aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2022-09-22hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocationPhilippe Mathieu-Daudé
The compiler isn't clever enough to figure 'width' is a constant, so help it by using a definitions instead. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220819153931.3147384-10-peter.maydell@linaro.org
2022-09-22hw/i386/multiboot: Avoid dynamic stack allocationPhilippe Mathieu-Daudé
Use autofree heap allocation instead of variable-length array on the stack. Replace the snprintf() call by g_strdup_printf(). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220819153931.3147384-9-peter.maydell@linaro.org
2022-09-22hw/intc/xics: Avoid dynamic stack allocationPhilippe Mathieu-Daudé
Use autofree heap allocation instead of variable-length array on the stack. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220819153931.3147384-8-peter.maydell@linaro.org
2022-09-22hw/ppc/pnv: Avoid dynamic stack allocationPhilippe Mathieu-Daudé
Use autofree heap allocation instead of variable-length array on the stack. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-id: 20220819153931.3147384-7-peter.maydell@linaro.org
2022-09-22hw/net/e1000e_core: Use definition to avoid dynamic stack allocationPhilippe Mathieu-Daudé
The compiler isn't clever enough to figure 'min_buf_size' is a constant, so help it by using a definitions instead. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220819153931.3147384-6-peter.maydell@linaro.org
2022-09-22hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified levelLucas Dietrich
The LAN9118 allows the guest to specify a level for both the TX and RX FIFOs at which an interrupt will be generated. We implement the RSFL_INT interrupt for the RX FIFO but are missing the handling of the equivalent TSFL_INT for the TX FIFO. Add the missing test to set the interrupt if the TX FIFO has exceeded the guest-specified level. This flag is required for Micrium lan911x ethernet driver to work. Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com> [PMM: Tweaked commit message and comment] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-22hw/acpi: Add ospm_status hook implementation for acpi-gedKeqian Zhu
Setup an ARM virtual machine of machine virt and execute qmp "query-acpi-ospm-status" causes segmentation fault with following dumpstack: #1 0x0000aaaaab64235c in qmp_query_acpi_ospm_status (errp=errp@entry=0xfffffffff030) at ../monitor/qmp-cmds.c:312 #2 0x0000aaaaabfc4e20 in qmp_marshal_query_acpi_ospm_status (args=<optimized out>, ret=0xffffea4ffe90, errp=0xffffea4ffe88) at qapi/qapi-commands-acpi.c:63 #3 0x0000aaaaabff8ba0 in do_qmp_dispatch_bh (opaque=0xffffea4ffe98) at ../qapi/qmp-dispatch.c:128 #4 0x0000aaaaac02e594 in aio_bh_call (bh=0xffffe0004d80) at ../util/async.c:150 #5 aio_bh_poll (ctx=ctx@entry=0xaaaaad0f6040) at ../util/async.c:178 #6 0x0000aaaaac00bd40 in aio_dispatch (ctx=ctx@entry=0xaaaaad0f6040) at ../util/aio-posix.c:421 #7 0x0000aaaaac02e010 in aio_ctx_dispatch (source=0xaaaaad0f6040, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:320 #8 0x0000fffff76f6884 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #9 0x0000aaaaac0452d4 in glib_pollfds_poll () at ../util/main-loop.c:297 #10 os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:320 #11 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:596 #12 0x0000aaaaab5c9e50 in qemu_main_loop () at ../softmmu/runstate.c:734 #13 0x0000aaaaab185370 in qemu_main (argc=argc@entry=47, argv=argv@entry=0xfffffffff518, envp=envp@entry=0x0) at ../softmmu/main.c:38 #14 0x0000aaaaab16f99c in main (argc=47, argv=0xfffffffff518) at ../softmmu/main.c:47 Fixes: ebb62075021a ("hw/acpi: Add ACPI Generic Event Device Support") Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20220816094957.31700-1-zhukeqian1@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-22hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logicAnton Kochkov
For consistency, function "update_rx_fifo()" should use the RX FIFO register field names, not the TX FIFO ones, even if they refer to the same bit positions in the register. Signed-off-by: Anton Kochkov <anton.kochkov@proton.me> Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> Message-id: 20220817141754.2105981-1-anton.kochkov@proton.me Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1123 [PMM: tweaked commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-09-21Merge tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu into stagingStefan Hajnoczi
