aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-17ppc/spapr: Fix FWNMI machine check interrupt deliveryNicholas Piggin
FWNMI machine check delivery misses a few things that will make it fail with TCG at least (which we would like to allow in future to improve testing). It's not nice to scatter interrupt delivery logic around the tree, so move it to excp_helper.c and share code where possible. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200316142613.121089-5-npiggin@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17ppc/spapr: Add FWNMI System Reset stateNicholas Piggin
The FWNMI option must deliver system reset interrupts to their registered address, and there are a few constraints on the handler addresses specified in PAPR. Add the system reset address state and checks. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200316142613.121089-4-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviwed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17ppc/spapr: Change FWNMI namesNicholas Piggin
The option is called "FWNMI", and it involves more than just machine checks, also machine checks can be delivered without the FWNMI option, so re-name various things to reflect that. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200316142613.121089-3-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17ppc/spapr: Fix FWNMI machine check failure handlingNicholas Piggin
ppc_cpu_do_system_reset delivers a system rreset interrupt to the guest, which is certainly not what is intended here. Panic the guest like other failure cases here do. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200316142613.121089-2-npiggin@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17spapr: Rename DT functions to newer naming conventionDavid Gibson
In the spapr code we've been gradually moving towards a convention that functions which create pieces of the device tree are called spapr_dt_*(). This patch speeds that along by renaming most of the things that don't yet match that so that they do. For now we leave the *_dt_populate() functions which are actual methods used in the DRCClass::dt_populate method. While we're there we remove a few comments that don't really say anything useful. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org>
2020-03-17spapr: Move creation of ibm,architecture-vec-5 propertyDavid Gibson
This is currently called from spapr_dt_cas_updates() which is a hang over from when we created this only as a diff to the DT at CAS time. Now that we fully rebuild the DT at CAS time, just create it along with the rest of the properties in /chosen. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17spapr: Move creation of ibm,dynamic-reconfiguration-memory dt nodeDavid Gibson
Currently this node with information about hotpluggable memory is created from spapr_dt_cas_updates(). But that's just a hangover from when we created it only as a diff to the device tree at CAS time. Now that we fully rebuild the DT as CAS time, it makes more sense to create this along with the rest of the memory information in the device tree. So, move it to spapr_populate_memory(). The patch is huge, but it's nearly all just code motion. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17spapr/rtas: Reserve space for RTAS blob and logAlexey Kardashevskiy
At the moment SLOF reserves space for RTAS and instantiates the RTAS blob which is 20 bytes binary blob calling an hypercall. The rest of the RTAS area is a log which SLOF has no idea about but QEMU does. This moves RTAS sizing to QEMU and this overrides the size from SLOF. The only remaining problem is that SLOF copies the number of bytes it reserved (2KB for now) so QEMU needs to reserve at least this much; SLOF will be fixed separately to check that rtas-size from QEMU is enough for those 20 bytes for the H_RTAS hcall. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Message-Id: <20200316011841.99970-1-aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17pseries: Update SLOF firmware imageAlexey Kardashevskiy
This mainly fixes virtio-serial with and without enabled iommu-platform. The full list of changes is: Alexey Kardashevskiy (3): llfw: Fix debug printf warnings virtio-serial: Close device completely version: update to 20200312 Cédric Le Goater (1): virtio: Fix typo in virtio_serial_init() Greg Kurz (2): virtio-serial: Don't override some words virtio-serial: Rework shutdown sequence Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17ppc/spapr: Move GPRs setup to one placeAlexey Kardashevskiy
