aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-07ppc: Batch TLB flushes on 32-bit 6xx/7xx/7xxx in hash modeBenjamin Herrenschmidt
This ports the existing 64-bit mechanism to 32-bit, thus series of 64 tlbie's followed by a sync like some versions of Darwin (ab)use will result in a single flush. We apply a pending flush on any sync instruction though, as Darwin doesn't use tlbsync on non-SMP systems. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07ppc: Fix tlb invalidations on 6xx/7xx/7xxx 32-bit processorsBenjamin Herrenschmidt
The processor only uses some bits of the address and invalidates an entire congruence class. Some OSes such as Darwin and HelenOS take advantage of this and occasionally invalidate the entire TLB by just doing a series of 64 consecutive tlbie for example. Our code tries to be too smart here only invalidating a segment congruence class (ie, allowing more address bits to be relevant in the invalidation), this fails miserably on those OSes. Instead don't bother, do like ppc64 and blow the whole tlb when tlbie is executed. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07ppc: Properly tag the translation cache based on MMU modeBenjamin Herrenschmidt
We used to always flush the TLB when changing relocation mode in MSR:IR and MSR:DR (ie. MMU on/off for Instructions and Data). We don't anymore since we have split mmu_idx for instruction and data. However, since we hard code the mmu_idx in the translated code, we now need to also make sure MSR:IR and MSR:DR are part of the hflags used to tag translated code, so that we use different translated code for different MMU settings. Darwin gets hurt by this problem. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07dbdma: use DMA memory interface for memory accessesMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07macio: use DMA memory interface for non-block ATAPI transfersMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07target-ppc: fixup bitrot in mmu_helper.c debug statementsMark Cave-Ayland
This fixes compilation of mmu_helper.c when all of the debug #defines at the start of the file are enabled. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_pci: Drop cannot_instantiate_with_device_add_yet=falseMarkus Armbruster
It's become redundant since it was added in commit 09aa9a5 "spapr-pci: enable adding PHB via -device". Cc: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07ppc: fix hrfid, tlbia and slbia privilegeCédric Le Goater
commit 74693da98894 ('ppc: tlbie, tlbia and tlbisync are HV only') introduced some extra checks on the instruction privilege. slbia was changed wrongly and hrfid, tlbia were forgotten. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07ppc: Fix hreg_store_msr() so that non-HV mode cannot alter MSR:HVBenjamin Herrenschmidt
This helper is only used by the various instructions that can alter MSR and not interrupts. Add a comment to that effect to the interrupt code as well in case somebody wants to change this Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07ppc: Better figure out if processor has HV modeBenjamin Herrenschmidt
We use an env. flag which is set to the initial value of MSR_HVB in the msr_mask. We also adjust the POWER8 mask to set SHV. Also use this to adjust ctx.hv so that it is *set* when the processor doesn't have an HV mode (970 with Apple mode for example), thus enabling hypervisor instructions/SPRs. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [clg: ctx.hv used to be defined only for the hypervisor kernel (HV=1|PR=0). It is now defined also when PR=1 and conditions are fixed accordingly. stripped unwanted tabs.] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr: Introduce pseries-2.7 machine typeBharata B Rao
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr: Increase hotpluggable memory slots to 256Bharata B Rao
KVM now supports 512 memslots on PowerPC (earlier it was 32). Allow half of it (256) to be used as hotpluggable memory slots. Instead of hard coding the max value, use the KVM supplied value if KVM is enabled. Otherwise resort to the default value of 32. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_pci: Add and export DMA resetting helperAlexey Kardashevskiy
This will be later used by the "ibm,reset-pe-dma-window" RTAS handler which resets the DMA configuration to the defaults. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_pci: Reset DMA config on PHB resetAlexey Kardashevskiy
