aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2020-10-23block: move logical block size check function to a common utility functionCoiby Xu
Move the constants from hw/core/qdev-properties.c to util/block-helpers.h so that knowledge of the min/max values is Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Coiby Xu <coiby.xu@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Message-id: 20200918080912.321299-5-coiby.xu@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-22Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sd-next-20201021' ↵Peter Maydell
into staging SD/MMC patches Fix two heap-overflow reported by Alexander Bulekov while fuzzing: - https://bugs.launchpad.net/qemu/+bug/1892960 - https://bugs.launchpad.net/qemu/+bug/1895310 CI jobs results: . https://cirrus-ci.com/build/6399328187056128 . https://gitlab.com/philmd/qemu/-/pipelines/205701966 . https://travis-ci.org/github/philmd/qemu/builds/737708930 # gpg: Signature made Wed 21 Oct 2020 18:33:08 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/sd-next-20201021: hw/sd/sdcard: Assert if accessing an illegal group hw/sd/sdcard: Do not attempt to erase out of range addresses hw/sd/sdcard: Reset both start/end addresses on error hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS hw/sd/sdcard: Introduce the INVALID_ADDRESS definition hw/sd/sdcard: Add trace event for ERASE command (CMD38) hw/sd/sdhci: Yield if interrupt delivered during multiple transfer hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses hw/sd/sdhci: Stop multiple transfers when block count is cleared hw/sd/sdhci: Fix DMA Transfer Block Size field hw/sd/sdhci: Document the datasheet used hw/sd/sdhci: Fix qemu_log_mask() format string Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21Merge remote-tracking branch ↵Peter Maydell
'remotes/kraxel/tags/microvm-20201021-pull-request' into staging microvm: fix PCIe IRQs in APIC table. microvm: add usb support. # gpg: Signature made Wed 21 Oct 2020 15:48:00 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/microvm-20201021-pull-request: tests/acpi: update expected data files tests/acpi: add microvm rtc test tests/acpi: add microvm usb test tests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files tests/acpi: allow updates for expected data files microvm: add usb support usb/xhci: fixup xhci kconfig deps usb/xhci: add xhci_sysbus_build_aml() helper usb/xhci: add include/hw/usb/xhci.h header file acpi: add aml builder stubs tests/acpi: disallow changes for microvm/APIC.pcie tests/acpi: update expected data files apci: drop has_pci arg for acpi_build_madt microvm: set pci_irq_mask x86: make pci irqs runtime configurable tests/acpi: add empty microvm/APIC.pcie tests/acpi: allow changes for microvm/APIC.pcie Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-10-21' into ↵Peter Maydell
staging QAPI patches patches for 2020-10-21 # gpg: Signature made Wed 21 Oct 2020 04:01:41 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2020-10-21: qapi: Restrict Xen migration commands to migration.json qapi: Restrict 'query-kvm' command to machine code qapi: Restrict '(p)memsave' command to machine code qapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json qapi: Restrict 'inject-nmi' command to machine code Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21hw/sd/sdcard: Assert if accessing an illegal groupPhilippe Mathieu-Daudé
We can not have more group than 'wpgrps_size'. Assert if we are accessing a group above this limit. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-7-f4bug@amsat.org>
2020-10-21hw/sd/sdcard: Do not attempt to erase out of range addressesPhilippe Mathieu-Daudé
While the Spec v3 is not very clear, v6 states: If the host provides an out of range address as an argument to CMD32 or CMD33, the card shall indicate OUT_OF_RANGE error in R1 (ERX) for CMD38. If an address is out of range, do not attempt to erase it: return R1 with the error bit set. Buglink: https://bugs.launchpad.net/qemu/+bug/1895310 Reported-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-6-f4bug@amsat.org>
2020-10-21hw/sd/sdcard: Reset both start/end addresses on errorPhilippe Mathieu-Daudé
From the Spec "4.3.5 Erase": The host should adhere to the following command sequence: ERASE_WR_BLK_START, ERASE_WR_BLK_END and ERASE (CMD38). If an erase (CMD38) or address setting (CMD32, 33) command is received out of sequence, the card shall set the ERASE_SEQ_ERROR bit in the status register and reset the whole sequence. Reset both addresses if the ERASE command occured out of sequence (one of the start/end address is not set). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-5-f4bug@amsat.org>
2020-10-21hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESSPhilippe Mathieu-Daudé
As it is legal to WRITE/ERASE the address/block 0, change the value of this definition to an illegal address: UINT32_MAX. Unfortunately this break the migration stream, so bump the VMState version number. This affects some ARM boards and the SDHCI_PCI device (which is only used for testing). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-4-f4bug@amsat.org>
2020-10-21hw/sd/sdcard: Introduce the INVALID_ADDRESS definitionPhilippe Mathieu-Daudé
