aboutsummaryrefslogtreecommitdiff
path: root/hw/char
AgeCommit message (Collapse)Author
2024-04-10hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugsPhilippe Mathieu-Daudé
Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed. Fixes: CVE-2024-3446 Cc: qemu-stable@nongnu.org Suggested-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20240409105537.18308-4-philmd@linaro.org>
2024-03-09hw/char/xen_console: Fix missing ERRP_GUARD() for error_prepend()Zhao Liu
As the comment in qapi/error, passing @errp to error_prepend() requires ERRP_GUARD(): * = Why, when and how to use ERRP_GUARD() = * * Without ERRP_GUARD(), use of the @errp parameter is restricted: ... * - It should not be passed to error_prepend(), error_vprepend() or * error_append_hint(), because that doesn't work with &error_fatal. * ERRP_GUARD() lifts these restrictions. * * To use ERRP_GUARD(), add it right at the beginning of the function. * @errp can then be used without worrying about the argument being * NULL or &error_fatal. ERRP_GUARD() could avoid the case when @errp is the pointer of error_fatal, the user can't see this additional information, because exit() happens in error_setg earlier than information is added [1]. The xen_console_connect() passes @errp to error_prepend() without ERRP_GUARD(). There're 2 places will call xen_console_connect(): - xen_console_realize(): the @errp is from DeviceClass.realize()'s parameter. - xen_console_frontend_changed(): the @errp points its caller's @local_err. To avoid the issue like [1] said, add missing ERRP_GUARD() at the beginning of xen_console_connect(). [1]: Issue description in the commit message of commit ae7c80a7bd73 ("error: New macro ERRP_GUARD()"). Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Paul Durrant <paul@xen.org> Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-ID: <20240228163723.1775791-15-zhao1.liu@linux.intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-03-05hw/char/pl011: Add support for loopbackTong Ho
This patch adds loopback for sent characters, sent BREAK, and modem-control signals. Loopback of send and modem-control is often used for uart self tests in real hardware but missing from current pl011 model, resulting in self-test failures when running in QEMU. This implementation matches what is observed in real pl011 hardware placed in loopback mode: 1. Input characters and BREAK events from serial backend are ignored, but 2. Both TX characters and BREAK events are still sent to serial backend, in addition to be looped back to RX. Signed-off-by: Tong Ho <tong.ho@amd.com> Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com> Message-id: 20240227054855.44204-1-tong.ho@amd.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-02-15hw/sparc/grlib: split out the headers for each peripheralsClément Chigot
Split out the headers for each peripherals and move them in their right hardware directory. Update Copyright and add SPDX-License-Identifier at the same time. Co-developed-by: Frederic Konrad <konrad.frederic@yahoo.fr> Signed-off-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20240131085047.18458-2-chigot@adacore.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-02-14hw/char/parallel-isa: Implement relocation and enabling/disabling for ↵Bernhard Beschow
TYPE_ISA_PARALLEL The real SuperI/O chips emulated by QEMU allow for relocating and enabling or disabling their SuperI/O functions via software. So far this is not implemented. Prepare for that by adding isa_parallel_set_{enabled,iobase}. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Message-Id: <20240114123911.4877-10-shentey@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-02-14hw/char/serial-isa: Implement relocation and enabling/disabling for ↵Bernhard Beschow
TYPE_ISA_SERIAL The real SuperI/O chips emulated by QEMU allow for relocating and enabling or disabling their SuperI/O functions via software. So far this is not implemented. Prepare for that by adding isa_serial_set_{enabled,iobase}. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Message-Id: <20240114123911.4877-9-shentey@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-02-14hw/char/parallel: Move portio_list from ParallelState to ISAParallelStateBernhard Beschow
ParallelState::portio_list isn't used inside ParallelState context but only inside ISAParallelState context, so move it there. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <20240114123911.4877-4-shentey@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-01-26hw/char/imx_serial: Implement receive FIFO and ageing timerRayhan Faizel
