aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2024-07-12hw/loongarch: Change the tpm support by defaultXianglai Li
Add devices that support tpm by default, Fixed incomplete tpm acpi table information. Signed-off-by: Xianglai Li <lixianglai@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn> Message-Id: <20240624032300.999157-1-lixianglai@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2024-07-12hw/loongarch/boot.c: fix out-of-bound readingDmitry Frolov
memcpy() is trying to READ 512 bytes from memory, pointed by info->kernel_cmdline, which was (presumable) allocated by g_strdup(""); Found with ASAN, making check with enabled sanitizers. Signed-off-by: Dmitry Frolov <frolov@swemel.ru> Reviewed-by: Song Gao <gaosong@loongson.cn> Message-Id: <20240628123910.577740-1-frolov@swemel.ru> Signed-off-by: Song Gao <gaosong@loongson.cn>
2024-07-12xen: mapcache: Fix unmapping of first entries in bucketsEdgar E. Iglesias
This fixes the clobbering of the entry->next pointer when unmapping the first entry in a bucket of a mapcache. Fixes: 123acd816d ("xen: mapcache: Unmap first entries in buckets") Reported-by: Anthony PERARD <anthony.perard@vates.tech> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Reviewed-by: Anthony PERARD <anthony.perard@vates.tech> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2024-07-11Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into ↵Richard Henderson
staging hw/nvme patches # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmaQHpQACgkQTeGvMW1P # DemukQf+Pqcq75cflBqIyVN84/0eThJxmpoTP0ynGNMKJp+K+oecb5pdgTeDI3Kh # esDOjL8m849r5LFjrjmySrTX8znHPFXdBdqCaOp/MZlgz3NML1guB5EYsizZJ+L6 # K4IRLE/8gzfZHY4yWGmUBuL1VBs8XZV0bXYYlA0xKlO638O0KgVQ/2YpC/44l93J # rEnefSeXIi+/tCYEaX7t2dA+Qfm/qUrcEZBgvhCREi8t8hTzKGHsl2LVKrsFdA5I # QZtTFcqeoJThtzWmxGKqbfFb/qeirBlCfhvTEmUWXlS1z9VNzy0ZuqA2l0Sy05ls # eARbl+JnvV6ic6PikZd8dMSrILjNkQ== # =dLKH # -----END PGP SIGNATURE----- # gpg: Signature made Thu 11 Jul 2024 11:04:04 AM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown] # gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: Expand VI/VQ resource to uint32 hw/nvme: Allocate sec-ctrl-list as a dynamic array hw/nvme: separate identify data for sec. ctrl list hw/nvme: add Identify Endurance Group List hw/nvme: fix BAR size mismatch of SR-IOV VF hw/nvme: fix number of PIDs for FDP RUH update hw/nvme: Add support for setting the MQES for the NVMe emulation Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-07-11Merge tag 'pull-target-arm-20240711' of ↵Richard Henderson
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Refactor FPCR/FPSR handling in preparation for FEAT_AFP * More decodetree conversions * target/arm: Use cpu_env in cpu_untagged_addr * target/arm: Set arm_v7m_tcg_ops cpu_exec_halt to arm_cpu_exec_halt() * hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate() * hw/misc/bcm2835_thermal: Fix access size handling in bcm2835_thermal_ops * accel/tcg: Make TCGCPUOps::cpu_exec_halt mandatory * STM32L4x5: Handle USART interrupts correctly # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmaP24MZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3luAEACF4Uhrcrh7E7RwoDEeQAMQ # IG3+LwUbhnBXIUl7DL0qQTjnmwbbTQH2Ukoq3biqAdSs22JwrT6O6MDQ7fA3X8DI # 3Ew+72BzAAtQHVHJaFRw2f9UVQop8Poa9I7Di6frH4Gxk5AKQY/IwjrD6jYPqhM7 # 9KCksksO3w9DRmpFZ1y5I/dGumTe12btEwdazWxrsyZIBNDoUJSU8xpcMk+9oErF # 23hcsSaXOGDeWwPuEk1q2mMYnRQQtMhVndxV50sF98MfJ3nnMKEttuFuW0znXMCr # Xat8Y4QbigXGmuJNgjXccIzN1Hje+h5zzfUIfVNWBYNzqULvvi/vjwNfJaUiIjm5 # DxeOGUu8iZYQbgvJXvn9NwWbptxvhyWsCLpB46icElcN0jr1MU12wk2IH0CZa7KU # h4kbu0p17dph5Lantd888b1Vu3pOFr4UiRC3qJB9ddBVLyGl/3Km1wb99x038mPo # Mt8Y7Vjnr5OWd+mTNzXFRnYFYIRKu1lI85VuTjd5Uua0lDtFDo/sVnVF9uas84OC # /PrQYGso0UE320li+jYHzE18rKPEi2u/3xTgHWAgh3ra7McWVjWDr2yIsAisKKNH # 2F72gyZNy2n7FJhTYPQAJnozi68maP5f9tHHHXQdfsCE4+2h0fr/wljCeq1+5waq # 4edm31uEbArfW/jLgPHHAA== # =Xkmk # -----END PGP SIGNATURE----- # gpg: Signature made Thu 11 Jul 2024 06:17:55 AM PDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] * tag 'pull-target-arm-20240711' of https://git.linaro.org/people/pmaydell/qemu-arm: (24 commits) target/arm: Convert PMULL to decodetree target/arm: Convert ADDHN, SUBHN, RADDHN, RSUBHN to decodetree target/arm: Convert SADDW, SSUBW, UADDW, USUBW