LoPAPR dictates that during system reset all DMA windows must be removed and the default DMA32 window must be created so does the patch. At the moment there is just one window supported so no change in behaviour is expected. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_iommu: Add root memory regionAlexey Kardashevskiy
We are going to have multiple DMA windows at different offsets on a PCI bus. For the sake of migration, we will have as many TCE table objects pre-created as many windows supported. So we need a way to map windows dynamically onto a PCI bus when migration of a table is completed but at this stage a TCE table object does not have access to a PHB to ask it to map a DMA window backed by just migrated TCE table. This adds a "root" memory region (UINT64_MAX long) to the TCE object. This new region is mapped on a PCI bus with enabled overlapping as there will be one root MR per TCE table, each of them mapped at 0. The actual IOMMU memory region is a subregion of the root region and a TCE table enables/disables this subregion and maps it at the specific offset inside the root MR which is 1:1 mapping of a PCI address space. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_iommu: Migrate full stateAlexey Kardashevskiy
The source guest could have reallocated the default TCE table and migrate bigger/smaller table. This adds reallocation in post_load() if the default table size is different on source and destination. This adds @bus_offset, @page_shift to the migration stream as a subsection so when DDW is added, migration to older machines will still be possible. As @bus_offset and @page_shift are not used yet, this makes no change in behavior. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07spapr_iommu: Introduce "enabled" state for TCE tableAlexey Kardashevskiy
Currently TCE tables are created once at start and their sizes never change. We are going to change that by introducing a Dynamic DMA windows support where DMA configuration may change during the guest execution. This changes spapr_tce_new_table() to create an empty zero-size IOMMU memory region (IOMMU MR). Only LIOBN is assigned by the time of creation. It still will be called once at the owner object (VIO or PHB) creation. This introduces an "enabled" state for TCE table objects, some helper functions are added: - spapr_tce_table_enable() receives TCE table parameters, stores in sPAPRTCETable and allocates a guest view of the TCE table (in the user space or KVM) and sets the correct size on the IOMMU MR; - spapr_tce_table_disable() disposes the table and resets the IOMMU MR size; it is made public as the following DDW code will be using it. This changes the PHB reset handler to do the default DMA initialization instead of spapr_phb_realize(). This does not make differenct now but later with more than just one DMA window, we will have to remove them all and create the default one on a system reset. No visible change in behaviour is expected except the actual table will be reallocated every reset. We might optimize this later. The other way to implement this would be dynamically create/remove the TCE table QOM objects but this would make migration impossible as the migration code expects all QOM objects to exist at the receiver so we have to have TCE table objects created when migration begins. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07vmstate: Define VARRAY with VMS_ALLOCAlexey Kardashevskiy
This allows dynamic allocation for migrating arrays. Already existing VMSTATE_VARRAY_UINT32 requires an array to be pre-allocated, however there are cases when the size is not known in advance and there is no real need to enforce it. This defines another variant of VMSTATE_VARRAY_UINT32 with WMS_ALLOC flag which tells the receiving side to allocate memory for the array before receiving the data. The first user of it is a dynamic DMA window which existence and size are totally dynamic. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07kvm: API to obtain max supported mem slotsBharata B Rao
Introduce kvm_get_max_memslots() API that can be used to obtain the maximum number of memslots supported by KVM. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-07target-ppc/fpu_helper: Fix efscmp* instructions handlingTalha Imran
