aboutsummaryrefslogtreecommitdiff
path: root/hw/intc
AgeCommit message (Collapse)Author
2021-09-13hw/intc: GICv3 ITS command queue frameworkShashi Mallela
Added functionality to trigger ITS command queue processing on write to CWRITE register and process each command queue entry to identify the command type and handle commands like MAPD,MAPC,SYNC. Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Neil Armstrong <narmstrong@baylibre.com> Message-id: 20210910143951.92242-4-shashi.mallela@linaro.org [PMM: fixed format string nit] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-13hw/intc: GICv3 ITS register definitions addedShashi Mallela
Defined descriptors for ITS device table,collection table and ITS command queue entities.Implemented register read/write functions, extract ITS table parameters and command queue parameters,extended gicv3 common to capture qemu address space(which host the ITS table platform memories required for subsequent ITS processing) and initialize the same in ITS device. Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Neil Armstrong <narmstrong@baylibre.com> Message-id: 20210910143951.92242-3-shashi.mallela@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-13hw/intc: GICv3 ITS initial frameworkShashi Mallela
Added register definitions relevant to ITS,implemented overall ITS device framework with stubs for ITS control and translater regions read/write,extended ITS common to handle mmio init between existing kvm device and newer qemu device. Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Neil Armstrong <narmstrong@baylibre.com> Message-id: 20210910143951.92242-2-shashi.mallela@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01arm: Move system PPB container handling to armv7mPeter Maydell
Instead of having the NVIC device provide a single sysbus memory region covering the whole of the "System PPB" space, which implements the default behaviour for unimplemented ranges and provides the NS alias window to the sysregs as well as the main sysreg MR, move this handling to the container armv7m device. The NVIC now provides a single memory region which just implements the system registers. This consolidates all the handling of "map various devices in the PPB" into the armv7m container where it belongs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-4-peter.maydell@linaro.org
2021-09-01arm: Move systick device creation from NVIC to ARMv7M objectPeter Maydell
There's no particular reason why the NVIC should be owning the SysTick device objects; move them into the ARMv7M container object instead, as part of consolidating the "create the devices which are built into an M-profile CPU and map them into their architected locations in the address space" work into one place. This involves temporarily creating a duplicate copy of the nvic_sysreg_ns_ops struct and its read/write functions (renamed as v7m_sysreg_ns_*), but we will delete the NVIC's copy of this code in a subsequent patch. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20210812093356.1946-3-peter.maydell@linaro.org
2021-09-01arm: Move M-profile RAS register block into its own devicePeter Maydell
Currently we implement the RAS register block within the NVIC device. It isn't really very tightly coupled with the NVIC proper, so instead move it out into a sysbus device of its own and have the top level ARMv7M container create it and map it into memory at the right address. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> Message-id: 20210812093356.1946-2-peter.maydell@linaro.org
2021-09-01hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleansPhilippe Mathieu-Daudé
Quoting Peter Maydell: These MEMTX_* aren't from the memory transaction API functions; they're just being used by gicd_readl() and friends as a way to indicate a success/failure so that the actual MemoryRegionOps read/write fns like gicv3_dist_read() can log a guest error. Arguably this is a bit of a misuse of the MEMTX_* constants and perhaps we should have gicd_readl etc return a bool instead. Follow his suggestion and replace the MEMTX_* constants by boolean values, simplifying a bit the gicv3_dist_read() / gicv3_dist_write() handlers. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210826180704.2131949-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffixPhilippe Mathieu-Daudé
QEMU load/store API (docs/devel/loads-stores.rst) uses the 'q' suffix for 64-bit accesses. Rename the current 'll' suffix to have the GIC dist accessors better match the rest of the codebase. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210826180704.2131949-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01hw/intc/sifive_clint: Fix muldiv64 overflow in sifive_clint_write_timecmp()David Hoppenbrouwers