to decodetree target/arm: Convert SQDMULL, SQDMLAL, SQDMLSL to decodetree target/arm: Convert SADDL, SSUBL, SABDL, SABAL, and unsigned to decodetree target/arm: Convert SMULL, UMULL, SMLAL, UMLAL, SMLSL, UMLSL to decodetree hw/arm: In STM32L4x5 SOC, connect USART devices to EXTI hw/misc: In STM32L4x5 EXTI, handle direct interrupts hw/misc: In STM32L4x5 EXTI, consolidate 2 constants accel/tcg: Make TCGCPUOps::cpu_exec_halt mandatory target: Set TCGCPUOps::cpu_exec_halt to target's has_work implementation target/arm: Set arm_v7m_tcg_ops cpu_exec_halt to arm_cpu_exec_halt() target/arm: Use cpu_env in cpu_untagged_addr hw/misc/bcm2835_thermal: Fix access size handling in bcm2835_thermal_ops hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate() target/arm: Allow FPCR bits that aren't in FPSCR target/arm: Rename FPSR_MASK and FPCR_MASK and define them symbolically target/arm: Rename FPCR_ QC, NZCV macros to FPSR_ target/arm: Store FPSR and FPCR in separate CPU state fields target/arm: Implement store_cpu_field_low32() macro ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-07-11hw/nvme: Expand VI/VQ resource to uint32Minwoo Im
VI and VQ resources cover queue resources in each VFs in SR-IOV. Current maximum I/O queue pair size is 0xffff, we can expand them to cover the full number of I/O queue pairs. This patch also fixed Identify Secondary Controller List overflow due to expand of number of secondary controllers. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: Allocate sec-ctrl-list as a dynamic arrayMinwoo Im
To prevent further bumping up the number of maximum VF te support, this patch allocates a dynamic array (NvmeCtrl *)->sec_ctrl_list based on number of VF supported by sriov_max_vfs property. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: separate identify data for sec. ctrl listMinwoo Im
Secondary controller list for virtualization has been managed by Identify Secondary Controller List data structure with NvmeSecCtrlList where up to 127 secondary controller entries can be managed. The problem hasn't arisen so far because NVME_MAX_VFS has been 127. This patch separated identify data itself from the actual secondary controller list managed by controller to support more than 127 secondary controllers with the following patch. This patch reused NvmeSecCtrlEntry structure to manage all the possible secondary controllers, and copy entries to identify data structure when the command comes in. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: add Identify Endurance Group ListMinwoo Im
Commit 73064edfb864 ("hw/nvme: flexible data placement emulation") intorudced NVMe FDP feature to nvme-subsys and nvme-ctrl with a single endurance group #1 supported. This means that controller should return proper identify data to host with Identify Endurance Group List (CNS 19h). But, yes, only just for the endurance group #1. This patch allows host applications to ask for which endurance group is available and utilize FDP through that endurance group. Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: fix BAR size mismatch of SR-IOV VFMinwoo Im
PF initializes SR-IOV VF BAR0 region in nvme_init_sriov() with bar_size calcaulted by Primary Controller Capability such as VQFRSM and VIFRSM rather than `max_ioqpairs` and `msix_qsize` which is for PF only. In this case, the bar size reported in nvme_init_sriov() by PF and nvme_init_pci() by VF might differ especially with large number of sriov_max_vfs (e.g., 127 which is curret maximum number of VFs). And this reports invalid BAR0 address of VFs to the host operating system so that MMIO access will not be caught properly and, of course, NVMe driver initialization is failed. For example, if we give the following options, BAR size will be initialized by PF with 4K, but VF will try to allocate 8K BAR0 size in nvme_init_pci(). #!/bin/bash nr_vf=$((127)) nr_vq=$(($nr_vf * 2 + 2)) nr_vi=$(($nr_vq / 2 + 1)) nr_ioq=$(($nr_vq + 2)) ... -device nvme,serial=foo,id=nvme0,bus=rp2,subsys=subsys0,mdts=9,msix_qsize=$nr_ioq,max_ioqpairs=$nr_ioq,sriov_max_vfs=$nr_vf,sriov_vq_flexible=$nr_vq,sriov_vi_flexible=$nr_vi \ To fix this issue, this patch modifies the calculation of BAR size in the PF and VF initialization by using different elements: PF: `max_ioqpairs + 1` with `msix_qsize` VF: VQFRSM with VIFRSM Signed-off-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: fix number of PIDs for FDP RUH updateVincent Fu