'0' is used as a value to indicate an invalid (or unset) address. Use a definition instead of a magic value. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-3-f4bug@amsat.org>
2020-10-21hw/sd/sdcard: Add trace event for ERASE command (CMD38)Philippe Mathieu-Daudé
Trace addresses provided to the ERASE command. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-2-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Yield if interrupt delivered during multiple transferPhilippe Mathieu-Daudé
The Descriptor Table has a bit to allow the DMA to generates Interrupt when the operation of the descriptor line is completed (see "1.13.4. Descriptor Table" of 'SD Host Controller Simplified Specification Version 2.00'). If we have pending interrupt and the descriptor requires it to be generated as soon as it is completed, reschedule pending transfers and yield to the CPU. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200903172806.489710-5-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was deliveredPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200903172806.489710-4-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Resume pending DMA transfers on MMIO accessesPhilippe Mathieu-Daudé
If we have pending DMA requests scheduled, process them first. So far we don't need to implement a bottom half to process them. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200903172806.489710-3-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Stop multiple transfers when block count is clearedPhilippe Mathieu-Daudé
Clearing BlockCount stops multiple transfers. See "SD Host Controller Simplified Specification Version 2.00": - 2.2.3. Block Count Register (Offset 006h) - Table 2-8 : Determination of Transfer Type Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200903172806.489710-2-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Fix DMA Transfer Block Size fieldPhilippe Mathieu-Daudé
The 'Transfer Block Size' field is 12-bit wide. See section '2.2.2. Block Size Register (Offset 004h)' in datasheet. Two different bug reproducer available: - https://bugs.launchpad.net/qemu/+bug/1892960 - https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1 Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 Fixes: d7dfca0807a ("hw/sdhci: introduce standard SD host controller") Reported-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200901140411.112150-3-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Document the datasheet usedPhilippe Mathieu-Daudé
Add datasheet name in the file header. We can not add the direct download link since there is a disclaimers to agree first on the SD Association website (www.sdcard.org). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200901140411.112150-3-f4bug@amsat.org>
2020-10-21hw/sd/sdhci: Fix qemu_log_mask() format stringPhilippe Mathieu-Daudé
Add missing newline character in qemu_log_mask() format. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200901140411.112150-2-f4bug@amsat.org>
2020-10-21microvm: add usb supportGerd Hoffmann
Wire up "usb=on" machine option, when enabled add a sysbus xhci controller with 8 ports. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201020074844.5304-6-kraxel@redhat.com
2020-10-21usb/xhci: fixup xhci kconfig depsGerd Hoffmann
USB_XHCI does not depend on PCI any more. USB_XHCI_SYSBUS must select USB_XHCI not USB. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Message-id: 20201020074844.5304-5-kraxel@redhat.com
2020-10-21usb/xhci: add xhci_sysbus_build_aml() helperGerd Hoffmann
The helper generates an acpi dsdt device entry for the xhci sysbus device. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201020074844.5304-4-kraxel@redhat.com
2020-10-21usb/xhci: add include/hw/usb/xhci.h header fileGerd Hoffmann
Move a bunch of defines which might be needed outside core xhci code to that place. Add XHCI_ prefixes to avoid name clashes. No functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Message-id: 20201020074844.5304-3-kraxel@redhat.com
2020-10-21acpi: add aml builder stubsGerd Hoffmann
Add stubs for aml_interrupt and aml_memory32_fixed, these will be needed by followup patches, Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201020074844.5304-2-kraxel@redhat.com
2020-10-21apci: drop has_pci arg for acpi_build_madtGerd Hoffmann
Setting x86ms->pci_irq_mask to zero has the same effect, so we don't need the has_pci argument any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201016113835.17465-6-kraxel@redhat.com
2020-10-21microvm: set pci_irq_maskGerd Hoffmann
Makes sure the PCI interrupt overrides are added to the APIC table in case PCIe is enabled. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201016113835.17465-5-kraxel@redhat.com
2020-10-21x86: make pci irqs runtime configurableGerd Hoffmann
Add a variable to x86 machine state instead of hard-coding the PCI interrupts. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201016113835.17465-4-kraxel@redhat.com
2020-10-21qapi: Restrict Xen migration commands to migration.jsonPhilippe Mathieu-Daudé
Restricting xen-set-global-dirty-log and xen-load-devices-state commands migration.json pulls slightly less QAPI-generated code into user-mode and tools. Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201012121536.3381997-6-philmd@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-10-20hw/arm/nseries: Fix loading kernel image on n8x0 machinesPhilippe Mathieu-Daudé