`muldiv64` would overflow in cases where the final 96-bit value does not fit in a `uint64_t`. This would result in small values that cause an interrupt to be triggered much sooner than intended. The overflow can be detected in most cases by checking if the new value is smaller than the previous value. If the final result is larger than `diff` it is either correct or it doesn't matter as it is effectively infinite anyways. `next` is an `uint64_t` value, but `timer_mod` takes an `int64_t`. This resulted in high values such as `UINT64_MAX` being converted to `-1`, which caused an immediate timer interrupt. By limiting `next` to `INT64_MAX` no overflow will happen while the timer will still be effectively set to "infinitely" far in the future. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/493 Signed-off-by: David Hoppenbrouwers <david@salt-inc.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210827152324.5201-1-david@salt-inc.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-08-27ppc/xive: Export xive_presenter_notify()Cédric Le Goater
It's generic enough to be used from the XIVE2 router and avoid more duplication. Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-9-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27ppc/xive: Export PQ get/set routinesCédric Le Goater
These will be shared with the XIVE2 router. Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809134547.689560-8-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-08-27xive: Remove extra '0x' prefix in trace eventsCédric Le Goater
Cc: thuth@redhat.com Fixes: 4e960974d4ee ("xive: Add trace events") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/519 Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210809085227.288523-1-clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-27hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NSPeter Maydell
In Arm v8.1M the VECTPENDING field in the ICSR has new behaviour: if the register is accessed NonSecure and the highest priority pending enabled exception (that would be returned in the VECTPENDING field) targets Secure, then the VECTPENDING field must read 1 rather than the exception number of the pending exception. Implement this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210723162146.5167-7-peter.maydell@linaro.org
2021-07-27hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDINGPeter Maydell
The VECTPENDING field in the ICSR is 9 bits wide, in bits [20:12] of the register. We were incorrectly masking it to 8 bits, so it would report the wrong value if the pending exception was greater than 256. Fix the bug. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210723162146.5167-6-peter.maydell@linaro.org
2021-07-27hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interruptsPeter Maydell
The ISCR.ISRPENDING bit is set when an external interrupt is pending. This is true whether that external interrupt is enabled or not. This means that we can't use 's->vectpending == 0' as a shortcut to "ISRPENDING is zero", because s->vectpending indicates only the highest priority pending enabled interrupt. Remove the incorrect optimization so that if there is no pending enabled interrupt we fall through to scanning through the whole interrupt array. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210723162146.5167-5-peter.maydell@linaro.org
2021-07-12Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' ↵Peter Maydell
into staging s390x updates: - add gen16 cpumodels - refactor/cleanup some code - bugfixes # gpg: Signature made Thu 08 Jul 2021 12:26:21 BST # gpg: using EDDSA key 69A3B536F5CBFC65208026C1DE88BB5641DE66C1 # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF # Subkey fingerprint: 69A3 B536 F5CB FC65 2080 26C1 DE88 BB56 41DE 66C1 * remotes/cohuck-gitlab/tags/s390x-20210708: target/s390x: split sysemu part of cpu models target/s390x: move kvm files into kvm/ target/s390x: remove kvm-stub.c target/s390x: use kvm_enabled() to wrap call to kvm_s390_get_hpage_1m target/s390x: make helper.c sysemu-only target/s390x: split cpu-dump from helper.c target/s390x: move sysemu-only code out to cpu-sysemu.c target/s390x: start moving TCG-only code to tcg/ target/s390x: rename internal.h to s390x-internal.h target/s390x: remove tcg-stub.c hw/s390x: only build tod-tcg from the CONFIG_TCG build hw/s390x: tod: make explicit checks for accelerators when initializing hw/s390x: rename tod-qemu.c to tod-tcg.c target/s390x: meson: add target_user_arch s390x/tcg: Fix m5 vs. m4 field for VECTOR MULTIPLY SUM LOGICAL target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL s390x/cpumodel: add 3931 and 3932 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-09hw/intc: Improve formatting of MEMTX_ERROR guest error messageRebecca Cran
