aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-03-15vhost: Add VhostIOVATreeEugenio Pérez
This tree is able to look for a translated address from an IOVA address. At first glance it is similar to util/iova-tree. However, SVQ working on devices with limited IOVA space need more capabilities, like allocating IOVA chunks or performing reverse translations (qemu addresses to iova). The allocation capability, as "assign a free IOVA address to this chunk of memory in qemu's address space" allows shadow virtqueue to create a new address space that is not restricted by guest's addressable one, so we can allocate shadow vqs vrings outside of it. It duplicates the tree so it can search efficiently in both directions, and it will signal overlap if iova or the translated address is present in any tree. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15util: add iova_tree_find_iovaEugenio Pérez
This function does the reverse operation of iova_tree_find: To look for a mapping that match a translated address so we can do the reverse. This have linear complexity instead of logarithmic, but it supports overlapping HVA. Future developments could reduce it. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15util: Add iova_tree_alloc_mapEugenio Pérez
This iova tree function allows it to look for a hole in allocated regions and return a totally new translation for a given translated address. It's usage is mainly to allow devices to access qemu address space, remapping guest's one into a new iova space where qemu can add chunks of addresses. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Shadow virtqueue buffers forwardingEugenio Pérez
Initial version of shadow virtqueue that actually forward buffers. There is no iommu support at the moment, and that will be addressed in future patches of this series. Since all vhost-vdpa devices use forced IOMMU, this means that SVQ is not usable at this point of the series on any device. For simplicity it only supports modern devices, that expects vring in little endian, with split ring and no event idx or indirect descriptors. Support for them will not be added in this series. It reuses the VirtQueue code for the device part. The driver part is based on Linux's virtio_ring driver, but with stripped functionality and optimizations so it's easier to review. However, forwarding buffers have some particular pieces: One of the most unexpected ones is that a guest's buffer can expand through more than one descriptor in SVQ. While this is handled gracefully by qemu's emulated virtio devices, it may cause unexpected SVQ queue full. This patch also solves it by checking for this condition at both guest's kicks and device's calls. The code may be more elegant in the future if SVQ code runs in its own iocontext. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vdpa: adapt vhost_ops callbacks to svqEugenio Pérez
First half of the buffers forwarding part, preparing vhost-vdpa callbacks to SVQ to offer it. QEMU cannot enable it at this moment, so this is effectively dead code at the moment, but it helps to reduce patch size. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15virtio: Add vhost_svq_get_vring_addrEugenio Pérez
It reports the shadow virtqueue address from qemu virtual address space. Since this will be different from the guest's vaddr, but the device can access it, SVQ takes special care about its alignment & lack of garbage data. It assumes that IOMMU will work in host_page_size ranges for that. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add vhost_svq_valid_features to shadow vqEugenio Pérez
This allows SVQ to negotiate features with the guest and the device. For the device, SVQ is a driver. While this function bypasses all non-transport features, it needs to disable the features that SVQ does not support when forwarding buffers. This includes packed vq layout, indirect descriptors or event idx. Future changes can add support to offer more features to the guest, since the use of VirtQueue gives this for free. This is left out at the moment for simplicity. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add Shadow VirtQueue call forwarding capabilitiesEugenio Pérez
This will make qemu aware of the device used buffers, allowing it to write the guest memory with its contents if needed. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add Shadow VirtQueue kick forwarding capabilitiesEugenio Pérez
At this mode no buffer forwarding will be performed in SVQ mode: Qemu will just forward the guest's kicks to the device. Host memory notifiers regions are left out for simplicity, and they will not be addressed in this series. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15vhost: Add VhostShadowVirtqueueEugenio Pérez
Vhost shadow virtqueue (SVQ) is an intermediate jump for virtqueue notifications and buffers, allowing qemu to track them. While qemu is forwarding the buffers and virtqueue changes, it is able to commit the memory it's being dirtied, the same way regular qemu's VirtIO devices do. This commit only exposes basic SVQ allocation and free. Next patches of the series add functionality like notifications and buffers forwarding. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-15virtio-net: fix map leaking on error during receiveJason Wang
Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") tries to fix the use after free of the sg by caching the virtqueue elements in an array and unmap them at once after receiving the packets, But it forgot to unmap the cached elements on error which will lead to leaking of mapping and other unexpected results. Fixing this by detaching the cached elements on error. This addresses CVE-2022-26353. Reported-by: Victor Tom <vv474172261@gmail.com> Cc: qemu-stable@nongnu.org Fixes: CVE-2022-26353 Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-03-14Merge tag 'i2c-20220314' of https://github.com/philmd/qemu into stagingPeter Maydell
I2C patch queue - Fix AT24 EEPROM partial write (Patrick Venture) # gpg: Signature made Mon 14 Mar 2022 13:50:01 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'i2c-20220314' of https://github.com/philmd/qemu: hw/nvram: at24 return 0xff if 1 byte address Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-14hw/nvram: at24 return 0xff if 1 byte addressPatrick Venture
The at24 eeproms are 2 byte devices that return 0xff when they are read from with a partial (1-byte) address written. This distinction was found comparing model behavior to real hardware testing. Tested: `i2ctransfer -f -y 45 w1@85 0 r1` returns 0xff instead of next byte Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20211220212137.1244511-1-venture@google.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-13Merge remote-tracking branch 'remotes/quic/tags/pull-hex-20220312-1' into ↵Peter Maydell
staging Hexagon bug fixes and additional tests Also includes a patch from Zongyuan Li <zongyuan.li@smartx.com> to remove an unused variable ******** Changes in v2 ******** Fix problems with build-user-hexagon CI job # gpg: Signature made Sat 12 Mar 2022 20:09:29 GMT # gpg: using RSA key 3635C788CE62B91FD4C59AB47B0244FB12DE4422 # gpg: Good signature from "Taylor Simpson (Rock on) <tsimpson@quicinc.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 3635 C788 CE62 B91F D4C5 9AB4 7B02 44FB 12DE 4422 * remotes/quic/tags/pull-hex-20220312-1: target/hexagon: remove unused variable Hexagon (target/hexagon) assignment to c4 should wait until packet commit Hexagon (target/hexagon) fix bug in conv_df2uw_chop Hexagon (tests/tcg/hexagon) fix inline asm in preg_alias.c Hexagon (tests/tcg/hexagon) update overflow test Hexagon (tests/tcg/hexagon) add floating point instructions to usr.c Hexagon (tests/tcg/hexagon) test instructions that might set bits in USR Hexagon (target/hexagon) properly handle NaN in dfmin/dfmax/sfmin/sfmax Hexagon (target/hexagon) properly handle denorm in arch_sf_recip_common Hexagon (target/hexagon) properly set FPINVF bit in sfcmp.uo and dfcmp.uo Hexagon HVX (target/hexagon) fix bug in HVX saturate instructions Hexagon (target/hexagon) fix bug in circular addressing Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-12target/hexagon: remove unused variableZongyuan Li
When building with clang version 13.0.0 (eg. Fedora 13.0.0-3.fc35), two unused variables introduced by macro GATHER_FUNCTION and SCATTER_FUNCTION will cause building process failure due to [-Werror -Wunused-variable]. Signed-off-by: Zongyuan Li <zongyuan.li@smartx.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/831 Message-Id: <20220124064339.56027-1-zongyuan.li@smartx.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
2022-03-12Hexagon (target/hexagon) assignment to c4 should wait until packet commitTaylor Simpson
On Hexagon, c4 is an alias for predicate registers P3:0. If we assign to c4 inside a packet with reads from predicate registers, the predicate reads should get the old values. Test case added to tests/tcg/hexagon/preg_alias.c Co-authored-by: Michael Lambert <mlambert@cuicinc.com> Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-13-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (target/hexagon) fix bug in conv_df2uw_chopTaylor Simpson
Fix typo that checked for 32 bit nan instead of 64 bit Test case added in tests/tcg/hexagon/usr.c Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-11-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (tests/tcg/hexagon) fix inline asm in preg_alias.cTaylor Simpson
Replace consecutive inline asm blocks with a single one with proper outputs/inputs/clobbers rather than making assumptions about register values being carried between separate blocks. Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-10-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (tests/tcg/hexagon) update overflow testTaylor Simpson
Add a test that sets USR multiple times in a packet Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-9-tsimpson@quicinc.com> Acked-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (tests/tcg/hexagon) add floating point instructions to usr.cTaylor Simpson
Tests to confirm floating point instructions are properly setting exception bits in USR Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-8-tsimpson@quicinc.com> Acked-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (tests/tcg/hexagon) test instructions that might set bits in USRTaylor Simpson