With specification at hand from the reference manual from Freescale http://cache.nxp.com/files/32bit/doc/ref_manual/SPEPEM.pdf , I have found a fix to efscmp* instructions handling in QEMU. efscmp* instructions in QEMU set crD (Condition Register nibble) values as (0b0100 << 2) = 0b10000 (consider the HELPER_SINGLE_SPE_CMP macro which left shifts the value returned by efscmp* handler by 2 bits). A value of 0b10000 is not correct according the to the reference manual. The reference manual expects efscmp* instructions to return a value of 0bx1xx. Please find attached a patch which disables left shifting in HELPER_SINGLE_SPE_CMP macro. This macro is used by efscmp* and efstst* instructions only. efstst* instruction handlers, in turn, call efscmp* handlers too. *Explanation:* Traditionally, each crD (condition register nibble) consist of 4 bits, which is set by comparisons as follows: crD = W X Y Z where W = Less than X = Greater than Y = Equal to However, efscmp* instructions being a special case return a binary result. (efscmpeq will set the crD = 0bx1xx iff when op1 == op2 and 0bx0xx otherwise; i.e. there is no notion of different crD values based on Less than, Greater than and Equal to). This effectively means that crD will store a "Greater than" comparison result iff efscmp* instruction comparison is TRUE. Compiler exploits this feature by checking for "Branch if Less than or Equal to" (ble instruction) OR "Branch if Greater than" (bgt instruction) for Branch if FALSE OR Branch if TRUE respectively after an efscmp* instruction. This can be seen in a assembly code snippet below: 27 if (__real__ x != 3.0f || __imag__ x != 4.0f) 10000498: lwz r10,8(r31) 1000049c: lis r9,16448 100004a0: efscmpeq cr7,r10,r9 100004a4: ble- cr7,0x100004b8 <bar+60> //jump to abort() call 100004a8: lwz r10,12(r31) 100004ac: lis r9,16512 100004b0: efscmpeq cr7,r10,r9 100004b4: bgt- cr7,0x100004bc <bar+64> //skip abort() call 28 abort (); 100004b8: bl 0x10000808 <abort> Signed-off-by: Talha Imran <talha_imran@mentor.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-06Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20160606-1' into staging target-arm queue: * support instruction syndrome info for data aborts from A64 to EL2 * add HSTR_EL2 register * fix incorrect ESR IL bits in various syndrome register cases * virt: fix limit of 64-bit ACPI/ECAM PCI MMIO range * gicv2: RAZ/WI non-sec access to sec interrupts * i2c: add aspeed i2c controller * virt: Reject gic-version=host for non-KVM (don't segv on aarch64 host) * xlnx-zynqmp: Add a secure prop to en/disable ARM Security Extensions * xlnx-zynqmp: Support KVM on AArch64 hosts * ptimer: Various fixes for awkward corner cases * char: QOMify various ARM UART models * char: get rid of qemu_char_get_next_serial * target-arm: Fix TTBR selecting logic on AArch32 Stage 2 translation * zynqmp: Add the ZCU102 board # gpg: Signature made Mon 06 Jun 2016 17:01:11 BST # gpg: using RSA key 0x3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" * remotes/pmaydell/tags/pull-target-arm-20160606-1: (25 commits) zynqmp: Add the ZCU102 board target-arm: Fix TTBR selecting logic on AArch32 Stage 2 translation char: get rid of qemu_char_get_next_serial hw/char: QOM'ify xilinx_uartlite model hw/char: QOM'ify stm32f2xx_usart model hw/char: QOM'ify digic-uart model hw/char: QOM'ify cadence_uart model hw/char: QOM'ify pl011 model hw/ptimer: Introduce ptimer_get_limit hw/ptimer: Support "on the fly" timer mode switch hw/ptimer: Update .delta on period/freq change hw/ptimer: Perform counter wrap around if timer already expired hw/ptimer: Fix issues caused by the adjusted timer limit value xlnx-zynqmp: Use the in kernel GIC model for KVM runs xlnx-zynqmp: Delay realization of GIC until post CPU realization xlnx-zynqmp: Make the RPU subsystem optional xlnx-zynqmp: Add a secure prop to en/disable ARM Security Extensions hw/arm/virt: Reject gic-version=host for non-KVM i2c: add aspeed i2c controller hw/intc/gic: RAZ/WI non-sec access to sec interrupts ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06zynqmp: Add the ZCU102 boardAlistair Francis
Most Zynq UltraScale+ users will be targetting and using the ZCU102 board instead of the development focused EP108. To make our QEMU machine names clearer add a ZCU102 machine model. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: cc82eec026b2febfca252d73362bb7084616c1ad.1464213234.git.alistair.francis@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06target-arm: Fix TTBR selecting logic on AArch32 Stage 2 translationSergey Sorokin
Address size is 40-bit for the AArch32 stage 2 translation, and t0sz can be negative (from -8 to 7), so we need to adjust it to use the existing TTBR selecting logic. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Message-id: 1464974151-1231644-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06char: get rid of qemu_char_get_next_serialxiaoqiang zhao
