aboutsummaryrefslogtreecommitdiff
path: root/include/hw
AgeCommit message (Collapse)Author
2018-07-03ppc4xx_i2c: Rewrite to model hardware more closelyBALATON Zoltan
Rewrite to make it closer to how real device works so that guest OS drivers can access I2C devices. Previously this was only a hack to allow U-Boot to get past accessing SPD EEPROMs but to support other I2C devices and allow guests to access them we need to model real device more properly. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppx/xics: introduce a parent_reset in ICSStateClassCédric Le Goater
Just like for the realize handlers, this makes possible to move the common ICSState code of the reset handlers in the ics-base class. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppc/xics: introduce a parent_realize in ICSStateClassCédric Le Goater
This makes possible to move the common ICSState code of the realize handlers in the ics-base class. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppc/xics: introduce ICP DeviceRealize and DeviceReset handlersCédric Le Goater
This changes the ICP realize and reset handlers in DeviceRealize and DeviceReset handlers. parent handlers are now called from the inheriting classes which is a cleaner object pattern. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-02s390x/tcg: properly implement the TODDavid Hildenbrand
Right now, each CPU has its own TOD. Especially, the TOD will differ based on creation time of a CPU - e.g. when hotplugging a CPU the times will differ quite a lot, resulting in stall warnings in the guest. Let's use a single TOD by implementing our new TOD device. Prepare it for TOD-clock epoch extension. Most importantly, whenever we set the TOD, we have to update the CKC timer. Introduce "tcg_s390x.h" just like "kvm_s390x.h" for tcg specific function declarations that should not go into cpu.h. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180627134410.4901-6-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-07-02s390x/tod: factor out TOD into separate deviceDavid Hildenbrand
Let's treat this like a separate device. TCG will have to store the actual state/time later on. Include cpu-qom.h in kvm_s390x.h (due to S390CPU) to compile tod-kvm.c. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180627134410.4901-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-07-02loader: Check access size when calling rom_ptr() to avoid crashesThomas Huth
The rom_ptr() function allows direct access to the ROM blobs that we load during startup. However, there are currently no checks for the size of the accesses, so it's currently possible to crash QEMU for example with: $ echo "Insane in the mainframe" > /tmp/test.txt $ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -append xyz Segmentation fault (core dumped) $ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -initrd /tmp/test.txt Segmentation fault (core dumped) $ echo -n HdrS > /tmp/hdr.txt $ sparc64-softmmu/qemu-system-sparc64 -kernel /tmp/hdr.txt -initrd /tmp/hdr.txt Segmentation fault (core dumped) We need a possibility to check the size of the ROM area that we want to access, thus let's add a size parameter to the rom_ptr() function to avoid these problems. Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1530005740-25254-1-git-send-email-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-06-29Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches: - Make truncate operations asynchronous (so that preallocation in blockdev-create doesn't block the main loop any more) - usb-storage: Add rerror/werror properties - nvme: Add num_queues property - qemu-img convert: Copy offloading fixes (including data corruption fix) - qcow2: Fix cluster leak on temporary write error - Use byte-based functions instead of bdrv_co_readv/writev() - Various small fixes and cleanups # gpg: Signature made Fri 29 Jun 2018 15:08:34 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (29 commits) block: Remove unused sector-based vectored I/O vhdx: Switch to byte-based calls replication: Switch to byte-based calls qcow: Switch to a byte-based driver qcow: Switch qcow_co_writev to byte-based calls qcow: Switch qcow_co_readv to byte-based calls qcow: Switch get_cluster_offset to be byte-based parallels: Switch to byte-based calls file-posix: Fix EINTR handling iscsi: Don't blindly use designator length in response for memcpy qcow2: Fix src_offset in copy offloading file-posix: Implement co versions of discard/flush qemu-iotests: Test qcow2 not leaking clusters on write error qcow2: Free allocated clusters on write error qemu-iotests: Update 026.out.nocache reference output block/crypto: Simplify block_crypto_{open,create}_opts_init() block: Move request tracking to children in copy offloading qcow2: Remove dead check on !ret file-posix: Make .bdrv_co_truncate asynchronous block: Use tracked request for truncate ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-29usb-storage: Add rerror/werror propertiesKevin Wolf