This patch implements a 32 half word FIFO as per imx serial device specifications. If a non empty FIFO is below the trigger level, an ageing timer will tick for a duration of 8 characters. On expiry, AGTIM will be set triggering an interrupt. AGTIM timer resets when there is activity in the receive FIFO. Otherwise, RRDY is set when trigger level is exceeded. The receive trigger level is 8 in newer kernel versions and 1 in older ones. This change will break migration compatibility for the imx boards. Signed-off-by: Rayhan Faizel <rayhan.faizel@gmail.com> Message-id: 20240125151931.83494-1-rayhan.faizel@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: commit message tidyups] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-12-29hw/char: Constify VMStateRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20231221031652.119827-26-richard.henderson@linaro.org>
2023-11-07hw/xen: add support for Xen primary console in emulated modeDavid Woodhouse
The primary console is special because the toolstack maps a page into the guest for its ring, and also allocates the guest-side event channel. The guest's grant table is even primed to export that page using a known grant ref#. Add support for all that in emulated mode, so that we can have a primary console. For reasons unclear, the backends running under real Xen don't just use a mapping of the well-known GNTTAB_RESERVED_CONSOLE grant ref (which would also be in the ring-ref node in XenStore). Instead, the toolstack sets the ring-ref node of the primary console to the GFN of the guest page. The backend is expected to handle that special case and map it with foreignmem operations instead. We don't have an implementation of foreignmem ops for emulated Xen mode, so just make it map GNTTAB_RESERVED_CONSOLE instead. This would probably work for real Xen too, but we can't work out how to make real Xen create a primary console of type "ioemu" to make QEMU drive it, so we can't test that; might as well leave it as it is for now under Xen. Now at last we can boot the Xen PV shim and run PV kernels in QEMU. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-07hw/xen: update Xen console to XenDevice modelDavid Woodhouse
This allows (non-primary) console devices to be created on the command line and hotplugged. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-03Merge tag 'pull-target-arm-20231102' of ↵Stefan Hajnoczi
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * linux-user/elfload: Add missing arm64 hwcap values * stellaris-gamepad: Convert to qdev * docs/specs: Convert various txt docs to rST * MAINTAINERS: Make sure that gicv3_internal.h is covered, too * hw/arm/pxa2xx_gpio: Pass CPU using QOM link property * hw/watchdog/wdt_imx2: Trace MMIO access and timer activity * hw/misc/imx7_snvs: Trace MMIO access * hw/misc/imx6_ccm: Convert DPRINTF to trace events * hw/i2c/pm_smbus: Convert DPRINTF to trace events * target/arm: Enable FEAT_MOPS insns in user-mode emulation * linux-user: Report AArch64 hwcap2 fields above bit 31 * target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly * target/arm: Fix SVE STR increment * hw/char/stm32f2xx_usart: implement TX interrupts * target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk * xlnx-versal-virt: Add AMD/Xilinx TRNG device * tag 'pull-target-arm-20231102' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits) tests/qtest: Introduce tests for AMD/Xilinx Versal TRNG device hw/arm: xlnx-versal-virt: Add AMD/Xilinx TRNG device hw/misc: Introduce AMD/Xilix Versal TRNG device target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk hw/char/stm32f2xx_usart: Add more definitions for CR1 register hw/char/stm32f2xx_usart: Update IRQ when DR is written hw/char/stm32f2xx_usart: Extract common IRQ update code to update_irq() target/arm: Fix SVE STR increment target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly linux-user: Report AArch64 hwcap2 fields above bit 31 target/arm: Enable FEAT_MOPS insns in user-mode emulation hw/i2c/pm_smbus: Convert DPRINTF to trace events hw/misc/imx6_ccm: Convert DPRINTF to trace events hw/misc/imx7_snvs: Trace MMIO access hw/watchdog/wdt_imx2: Trace timer activity hw/watchdog/wdt_imx2: Trace MMIO access hw/arm/pxa2xx_gpio: Pass CPU using QOM link property MAINTAINERS: Make sure that gicv3_internal.h is covered, too docs/specs/vmgenid: Convert to rST docs/specs/vmcoreinfo: Convert to rST ... Conflicts: hw/input/stellaris_input.c The qdev conversion in this pull request ("stellaris-gamepad: Convert to qdev") eliminates the vmstate_register() call that was converted to vmstate_register_any() in the conflicting migration pull request. vmstate_register_any() is no longer necessary now that this device has been converted to qdev, so take this pull request's version of stellaris_gamepad.c over the previous pull request's stellaris_input.c (the file was renamed). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-02hw/char/stm32f2xx_usart: Update IRQ when DR is writtenHans-Erik Floryd