Add a space in the message printed when gicr_read*/gicr_write* returns MEMTX_ERROR in arm_gicv3_redist.c. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210706211432.31902-1-rebecca@nuviainc.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-09hw/intc/arm_gicv3_cpuif: Fix virtual irq number check in icv_[dir|eoir]_writeRicardo Koller
icv_eoir_write() and icv_dir_write() ignore invalid virtual IRQ numbers (like LPIs). The issue is that these functions check against the number of implemented IRQs (QEMU's default is num_irq=288) which can be lower than the maximum virtual IRQ number (1020 - 1). The consequence is that if a hypervisor creates an LR for an IRQ between 288 and 1020, then the guest is unable to deactivate the resulting IRQ. Note that other functions that deal with large IRQ numbers, like icv_iar_read, check against 1020 and not against num_irq. Fix the checks by using GICV3_MAXIRQ (1020) instead of the number of implemented IRQs. Signed-off-by: Ricardo Koller <ricarkol@google.com> Message-id: 20210702233701.3369-1-ricarkol@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-07target/s390x: move kvm files into kvm/Cho, Yu-Chen
move kvm files into kvm/ After the reshuffling, update MAINTAINERS accordingly. Make use of the new directory: target/s390x/kvm/ Signed-off-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Cho, Yu-Chen <acho@suse.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210707105324.23400-14-acho@suse.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-06-15hw/intc/armv7m_nvic: Remove stale commentPeter Maydell
In commit da6d674e509f0939b we split the NVIC code out from the GIC. This allowed us to specify the NVIC's default value for the num-irq property (64) in the usual way in its property list, and we deleted the previous hack where we updated the value in the state struct in the instance init function. Remove a stale comment about that hack which we forgot to delete at that time. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210614161243.14211-1-peter.maydell@linaro.org
2021-06-15hw/intc/arm_gicv3_cpuif: Tolerate spurious EOIR writesJean-Philippe Brucker
Commit 382c7160d1cd ("hw/intc/arm_gicv3_cpuif: Fix EOIR write access check logic") added an assert_not_reached() if the guest writes the EOIR register while no interrupt is active. It turns out some software does this: EDK2, in GicV3ExitBootServicesEvent(), unconditionally write EOIR for all interrupts that it manages. This now causes QEMU to abort when running UEFI on a VM with GICv3. Although it is UNPREDICTABLE behavior and EDK2 does need fixing, the punishment seems a little harsh, especially since icc_eoir_write() already tolerates writes of nonexistent interrupt numbers. Display a guest error and tolerate spurious EOIR writes. Fixes: 382c7160d1cd ("hw/intc/arm_gicv3_cpuif: Fix EOIR write access check logic") Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20210604130352.1887560-1-jean-philippe@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-06-05misc: Correct relative include pathPhilippe Mathieu-Daudé
Headers should be included from the 'include/' directory, not from the root directory. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-Id: <20210516205034.694788-1-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-06-02docs: fix references to docs/devel/tracing.rstStefano Garzarella
Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst. We still have several references to the old file, so let's fix them with the following command: sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt) Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210517151702.109066-2-sgarzare@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-05-25hw/intc/arm_gicv3_cpuif: Fix EOIR write access check logicPeter Maydell
In icc_eoir_write() we assume that we can identify the group of the IRQ being completed based purely on which register is being written to and the current CPU state, and that "CPU state matches group indicated by register" is the only necessary access check. This isn't correct: if the CPU is not in Secure state then EOIR1 will only complete Group 1 NS IRQs, but if the CPU is in EL3 it can complete both Group 1 S and Group 1 NS IRQs. (The pseudocode ICC_EOIR1_EL1 makes this clear.) We were also missing the logic to prevent EOIR0 writes completing G0 IRQs when they should not. Rearrange the logic to first identify the group of the current highest priority interrupt and then look at whether we should complete it or ignore the access based on which register was accessed and the state of the CPU. The resulting behavioural change is: * EL3 can now complete G1NS interrupts * G0 interrupt completion is now ignored if the GIC and the CPU have the security extension enabled and the CPU is not secure Reported-by: Chan Kim <ckim@etri.re.kr> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210510150016.24910-1-peter.maydell@linaro.org