Commit 7998beb9c2e removed the ram_size initialization in the arm_boot_info structure, however it is used by arm_load_kernel(). Initialize the field to fix: $ qemu-system-arm -M n800 -append 'console=ttyS1' \ -kernel meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0 qemu-system-arm: kernel 'meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0' is too large to fit in RAM (kernel size 1964608, RAM size 0) Noticed while running the test introduced in commit 050a82f0c5b ("tests/acceptance: Add a test for the N800 and N810 arm machines"). Fixes: 7998beb9c2e ("arm/nseries: use memdev for RAM") Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Message-id: 20201019095148.1602119-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20microbit_i2c: Fix coredump when dump-vmstatePeng Liang
VMStateDescription.fields should be end with VMSTATE_END_OF_LIST(). However, microbit_i2c_vmstate doesn't follow it. Let's change it. Fixes: 9d68bf564e ("arm: Stub out NRF51 TWI magnetometer/accelerometer detection") Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Peng Liang <liangpeng10@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20201019093401.2993833-1-liangpeng10@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbersPhilippe Mathieu-Daudé
The IRQ values are defined few lines earlier, use them instead of the magic numbers. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201017180731.1165871-3-f4bug@amsat.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlersPhilippe Mathieu-Daudé
Add trace events for GPU and CPU IRQs. Reviewed-by: Luc Michel <luc.michel@greensocs.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201017180731.1165871-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQsPhilippe Mathieu-Daudé
The SYS_timer is not directly wired to the ARM core, but to the SoC (peripheral) interrupt controller. Fixes: 0e5bbd74064 ("hw/arm/bcm2835_peripherals: Use the SYS_timer") Reviewed-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201010203709.3116542-5-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/timer/bcm2835: Support the timer COMPARE registersPhilippe Mathieu-Daudé
This peripheral has 1 free-running timer and 4 compare registers. Only the free-running timer is implemented. Add support the COMPARE registers (each register is wired to an IRQ). Reference: "BCM2835 ARM Peripherals" datasheet [*] chapter 12 "System Timer": The System Timer peripheral provides four 32-bit timer channels and a single 64-bit free running counter. Each channel has an output compare register, which is compared against the 32 least significant bits of the free running counter values. When the two values match, the system timer peripheral generates a signal to indicate a match for the appropriate channel. The match signal is then fed into the interrupt controller. This peripheral is used since Linux 3.7, commit ee4af5696720 ("ARM: bcm2835: add system timer"). [*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20201010203709.3116542-4-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/timer/bcm2835: Rename variable holding CTRL_STATUS registerPhilippe Mathieu-Daudé
The variable holding the CTRL_STATUS register is misnamed 'status'. Rename it 'ctrl_status' to make it more obvious this register is also used to control the peripheral. Reviewed-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201010203709.3116542-3-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definitionPhilippe Mathieu-Daudé
Use the BCM2835_SYSTIMER_COUNT definition instead of the magic '4' value. Reviewed-by: Luc Michel <luc.michel@greensocs.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201010203709.3116542-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/arm: Restrict APEI tables generation to the 'virt' machinePhilippe Mathieu-Daudé
While APEI is a generic ACPI feature (usable by X86 and ARM64), only the 'virt' machine uses it, by enabling the RAS Virtualization. See commit 2afa8c8519: "hw/arm/virt: Introduce a RAS machine option"). Restrict the APEI tables generation code to the single user: the virt machine. If another machine wants to use it, it simply has to 'select ACPI_APEI' in its Kconfig. Fixes: aa16508f1d ("ACPI: Build related register address fields via hardware error fw_cfg blob") Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dongjiu Geng <gengdongjiu@huawei.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20201008161414.2672569-1-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20hw/arm/strongarm: Fix 'time to transmit a char' unit commentPhilippe Mathieu-Daudé
The time to transmit a char is expressed in nanoseconds, not in ticks. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201014213601.205222-1-f4bug@amsat.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19hw/xen: Set suppress-vmdesc for Xen machinesJason Andryuk
xen-save-devices-state doesn't currently generate a vmdesc, so restore always triggers "Expected vmdescription section, but got 0". This is not a problem when restore comes from a file. However, when QEMU runs in a linux stubdom and comes over a console, EOF is not received. This causes a delay restoring - though it does restore. Setting suppress-vmdesc skips looking for the vmdesc during restore and avoids the wait. The other approach would be generate a vmdesc in qemu_save_device_state. Since COLO shared that function, and the vmdesc is just discarded on restore, we choose to skip it. Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-Id: <20201013190506.3325-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19xen-bus: reduce scope of backend watchPaul Durrant