At the moment "pseries" starts in SLOF which only expects the FDT blob pointer in r3. As we are going to introduce a OpenFirmware support in QEMU, we will be booting OF clients directly and these expect a stack pointer in r1, Linux looks at r3/r4 for the initramdisk location (although vmlinux can find this from the device tree but zImage from distro kernels cannot). This extends spapr_cpu_set_entry_state() to take more registers. This should cause no behavioral change. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Message-Id: <20200310050733.29805-2-aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17target/ppc: Fix rlwinm on ppc64Vitaly Chikunov
rlwinm cannot just AND with Mask if shift value is zero on ppc64 when Mask Begin is greater than Mask End and high bits are set to 1. Note that PowerISA 3.0B says that for `rlwinm' ROTL32 is used, and ROTL32 is defined (in 3.3.14) so that rotated value should have two copies of lower word of the source value. This seems to be another incarnation of the fix from 820724d170 ("target-ppc: Fix rlwimi, rlwinm, rlwnm again"), except I leave optimization when Mask value is less than 32 bits. Fixes: 7b4d326f47 ("target-ppc: Use the new deposit and extract ops") Cc: qemu-stable@nongnu.org Signed-off-by: Vitaly Chikunov <vt@altlinux.org> Message-Id: <20200309204557.14836-1-vt@altlinux.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17spapr/xive: use SPAPR_IRQ_IPI to define IPI ranges exposed to the guestCédric Le Goater
The "ibm,xive-lisn-ranges" defines ranges of interrupt numbers that the guest can use to configure IPIs. It starts at 0 today but it could change to some other offset. Make clear which IRQ range we are exposing by using SPAPR_IRQ_IPI in the property definition. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20200306123307.1348-1-clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Convert debug fprintf() to trace eventPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-8-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Prevent buffer overflowPhilippe Mathieu-Daudé
Depending on the length of sense data, vscsi_send_rsp() can overrun the buffer size. Do not copy more than SRP_MAX_IU_DATA_LEN bytes, and assert that vscsi_send_iu() is always called with a size in range. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-7-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer sizePhilippe Mathieu-Daudé
The 'union srp_iu' is meant as a pointer to any SRP Information Unit type, it is not related to the size of a VIO DMA buffer. Use a plain buffer for the VIO DMA read/write calls. We can remove the reserved buffer from the 'union srp_iu'. This issue was noticed when replacing the zero-length arrays from hw/scsi/srp.h with flexible array member, 'clang -fsanitize=undefined' reported: hw/scsi/spapr_vscsi.c:69:29: error: field 'iu' with variable sized type 'union viosrp_iu' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] union viosrp_iu iu; ^ Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-6-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Introduce req_iu() helperPhilippe Mathieu-Daudé
Introduce the req_iu() helper which returns a pointer to the viosrp_iu union held in the vscsi_req structure. This simplifies the next patch. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-5-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Simplify a bitPhilippe Mathieu-Daudé
We already have a 'iu' pointer, use it (this simplifies the next commit). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-4-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/spapr_vscsi: Use SRP_MAX_IU_LEN instead of sizeof flexible arrayPhilippe Mathieu-Daudé
Replace sizeof() flexible arrays union srp_iu/viosrp_iu by the SRP_MAX_IU_LEN definition, which is what this code actually meant to use. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-3-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17hw/scsi/viosrp: Add missing 'hw/scsi/srp.h' includePhilippe Mathieu-Daudé
This header use the srp_* structures declared in "hw/scsi/srp.h". Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-2-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17spapr: Clean up RMA size calculationDavid Gibson
Move the calculation of the Real Mode Area (RMA) size into a helper function. While we're there clean it up and correct it in a few ways: * Add comments making it clearer where the various constraints come from * Remove a pointless check that the RMA fits within Node 0 (we've just clamped it so that it does) Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-16via-ide: always use legacy IRQ 14/15 routingMark Cave-Ayland