ppc patch queue for 2022-09-20: This queue contains a implementation of PowerISA 3.1B hash insns, ppc TCG insns cleanups and fixes, and miscellaneus fixes in the spapr and pnv_phb models. # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYyoWlAAKCRA82cqW3gMx # ZDYhAP0eQMeA4NS3hiw7WMcAVg0pei3ZJL9oEh1UE3+MfK7MhQEA0q8qExWnQJAA # a0hfnFH9pLjI+v0f/FbFK6QJBpu/bg8= # =qT+H # -----END PGP SIGNATURE----- # gpg: Signature made Tue 20 Sep 2022 15:37:56 EDT # gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164 # gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164 * tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu: hw/ppc/spapr: Fix code style problems reported by checkpatch hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure hw/ppc: spapr: Use qemu_vfree() to free spapr->htab target/ppc: Clear fpstatus flags on helpers missing it target/ppc: Zero second doubleword of VSR registers for FPR insns target/ppc: Set OV32 when OV is set target/ppc: Zero second doubleword for VSX madd instructions target/ppc: Set result to QNaN for DENBCD when VXCVI occurs target/ppc: Zero second doubleword in DFP instructions target/ppc: Remove unused xer_* macros target/ppc: Remove extra space from s128 field in ppc_vsr_t target/ppc: Merge fsqrt and fsqrts helpers target/ppc: Move fsqrts to decodetree target/ppc: Move fsqrt to decodetree target/ppc: Implement hashstp and hashchkp target/ppc: Implement hashst and hashchk target/ppc: Add HASHKEYR and HASHPKEYR SPRs Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-20Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi
* add help option for -audio and -audiodev * another missing memory barrier for dirty pages * target/i386: Raise #GP on unaligned m128 accesses * coverity fixes + improvements to components * add MMX and 3DNow! tests * SSE4a fixes * target/i386: TCG translation cleanups * update qboot submodule # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMocZcUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroNV7Qf+NEoB8R0ug+ClMRe1Qqt8FXEd0eXE # nT19q4rOWfmW4/L+wI6gpxhbxrxOuLwoZ8YvD8c6rQAdexMoHoeTvA1PAca4zZTo # ISmW3bXsoHN2uGLPz4CKhjKBLCANtDkh3EWCwRFkLSRCLSRDhKPrG1Ue3fOgQ6GO # riROcxbyYzvU/4uefSW+xG/Im9gftNF6occZZ59LrK7Xd8kwlb+E+EdsmzFw5f8O # Q9irVQ8pX9ZM4BK2KiT16nZ0uSRwJqSJKbLI670nUEsj1jQCIgU3srgZHjAIvoir # yivDs6oktgS/HkPD5CQoTX+fVDgEDM1TTF6P8r7uJopPXpzz+AHswfSJmg== # =RVCS # -----END PGP SIGNATURE----- # gpg: Signature made Mon 19 Sep 2022 09:41:43 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (21 commits) qboot: update to latest submodule build: remove extra parentheses causing missing rebuilds target/i386: introduce insn_get_addr target/i386: REPZ and REPNZ are mutually exclusive target/i386: fix INSERTQ implementation target/i386: correctly mask SSE4a bit indices in register operands audio: add help option for -audio and -audiodev tests/tcg: remove old SSE tests tests/tcg: refine MMX support in SSE tests tests/tcg: i386: add MMX and 3DNow! tests tests/tcg: i386: fix typos in 3DNow! instructions tests: unit: add NULL-pointer check tests: test-qga: close socket on failure to connect tests: unit: simplify test-visitor-serialization list tests smbios: sanitize type from external type before checking have_fields_bitmap coverity: put NUBus under m68k component coverity: add new RISC-V component spapr_pci: fix leak in spapr_phb_vfio_get_loc_code kvm: fix memory leak on failure to read stats descriptors target/i386: Raise #GP on unaligned m128 accesses when required. ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-20hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failureXuzhou Cheng
pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the instance_size initialization. This results in accessing out-of-bound memory when setting 'chip-id' and 'phb-id', and eventually crashes glib's malloc functionality with the following message: "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 bytes" This issue was noticed only when running qtests with QEMU Windows 32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose this bug though. Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge") Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge") Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com> Signed-off-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20220920103159.1865256-29-bmeng.cn@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-09-20hw/ppc: spapr: Use qemu_vfree() to free spapr->htabXuzhou Cheng
spapr->htab is allocated by qemu_memalign(), hence we should use qemu_vfree() to free it. Fixes: c5f54f3e31bf ("pseries: Move hash page table allocation to reset time") Fixes: b4db54132ffe ("target/ppc: Implement H_REGISTER_PROCESS_TABLE H_CALL"") Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com> Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220920103159.1865256-28-bmeng.cn@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-09-20hw/loongarch: Improve acpi dsdt tableXiaojuan Yang