2021-05-13Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2021-05-12' into ↵Peter Maydell
staging Miscellaneous patches for 2021-05-12 # gpg: Signature made Wed 12 May 2021 17:22:15 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-misc-2021-05-12: Drop the deprecated unicore32 target Drop the deprecated lm32 target block: Drop the sheepdog block driver Remove the deprecated moxie target monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-05-12Drop the deprecated unicore32 targetMarkus Armbruster
Target unicore32 was deprecated in commit 8e4ff4a8d2b, v5.2.0. See there for rationale. Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210503084034.3804963-3-armbru@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com>
2021-05-12Drop the deprecated lm32 targetMarkus Armbruster
Target lm32 was deprecated in commit d8498005122, v5.2.0. See there for rationale. Some of its code lives on in device models derived from milkymist ones: hw/char/digic-uart.c and hw/display/bcm2835_fb.c. Cc: Michael Walle <michael@walle.cc> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210503084034.3804963-2-armbru@redhat.com> Acked-by: Michael Walle <michael@walle.cc> [Trivial conflicts resolved, reST markup fixed]
2021-05-11hw/opentitan: Update the interrupt layoutAlistair Francis
Update the OpenTitan interrupt layout to match the latest OpenTitan bitstreams. This involves changing the Ibex PLIC memory layout and the UART interrupts. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-id: e92b696f1809c9fa4410da2e9f23c414db5a6960.1617202791.git.alistair.francis@wdc.com
2021-05-05Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.1-20210504' ↵Peter Maydell
into staging ppc patch queue 2021-05-04 Here's the first ppc pull request for qemu-6.1. It has a wide variety of stuff accumulated during the 6.0 freeze. Highlights are: * Multi-phase reset cleanups for PAPR * Preliminary cleanups towards allowing !CONFIG_TCG for the ppc target * Cleanup of AIL logic and extension to POWER10 * Further improvements to handling of hot unplug failures on PAPR * Allow much larger numbers of CPU on pseries * Support for the H_SCM_HEALTH hypercall * Add support for the Pegasos II board * Substantial cleanup to hflag handling * Assorted minor fixes and cleanups # gpg: Signature made Tue 04 May 2021 06:52:39 BST # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dg-gitlab/tags/ppc-for-6.1-20210504: (46 commits) hw/ppc/pnv_psi: Use device_cold_reset() instead of device_legacy_reset() hw/ppc/spapr_vio: Reset TCE table object with device_cold_reset() hw/intc/spapr_xive: Use device_cold_reset() instead of device_legacy_reset() target/ppc: removed VSCR from SPR registration target/ppc: Reduce the size of ppc_spr_t target/ppc: Clean up _spr_register et al target/ppc: Add POWER10 exception model target/ppc: rework AIL logic in interrupt delivery target/ppc: move opcode table logic to translate.c target/ppc: code motion from translate_init.c.inc to gdbstub.c spapr_drc.c: handle hotunplug errors in drc_unisolate_logical() spapr.h: increase FDT_MAX_SIZE spapr.c: do not use MachineClass::max_cpus to limit CPUs ppc: Rename current DAWR macros and variables target/ppc: POWER10 supports scv target/ppc: Fix POWER9 radix guest HV interrupt AIL behaviour docs/system: ppc: Add documentation for ppce500 machine roms/u-boot: Bump ppce500 u-boot to v2021.04 to fix broken pci support roms/Makefile: Update ppce500 u-boot build directory name ppc/spapr: Add support for implement support for H_SCM_HEALTH ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-05-04hw/intc/spapr_xive: Use device_cold_reset() instead of device_legacy_reset()Peter Maydell
The h_int_reset() function resets the XIVE interrupt controller via device_legacy_reset(). We know that the interrupt controller does not have a qbus of its own, so the new device_cold_reset() function (which resets both the device and its child buses) is equivalent here to device_legacy_reset() and we can just switch to the new API. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210503151849.8766-2-peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-05-02Do not include exec/address-spaces.h if it's not really necessaryThomas Huth
Stop including exec/address-spaces.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-5-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include cpu.h if it's not really necessaryThomas Huth
Stop including cpu.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-4-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include hw/boards.h if it's not really necessaryThomas Huth