The existing code uses fixed PCI IRQ routing on IRQ 14 rather than legacy IRQ 14/15 routing as documented in the datasheet. With the changes in this patchset guest OSs now correctly detect and configure the VIA controller in legacy IRQ routing mode, allowing the incorrect fixed PCI IRQ routing to be removed. Note that this fixed legacy IRQ 14/15 routing is identical to similar behaviour in the early PIIX IDE controllers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200313082444.2439-8-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16via-ide: allow guests to write to PCI_CLASS_PROGMark Cave-Ayland
MorphOS writes to PCI_CLASS_PROG during IDE initialisation to place the controller in native mode, but thinks the initialisation has failed because the native mode bits aren't set when reading the register back. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200313082444.2439-7-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16via-ide: initialise IDE controller in legacy modeMark Cave-Ayland
According to both the VT82C686B and VT8231 datasheets the VIA Southbridge IDE controller is initialised in legacy mode. This allows Linux to correctly determine that legacy rather than PCI IRQ routing should be used since the boot console text in the fulong2e test image changes from: scsi0 : pata_via scsi1 : pata_via ata1: PATA max UDMA/100 cmd 0xffffffffbfd04050 ctl 0xffffffffbfd04062 \ bmdma 0xffffffffbfd04040 irq 14 ata2: PATA max UDMA/100 cmd 0xffffffffbfd04058 ctl 0xffffffffbfd04066 \ bmdma 0xffffffffbfd04048 irq 14 to: scsi0 : pata_via scsi1 : pata_via ata1: PATA max UDMA/100 cmd 0xffffffffbfd001f0 ctl 0xffffffffbfd003f6 \ bmdma 0xffffffffbfd04040 irq 14 ata2: PATA max UDMA/100 cmd 0xffffffffbfd00170 ctl 0xffffffffbfd00376 \ bmdma 0xffffffffbfd04048 irq 15 Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200313082444.2439-6-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16via-ide: ensure that PCI_INTERRUPT_LINE is hard-wired to its default valueMark Cave-Ayland
Some firmwares accidentally write to PCI_INTERRUPT_LINE on startup which has no effect on real hardware since it is hard-wired to its default value, but causes the guest OS to become confused trying to initialise IDE devices when running under QEMU. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200313082444.2439-5-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16pci: Honour wmask when resetting PCI_INTERRUPT_LINEBALATON Zoltan
The pci_do_device_reset() function (called from pci_device_reset) clears the PCI_INTERRUPT_LINE config reg of devices on the bus but did this without taking wmask into account. We'll have a device model now that needs to set a constant value for this reg and this patch allows to do that without additional workaround in device emulation to reverse the effect of this PCI bus reset function. Suggested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 20200313082444.2439-4-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16ide/via: Get rid of via_ide_init()BALATON Zoltan
Follow example of CMD646 and remove via_ide_init function and do it directly in board code instead. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 20200313082444.2439-3-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16via-ide: move registration of VMStateDescription to DeviceClassMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200313082444.2439-2-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
2020-03-16target/riscv: Fix VS mode interrupts forwarding.Rajnesh Kanwal
Currently riscv_cpu_local_irq_pending is used to find out pending interrupt and VS mode interrupts are being shifted to represent S mode interrupts in this function. So when the cause returned by this function is passed to riscv_cpu_do_interrupt to actually forward the interrupt, the VS mode forwarding check does not work as intended and interrupt is actually forwarded to hypervisor. This patch fixes this issue. Signed-off-by: Rajnesh Kanwal <rajnesh.kanwal49@gmail.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-16gitlab-ci.yml: Add jobs to build OpenSBI firmware binariesBin Meng