Cleanup the previous pci information in acpi dsdt table. And using the common acpi_dsdt_add_gpex function to build the gpex and pci information. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-10-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Support memory hotplugXiaojuan Yang
Add hotplug/unplug interface for memory device. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-9-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Fix acpi ged irq number in dsdt tableXiaojuan Yang
In dsdt, acpi ged irq should use gsi number, and the VIRT_SCI_IRQ means it. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-8-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Add RAMFB to dynamic_sysbus_devices listXiaojuan Yang
Add RAMFB device to dynamic_sysbus_devices list so that it can be hotpluged to the machine. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-7-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Add hotplug handler for machineXiaojuan Yang
Add hotplug handler for LoongArch virt machine and now only support the dynamic sysbus device. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-6-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Add platform bus supportXiaojuan Yang
Add platform bus support and add the bus information such as address, size, irq number to FDT table. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-5-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-20hw/loongarch: Add interrupt information to FDT tableXiaojuan Yang
Add interrupt information to FDT table, such as interrupt controller info, compatiable info, etc. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-4-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-19hw/loongarch: Support fw_cfg dma functionXiaojuan Yang
Support fw_cfg dma function for LoongArch virt machine. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-3-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-19hw/loongarch: Remove vga device when loongarch initXiaojuan Yang
Remove the vga device when loongarch machine init and we will support other display device in the future. Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn> Acked-by: Song Gao <gaosong@loongson.cn> Message-Id: <20220908094623.73051-2-yangxiaojuan@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-09-18smbios: sanitize type from external type before checking have_fields_bitmapPaolo Bonzini
test_bit uses header->type as an offset; if the file incorrectly specifies a type greater than 127, smbios_entry_add will read and write garbage. To fix this, just pass the smbios data through, assuming the user knows what to do. Reported by Coverity as CID 1487255. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-18spapr_pci: fix leak in spapr_phb_vfio_get_loc_codePaolo Bonzini
Overwriting "path" in the second call to g_strdup_printf() causes a memory leak, even if the variable itself is g_autofree. Reported by Coverity as CID 1460454. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-17Merge tag 'pull-arm-20220914' of https://gitlab.com/rth7680/qemu into stagingStefan Hajnoczi
Add cortex-a35. Fix bcm2835 framebuffer for rpi firmware. Add FEAT_ETS. Add FEAT_PMUv3p5. Cleanups to armv7m_load_kernel. # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmMhwAsdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/7Xgf9Ezg+etwsEzY0EWtH # yoQ7ymJHM1VKqtLkbk9U+Ju18YHEi3fwbYbfLgzkAMFHKDUteKJivKm2w41tsw5g # lE+5PojQT3k8PffaqeFzKG/JsDPoqKtTa23WjkafbIQAbjRT8JtmF/JmSLaaxyqW # DozPXJ9jXMS+Q2BxHnoCBuy/Kb3zsqekCr8DOgUIXY5gcAB6q1I8SMX2BrhsIyvV # vZxNm+hFDCOJtXvkAekMrwGkiIBYoBNpswnv40ldeSvRtD8tnty73JUt+AnWoCwi # zH4k+CvWICIuZT7oxVecRhlOojtaP5cUTXs0+zhk6GxEx/X6wmXd42heO9ZJL0y1 # 6FH0xw== # =ohPU # -----END PGP SIGNATURE----- # gpg: Signature made Wed 14 Sep 2022 07:50:35 EDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * tag 'pull-arm-20220914' of https://gitlab.com/rth7680/qemu: target/arm: Make boards pass base address to armv7m_load_kernel() target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel() target/arm: Report FEAT_PMUv3p5 for TCG '-cpu max' target/arm: Support 64-bit event counters for FEAT_PMUv3p5 target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits target/arm: Rename pmu_8_n feature test functions target/arm: Detect overflow when calculating next PMU interrupt target/arm: Honour MDCR_EL2.HPMD in Secure EL2 target/arm: Ignore PMCR.D when PMCR.LC is set target/arm: Don't mishandle count when enabling or disabling PMU counters target/arm: Correct value returned by pmu_counter_mask() target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows target/arm: Add missing space in comment target/arm: Advertise FEAT_ETS for '-cpu max' target/arm: Implement ID_DFR1 target/arm: Implement ID_MMFR5 target/arm: Sort KVM reads of AArch32 ID registers into encoding order target/arm: Make cpregs 0, c0, c{3-15}, {0-7} correctly RAZ in v8 hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS target/arm: Add cortex-a35 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-14target/arm: Make boards pass base address to armv7m_load_kernel()Peter Maydell
Currently armv7m_load_kernel() takes the size of the block of memory where it should load the initial guest image, but assumes that it should always load it at address 0. This happens to be true of all our M-profile boards at the moment, but it isn't guaranteed to always be so: M-profile CPUs can be configured (via init-svtor and init-nsvtor, which match equivalent hardware configuration signals) to have the initial vector table at any address, not just zero. (For instance the Teeny board has the boot ROM at address 0x0200_0000.) Add a base address argument to armv7m_load_kernel(), so that callers now pass in both base address and size. All the current callers pass 0, so this is not a behaviour change. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220823160417.3858216-3-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel()Peter Maydell
Arm system emulation targets always have TARGET_BIG_ENDIAN clear, so there is no need to have handling in armv7m_load_kernel() for the case when it is defined. Remove the unnecessary code. Side notes: * our M-profile implementation is always little-endian (that is, it makes the IMPDEF choice that the read-only AIRCR.ENDIANNESS is 0) * if we did want to handle big-endian ELF files here we should do it the way that hw/arm/boot.c:arm_load_elf() does, by looking at the ELF header to see what endianness the file itself is Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220823160417.3858216-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14hw/arm/bcm2835_property: Add support for ↵Enrik Berkhan
RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS In more recent Raspbian OS Linux kernels, the fb driver gives up immediately if RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS fails or no displays are reported. This change simply always reports one display. It makes bcm2835_fb work again with these more recent kernels. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Enrik Berkhan <Enrik.Berkhan@inka.de> Message-Id: <20220812143519.59134-1-Enrik.Berkhan@inka.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-14target/arm: Add cortex-a35Hao Wu
Add cortex A35 core and enable it for virt board. Signed-off-by: Hao Wu <wuhaotsh@google.com> Reviewed-by: Joe Komlodi <komlodi@google.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20220819002015.1663247-1-wuhaotsh@google.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-09tpm_crb: Avoid backend startup just before shutdown under XenRoss Lagerwall
When running under Xen and the guest reboots, it boots into a new domain with a new QEMU process (and a new swtpm process if using the emulator backend). The existing reset function is triggered just before the old QEMU process exists which causes QEMU to startup the TPM backend and then immediately shut it down. This is probably harmless but when using the emulated backend, it wastes CPU and IO time reloading state, etc. Fix this by calling the reset function directly from realize() when running under Xen. During a reboot, this will be called by the QEMU process for the new domain. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Message-id: 20220826143841.1515326-1-ross.lagerwall@citrix.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2022-09-07hw/riscv: virt: Add PMU DT node to the device treeAtish Patra
Qemu virt machine can support few cache events and cycle/instret counters. It also supports counter overflow for these events. Add a DT node so that OpenSBI/Linux kernel is aware of the virt machine capabilities. There are some dummy nodes added for testing as well. Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com> Message-Id: <20220824221701.41932-5-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/intc: Move mtimer/mtimecmp to aclintAtish Patra