Currently a single watch on /local/domain/X/backend is registered by each QEMU process running in service domain X (where X is usually 0). The purpose of this watch is to ensure that QEMU is notified when the Xen toolstack creates a new device backend area. Such a backend area is specific to a single frontend area created for a specific guest domain and, since each QEMU process is also created to service a specfic guest domain, it is unnecessary and inefficient to notify all QEMU processes. Only the QEMU process associated with the same guest domain need receive the notification. This patch re-factors the watch registration code such that notifications are targetted appropriately. Reported-by: Jerome Leseinne <jerome.leseinne@gmail.com> Signed-off-by: Paul Durrant <pdurrant@amazon.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Message-Id: <20201001081500.1026-1-paul@xen.org> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19xen: xenguest is not used so is not neededMichael Tokarev
There's no references in only file which includes xenguest.h to any xen definitions. And there's no references to -lxenguest in qemu, either. Drop it. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Message-Id: <20200727140048.19779-1-mjt@msgid.tls.msk.ru> [perard: rebased] Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-10-19Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201019' ↵Peter Maydell
into staging 9pfs: add tests using local fs driver The currently existing 9pfs test cases are all solely using the 9pfs 'synth' fileystem driver, which is a very simple and purely simulated (in RAM only) filesystem. There are issues though where the 'synth' fs driver is not sufficient. For example the following two bugs need test cases running the 9pfs 'local' fs driver: https://bugs.launchpad.net/qemu/+bug/1336794 https://bugs.launchpad.net/qemu/+bug/1877384 This patch set for that reason introduces 9pfs test cases using the 9pfs 'local' filesystem driver along to the already existing tests on 'synth'. # gpg: Signature made Mon 19 Oct 2020 13:39:08 BST # gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395 # gpg: issuer "qemu_oss@crudebyte.com" # gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4 # Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395 * remotes/cschoenebeck/tags/pull-9p-20201019: tests/9pfs: add local Tmkdir test tests/9pfs: add virtio_9p_test_path() tests/9pfs: wipe local 9pfs test directory tests/9pfs: introduce local tests tests/9pfs: change qtest name prefix to synth 9pfs: suppress performance warnings on qtest runs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19Merge remote-tracking branch 'remotes/kraxel/tags/usb-20201019-pull-request' ↵Peter Maydell
into staging usb: fixes for dwc2 + ehci. # gpg: Signature made Mon 19 Oct 2020 13:33:16 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20201019-pull-request: hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() usb/hcd-ehci: Fix error handling on missing device for iTD usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-199pfs: suppress performance warnings on qtest runsChristian Schoenebeck
Don't trigger any performance warning if we're just running test cases, because tests intentionally run for edge cases. So far performance warnings were suppressed for the 'synth' fs driver backend only. This patch suppresses them for all 9p fs driver backends. Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <a2d2ff2163f8853ea782a7a1d4e6f2afd7c29ffe.1603106145.git.qemu_oss@crudebyte.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2020-10-19Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201019' ↵Peter Maydell
into staging qemu-macppc updates # gpg: Signature made Mon 19 Oct 2020 08:13:16 BST # gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F # gpg: issuer "mark.cave-ayland@ilande.co.uk" # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full] # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-macppc-20201019: mac_oldworld: Change PCI address of macio to match real hardware mac_oldworld: Drop some variables mac_oldworld: Drop a variable, use get_system_memory() directly mac_newworld: Allow loading binary ROM image mac_oldworld: Allow loading binary ROM image m48t59: remove legacy m48t59_init() function ppc405_boards: use qdev properties instead of legacy m48t59_init() function sun4u: use qdev properties instead of legacy m48t59_init() function sun4m: use qdev properties instead of legacy m48t59_init() function m48t59-isa: remove legacy m48t59_init_isa() function uninorth: use qdev gpios for PCI IRQs grackle: use qdev gpios for PCI IRQs macio: don't reference serial_hd() directly within the device Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20201017' ↵Peter Maydell