The number of PIDs is in the upper 16 bits of cdw10. So we need to right-shift by 16 bits instead of only a single bit. Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Cc: qemu-stable@nongnu.org Signed-off-by: Vincent Fu <vincent.fu@samsung.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/nvme: Add support for setting the MQES for the NVMe emulationJohn Berg
The MQES field in the CAP register describes the Maximum Queue Entries Supported for the IO queues of an NVMe controller. Adding a +1 to the value in this field results in the total queue size. A full queue is when a queue of size N contains N - 1 entries, and the minimum queue size is 2. Thus the lowest MQES value is 1. This patch adds the new mqes property to the NVMe emulation which allows a user to specify the maximum queue size by setting this property. This is useful as it enables testing of NVMe controller where the MQES is relatively small. The smallest NVMe queue size supported in NVMe is 2 submission and completion entries, which means that the smallest legal mqes value is 1. The following example shows how the mqes can be set for a the NVMe emulation: -drive id=nvme0,if=none,file=nvme.img,format=raw -device nvme,drive=nvme0,serial=foo,mqes=1 If the mqes property is not provided then the default mqes will still be 0x7ff (the queue size is 2048 entries). Signed-off-by: John Berg <jhnberg@amazon.co.uk> Reviewed-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-11hw/arm: In STM32L4x5 SOC, connect USART devices to EXTIInès Varhol
The USART devices were previously connecting their outbound IRQs directly to the CPU because the EXTI wasn't handling direct lines interrupts. Now the USART connects to the EXTI inbound GPIOs, and the EXTI connects its IRQs to the CPU. The existing QTest for the USART (tests/qtest/stm32l4x5_usart-test.c) checks that USART1_IRQ in the CPU is pending when expected so it confirms that the connection through the EXTI still works. Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240707085927.122867-4-ines.varhol@telecom-paris.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-11hw/misc: In STM32L4x5 EXTI, handle direct interruptsInès Varhol
The previous implementation for EXTI interrupts only handled "configurable" interrupts, like those originating from STM32L4x5 SYSCFG (the only device currently connected to the EXTI up until now). In order to connect STM32L4x5 USART to the EXTI, this commit adds handling for direct interrupts (interrupts without configurable edge). Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr> Message-id: 20240707085927.122867-3-ines.varhol@telecom-paris.fr Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-11hw/misc: In STM32L4x5 EXTI, consolidate 2 constantsInès Varhol
Up until now, the EXTI implementation had 16 inbound GPIOs connected to the 16 outbound GPIOs of STM32L4x5 SYSCFG. The EXTI actually handles 40 lines (namely 5 from STM32L4x5 USART devices which are already implemented in QEMU). In order to connect USART devices to EXTI, this commit consolidates constants `EXTI_NUM_INTERRUPT_OUT_LINES` (40) and `EXTI_NUM_GPIO_EVENT_IN_LINES` (16) into `EXTI_NUM_LINES` (40). Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240707085927.122867-2-ines.varhol@telecom-paris.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-11hw/misc/bcm2835_thermal: Fix access size handling in bcm2835_thermal_opsZheyu Ma
The current implementation of bcm2835_thermal_ops sets impl.max_access_size and valid.min_access_size to 4, but leaves impl.min_access_size and valid.max_access_size unset, defaulting to 1. This causes issues when the memory system is presented with an access of size 2 at an offset of 3, leading to an attempt to synthesize it as a pair of byte accesses at offsets 3 and 4, which trips an assert. Additionally, the lack of valid.max_access_size setting causes another issue: the memory system tries to synthesize a read using a 4-byte access at offset 3 even though the device doesn't allow unaligned accesses. This patch addresses these issues by explicitly setting both impl.min_access_size