Historically, The mtime/mtimecmp has been part of the CPU because they are per hart entities. However, they actually belong to aclint which is a MMIO device. Move them to the ACLINT device. This also emulates the real hardware more closely. Reviewed-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Signed-off-by: Atish Patra <atishp@rivosinc.com> Message-Id: <20220824221357.41070-2-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07target/riscv: Use official extension names for AIA CSRsAnup Patel
The arch review of AIA spec is completed and we now have official extension names for AIA: Smaia (M-mode AIA CSRs) and Ssaia (S-mode AIA CSRs). Refer, section 1.6 of the latest AIA v0.3.1 stable specification at https://github.com/riscv/riscv-aia/releases/download/0.3.1-draft.32/riscv-interrupts-032.pdf) Based on above, we update QEMU RISC-V to: 1) Have separate config options for Smaia and Ssaia extensions which replace RISCV_FEATURE_AIA in CPU features 2) Not generate AIA INTC compatible string in virt machine Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220820042958.377018-1-apatel@ventanamicro.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/core: fix platform bus node nameConor Dooley
"platform" is not a valid name for a bus node in dt-schema, so warnings can be see in dt-validate on a dump of the riscv virt dtb: /stuff/qemu/qemu.dtb: platform@4000000: $nodename:0: 'platform@4000000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$' From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml "platform-bus" is a valid name, so use that instead. CC: Rob Herring <robh@kernel.org> Fixes: 11d306b9df ("hw/arm/sysbus-fdt: helpers for platform bus nodes addition") Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Message-id: 20220810184612.157317-5-mail@conchuod.ie Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: virt: fix syscon subnode pathsConor Dooley
The reset and poweroff features of the syscon were originally added to top level, which is a valid path for a syscon subnode. Subsequently a reorganisation was carried out while implementing NUMA in which the subnodes were moved into the /soc node. As /soc is a "simple-bus", this path is invalid, and so dt-validate produces the following warnings: /stuff/qemu/qemu.dtb: soc: poweroff: {'value': [[21845]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-poweroff']} should not be valid under {'type': 'object'} From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml /stuff/qemu/qemu.dtb: soc: reboot: {'value': [[30583]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-reboot']} should not be valid under {'type': 'object'} From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml Move the syscon subnodes back to the top level and silence the warnings. Reported-by: Rob Herring <robh@kernel.org> Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220810184612.157317-4-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: 18df0b4695 ("hw/riscv: virt: Allow creating multiple NUMA sockets") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: virt: fix the plic's address cellsConor Dooley
When optional AIA PLIC support was added the to the virt machine, the address cells property was removed leading the issues with dt-validate on a dump from the virt machine: /stuff/qemu/qemu.dtb: plic@c000000: '#address-cells' is a required property From schema: /stuff/linux/Documentation/devicetree/bindings/interrupt-controller/sifive,plic-1.0.0.yaml Add back the property to suppress the warning. Reported-by: Rob Herring <robh@kernel.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Message-id: 20220810184612.157317-3-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: e6faee6585 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: virt: fix uart node nameConor Dooley
"uart" is not a node name that complies with the dt-schema. Change the node name to "serial" to ix warnings seen during dt-validate on a dtbdump of the virt machine such as: /stuff/qemu/qemu.dtb: uart@10000000: $nodename:0: 'uart@10000000' does not match '^serial(@.*)?$' From schema: /stuff/linux/Documentation/devicetree/bindings/serial/8250.yaml Reported-by: Rob Herring <robh@kernel.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Message-id: 20220810184612.157317-2-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: 04331d0b56 ("RISC-V VirtIO Machine") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: microchip_pfsoc: fix kernel panics due to missing peripheralsConor Dooley