since there is no user of qemu_char_get_next_serial any more, it's time to let it go away. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-7-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/char: QOM'ify xilinx_uartlite modelxiaoqiang zhao
* drop qemu_char_get_next_serial and use chardev prop * create xilinx_uartlite_create wrapper function to create xilinx_uartlite device * change affected board code to use the new way Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-6-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/char: QOM'ify stm32f2xx_usart modelxiaoqiang zhao
* drop qemu_char_get_next_serial and use chardev prop * change affected board code to use the new way Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-5-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/char: QOM'ify digic-uart modelxiaoqiang zhao
* drop qemu_char_get_next_serial and use chardev prop * change affected board code to use the new way Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-4-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/char: QOM'ify cadence_uart modelxiaoqiang zhao
* drop qemu_char_get_next_serial and use chardev prop * create cadence_uart_create wrapper function to create cadence_uart_device * change affected board code to use the new way Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-3-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/char: QOM'ify pl011 modelxiaoqiang zhao
* drop qemu_char_get_next_serial and use chardev prop * add pl011_create wrapper function to create pl011 uart device * change affected board code to use the new way Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-2-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/ptimer: Introduce ptimer_get_limitDmitry Osipenko
Currently ptimer users are used to store copy of the limit value, because ptimer doesn't provide facility to retrieve the limit. Let's provide it. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 8f1fa9f90d8dbf8086fb02f3b4835eaeb4089cf6.1464367869.git.digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/ptimer: Support "on the fly" timer mode switchDmitry Osipenko
Allow switching between periodic <-> oneshot modes while timer is running. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: f030be6e28fbd219e1e8d22297aee367bd9af5bb.1464367869.git.digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/ptimer: Update .delta on period/freq changeDmitry Osipenko
Delta value must be updated on period/freq change, otherwise running timer would be restarted (counter reloaded with old delta). Only m68k/mcf520x and arm/arm_timer devices are currently doing freq change correctly, i.e. stopping the timer. Perform delta update to fix affected devices and eliminate potential further mistakes. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 4987ef5fdc128bb9a744fd794d3f609135c6a39c.1464367869.git.digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/ptimer: Perform counter wrap around if timer already expiredDmitry Osipenko
ptimer_get_count() might be called while QEMU timer already been expired. In that case ptimer would return counter = 0, which might be undesirable in case of polled timer. Do counter wrap around for periodic timer to keep it distributed. In order to achieve more accurate emulation behaviour of certain hardware, don't perform wrap around when in icount mode and return counter = 0 in that case (that doesn't affect polled counter distribution). Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 4ce381c7d24d85d165ff251d2875d16a4b6a5c04.1464367869.git.digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/ptimer: Fix issues caused by the adjusted timer limit valueDmitry Osipenko