Add two GitLab jobs to build the OpenSBI firmware binaries. The first job builds a Docker image with the packages requisite to build OpenSBI, and stores this image in the GitLab registry. The second job pulls the image from the registry and builds the OpenSBI firmware binaries. The docker image is only rebuilt if the GitLab YAML or the Dockerfile is updated. The second job is only built when the roms/opensbi/ submodule is updated, when a git-ref starts with 'opensbi' or when the last commit contains 'OpenSBI'. The files generated are archived in the artifacts.zip file. With OpenSBI v0.6, it took 2 minutes 56 seconds to build the docker image, and 1 minute 24 seconds to generate the artifacts.zip with the firmware binaries (filesize: 111KiB). See: https://gitlab.com/lbmeng/qemu/pipelines/120520138 Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-16riscv: sifive_u: Update BIOS_FILENAME for 32-bitBin Meng
Update BIOS_FILENAME to consider 32-bit bios image file name. Tested booting Linux v5.5 32-bit image (built from rv32_defconfig plus CONFIG_SOC_SIFIVE) with the default 32-bit bios image. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-16roms: opensbi: Add 32-bit firmware image for sifive_u machineBin Meng
Although the real world SiFive HiFive Unleashed board is a 64-bit hardware configuration, with QEMU it is possible to test 32-bit configuration with the same hardware features. This updates the roms Makefile to add the build rules for creating the 32-bit OpenSBI firmware image for sifive_u machine. A pre-built OpenSBI v0.6 image has been added as the default bios for 32-bit sifive_u machine. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-16roms: opensbi: Upgrade from v0.5 to v0.6Bin Meng
Upgrade OpenSBI from v0.5 to v0.6 and the pre-built bios images. The v0.6 release includes the following commits: dd8ef28 firmware: Fix compile error for FW_PAYLOAD with latest GCC binutils 98f4a20 firmware: Introduce relocation lottery f728a0b include: Sync-up encoding with priv v1.12-draft and hypervisor v0.5-draft 18897aa include: Use _UL() and _ULL() for defines in riscv_encoding.h 7a13beb firmware: Add preferred boot HART field in struct fw_dynamic_info 215421c lib: Remove date and time from init message 838657c include: Remove ilen member of struct unpriv_trap b1d8c98 lib: No need to set VSSTATUS.MXR bit in get_insn() 0e1322b lib: Better naming of unpriv APIs for wider use 75f903d lib: Simplify trap parameters in sbi_ecall functions c96cc03 lib: Fix CPU capabilities detection function ab14f94 lib: Fix probe extension 813f7f4 lib: Add error detection for misa_extension dc40042 include: sbi_platform: fix compilation for GCC-9 bd732ae include: Add guest external interrupt related defines 6590a7d lib: Delegate guest page faults to HS-mode 4370f18 include: Extend struct sbi_trap_info for mtval2 and mtinst 086dbdf lib: Fix sbi_get_insn() for load guest page fault 2be424b lib: Extend trap redirection for hypervisor v0.5 spec 7219477 lib: Use MTINST CSR in misaligned load/store emulation b8732fe lib: Add replacement extension and function ids aa0ed1d lib: Remove redundant IPI types 1092663 lib: Add TIME extension in SBI 9777aee lib: Add IPI extension in SBI 9407202 lib: Add hfence instruction encoding 331ff6a lib: Support stage1 and stage2 tlb flushing 86a31f5 lib: Implement RFENCE extension c7d1b12 firmware: Return real DTB address when FW_xyz_FDT_ADDR is not defined 9beb573 firmware: Improve comments for fw_prev_arg1() and fw_next_arg1() fc6bd90 docs: Improve docs for FDT address passing 46a90d9 lib: utils: Support CLINT with 32bit MMIO access on RV64 system c0849cd platform: Add T-head C910 initial support e746673 lib: Remove unnecessary checks from init_coldboot() and init_warmboot() c3e406f lib: Add initial sbi_exit() API 55e191e lib: Add system early_exit and final_exit APIs 6469ed1 lib: Add timer exit API b325f6b lib: Add ipi exit API 1993182 lib: Add irqchip exit API 2aa43a1 lib: save/restore MIE CSR in sbi_hart_wait_for_coldboot() b0c9787 lib: do sbi_exit() upon halt IPI 15ed1e7 lib: improve system reboot and shutdown implementation 73c19e6 lib: zero-out memory allocated using sbi_scratch_alloc_offset() a67fd68 lib: Add sbi_init_count() API 049ad0b build: Use -ffreestanding e340bbf include: Add OPENSBI_EXTERNAL_SBI_TYPES in sbi_types.h b28b8ac docs: Add description of using OPENSBI_EXTERNAL_SBI_TYPES adf8b73 platform: thead/c910: Remove SBI_PLATFORM_HAS_PMP f95dd39 docs: platform: Update SiFive FU540 doc as-per U-Boot v2020.01 6ffe1be firmware: Fix placement of .align directives 7daccae platform: thead/c910: Don't enable L2 cache in warm boot a73d45c platform: thead/c910: Don't set plic/clint address in warm boot 30cdf00 scripts: Add C910 to platform list in the binary archive script 0492c5d include: Typo fix in comment for SBI_SCRATCH_SIZE define 046cc16 lib: Move struct sbi_ipi_data definition to sbi_ipi.c 3d2aaac lib: Introduce sbi_ipi_send_smode() API da9b76b lib: Introduce sbi_ipi_send_halt() API a8b4b83 lib: Introduce sbi_tlb_fifo_request() API 5f762d1 lib: Introduce sbi_ipi_event_create/destroy() APIs 817d50d lib: Drop _fifo from the name of various sbi_tlb_fifo_xyz() functions 84cd4fc lib: Initialize TLB management directly from coldboot/warmboot path 0a411bf include: Add generic and simple list handling APIs 37923c4 lib: Add dynamic registration of SBI extensions 7668502 lib: Factor-out SBI legacy extension 161b348 lib: Factor-out SBI replacement extensions 43ac621 lib: Factor-out SBI vendor extension 021b9e7 lib: Factor-out SBI base extension 85647a1 platform: template: typo fix in system reboot/shutdown names ac1c229 platform: Update UART base addresses for qemu/sifve_u d79173b platform: Add an platform ops to return platform specific tlb flush limit 2c2bbe7 platform: sifive/fu540: Set tlb range flush limit to zero 5ff1ab0 makefile: add support for building on macOS 6d0b4c5 platform: Drop qemu/sifive_u support 9a717ec platform: sifive: fu540: Add platform specific 'make run' cmd d6fa7f9 doc: sifive: fu540: Update QEMU instruction when using U-Boot as the payload 179edde lib: sbi_scratch: use bitwise ops in sbi_scratch_alloc_offset() 897b8fb lib: Use __builtin_ctzl() in pmp_get() 1a8ca08 lib: Initialize out value in SBI calls c2bfa2b lib: irqchip/plic: Disable all contexts and IRQs c2f23cc platform: Add Spike initial support a062200 platform: Remove stale options from config.mk files c03c8a1 scripts: Add Spike to platform list of binary archive script 29bb2a6 docs: platform: Add documentation for Spike platform 48b06ad ThirdPartyNotices: Fix doc styles 892e879 doc: coreboot: Fix doc styles fdfb533 doc: payload_linux: Fix doc styles 44d1296 doc: andes-ae350: Fix doc styles a8ef0b5 doc: ariane-fpga: Fix doc styles 82fd42f doc: qemu_virt: Fix doc styles f8ce996 doc: sifive_fu540: Fix doc styles 27a5c7f doc: thead-c910: Fix doc styles 0b41453 Revert "lib: Use __builtin_ctzl() in pmp_get()" c66543d lib: utils: htif: Fix 32-bit build bc874e3 lib: Don't check MIDELEG and MEDELEG at end of delegate_traps() 24c3082 lib: Print interrupt and exception delegation in boot prints 66fb729 platform: sifive: fu540: Add 32-bit specific fdt/payload addresses 3e7d666 platform: qemu: virt: Correct the typo in config.mk c3b3b8f lib: Fix typo in atomic exchange functions 3936243 lib: Use available hart mask for correct hbase value f8b3bb8 lib: Simplify the for-loop in sbi_ipi_send_many() ac5e821 include: Bump-up version to 0.6 Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-16target/riscv: Correctly implement TSR trapAlistair Francis
As reported in: https://bugs.launchpad.net/qemu/+bug/1851939 we weren't correctly handling illegal instructions based on the value of MSTATUS_TSR and the current privledge level. This patch fixes the issue raised in the bug by raising an illegal instruction if TSR is set and we are in S-Mode. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Jonathan Behrens <jonathan@fintelia.io Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-03-17spapr: Don't clamp RMA to 16GiB on new machine typesDavid Gibson
In spapr_machine_init() we clamp the size of the RMA to 16GiB and the comment saying why doesn't make a whole lot of sense. In fact, this was done because the real mode handling code elsewhere limited the RMA in TCG mode to the maximum value configurable in LPCR[RMLS], 16GiB. But, * Actually LPCR[RMLS] has been able to encode a 256GiB size for a very long time, we just didn't implement it properly in the softmmu * LPCR[RMLS] shouldn't really be relevant anyway, it only was because we used to abuse the RMOR based translation mode in order to handle the fact that we're not modelling the hypervisor parts of the cpu We've now removed those limitations in the modelling so the 16GiB clamp no longer serves a function. However, we can't just remove the limit universally: that would break migration to earlier qemu versions, where the 16GiB RMLS limit still applies, no matter how bad the reasons for it are. So, we replace the 16GiB clamp, with a clamp to a limit defined in the machine type class. We set it to 16 GiB for machine types 4.2 and earlier, but set it to 0 meaning unlimited for the new 5.0 machine type. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17spapr: Don't attempt to clamp RMA to VRMA constraintDavid Gibson