Hexagon has ~200 instructions that set the saturate bit in USR, these were broken into groups of similar instructions and one instruction from each group is tested with at least one input that does not saturate and at least one input that does saturate. Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-7-tsimpson@quicinc.com> Acked-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (target/hexagon) properly handle NaN in dfmin/dfmax/sfmin/sfmaxTaylor Simpson
The float??_minnum implementation differs from Hexagon for SNaN, it returns NaN, but Hexagon returns the other input. So, we use float??_minimum_number. Test cases added to tests/tcg/hexagon/fpstuff.c Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220308190410.22355-1-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (target/hexagon) properly handle denorm in arch_sf_recip_commonTaylor Simpson
The arch_sf_recip_common function was calling float32_getexp which adjusts for denorm, but the we actually need the raw exponent bits. This function is called from 3 instructions sfrecipa sffixupn sffixupd Test cases added to tests/tcg/hexagon/fpstuff.c Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-6-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (target/hexagon) properly set FPINVF bit in sfcmp.uo and dfcmp.uoTaylor Simpson
Instead of checking for nan arguments, use float??_unordered_quiet test cases added in a subsequent patch to more extensively test USR bits Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-4-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon HVX (target/hexagon) fix bug in HVX saturate instructionsTaylor Simpson
Two tests added to tests/tcg/hexagon/hvx_misc.c v21.uw = vadd(v11.uw, v10.uw):sat v25:24.uw = vsub(v17:16.uw, v27:26.uw):sat Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-3-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-12Hexagon (target/hexagon) fix bug in circular addressingMichael Lambert
Versions V3 and earlier should treat the "K_const" and "length" values as unsigned. Modified circ_test_v3() in tests/tcg/hexagon/circ.c to reproduce the bug Signed-off-by: Michael Lambert <mlambert@quicinc.com> Signed-off-by: Taylor Simpson <tsimpson@quicinc.com> Message-Id: <20220210021556.9217-2-tsimpson@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-03-10Merge remote-tracking branch ↵Peter Maydell
'remotes/mcayland/tags/q800-updates-for-7.0-20220309' into staging q800-updates-for-7.0 queue # gpg: Signature made Wed 09 Mar 2022 10:57:07 GMT # gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F # gpg: issuer "mark.cave-ayland@ilande.co.uk" # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full] # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/q800-updates-for-7.0-20220309: (22 commits) esp: recreate ESPState current_req after migration esp: include the current PDMA callback in the migration stream esp: convert ESPState pdma_cb from a function pointer to an integer esp: introduce esp_pdma_cb() function esp: introduce esp_set_pdma_cb() function macfb: set initial value of mode control registers in macfb_common_realize() macfb: add VMStateDescription fields for display type and VBL timer macfb: increase number of registers saved in MacfbState macfb: don't use special irq_state and irq_mask variables in MacfbState macfb: add VMStateDescription for MacfbNubusState and MacfbSysBusState macio/pmu.c: remove redundant code mos6522: implement edge-triggering for CA1/2 and CB1/2 control line IRQs mac_via: make SCSI_DATA (DRQ) bit live rather than latched mos6522: record last_irq_levels in mos6522_set_irq() mos6522: add "info via" HMP command for debugging mos6522: add register names to register read/write trace events mos6522: use device_class_set_parent_reset() to propagate reset to parent mos6522: remove update_irq() and set_sr_int() methods from MOS6522DeviceClass mos6522: switch over to use qdev gpios for IRQs mac_via: use IFR bit flag constants for VIA2 IRQs ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/philmd/tags/pmbus-20220308' into stagingPeter Maydell
I²C / SMBus / PMBus patches - Add some Renesas models - Add Titus Rwantare to MAINTAINERS # gpg: Signature made Tue 08 Mar 2022 18:11:46 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd/tags/pmbus-20220308: hw/sensor: add Renesas raa228000 device hw/sensor: add Renesas raa229004 PMBus device hw/sensor: add Intersil ISL69260 device model hw/i2c: Added linear mode translation for pmbus devices hw/i2c: pmbus: update MAINTAINERS hw/i2c: pmbus: refactor uint handling hw/i2c: pmbus: add PEC unsupported warning hw/i2c: pmbus: fix error returns and guard against out of range accesses hw/i2c: pmbus: add registers Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch ↵Peter Maydell
'remotes/lvivier-gitlab/tags/linux-user-for-7.0-pull-request' into staging linux-user pull request 20220308 deliver SIGTRAP on POWERPC_EXCP_TRAP remove stale "not threadsafe" comments # gpg: Signature made Tue 08 Mar 2022 15:02:14 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/lvivier-gitlab/tags/linux-user-for-7.0-pull-request: tests/tcg/ppc64le: change signal_save_restore_xer to use SIGTRAP linux-user/ppc: deliver SIGTRAP on POWERPC_EXCP_TRAP linux-user: Remove stale "not threadsafe" comments Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20220308' ↵Peter Maydell