Multiple issues here related to the timer with a adjusted .limit value: 1) ptimer_get_count() returns incorrect counter value for the disabled timer after loading the counter with a small value, because adjusted limit value is used instead of the original. For instance: 1) ptimer_stop(t) 2) ptimer_set_period(t, 1) 3) ptimer_set_limit(t, 0, 1) 4) ptimer_get_count(t) <-- would return 10000 instead of 0 2) ptimer_get_count() might return incorrect value for the timer running with a adjusted limit value. For instance: 1) ptimer_stop(t) 2) ptimer_set_period(t, 1) 3) ptimer_set_limit(t, 10, 1) 4) ptimer_run(t) 5) ptimer_get_count(t) <-- might return value > 10 3) Neither ptimer_set_period() nor ptimer_set_freq() are adjusting the limit value, so it is still possible to make timer timeout value arbitrary small. For instance: 1) ptimer_set_period(t, 10000) 2) ptimer_set_limit(t, 1, 0) 3) ptimer_set_period(t, 1) <-- bypass limit correction Fix all of the above issues by adjusting timer period instead of the limit. Perform the adjustment for periodic timer only. Use the delta value instead of the limit to make decision whether adjustment is required, as limit could be altered while timer is running, resulting in incorrect value returned by ptimer_get_count. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: cd141f74f5737480ec586b9c7d18cce1d69884e2.1464367869.git.digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06xlnx-zynqmp: Use the in kernel GIC model for KVM runsEdgar E. Iglesias
Use the in kernel GIC model when running with KVM enabled. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1464173555-12800-5-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06xlnx-zynqmp: Delay realization of GIC until post CPU realizationEdgar E. Iglesias
Delay the realization of the GIC until after CPUs are realized. This is needed for KVM as the in-kernel GIC model will fail if it is realized with no available CPUs. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1464173555-12800-4-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06xlnx-zynqmp: Make the RPU subsystem optionalEdgar E. Iglesias
The way we currently model the RPU subsystem is of quite limited use. In addition to that, it causes problems for KVM and for GDB debugging. Make the RPU optional by adding a has_rpu property and default to having it disabled. This changes the default setup from having the RPU to not longer having it. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1464173555-12800-3-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06xlnx-zynqmp: Add a secure prop to en/disable ARM Security ExtensionsEdgar E. Iglesias
Add a secure prop to en/disable ARM Security Extensions. This is particularly useful for KVM runs. Default to disabled to match the behavior of KVM. This changes the default setup from having the ARM Security Extensions to not longer having them. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1464173555-12800-2-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/arm/virt: Reject gic-version=host for non-KVMCole Robinson
If you try to gic-version=host with TCG on a KVM aarch64 host, qemu segfaults, since host requires KVM APIs. Explicitly reject gic-version=host if KVM is not enabled https://bugzilla.redhat.com/show_bug.cgi?id=1339977 Signed-off-by: Cole Robinson <crobinso@redhat.com> Message-id: b1b3b0dd143b7995a7f4062966b80a2cf3e3c71e.1464273085.git.crobinso@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06i2c: add aspeed i2c controllerCédric Le Goater
The Aspeed AST2400 integrates a set of 14 I2C/SMBus bus controllers directly connected to the APB bus. They can be programmed as master or slave but the propopsed model only supports the master mode. On the TODO list, we also have : - improve and harden the state machine. - bus recovery support (used by the Linux driver). - transfer mode state machine bits. this is not strictly necessary as it is mostly used for debug. The bus busy bit is deducted from the I2C core engine of qemu. - support of the pool buffer: 2048 bytes of internal SRAM (not used by the Linux driver). Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 1464704307-25178-1-git-send-email-clg@kaod.org [PMM: removed unused functions aspeed_i2c_bus_get_state() and aspeed_i2c_bus_set_state()] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/intc/gic: RAZ/WI non-sec access to sec interruptsJens Wiklander
Treat non-secure accesses to registers and bits in registers of secure interrupts as RAZ/WI. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Message-id: 1464273945-2055-1-git-send-email-jens.wiklander@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06hw/arm/virt: fix limit of 64-bit ACPI/ECAM PCI MMIO rangeArd Biesheuvel
Set the MMIO range limit field to 'base + size - 1' as required. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1463856217-17969-1-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06target-arm: Don't try to set ESR IL bit in arm_cpu_do_interrupt_aarch64()Peter Maydell