Stop including hw/boards.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-3-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include sysemu/sysemu.h if it's not really necessaryThomas Huth
Stop including sysemu/sysemu.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-2-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02hw: Do not include qemu/log.h if it is not necessaryThomas Huth
Many files include qemu/log.h without needing it. Remove the superfluous include statements. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20210328054833.2351597-1-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02hw: Do not include hw/sysbus.h if it is not necessaryThomas Huth
Many files include hw/sysbus.h without needing it. Remove the superfluous include statements. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210327082804.2259480-1-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-19Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * fixes for i386 TCG paging * fixes for Hyper-V enlightenments * avoid uninitialized variable warning # gpg: Signature made Fri 19 Mar 2021 14:38:12 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: tests/qtest: cleanup the testcase for bug 1878642 hw/intc/i8259: Refactor pic_read_irq() to avoid uninitialized variable i386: Make migration fail when Hyper-V reenlightenment was enabled but 'user_tsc_khz' is unset i386: Fix 'hypercall_hypercall' typo target/i386: svm: do not discard high 32 bits of EXITINFO1 target/i386: fail if toggling LA57 in 64-bit mode target/i386: allow modifying TCG phys-addr-bits qom: use qemu_printf to print help for user-creatable objects Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-19hw: Replace anti-social QOM type namesMarkus Armbruster
Several QOM type names contain ',': ARM,bitband-memory etraxfs,pic etraxfs,serial etraxfs,timer fsl,imx25 fsl,imx31 fsl,imx6 fsl,imx6ul fsl,imx7 grlib,ahbpnp grlib,apbpnp grlib,apbuart grlib,gptimer grlib,irqmp qemu,register SUNW,bpp SUNW,CS4231 SUNW,DBRI SUNW,DBRI.prom SUNW,fdtwo SUNW,sx SUNW,tcx xilinx,zynq_slcr xlnx,zynqmp xlnx,zynqmp-pmu-soc xlnx,zynq-xadc These are all device types. They can't be plugged with -device / device_add, except for xlnx,zynqmp-pmu-soc, and I doubt that one actually works. They *can* be used with -device / device_add to request help. Usability is poor, though: you have to double the comma, like this: $ qemu-system-x86_64 -device SUNW,,fdtwo,help Trap for the unwary. The fact that this was broken in device-introspect-test for more than six years until commit e27bd49876 fixed it demonstrates that "the unwary" includes seasoned developers. One QOM type name contains ' ': "ICH9 SMB". Because having to remember just one way to quote would be too easy. Rename the "SUNW,FOO types to "sun-FOO". Summarily replace ',' and ' ' by '-' in the other type names. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210304140229.575481-2-armbru@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19hw/intc/i8259: Refactor pic_read_irq() to avoid uninitialized variablePhilippe Mathieu-Daudé
Some compiler versions are smart enough to detect a potentially uninitialized variable, but are not smart enough to detect that this cannot happen due to the code flow: ../hw/intc/i8259.c: In function ‘pic_read_irq’: ../hw/intc/i8259.c:203:13: error: ‘irq2’ may be used uninitialized in this function [-Werror=maybe-uninitialized] 203 | irq = irq2 + 8; | ~~~~^~~~~~~~~~ Restrict irq2 variable use to the inner statement. Fixes: 78ef2b6989f ("i8259: Reorder intack in pic_read_irq") Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210318163059.3686596-1-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-15m68k: add an interrupt controllerLaurent Vivier
A (generic) copy of the GLUE device we already have for q800 to use with the m68k-virt machine. The q800 one would disappear in the future as q800 uses actually the djMEMC controller. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-4-laurent@vivier.eu>
2021-03-15hw/intc: add goldfish-picLaurent Vivier
Implement the goldfish pic device as defined in https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-3-laurent@vivier.eu>
2021-03-09sysemu: Let VMChangeStateHandler take boolean 'running' argumentPhilippe Mathieu-Daudé
The 'running' argument from VMChangeStateHandler does not require other value than 0 / 1. Make it a plain boolean. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20210111152020.1422021-3-philmd@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-09hw/lm32/Kconfig: Rename CONFIG_LM32 -> CONFIG_LM32_DEVICESPhilippe Mathieu-Daudé