and valid.max_access_size to 4, ensuring proper handling of access sizes. Error log: ERROR:hw/misc/bcm2835_thermal.c:55:bcm2835_thermal_read: code should not be reached Bail out! ERROR:hw/misc/bcm2835_thermal.c:55:bcm2835_thermal_read: code should not be reached Aborted Reproducer: cat << EOF | qemu-system-aarch64 -display \ none -machine accel=qtest, -m 512M -machine raspi3b -m 1G -qtest stdio readw 0x3f212003 EOF Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Message-id: 20240702154042.3018932-1-zheyuma97@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-11hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()Zheyu Ma
In pl011_get_baudrate(), when we calculate the baudrate we can accidentally divide by zero. This happens because although (as the specification requires) we treat UARTIBRD = 0 as invalid, we aren't correctly limiting UARTIBRD and UARTFBRD values to the 16-bit and 6-bit ranges the hardware allows, and so some non-zero values of UARTIBRD can result in a zero divisor. Enforce the correct register field widths on guest writes and on inbound migration to avoid the division by zero. ASAN log: ==2973125==ERROR: AddressSanitizer: FPE on unknown address 0x55f72629b348 (pc 0x55f72629b348 bp 0x7fffa24d0e00 sp 0x7fffa24d0d60 T0) #0 0x55f72629b348 in pl011_get_baudrate hw/char/pl011.c:255:17 #1 0x55f726298d94 in pl011_trace_baudrate_change hw/char/pl011.c:260:33 #2 0x55f726296fc8 in pl011_write hw/char/pl011.c:378:9 Reproducer: cat << EOF | qemu-system-aarch64 -display \ none -machine accel=qtest, -m 512M -machine realview-pb-a8 -qtest stdio writeq 0x1000b024 0xf8000000 EOF Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240702155752.3022007-1-zheyuma97@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-10virtio-mem: improve error message when unplug of device fails due to plugged ↵David Hildenbrand
memory The error message is actually expressive, considering QEMU only. But when called from Libvirt, talking about "size" can be confusing, because in Libvirt "size" translates to the memory backend size in QEMU (maximum size) and "current" translates to the QEMU "size" property. Let's simply avoid talking about the "size" property and spell out that some device memory is still plugged. Message-ID: <20240416141426.588544-1-david@redhat.com> Tested-by: Mario Casquero <mcasquer@redhat.com> Cc: Liang Cong <lcong@redhat.com> Cc: Mario Casquero <mcasquer@redhat.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
2024-07-09Merge tag 'pull-aspeed-20240709' of https://github.com/legoater/qemu into ↵Richard Henderson
staging aspeed queue: * support AST2700 network # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmaNJCcACgkQUaNDx8/7 # 7KF7pw//So48XdPJhdQukO/PDLGSYL8rRjDfZbQFLLw10MozcZZ/Nz/BCzrNxJRg # rHP/shyO3XL1YZ6U1LNXk6E845giVriSpRRjGX9CuK4fypM9xom6qAIOtOLeH7hG # iTMW++IxN/JgVmVOKYn3C+2+odiq6NzZxFrblVtGPUDtNkkC9BaYGHnccMsl5zQh # LOSPJxqLiiuDjZPqdwa4fMbtEeNTU3A0WLlWxX7yPfJt2T20a4wE6bdWVGcI6fiV # QbCmLLrMXhuZFx+uT4B2hbHi+hGS5H+F3QBOefum6z+i9NEbfAZSyusd8/qTEify # fSBqxL4LD6K4WKL1Hg9959cBcm5zWgPXk7znus4E/TZuUTdSHaPC7clESIcYqWPS # veEAppmHneO4cdmK1m+Gv4gpWD/adS4ZfV7O+C3z149ms0gL4JrK6QndPdE5QuIW # u47PhIT3oIM0WznnMusoCndFxs6Gl/GBkzdxW0gdoJKBRfymbsroWeZamAWTznbV # mL8Td8bEP/NcV40cm1PtpZyl7j0MzxcKDUHKv9ioQTXLUpkl5LSsIGmd1m78WRlE # J6bUJ3jqQT6/s5i3TVqTGe7xuqMkg+9Er8rn5nAWgSronsf4nprAfOU8Lj+b06BM # YRroGgU2lAQrv17liQExrG3Tj1SH+oEp1q0qEq7qo824HlGjBkI= # =UygB # -----END PGP SIGNATURE----- # gpg: Signature made Tue 09 Jul 2024 04:51:03 AM PDT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-aspeed-20240709' of https://github.com/legoater/qemu: machine_aspeed.py: update to test network for AST2700 machine_aspeed.py: update to test ASPEED OpenBMC SDK v09.02 for AST2700 hw/block: m25p80: support quad mode for w25q01jvq aspeed/soc: set dma64 property for AST2700 ftgmac100 hw/net:ftgmac100: update TX and RX packet buffers address to 64 bits hw/net:ftgmac100: introduce TX and RX ring base address high registers to support 64 bits hw/net:ftgmac100: update ring base address to 64 bits hw/net:ftgmac100: update memory region size to 64KB Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-07-09vfio/display: Fix vfio_display_edid_init() error pathZhenzhong Duan