Remove some incorrect code from arm_cpu_do_interrupt_aarch64() which attempts to set the IL bit in the syndrome register based on the value of env->thumb. This is wrong in several ways: * IL doesn't indicate Thumb-vs-ARM, it indicates instruction length (which may be 16 or 32 for Thumb and is always 32 for ARM) * not every syndrome format uses IL like this -- for some IL is always set, and for some it is always clear * the code is changing esr_el[new_el] even for interrupt entry, which is not supposed to modify ESR_ELx at all Delete the code, and instead rely on the syndrome value in env->exception.syndrome having already been set up with the correct value of IL. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1463487258-27468-3-git-send-email-peter.maydell@linaro.org
2016-06-06target-arm: Set IL bit in syndromes for insn abort, watchpoint, swstepPeter Maydell
For some exception syndrome types, the IL bit should always be set. This includes the instruction abort, watchpoint and software step syndrome types; add the missing ARM_EL_IL bit to the syndrome values returned by syn_insn_abort(), syn_swstep() and syn_watchpoint(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1463487258-27468-2-git-send-email-peter.maydell@linaro.org
2016-06-06target-arm: A64: Create Instruction Syndromes for Data AbortsEdgar E. Iglesias
Add support for generating the ISS (Instruction Specific Syndrome) for Data Abort exceptions taken from AArch64. These syndromes are used by hypervisors for example to trap and emulate memory accesses. We save the decoded data out-of-band with the TBs at translation time. When exceptions hit, the extra data attached to the TB is used to recreate the state needed to encode instruction syndromes. This avoids the need to emit moves with every load/store. Based on a suggestion from Peter Maydell. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1462464601-10888-2-git-send-email-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06target-arm: Add the HSTR_EL2 registerAlistair Francis
Add the Hypervisor System Trap Register for EL2. This register is used early in the Linux boot and without it the kernel aborts with a "Synchronous Abort" error. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: ea5aae4b10283de4705b864fe9d4bd2eaddaacae.1463174342.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into stagingPeter Maydell
readdir_r() to readdir() conversion, various minor cleanups # gpg: Signature made Mon 06 Jun 2016 10:52:52 BST # gpg: using DSA key 0x02FC3AEB0101DBC2 # gpg: Good signature from "Greg Kurz <gkurz@fr.ibm.com>" # gpg: aka "Greg Kurz <groug@free.fr>" # gpg: aka "Greg Kurz <gkurz@linux.vnet.ibm.com>" # gpg: aka "Gregory Kurz (Groug) <groug@free.fr>" # gpg: aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>" # gpg: aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2 * remotes/gkurz/tags/for-upstream: 9p: switch back to readdir() 9p: add locking to V9fsDir 9p: introduce the V9fsDir type 9p: drop useless out: label 9p: drop useless inclusion of hw/i386/pc.h 9p/fsdev: remove obsolete references to virtio 9p: some more cleanup in #include directives Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160606-1' into ↵Peter Maydell
staging virtio-gpu: scanout fix, live migration support vmsvga: security fixes # gpg: Signature made Mon 06 Jun 2016 08:05:00 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20160606-1: virtio-gpu: add live migration support vmsvga: don't process more than 1024 fifo commands at once vmsvga: shadow fifo registers vmsvga: add more fifo checks vmsvga: move fifo sanity checks to vmsvga_fifo_length virtio-gpu: fix scanout rectangles Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06scsi-disk: fix reads from scsi-disk devicesMark Cave-Ayland
Commit fcaafb1001b9c42817714dd3b2aadcfdb997b53d accidentally broke reads from scsi-disk devices when being updated from its original form to use the new byte-based block functions. Add the extra missing sector to offset conversion in order to restore read functionality. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1464931021-25117-1-git-send-email-mark.cave-ayland@ilande.co.uk Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20160606-1' ↵Peter Maydell
into staging audio: pa volume fix, some qomifying. # gpg: Signature made Mon 06 Jun 2016 08:01:21 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-audio-20160606-1: hw/audio: QOM'ify milkymist-ac97.c hw/audio: QOM'ify intel-hda hw/audio: QOM cleanup for intel-hda hw/audio: QOM'ify cs4231.c audio: pa: Set volume of recording stream instead of recording device Signed-off-by: Peter Maydell <peter.maydell@linaro.org>