Booting using "Direct Kernel Boot" for PolarFire SoC & skipping u-boot entirely is probably not advisable, but it does at least show signs of life. Recent Linux kernel versions make use of peripherals that are missing definitions in QEMU and lead to kernel panics. These issues almost certain rear their head for other methods of booting, but I was unable to figure out a suitable HSS version that is recent enough to support these peripherals & works with QEMU. With these peripherals added, booting a kernel with the following hangs hangs waiting for the system controller's hwrng, but the kernel no longer panics. With the Linux driver for hwrng disabled, it boots to console. qemu-system-riscv64 -M microchip-icicle-kit \ -m 2G -smp 5 \ -kernel $(vmlinux_bin) \ -dtb $(dtb)\ -initrd $(initramfs) \ -display none -serial null \ -serial stdio More peripherals are added than strictly required to fix the panics in the hopes of avoiding a replication of this problem in the future. Some of the peripherals which are in the device tree for recent kernels are implemented in the FPGA fabric. The eMMC/SD mux, which exists as an unimplemented device is replaced by a wider entry. This updated entry covers both the mux & the remainder of the FPGA fabric connected to the MSS using Fabric Interrconnect (FIC) 3. Link: https://github.com/polarfire-soc/icicle-kit-reference-design#fabric-memory-map Link: https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/SupportingCollateral/V1_4_Register_Map.zip Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20220813135127.2971754-1-mail@conchuod.ie> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: opentitan: bump opentitan versionWilfred Mallawa
The following patch updates opentitan to match the new configuration, as per, lowRISC/opentitan@217a0168ba118503c166a9587819e3811eeb0c0c Note: with this patch we now skip the usage of the opentitan `boot_rom`. The Opentitan boot rom contains hw verification for devies which we are currently not supporting in qemu. As of now, the `boot_rom` has no major significance, however, would be good to support in the future. Tested by running utests from the latest tock [1] (that supports this version of OT). [1] https://github.com/tock/tock/pull/3056 Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20220812005229.358850-1-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: remove 'fdt' param from riscv_setup_rom_reset_vec()Daniel Henrique Barboza
The 'fdt' param is not being used in riscv_setup_rom_reset_vec(). Simplify the API by removing it. While we're at it, remove the redundant 'return' statement at the end of function. Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Alistair Francis <alistair.francis@wdc.com> Cc: Bin Meng <bin.meng@windriver.com> Cc: Vijai Kumar K <vijai@behindbytes.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20220728181926.2123771-1-danielhb413@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-07hw/riscv: virt: pass random seed to fdtJason A. Donenfeld
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to initialize early. Set this using the usual guest random number generation function. This is confirmed to successfully initialize the RNG on Linux 5.19-rc2. Cc: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Message-Id: <20220613115810.178210-1-Jason@zx2c4.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-04hw/openrisc: virt: pass random seed to fdtJason A. Donenfeld
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to initialize early. Set this using the usual guest random number generation function. This is confirmed to successfully initialize the RNG on Linux 5.19-rc2. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04hw/openrisc: Initialize timer time at startupStafford Horne
The last_clk time was initialized at zero, this means when we calculate the first delta we will calculate 0 vs current time which could cause unnecessary hops. This patch moves timer initialization to the cpu reset. There are two resets registered here: 1. Per cpu timer mask (ttmr) reset. 2. Global cpu timer (last_clk and ttcr) reset, attached to the first cpu only. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04hw/openrisc: Add PCI bus support to virtStafford Horne
This is mostly borrowed from xtensa and riscv as examples. The create_pcie_irq_map swizzle function is almost and exact copy but here we use a single cell interrupt, possibly we can make this generic. Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04hw/openrisc: Add the OpenRISC virtual machineStafford Horne