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com> Message-id: 20231030151528.1138131-3-hans-erik.floryd@rt-labs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/char/stm32f2xx_usart: Extract common IRQ update code to update_irq()Hans-Erik Floryd
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com> Message-id: 20231030151528.1138131-2-hans-erik.floryd@rt-labs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-01hw/char/mcf_uart: Have mcf_uart_create() return DeviceStatePhilippe Mathieu-Daudé
There is no point in having mcf_uart_init() demote the DeviceState pointer and return a void one. Directly return the real typedef. mcf_uart_init() do both init + realize: rename as mcf_uart_create(). Similarly, mcf_uart_mm_init() do init / realize / mmap: rename as mcf_uart_create_mmap(). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231019104929.16517-1-philmd@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2023-10-19ui/input: Constify QemuInputHandler structurePhilippe Mathieu-Daudé
Access to QemuInputHandlerState::handler are read-only. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20231017131251.43708-1-philmd@linaro.org>
2023-10-12hw/char: riscv_htif: replace exit calls with proper shutdownClément Chigot
This replaces the exit calls by shutdown requests, ensuring a proper cleanup of Qemu. Otherwise, some connections like gdb could be broken before its final packet ("Wxx") is being sent. This part, being done inside qemu_cleanup function, can be reached only when the main loop exits after a shutdown request. Signed-off-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20231003071427.188697-5-chigot@adacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-09-21hw/other: spelling fixesMichael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2023-09-11hw/char/riscv_htif: Fix the console syscall on big endian hostsThomas Huth
Values that have been read via cpu_physical_memory_read() from the guest's memory have to be swapped in case the host endianess differs from the guest. Fixes: a6e13e31d5 ("riscv_htif: Support console output via proxy syscall") Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-Id: <20230721094720.902454-3-thuth@redhat.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-09-11hw/char/riscv_htif: Fix printing of console characters on big endian hostsThomas Huth
The character that should be printed is stored in the 64 bit "payload" variable. The code currently tries to print it by taking the address of the variable and passing this pointer to qemu_chr_fe_write(). However, this only works on little endian hosts where the least significant bits are stored on the lowest address. To do this in a portable way, we have to store the value in an uint8_t variable instead. Fixes: 5033606780 ("RISC-V HTIF Console") Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230721094720.902454-2-thuth@redhat.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-08-31hw/char/pl011: Replace magic values by register field definitionsPhilippe Mathieu-Daudé
0x400 is Data Register Break Error (DR_BE), 0x10 is Line Control Register Fifo Enabled (LCR_FEN) and 0x1 is Send Break (LCR_BRK). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230522153144.30610-7-philmd@linaro.org>
2023-08-31hw/char/pl011: Remove duplicated PL011_INT_[RT]X definitionsPhilippe Mathieu-Daudé
PL011_INT_TX duplicates INT_TX, and PL011_INT_RX INT_RX. Follow other register fields definitions from this file, keep the shorter form. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230522153144.30610-6-philmd@linaro.org>
2023-08-31hw/char/pl011: Display register name in trace eventsPhilippe Mathieu-Daudé
To avoid knowing the register addresses by heart, display their name along in the trace events. Since the MMIO region is 4K wide (0x1000 bytes), displaying the address with 3 digits is enough, so reduce the address format. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230522153144.30610-5-philmd@linaro.org>
2023-08-31hw/char/pl011: Restrict MemoryRegionOps implementation access sizesPhilippe Mathieu-Daudé
The pl011_read() and pl011_write() handlers shift the offset argument by 2, so are implemented on a 32-bit boundary. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230710175102.32429-2-philmd@linaro.org>
