compress QEMUFile, which means this is not writable. Signed-off-by: Wei Yang <richardw.yang@linux.intel.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2020-01-29migration: Simplify get_qlistEric Auger
Instead of inserting read elements at the head and then reversing the list, it is simpler to add each element after the previous one. Introduce QLIST_RAW_INSERT_AFTER helper and use it in get_qlist(). Signed-off-by: Eric Auger <eric.auger@redhat.com> Suggested-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2020-01-29multifd: Split multifd code into its own fileJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-01-29multifd: Make multifd_load_setup() get an Error parameterJuan Quintela
We need to change the full chain to pass the Error parameter. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>