into staging aspeed queue: * Fix for a potential memory leak * Aspeed SMC cleanups on the definition of the number of flash devices * New bletchley-bmc machine, AST2600 based # gpg: Signature made Tue 08 Mar 2022 08:19:25 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * remotes/legoater/tags/pull-aspeed-20220308: hw: aspeed_gpio: Cleanup stray semicolon after switch hw/arm/aspeed: add Bletchley machine type hw/arm/aspeed: allow missing spi_model hw/block: m25p80: Add support for w25q01jvq aspeed/smc: Fix error log aspeed/smc: Let the SSI core layer define the bus name aspeed/smc: Rename 'max_peripherals' to 'cs_num_max' aspeed/smc: Remove 'num_cs' field aspeed: Rework aspeed_board_init_flashes() interface aspeed/smc: Use max number of CE instead of 'num_cs' aspeed: Fix a potential memory leak bug in write_boot_rom() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-20220308' ↵Peter Maydell
into staging qemu-openbios queue # gpg: Signature made Tue 08 Mar 2022 08:05:09 GMT # gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F # gpg: issuer "mark.cave-ayland@ilande.co.uk" # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full] # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-20220308: roms/openbios: update OpenBIOS images to 0e0afae6 built from submodule Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2022-03-07' into ↵Peter Maydell
staging nbd patches for 2022-03-07 - Dan Berrange: Allow qemu-nbd to support TLS over Unix sockets - Eric Blake: Minor cleanups related to 64-bit block operations # gpg: Signature made Tue 08 Mar 2022 01:41:35 GMT # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2022-03-07: qemu-io: Allow larger write zeroes under no fallback qemu-io: Utilize 64-bit status during map nbd/server: Minor cleanups tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK tests/qemu-iotests: validate NBD TLS with UNIX sockets tests/qemu-iotests: validate NBD TLS with hostname mismatch tests/qemu-iotests: convert NBD TLS test to use standard filters tests/qemu-iotests: introduce filter for qemu-nbd export list tests/qemu-iotests: expand _filter_nbd rules tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file block/nbd: don't restrict TLS usage to IP sockets qemu-nbd: add --tls-hostname option for TLS certificate validation block/nbd: support override of hostname for TLS certificate validation block: pass desired TLS hostname through from block driver client crypto: mandate a hostname when checking x509 creds on a client Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-09esp: recreate ESPState current_req after migrationMark Cave-Ayland
Since PDMA reads/writes are driven by the guest, it is possible that migration can occur whilst a SCSIRequest is still active. Fortunately active SCSIRequests are already included in the migration stream and restarted post migration but this still leaves the reference in ESPState uninitialised. Implement the SCSIBusInfo .load_request callback to obtain a reference to the currently active SCSIRequest and use it to recreate ESPState current_req after migration. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-11-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: include the current PDMA callback in the migration streamMark Cave-Ayland
This involves (re)adding a PDMA-specific subsection to hold the reference to the current PDMA callback. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-10-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: convert ESPState pdma_cb from a function pointer to an integerMark Cave-Ayland
This prepares for the inclusion of the current PDMA callback in the migration stream since the callback is referenced by an integer instead of a function pointer. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-9-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: introduce esp_pdma_cb() functionMark Cave-Ayland
This function is to be used to execute the current PDMA callback rather than dereferencing the ESPState pdma_cb function pointer directly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-8-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09esp: introduce esp_set_pdma_cb() functionMark Cave-Ayland
This function is to be used to set the current PDMA callback rather than accessing the ESPState pdma_cb function pointer directly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-7-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: set initial value of mode control registers in macfb_common_realize()Mark Cave-Ayland
If booting Linux directly in the q800 machine using -kernel rather than using a MacOS toolbox ROM, the mode control registers are never initialised, causing macfb_mode_write() to fail to determine the current resolution after migration. Resolve this by always setting the initial values of the mode control registers based upon the initial macfb properties during realize. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-6-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: add VMStateDescription fields for display type and VBL timerMark Cave-Ayland
These fields are required in the migration stream to restore macfb state correctly. Note this is a migration break, but since there are upcoming incompatible changes for the q800 machine (and migration does not even succeed without these patches) then this is not an issue. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: increase number of registers saved in MacfbStateMark Cave-Ayland