The Real Mode Area (RMA) is the part of memory which a guest can access when in real (MMU off) mode. Of course, for a guest under KVM, the MMU isn't really turned off, it's just in a special translation mode - Virtual Real Mode Area (VRMA) - which looks like real mode in guest mode. The mechanics of how this works when using the hash MMU (HPT) put a constraint on the size of the RMA, which depends on the size of the HPT. So, the latter part of spapr_setup_hpt_and_vrma() clamps the RMA we advertise to the guest based on this VRMA limit. There are several things wrong with this: 1) spapr_setup_hpt_and_vrma() doesn't actually clamp, it takes the minimum of Node 0 memory size and the VRMA limit. That will *often* work the same as clamping, but there can be other constraints on RMA size which supersede Node 0 memory size. We have real bugs caused by this (currently worked around in the guest kernel) 2) Some callers of spapr_setup_hpt_and_vrma() are in a situation where we're past the point that we can actually advertise an RMA limit to the guest 3) But most fundamentally, the VRMA limit depends on host configuration (page size) which shouldn't be visible to the guest, but this partially exposes it. This can cause problems with migration in certain edge cases, although we will mostly get away with it. In practice, this clamping is almost never applied anyway. With 64kiB pages and the normal rules for sizing of the HPT, the theoretical VRMA limit will be 4x(guest memory size) and so never hit. It will hit with 4kiB pages, where it will be (guest memory size)/4. However all mainstream distro kernels for POWER have used a 64kiB page size for at least 10 years. So, simply replace this logic with a check that the RMA we've calculated based only on guest visible configuration will fit within the host implied VRMA limit. This can break if running HPT guests on a host kernel with 4kiB page size. As noted that's very rare. There also exist several possible workarounds: * Change the host kernel to use 64kiB pages * Use radix MMU (RPT) guests instead of HPT * Use 64kiB hugepages on the host to back guest memory * Increase the guest memory size so that the RMA hits one of the fixed limits before the RMA limit. This is relatively easy on POWER8 which has a 16GiB limit, harder on POWER9 which has a 1TiB limit. * Use a guest NUMA configuration which artificially constrains the RMA within the VRMA limit (the RMA must always fit within Node 0). Previously, on KVM, we also temporarily reduced the rma_size to 256M so that the we'd load the kernel and initrd safely, regardless of the VRMA limit. This was a) confusing, b) could significantly limit the size of images we could load and c) introduced a behavioural difference between KVM and TCG. So we remove that as well. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17spapr,ppc: Simplify signature of kvmppc_rma_size()David Gibson
This function calculates the maximum size of the RMA as implied by the host's page size of structure of the VRMA (there are a number of other constraints on the RMA size which will supersede this one in many circumstances). The current interface takes the current RMA size estimate, and clamps it to the VRMA derived size. The only current caller passes in an arguably wrong value (it will match the current RMA estimate in some but not all cases). We want to fix that, but for now just keep concerns separated by having the KVM helper function just return the VRMA derived limit, and let the caller combine it with other constraints. We call the new function kvmppc_vrma_limit() to more clearly indicate its limited responsibility. The helper should only ever be called in the KVM enabled case, so replace its !CONFIG_KVM stub with an assert() rather than a dummy value. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cedric Le Goater <clg@fr.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17spapr: Don't use weird units for MIN_RMA_SLOFDavid Gibson
MIN_RMA_SLOF records the minimum about of RMA that the SLOF firmware requires. It lets us give a meaningful error if the RMA ends up too small, rather than just letting SLOF crash. It's currently stored as a number of megabytes, which is strange for global constants. Move that megabyte scaling into the definition of the constant like most other things use. Change from M to MiB in the associated message while we're at it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Don't store VRMA SLBE persistentlyDavid Gibson