We want to be able to use the 'LM32' config for architecture specific features. As CONFIG_LM32 is only used to select peripherals, rename it CONFIG_LM32_DEVICES. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210221225626.2589247-3-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-08Merge remote-tracking branch 'remotes/philmd-gitlab/tags/renesas-20210306' ↵Peter Maydell
into staging Renesas patches queue - MMU prototype cleanups - Clarify licenses - Fine-grained Kconfig entries for SH-4 devices # gpg: Signature made Sat 06 Mar 2021 15:30:46 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/renesas-20210306: hw/sh4/sh7750_regs: Replace link to license by its full content hw/sh4: Remove now unused CONFIG_SH4 from Kconfig hw/pci-host: Introduce SH_PCI Kconfig entry hw/block: Introduce TC58128 eeprom Kconfig entry hw/timer: Introduce SH_TIMER Kconfig entry hw/char: Introduce SH_SCI Kconfig entry hw/intc: Introduce SH_INTC Kconfig entry hw/sh4: Add missing Kconfig dependency on SH7750 for the R2D board hw/sh4: Add missing license target/sh4: Remove unused definitions target/sh4: Let get_physical_address() use MMUAccessType access_type target/sh4: Remove unused 'int access_type' argument target/sh4: Replace magic value by MMUAccessType definitions target/sh4: Fix code style for checkpatch.pl Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-06hw/intc: Introduce SH_INTC Kconfig entryPhilippe Mathieu-Daudé
We want to be able to use the 'SH4' config for architecture specific features. Add more fine-grained selection by adding a CONFIG_SH_INTC selector for the SH4 interrupt controller. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210222141514.2646278-4-f4bug@amsat.org>
2021-03-06KVM: x86: deprecate -M kernel-irqchip=off except for -M isapcPaolo Bonzini
The userspace local APIC is basically untested and does not support many features such as TSC deadline timer, x2APIC or PV spinlocks. On the other hand, the PIT and IOAPIC are okay as they are not tied to the processor and are tested with -M kernel-irqchip=split. Therefore, deprecate the local APIC and, with it, limit -M kernel-irqchip=off to the ISA PC machine type, which does not have a local APIC at all. Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-21hw/intc/loongson_liointc: Fix per core ISR handlingJiaxun Yang
Per core ISR is a set of 32-bit registers spaced by 8 bytes. This patch fixed calculation of it's size and also added check of alignment at reading & writing. Fixes: Coverity CID 1438965 and CID 1438967 Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Huacai Chen <chenhuacai@kernel.org> Message-Id: <20210112012527.28927-1-jiaxun.yang@flygoat.com> [PMD: Added Coverity CID] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-02-10ppc/xive: Add firmware bit when dumping the ENDsCédric Le Goater
ENDs allocated by OPAL for the HW thread VPs are tagged as owned by FW. Dump the state in 'info pic'. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210126171059.307867-3-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-02-10ppc/pnv: Add trace events for PCI event notificationCédric Le Goater
On POWER9 systems, PHB controllers signal the XIVE interrupt controller of a source interrupt notification using a store on a MMIO region. Add traces for such events. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-Id: <20210126171059.307867-2-clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-02-02hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR registerPhilippe Mathieu-Daudé
Per the ARM Generic Interrupt Controller Architecture specification (document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, not 10: - 4.3 Distributor register descriptions - 4.3.15 Software Generated Interrupt Register, GICD_SG - Table 4-21 GICD_SGIR bit assignments The Interrupt ID of the SGI to forward to the specified CPU interfaces. The value of this field is the Interrupt ID, in the range 0-15, for example a value of 0b0011 specifies Interrupt ID 3. Correct the irq mask to fix an undefined behavior (which eventually lead to a heap-buffer-overflow, see [Buglink]): $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio [I 1612088147.116987] OPENED [R +0.278293] writel 0x8000f00 0xff4affb0 ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 This fixes a security issue when running with KVM on Arm with kernel-irqchip=off. (The default is kernel-irqchip=on, which is unaffected, and which is also the correct choice for performance.) Cc: qemu-stable@nongnu.org Fixes: CVE-2021-20221 Fixes: 9ee6e8bb853 ("ARMv7 support.") Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 Reported-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210131103401.217160-1-f4bug@amsat.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>