This patch adds the OpenRISC virtual machine 'virt' for OpenRISC. This platform allows for a convenient CI platform for toolchain, software ports and the OpenRISC linux kernel port. Much of this has been sourced from the m68k and riscv virt platforms. The platform provides: - OpenRISC SMP with up to 4 cpus - A virtio bus with up to 8 devices - Standard ns16550a serial - Goldfish RTC - SiFive TEST device for poweroff and reboot - Generated Device Tree to automatically configure the guest kernel Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04goldfish_rtc: Add big-endian propertyStafford Horne
Add a new property "big-endian" to allow configuring the RTC as either little or big endian, the default is little endian. Currently overriding the default to big endian is only used by the m68k virt platform. New platforms should prefer to use little endian and not set this. Cc: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Anup Patel <anup@brainfault.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-04hw/openrisc: Split re-usable boot time apis out to boot.cStafford Horne
These will be shared with the virt platform. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Stafford Horne <shorne@gmail.com>
2022-09-02Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi
* SCSI fixes for Mac OS 9 * Fix CPU reset for x86/KVM nested virtualization state * remove feature_not_found() from the configure script * Meson cleanups from muon * improved i386 TCG tests for BMI and SSE * SSE bugfixes # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMQ+IQUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroNofQgArLRlbhua699UyDkTEGGv+gBVRRKg # qJndTFJp5cvjJo3fNeE1XyZGY0PGLH09ilwHKnGqvn7Bc996ty6zi3sLDC+iT/SO # cRik6EVgZH/0QseYZijviuz7NklL8so/bgn7sORP9ibRWwiojBzm91emUt4X2l5N # WOmxLYNIPXR/G8LOSv5Dh4C4WXU3zuaLvTmg/fWPoWTF8P+9LU0gEKUzyk0jMJu4 # hb9lVLXyNbgEcdtK+VewWjsdJcdmF1tMAR94GTmbUdwxbwmATqX8w16jGUbnXPt2 # FZfmjS6CJO90uV7wBA91NnFlrJpWyDn1dKQ+ozpW0ZOAO+wfghpVq7/IRA== # =VRK4 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 01 Sep 2022 14:23:00 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (39 commits) target/i386: AVX+AES helpers prep target/i386: AVX pclmulqdq prep target/i386: Rewrite blendv helpers target/i386: Misc AVX helper prep target/i386: Destructive FP helpers for AVX target/i386: Dot product AVX helper prep target/i386: reimplement AVX comparison helpers target/i386: Floating point arithmetic helper AVX prep target/i386: Destructive vector helpers for AVX target/i386: Misc integer AVX helper prep target/i386: Rewrite simple integer vector helpers target/i386: Rewrite vector shift helper target/i386: rewrite destructive 3DNow operations target/i386: Add CHECK_NO_VEX target/i386: do not cast gen_helper_* function pointers target/i386: Add size suffix to vector FP helpers target/i386: isolate MMX code more target/i386: check SSE table flags instead of hardcoding opcodes target/i386: Move 3DNOW decoder target/i386: Rework sse_op_table6/7 ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-02net: tulip: Restrict DMA engine to memoriesZheyu Ma
The DMA engine is started by I/O access and then itself accesses the I/O registers, triggering a reentrancy bug. The following log can reveal it: ==5637==ERROR: AddressSanitizer: stack-overflow #0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673 #1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13 #2 0x559544637f86 in memory_region_write_accessor qemu/softmmu/memory.c:492:5 #3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18 #4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c #5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23 #6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12 #7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18 #8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12 #9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12 #10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12 #11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1 #12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1 #13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9 #14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9 #15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13 Fix this bug by restricting the DMA engine to memories regions. Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02vdpa: Delete CVQ migration blockerEugenio Pérez
We can restore the device state in the destination via CVQ now. Remove the migration blocker. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-09-02vhost_net: add NetClientState->load() callbackEugenio Pérez
It allows per-net client operations right after device's successful start. In particular, to load the device status. Vhost-vdpa net will use it to add the CVQ buffers to restore the device status. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>