Currently, we construct the SLBE used for VRMA translations when the LPCR is written (which controls some bits in the SLBE), then use it later for translations. This is a bit complex and confusing - simplify it by simply constructing the SLBE directly from the LPCR when we need it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Only calculate RMLS derived RMA limit on demandDavid Gibson
When the LPCR is written, we update the env->rmls field with the RMA limit it implies. Simplify things by just calculating the value directly from the LPCR value when we need it. It's possible this is a little slower, but it's unlikely to be significant, since this is only for real mode accesses in a translation configuration that's not used very often, and the whole thing is behind the qemu TLB anyway. Therefore, keeping the number of state variables down and not having to worry about making sure it's always in sync seems the better option. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Correct RMLS tableDavid Gibson
The table of RMA limits based on the LPCR[RMLS] field is slightly wrong. We're missing the RMLS == 0 => 256 GiB RMA option, which is available on POWER8, so add that. The comment that goes with the table is much more wrong. We *don't* filter invalid RMLS values when writing the LPCR, and there's not really a sensible way to do so. Furthermore, while in theory the set of RMLS values is implementation dependent, it seems in practice the same set has been available since around POWER4+ up until POWER8, the last model which supports RMLS at all. So, correct that as well. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17target/ppc: Streamline calculation of RMA limit from LPCR[RMLS]David Gibson
Currently we use a big switch statement in ppc_hash64_update_rmls() to work out what the right RMA limit is based on the LPCR[RMLS] field. There's no formula for this - it's just an arbitrary mapping defined by the existing CPU implementations - but we can make it a bit more readable by using a lookup table rather than a switch. In addition we can use the MiB/GiB symbols to make it a bit clearer. While there we add a bit of clarity and rationale to the comment about what happens if the LPCR[RMLS] doesn't contain a valid value. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Use class fields to simplify LPCR maskingDavid Gibson
When we store the Logical Partitioning Control Register (LPCR) we have a big switch statement to work out which are valid bits for the cpu model we're emulating. As well as being ugly, this isn't really conceptually correct, since it is based on the mmu_model variable, whereas the LPCR isn't (only) about the MMU, so mmu_model is basically just acting as a proxy for the cpu model. Handle this in a simpler way, by adding a suitable lpcr_mask to the QOM class. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Remove RMOR register from POWER9 & POWER10David Gibson
Currently we create the Real Mode Offset Register (RMOR) on all Book3S cpus from POWER7 onwards. However the translation mode which the RMOR controls is no longer supported in POWER9, and so the register has been removed from the architecture. Remove it from our model on POWER9 and POWER10. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17spapr, ppc: Remove VPM0/RMLS hacks for POWER9David Gibson
For the "pseries" machine, we use "virtual hypervisor" mode where we only model the CPU in non-hypervisor privileged mode. This means that we need guest physical addresses within the modelled cpu to be treated as absolute physical addresses. We used to do that by clearing LPCR[VPM0] and setting LPCR[RMLS] to a high limit so that the old offset based translation for guest mode applied, which does what we need. However, POWER9 has removed support for that translation mode, which meant we had some ugly hacks to keep it working. We now explicitly handle this sort of translation for virtual hypervisor mode, so the hacks aren't necessary. We don't need to set VPM0 and RMLS from the machine type code - they're now ignored in vhyp mode. On the cpu side we don't need to allow LPCR[RMLS] to be set on POWER9 in vhyp mode - that was only there to allow the hack on the machine side. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17target/ppc: Introduce ppc_hash64_use_vrma() helperDavid Gibson