2023-08-31hw/char: Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVEPhilippe Mathieu-Daudé
GLib recommend to use G_SOURCE_REMOVE / G_SOURCE_CONTINUE for GSourceFunc callbacks. Our FEWatchFunc is a GSourceFunc returning such value. Use such definitions which are "more memorable" [*]. [*] https://docs.gtk.org/glib/callback.SourceFunc.html#return-value Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230705133139.54419-5-philmd@linaro.org>
2023-07-25hw/char/escc: Implement loopback modeThomas Huth
The firmware of the m68k next-cube machine uses the loopback mode for self-testing the hardware and currently fails during this step. By implementing the loopback mode, we can make the firmware pass to the next step. Signed-off-by: Thomas Huth <huth@tuxfamily.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230716153519.31722-1-huth@tuxfamily.org>
2023-06-28escc: emulate dip switch language layout settings on SUN keyboardHenrik Carlqvist
SUN Type 4, 5 and 5c keyboards have dip switches to choose the language layout of the keyboard. Solaris makes an ioctl to query the value of the dipswitches and uses that value to select keyboard layout. Also the SUN bios like the one in the file ss5.bin uses this value to support at least some keyboard layouts. However, the OpenBIOS provided with qemu is hardcoded to always use an US keyboard layout. Before this patch, qemu allways gave dip switch value 0x21 (US keyboard), this patch uses a command line switch like "-global escc.chnA-sunkbd-layout=de" to select dip switch value. A table is used to lookup values from arguments like: -global escc.chnA-sunkbd-layout=fr -global escc.chnA-sunkbd-layout=es But the patch also accepts numeric dip switch values directly: -global escc.chnA-sunkbd-layout=0x2b -global escc.chnA-sunkbd-layout=43 Both values above are the same and select swedish keyboard as explained in table 3-15 at https://docs.oracle.com/cd/E19683-01/806-6642/new-43/index.html Unless you want to do a full Solaris installation but happen to have access to a Sun bios file, the easiest way to test that the patch works is to: qemu-system-sparc -global escc.chnA-sunkbd-layout=sv -bios /path/to/ss5.bin If you already happen to have a Solaris installation in a qemu disk image file you can easily try different keyboard layouts after this patch is applied. Signed-off-by: Henrik Carlqvist <hc1245@poolhem.se> Message-Id: <20230623203007.56d3d182.hc981@poolhem.se> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [MCA edit: update unsigned char to uint8_t, fix spacing issues] Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2023-06-20meson: Replace softmmu_ss -> system_ssPhilippe Mathieu-Daudé
We use the user_ss[] array to hold the user emulation sources, and the softmmu_ss[] array to hold the system emulation ones. Hold the latter in the 'system_ss[]' array for parity with user emulation. Mechanical change doing: $ sed -i -e s/softmmu_ss/system_ss/g $(git grep -l softmmu_ss) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230613133347.82210-10-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-06-19imx_serial: set wake bit when we receive a data byteMartin Kaiser
The Linux kernel added a flood check for RX data recently in commit 496a4471b7c3 ("serial: imx: work-around for hardware RX flood"). This check uses the wake bit in the UART status register 2. The wake bit indicates that the receiver detected a start bit on the RX line. If the kernel sees a number of RX interrupts without the wake bit being set, it treats this as spurious data and resets the UART port. imx_serial does never set the wake bit and triggers the kernel's flood check. This patch adds support for the wake bit. wake is set when we receive a new character (it's not set for break events). It seems that wake is cleared by the kernel driver, the hardware does not have to clear it automatically after data was read. The wake bit can be configured as an interrupt source. Support this mechanism as well. Co-developed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Martin Kaiser <martin@kaiser.cx> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-06-13hw/char/parallel-isa: Export struct ISAParallelStateBernhard Beschow
Allows the struct to be embedded directly into device models without additional allocation. Suggested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230612081238.1742-3-shentey@gmail.com> [PMD: Update MAINTAINERS entry and use SPDX license identifier] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-06-13hw/char/parallel: Export struct ParallelStateBernhard Beschow