vfio_display_edid_init() can fail for many reasons and return silently. It would be good to report the error. Old mdev driver may not support vfio edid region and we allow to go through in this case. vfio_display_edid_update() isn't changed because it can be called at runtime when UI changes (i.e. window resize). Fixes: 08479114b0de ("vfio/display: add edid support.") Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2024-07-09vfio/display: Fix potential memleak of edid infoZhenzhong Duan
EDID related device region info is leaked in vfio_display_edid_init() error path and VFIODisplay destroying path. Fixes: 08479114b0de ("vfio/display: add edid support.") Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2024-07-09virtio-iommu: Revert transient enablement of IOMMU MR in bypass modeEric Auger
In 94df5b2180d6 ("virtio-iommu: Fix 64kB host page size VFIO device assignment"), in case of bypass mode, we transiently enabled the IOMMU MR to allow the set_page_size_mask() to be called and pass information about the page size mask constraint of cold plugged VFIO devices. Now we do not use the IOMMU MR callback anymore, we can just get rid of this hack. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09memory: remove IOMMU MR iommu_set_page_size_mask() callbackEric Auger
Everything is now in place to use the Host IOMMU Device callbacks to retrieve the page size mask usable with a given assigned device. This new method brings the advantage to pass the info much earlier to the virtual IOMMU and before the IOMMU MR gets enabled. So let's remove the call to memory_region_iommu_set_page_size_mask in vfio common.c and remove the single implementation of the IOMMU MR callback in the virtio-iommu.c Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09virtio-iommu : Retrieve page size mask on virtio_iommu_set_iommu_device()Eric Auger
Retrieve the Host IOMMU Device page size mask when this latter is set. This allows to get the information much sooner than when relying on IOMMU MR set_page_size_mask() call, whcih happens when the IOMMU MR gets enabled. We introduce check_page_size_mask() helper whose code is inherited from current virtio_iommu_set_page_size_mask() implementation. This callback will be removed in a subsequent patch. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09HostIOMMUDevice: Introduce get_page_size_mask() callbackEric Auger
This callback will be used to retrieve the page size mask supported along a given Host IOMMU device. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09HostIOMMUDevice : remove Error handle from get_iova_ranges callbackEric Auger
The error handle argument is not used anywhere. let's remove it. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09vfio-container-base: Introduce vfio_container_get_iova_ranges() helperEric Auger
Introduce vfio_container_get_iova_ranges() to retrieve the usable IOVA regions of the base container and use it in the Host IOMMU device implementations of get_iova_ranges() callback. We also fix a UAF bug as the list was shallow copied while g_list_free_full() was used both on the single call site, in virtio_iommu_set_iommu_device() but also in vfio_container_instance_finalize(). Instead use g_list_copy_deep. Fixes: cf2647a76e ("virtio-iommu: Compute host reserved regions") Signed-off-by: Eric Auger <eric.auger@redhat.com> Suggested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09virtio-iommu: Fix error handling in virtio_iommu_set_host_iova_ranges()Eric Auger
In case no IOMMUPciBus/IOMMUDevice are found we need to properly set the error handle and return. Fixes : Coverity CID 1549006 Signed-off-by: Eric Auger <eric.auger@redhat.com> Fixes: cf2647a76e ("virtio-iommu: Compute host reserved regions") Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-09hw/block: m25p80: support quad mode for w25q01jvqJamin Lin
According to the w25q01jv datasheet at page 16, it is required to set QE bit in "Status Register 2". Besides, users are able to utilize "Write Status Register 1(0x01)" command to set QE bit in "Status Register 2" and utilize "Read Status Register 2(0x35)" command to get the QE bit status. To support quad mode for w25q01jvq, update collecting data needed 2 bytes for WRSR command in decode_new_cmd function and verify QE bit at the second byte of collecting data bit 2 in complete_collecting_data. Update RDCR_EQIO command to set bit 2 of return data if quad mode enable in decode_new_cmd. Signed-off-by: Troy Lee <troy_lee@aspeedtech.com> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-09aspeed/soc: set dma64 property for AST2700 ftgmac100Jamin Lin