When running guests under a hypervisor, the hypervisor obviously needs to be protected from guest accesses even if those are in what the guest considers real mode (translation off). The POWER hardware provides two ways of doing that: The old way has guest real mode accesses simply offset and bounds checked into host addresses. It works, but requires that a significant chunk of the guest's memory - the RMA - be physically contiguous in the host, which is pretty inconvenient. The new way, known as VRMA, has guest real mode accesses translated in roughly the normal way but with some special parameters. In POWER7 and POWER8 the LPCR[VPM0] bit selected between the two modes, but in POWER9 only VRMA mode is supported and LPCR[VPM0] no longer exists. We handle that difference in behaviour in ppc_hash64_set_isi().. but not in other places that we blindly check LPCR[VPM0]. Correct those instances with a new helper to tell if we should be in VRMA mode. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17target/ppc: Correct handling of real mode accesses with vhyp on hash MMUDavid Gibson
On ppc we have the concept of virtual hypervisor ("vhyp") mode, where we only model the non-hypervisor-privileged parts of the cpu. Essentially we model the hypervisor's behaviour from the point of view of a guest OS, but we don't model the hypervisor's execution. In particular, in this mode, qemu's notion of target physical address is a guest physical address from the vcpu's point of view. So accesses in guest real mode don't require translation. If we were modelling the hypervisor mode, we'd need to translate the guest physical address into a host physical address. Currently, we handle this sloppily: we rely on setting up the virtual LPCR and RMOR registers so that GPAs are simply HPAs plus an offset, which we set to zero. This is already conceptually dubious, since the LPCR and RMOR registers don't exist in the non-hypervisor portion of the CPU. It gets worse with POWER9, where RMOR and LPCR[VPM0] no longer exist at all. Clean this up by explicitly handling the vhyp case. While we're there, remove some unnecessary nesting of if statements that made the logic to select the correct real mode behaviour a bit less clear than it could be. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17ppc: Remove stub of PPC970 HID4 implementationDavid Gibson
The PowerPC 970 CPU was a cut-down POWER4, which had hypervisor capability. However, it can be (and often was) strapped into "Apple mode", where the hypervisor capabilities were disabled (essentially putting it always in hypervisor mode). That's actually the only mode of the 970 we support in qemu, and we're unlikely to change that any time soon. However, we do have a partial implementation of the 970's HID4 register which affects things only relevant for hypervisor mode. That stub is also really ugly, since it attempts to duplicate the effects of HID4 by re-encoding it into the LPCR register used in newer CPUs, but in a really confusing way. Just get rid of it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>
2020-03-17ppc: Remove stub support for 32-bit hypervisor modeDavid Gibson
a4f30719a8cd, way back in 2007 noted that "PowerPC hypervisor mode is not fundamentally available only for PowerPC 64" and added a 32-bit version of the MSR[HV] bit. But nothing was ever really done with that; there is no meaningful support for 32-bit hypervisor mode 13 years later. Let's stop pretending and just remove the stubs. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-03-17hw/ppc/pnv: Fix typo in commentPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200228123303.14540-1-philmd@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-03-17spapr: Fix Coverity warning while validating nvdimm optionsShivaprasad G Bhat
Fixes Coverity issue, CID 1419883: Error handling issues (CHECKED_RETURN) Calling "qemu_uuid_parse" without checking return value nvdimm_set_uuid() already verifies if the user provided uuid is valid or not. So, need to check for the validity during pre-plug validation again. As this a false positive in this case, assert if not valid to be safe. Also, error_abort if QOM accessor encounters error while fetching the uuid property. Reported-by: Coverity (CID 1419883) Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com> Message-Id: <158281096564.89540.4507375445765515529.stgit@lep8c.aus.stglabs.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>