Exporting ParallelState is a precondition for exporing TYPE_ISA_PARALLEL to be performed in the next patch. Suggested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230612081238.1742-2-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-06-05hw/arm/omap: Remove unused omap_uart_attach()Bernhard Beschow
The function is unused since commit bdad3654d3c55f478e538037d9eccd204e5fc8ee ('hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()'). Signed-off-by: Bernhard Beschow <shentey@gmail.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230523195608.125820-3-shentey@gmail.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2023-05-22hw/char/parallel: Move TYPE_ISA_PARALLEL to the header fileThomas Huth
We are going to require the macro from other files, too, so move this #define to the header file. Message-Id: <20230512124033.502654-9-thuth@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-05hw/riscv: Add signature dump function for spike to run ACT testsWeiwei Li
Add signature and signature-granularity properties in spike to specify the target signatrue file and the line size for signature data. Recgonize the signature section between begin_signature and end_signature symbols when loading elf of ACT tests. Then dump signature data in signature section just before the ACT tests exit. Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20230405095720.75848-2-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-04-28hw: replace most qemu_bh_new calls with qemu_bh_new_guardedAlexander Bulekov
This protects devices from bh->mmio reentrancy issues. Thanks: Thomas Huth <thuth@redhat.com> for diagnosing OS X test failure. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20230427211013.2994127-5-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-25Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Richard Henderson
into staging virtio,pc,pci: fixes, features, cleanups Mostly just fixes, cleanups all over the place. Some optimizations. More control over slot_reserved_mask. More feature bits supported for SVQ. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmRHQvAPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpQc0H/RD+RXy7IAnmhkdCyjj0hM8pftPTwCJfrSCW # DLHP4c5jiKO5ngUoAv3YJdM77TBCXlJn6gceeKBrzhGUTtJ7dTLC+Udeq/jW43EF # /E2ldLLbTNFyUqW8yX7D+EVio7Jy4zXTHpczKCF5vO7MaVWS/b3QdCpmjXpEHLNb # janv24vQHHgmRwK96uIdIauJJT8aqYW0arn1po8anxuFS8ok9Tf8LTEF5uBHokJP # MriTwMaqMgRK+4rzh+b6wc7QC5GqIr44gFrsfFYuNOUY0+BizvGvUAtMt+B/XZwt # OF4RSShUh2bhsQoYwgvShfEsR/vWwOl3yMAhcsB+wMgMzMG8MUQ= # =e8DF # -----END PGP SIGNATURE----- # gpg: Signature made Tue 25 Apr 2023 04:03:12 AM BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (31 commits) hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV hw/pci-bridge: pci_expander_bridge fix type in pxb_cxl_dev_reset() docs/specs: Convert pci-testdev.txt to rst docs/specs: Convert pci-serial.txt to rst docs/specs/pci-ids: Convert from txt to rST acpi: pcihp: allow repeating hot-unplug requests virtio: i2c: Check notifier helpers for VIRTIO_CONFIG_IRQ_IDX docs: Remove obsolete descriptions of SR-IOV support intel_iommu: refine iotlb hash calculation docs/cxl: Fix sentence MAINTAINERS: Add Eugenio Pérez as vhost-shadow-virtqueue reviewer tests: bios-tables-test: replace memset with initializer hw/acpi: limit warning on acpi table size to pc machines older than version 2.3 Add my old and new work email mapping and use work email to support acpi vhost-user-blk-server: notify client about disk resize pci: avoid accessing slot_reserved_mask directly outside of pci.c hw: Add compat machines for 8.1 hw/i386/amd_iommu: Factor amdvi_pci_realize out of amdvi_sysbus_realize hw/i386/amd_iommu: Set PCI static/const fields via PCIDeviceClass hw/i386/amd_iommu: Move capab_offset from AMDVIState to AMDVIPCIState ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-04-24docs/specs: Convert pci-serial.txt to rstPeter Maydell
Convert pci-serial.txt to reStructuredText. This includes some wordsmithing, and the correction of the docs to note that the Windows inf file includes 2x and 4x support (as it has done since commit dc9528fdf9f61 in 2014). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20230420160334.1048224-3-peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-04-20hw/char: Move two more files from specific_ss to softmmu_ssThomas Huth
The code for these two devices seems to be independent from any target specific macros. "riscv_htif.c" is used for both, riscv32 and riscv64, so by moving this to the common code source set, we can avoid to compile it twice every time. "goldfish_tty.c" is only used for one target at the moment, but since it is a paravirtualized device, it could get useful for other targets one day, so let's move it now, too. Message-Id: <20230411173206.1511621-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-13hw/xen: Fix double-free in xen_console store_con_info()David Woodhouse