The MacOS toolbox ROM accesses a number of addresses between 0x0 and 0x200 during initialisation and resolution changes. Whilst the function of many of these registers is unknown, it is worth the minimal cost of saving these extra values as part of migration to help future-proof the migration stream for the q800 machine as it starts to stabilise. Note this is a migration break, but since there are upcoming incompatible changes for the q800 machine (and migration does not even succeed without these patches) then this is not an issue. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-4-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: don't use special irq_state and irq_mask variables in MacfbStateMark Cave-Ayland
The current IRQ state and IRQ mask are handled exactly the same as standard register accesses, so store these values directly in the regs array rather than having separate variables for them. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macfb: add VMStateDescription for MacfbNubusState and MacfbSysBusStateMark Cave-Ayland
Currently when QEMU tries to migrate the macfb framebuffer it crashes randomly because the opaque provided by the DeviceClass vmsd property for both devices is set to MacfbState rather than MacfbNubusState or MacfbSysBusState as appropriate. Resolve the issue by adding new VMStateDescriptions for MacfbNubusState and MacfbSysBusState which embed the existing vmstate_macfb VMStateDescription within them using VMSTATE_STRUCT. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305155530.9265-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09macio/pmu.c: remove redundant codeMark Cave-Ayland
Now that the logic related to edge-triggered interrupts is all contained within the mos6522 device the redundant implementation for the mac99 PMU device can be removed. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-13-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: implement edge-triggering for CA1/2 and CB1/2 control line IRQsMark Cave-Ayland
The mos6522 datasheet describes how the control lines IRQs are edge-triggered according to the configuration in the PCR register. Implement the logic according to the datasheet so that the interrupt bits in IFR are latched when the edge is detected, and cleared when reading portA/portB or writing to IFR as necessary. To maintain bisectibility this change also updates the SCSI, SCSI data, Nubus and VIA2 60Hz/1Hz clocks in the q800 machine to be negative edge-triggered as confirmed by the PCR programming in all of Linux, NetBSD and MacOS. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-12-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mac_via: make SCSI_DATA (DRQ) bit live rather than latchedMark Cave-Ayland
The VIA2 on the Q800 machine is not a separate chip as in older Macs but instead is integrated into the on-board logic. From analysing the SCSI routines in the MacOS toolbox ROM (and to a lesser extent NetBSD and Linux) the expectation seems to be that the SCSI_DATA (DRQ) bit is live on the Q800 and not latched. Fortunately we can use the recently introduced mos6522 last_irq_levels variable which tracks the edge-triggered state to return the SCSI_DATA (DRQ) bit live to the guest OS. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220305150957.5053-11-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: record last_irq_levels in mos6522_set_irq()Mark Cave-Ayland
To detect edge-triggered IRQs it is necessary to store the last state of each IRQ in a last_irq_levels bitmap. Note: this is a migration break for machines which use mos6522 instances which are g3beige/mac99 (PPC) and q800 (m68k). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-10-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: add "info via" HMP command for debuggingMark Cave-Ayland
This displays detailed information about the device registers and timers to aid debugging problems with timers and interrupts. Currently the QAPI generators for HumanReadableText don't work correctly if used in qapi/target-misc.json when a non-specified target is built, so for now manually add a hmp_info_via() wrapper until direct support for per-device HMP/QMP commands is implemented. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-9-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: add register names to register read/write trace eventsMark Cave-Ayland
This helps to follow how the guest is programming the mos6522 when debugging. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220305150957.5053-8-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: use device_class_set_parent_reset() to propagate reset to parentMark Cave-Ayland
Switch from using a legacy approach to the more formal approach for propagating device reset to the parent. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-7-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-09mos6522: remove update_irq() and set_sr_int() methods from MOS6522DeviceClassMark Cave-Ayland
Now that the mos6522 IRQs are managed using standard qdev gpios these methods are no longer required. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220305150957.5053-6-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>