ASPEED AST2700 SOC is a 64 bits quad core CPUs (Cortex-a35) And the base address of dram is "0x4 00000000" which is 64bits address. Set dma64 property for ftgmac100 model to support 64bits dram address DMA. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-09hw/net:ftgmac100: update TX and RX packet buffers address to 64 bitsJamin Lin
ASPEED AST2700 SOC is a 64 bits quad core CPUs (Cortex-a35) And the base address of dram is "0x4 00000000" which is 64bits address. It have "TXDES 2" and "RXDES 2" to save the high part physical address of packet buffer. Ex: TX packet buffer address [34:0] The "TXDES 2" bits [18:16] which corresponds the bits [34:32] of the 64 bits address of the TX packet buffer address and "TXDES 3" bits [31:0] which corresponds the bits [31:0] of the 64 bits address of the TX packet buffer address. Update TX and RX packet buffers address type to 64 bits for dram 64 bits address DMA support. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-09hw/net:ftgmac100: introduce TX and RX ring base address high registers to ↵Jamin Lin
support 64 bits ASPEED AST2700 SOC is a 64 bits quad core CPUs (Cortex-a35) And the base address of dram is "0x4 00000000" which is 64bits address. It have "Normal Priority Transmit Ring Base Address Register High(0x17C)", "High Priority Transmit Ring Base Address Register High(0x184)" and "Receive Ring Base Address Register High(0x18C)" to save the high part physical address of descriptor manager. Ex: TX descriptor manager address [34:0] The "Normal Priority Transmit Ring Base Address Register High(0x17C)" bits [2:0] which corresponds the bits [34:32] of the 64 bits address of the TX ring buffer address. The "Normal Priority Transmit Ring Base Address Register(0x20)" bits [31:0] which corresponds the bits [31:0] of the 64 bits address of the TX ring buffer address. Introduce a new sub region which size is 0x100 for the set of new registers and map it at 0x100 in the container region. This sub region range is from 0x100 to 0x1ff. Introduce a new property and object attribute to activate the region for new registers. Introduce a new memop handlers for the new register read and write. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-09hw/net:ftgmac100: update ring base address to 64 bitsJamin Lin
Update TX and RX ring base address data type to uint64_t for 64 bits dram address DMA support. Both "Normal Priority Transmit Ring Base Address Register(0x20)" and "Receive Ring Base Address Register (0x24)" are used for saving the low part physical address of descriptor manager. Therefore, changes to set TX and RX descriptor manager address bits [31:0] in ftgmac100_read and ftgmac100_write functions. Incrementing the version of vmstate to 2. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-09hw/net:ftgmac100: update memory region size to 64KBJamin Lin
According to the datasheet of ASPEED SOCs, one MAC controller owns 128KB of register space for AST2500. However, one MAC controller only owns 64KB of register space for AST2600 and AST2700. It set the memory region size 128KB and it occupied another controllers Address Spaces. Update one MAC controller memory region size to 0x1000 because AST2500 did not use register spaces over than 64KB. Introduce a new container region size to 0x1000 and its range is from 0 to 0xfff. This container is mapped a sub region for the current set of register. This sub region range is from 0 to 0xff. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
2024-07-05hw/sd/sdcard: Extract TYPE_SDMMC_COMMON from TYPE_SD_CARDPhilippe Mathieu-Daudé
In order to keep eMMC model simpler to maintain, extract common properties and the common code from class_init to the (internal) TYPE_SDMMC_COMMON. Update the corresponding QOM cast macros. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240703134356.85972-6-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Introduce set_csd/set_cid handlersPhilippe Mathieu-Daudé