Coverity spotted a double-free (CID 1508254); we g_string_free(path) and then for some reason immediately call free(path) too. We should just use g_autoptr() for it anyway, which simplifies the code a bit. Fixes: 7a8a749da7d3 ("hw/xen: Move xenstore_store_pv_console_info to xen_console.c") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-21hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settingsPeter Maydell
The cadence UART attempts to avoid allowing the guest to set invalid baud rate register values in the uart_write() function. However it does the "mask to the size of the register field" and "check for invalid values" in the wrong order, which means that a malicious guest can get a bogus value into the register by setting also some high bits in the value, and cause QEMU to crash by division-by-zero. Do the mask before the bounds check instead of afterwards. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Qiang Liu <cyruscyliu@gmail.com> Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
2023-03-20replace TABs with spacesYeqi Fu
Bring the files in line with the QEMU coding style, with spaces for indentation. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/378 Signed-off-by: Yeqi Fu <fufuyqqqqqq@gmail.com> Message-Id: <20230315032649.57568-1-fufuyqqqqqq@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-03-07hw/xen: Build PV backend drivers for CONFIG_XEN_BUSDavid Woodhouse
Now that we have the redirectable Xen backend operations we can build the PV backends even without the Xen libraries. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Move xenstore_store_pv_console_info to xen_console.cDavid Woodhouse
There's no need for this to be in the Xen accel code, and as we want to use the Xen console support with KVM-emulated Xen we'll want to have a platform-agnostic version of it. Make it use GString to build up the path while we're at it. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Add xenstore operations to allow redirection to internal emulationPaul Durrant
Signed-off-by: Paul Durrant <pdurrant@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Add foreignmem operations to allow redirection to internal emulationDavid Woodhouse
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Pass grant ref to gnttab unmap operationDavid Woodhouse
The previous commit introduced redirectable gnttab operations fairly much like-for-like, with the exception of the extra arguments to the ->open() call which were always NULL/0 anyway. This *changes* the arguments to the ->unmap() operation to include the original ref# that was mapped. Under real Xen it isn't necessary; all we need to do from QEMU is munmap(), then the kernel will release the grant, and Xen does the tracking/refcounting for the guest. When we have emulated grant tables though, we need to do all that for ourselves. So let's have the back ends keep track of what they mapped and pass it in to the ->unmap() method for us. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-02-27hw/char/xilinx_uartlite: Expose XILINX_UARTLITE QOM typePhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230220115114.25237-5-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-27hw/char/pl011: Un-inline pl011_create()Philippe Mathieu-Daudé
pl011_create() is only used in DeviceRealize handlers, not a hot-path. Inlining is not justified. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230220115114.25237-3-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-14include/hw: Do not include "hw/registerfields.h" in headers that don't need itThomas Huth
Include "hw/registerfields.h" in the .c files instead (if needed). Message-Id: <20230210112315.1116966-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-02-03hw/char/pl011: better handling of FIFO flags on LCR resetEvgeny Iakovlev
Current FIFO handling code does not reset RXFE/RXFF flags when guest resets FIFO by writing to UARTLCR register, although internal FIFO state is reset to 0 read count. Actual guest-visible flag update will happen only on next data read or write attempt. As a result of that any guest that expects RXFE flag to be set (and RXFF to be cleared) after resetting FIFO will never see that happen. Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230123162304.26254-5-eiakovlev@linux.microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>