into staging MIPS patches queue . Fix some comment spelling errors . Demacro some TCG helpers . Add loongson-ext lswc2/lsdc2 group of instructions . Log unimplemented cache opcode . Increase number of TLB entries on the 34Kf core . Allow the CPU to use dynamic frequencies . Calculate the CP0 timer period using the CPU frequency . Set CPU frequency for each machine . Fix Malta FPGA I/O region size . Allow running qtests when ROM is missing . Add record/replay acceptance tests . Update MIPS CPU documentation . MAINTAINERS updates CI jobs results: https://gitlab.com/philmd/qemu/-/pipelines/203931842 https://travis-ci.org/github/philmd/qemu/builds/736491461 https://cirrus-ci.com/build/6272264062631936 https://app.shippable.com/github/philmd/qemu/runs/886/summary/console # gpg: Signature made Sat 17 Oct 2020 14:59:53 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/mips-next-20201017: (44 commits) target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64) MAINTAINERS: Remove duplicated Malta test entries MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail MAINTAINERS: Put myself forward for MIPS target MAINTAINERS: Remove myself docs/system: Update MIPS CPU documentation tests/acceptance: Add MIPS record/replay tests hw/mips: Remove exit(1) in case of missing ROM hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE) hw/mips: Simplify loading 64-bit ELF kernels hw/mips/malta: Use clearer qdev style hw/mips/malta: Move gt64120 related code together hw/mips/malta: Fix FPGA I/O region size target/mips/cpu: Display warning when CPU is used without input clock hw/mips/cps: Do not allow use without input clock hw/mips/malta: Set CPU frequency to 320 MHz hw/mips/boston: Set CPU frequency to 1 GHz hw/mips/cps: Expose input clock and connect it to CPU cores hw/mips/jazz: Correct CPU frequencies ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-19hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()Mauro Matteo Cascella
Check the value of mps to avoid potential divide-by-zero later in the function. Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest from crashing the QEMU process on the host. Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reviewed-by: Paul Zimmerman <pauldzim@gmail.com> Reported-by: Gaoning Pan <gaoning.pgn@antgroup.com> Reported-by: Xingwei Lin <linyi.lxw@antfin.com> Message-id: 20201015075957.268823-1-mcascell@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19usb/hcd-ehci: Fix error handling on missing device for iTDAnthony PERARD
The EHCI Host Controller emulation attempt to locate the device associated with a periodic isochronous transfer description (iTD) and when this fail the host controller is reset. But according the EHCI spec 1.0 section 5.15.2.4 Host System Error, the host controller is supposed to reset itself only when it failed to communicate with the Host (Operating System), like when there's an error on the PCI bus. If a transaction fails, there's nothing in the spec that say to reset the host controller. This patch rework the error path so that the host controller can keep working when the OS setup a bogus transaction, it also revert to the behavior of the EHCI emulation to before commits: e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()") 7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()") The issue has been found while trying to passthrough a USB device to a Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB device from working in Windows. ("usb-ehci" alone works, windows only setup this weird periodic iTD to device 127 endpoint 15 when the USB device is passthrough.) Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)Paul Zimmerman
Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...), to prevent the guest from causing Qemu to assert. Also fix up several existing qemu_log_mask()s to include the function name in the message. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paul Zimmerman <pauldzim@gmail.com> Message-id: 20200920021449.830-1-pauldzim@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-10-19mac_oldworld: Change PCI address of macio to match real hardwareBALATON Zoltan
The board firmware expect these to be at fixed addresses and programs them without probing, this patch puts the macio device at the expected PCI address. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <f14bcaf3cf129500710ba5289980a134086bd949.1602805637.git.balaton@eik.bme.hu> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19mac_oldworld: Drop some variablesBALATON Zoltan
Values not used frequently enough may not worth putting in a local variable, especially with names almost as long as the original value because that does not improve readability, to the contrary it makes it harder to see what value is used. Drop a few such variables. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <d67bc8d914a366ca6822b5190c1308d31af5c9b3.1602805637.git.balaton@eik.bme.hu> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-19mac_oldworld: Drop a variable, use get_system_memory() directlyBALATON Zoltan
Half of the occurances already use get_system_memory() directly instead of sysmem variable, convert the two other uses to get_system_memory() too which seems to be more common and drop the variable. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <b4c714e03690deb6f94f80f7a5b2af47d90550ae.1602805637.git.balaton@eik.bme.hu> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>