In preparation of introducing eMMC support which have different CSD/CID structures, introduce a pair of handlers in SDCardClass. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-82-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Cover more SDCardStatesPhilippe Mathieu-Daudé
So far eMMC will only use sd_sleep_state, but all all states specified for completeness. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-81-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Trace length of data read on DAT linesPhilippe Mathieu-Daudé
Some commands expect less than BLOCK_LENGTH. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-80-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Remove default case in read/write on DAT linesPhilippe Mathieu-Daudé
All read/write on DAT lines are explicitly handled. Reaching this point would be a programming error: replace by an assertion. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-79-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Remove noise from sd_cmd_name()Philippe Mathieu-Daudé
These CMD names weren't really useful, "UNKNOWN_CMD" is simpler. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-78-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Remove noise from sd_acmd_name()Philippe Mathieu-Daudé
These ACMD names weren't really useful, "UNKNOWN_ACMD" is simpler. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-77-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Remove sd_none enum from sd_cmd_type_tPhilippe Mathieu-Daudé
All handlers using the 'sd_none' enum got converted, remove it. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240628070216.92609-76-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Add sd_cmd_GEN_CMD handler (CMD56)Philippe Mathieu-Daudé
"General command" (GEN_CMD, CMD56) is described as: GEN_CMD is the same as the single block read or write commands (CMD24 or CMD17). The difference is that [...] the data block is not a memory payload data but has a vendor specific format and meaning. Thus this block must not be stored overwriting data block on underlying storage drive. Handle as RAZ/WI. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240703134356.85972-3-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Rename sd_cmd_SEND_OP_COND handlerPhilippe Mathieu-Daudé
The correct command name is 'SD SEND_OP_COND', rename accordingly. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240703134356.85972-4-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Use spec v3.01 by defaultPhilippe Mathieu-Daudé
Recent SDHCI expect cards to support the v3.01 spec to negociate lower I/O voltage. Select it by default. Versioned machine types with a version of 9.0 or earlier retain the old default (spec v2.00). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240703134356.85972-2-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Remove leftover comment about removed 'spi' PropertyPhilippe Mathieu-Daudé
Commit c3287c0f70 ("hw/sd: Introduce a "sd-card" SPI variant model") removed the 'spi' property. Remove the comment left over. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Message-Id: <20240703085907.66775-2-philmd@linaro.org>
2024-07-05hw/sd/sdcard: Generate random RCA valuePhilippe Mathieu-Daudé
Rather than using the obscure 0x4567 magic value, use a real random one. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Message-Id: <20240702140842.54242-5-philmd@linaro.org>
2024-07-05hw/sd/npcm7xx_sdhci: Use TYPE_SYSBUS_SDHCI definitionPhilippe Mathieu-Daudé
Use the macro instead of two explicit string literals. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Message-Id: <20240702140842.54242-2-philmd@linaro.org>
2024-07-05hw/sd/sdhci: Log non-sequencial access as GUEST_ERRORPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Message-Id: <20240702140842.54242-3-philmd@linaro.org>
2024-07-05accel/tcg: Move qemu_plugin_vcpu_init__async() to plugins/Philippe Mathieu-Daudé
Calling qemu_plugin_vcpu_init__async() on the vCPU thread is a detail of plugins, not relevant to TCG vCPU management. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Message-Id: <20240606124010.2460-4-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240705084047.857176-30-alex.bennee@linaro.org>