The error handling policy was traditionally set with -drive, but with -blockdev it is no longer possible to set frontend options. scsi-disk (and other block devices) have long supported qdev properties to configure the error handling policy, so let's add these options to usb-storage as well and just forward them to the internal scsi-disk instance. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2018-06-29Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* "info mtree" improvements (Alexey) * fake VPD block limits for SCSI passthrough (Daniel Barboza) * chardev and main loop fixes (Daniel Berrangé, Sergio, Stefan) * help fixes (Eduardo) * pc-dimm refactoring (David) * tests improvements and fixes (Emilio, Thomas) * SVM emulation fixes (Jan) * MemoryRegionCache fix (Eric) * WHPX improvements (Justin) * ESP cleanup (Mark) * -overcommit option (Michael) * qemu-pr-helper fixes (me) * "info pic" improvements for x86 (Peter) * x86 TCG emulation fixes (Richard) * KVM slot handling fix (Shannon) * Next round of deprecation (Thomas) * Windows dump format support (Viktor) # gpg: Signature made Fri 29 Jun 2018 12:03:05 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (60 commits) tests/boot-serial: Do not delete the output file in case of errors hw/scsi: add VPD Block Limits emulation hw/scsi: centralize SG_IO calls into single function hw/scsi: cleanups before VPD BL emulation dump: add Windows live system dump dump: add fallback KDBG using in Windows dump dump: use system context in Windows dump dump: add Windows dump format to dump-guest-memory i386/cpu: make -cpu host support monitor/mwait kvm: support -overcommit cpu-pm=on|off hmp: obsolete "info ioapic" ioapic: support "info irq" ioapic: some proper indents when dump info ioapic: support "info pic" doc: another fix to "info pic" target-i386: Mark cpu_vmexit noreturn target-i386: Allow interrupt injection after STGI target-i386: Add NMI interception to SVM memory/hmp: Print owners/parents in "info mtree" WHPX: register for unrecognized MSR exits ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-29hw/scsi: add VPD Block Limits emulationDaniel Henrique Barboza
The VPD Block Limits Inquiry page is optional, allowing SCSI devices to not implement it. This is the case for devices like the MegaRAID SAS 9361-8i and Microsemi PM8069. In case of SCSI passthrough, the response of this request is used by the QEMU SCSI layer to set the max_io_sectors that the guest device will support, based on the value of the max_sectors_kb that the device has set in the host at that time. Without this response, the guest kernel is free to assume any value of max_io_sectors for the SCSI device. If this value is greater than the value from the host, SCSI Sense errors will occur because the guest will send read/write requests that are larger than the underlying host device is configured to support. An example of this behavior can be seen in [1]. A workaround is to set the max_sectors_kb host value back in the guest kernel (a process that can be automated using rc.local startup scripts and the like), but this has several drawbacks: - it can be troublesome if the guest has many passthrough devices that needs this tuning; - if a change in max_sectors_kb is made in the host side, manual change in the guests will also be required; - during an OS install it is difficult, and sometimes not possible, to go to a terminal and change the max_sectors_kb prior to the installation. This means that the disk can't be used during the install process. The easiest alternative here is to roll back to scsi-hd, install the guest and then go back to SCSI passthrough when the installation is done and max_sectors_kb can be set. An easier way would be to QEMU handle the absence of the Block Limits VPD device response, setting max_io_sectors accordingly and allowing the guest to use the device without the hassle. This patch adds emulation of the Block Limits VPD response for SCSI passthrough devices of type TYPE_DISK that doesn't support it. The following changes were made: - scsi_handle_inquiry_reply will now check the available VPD pages from the Inquiry EVPD reply. In case the device does not - a new function called scsi_generic_set_vpd_bl_emulation, that is called during device realize, was created to set a new flag 'needs_vpd_bl_emulation' of the device. This function retrieves the Inquiry EVPD response of the device to check for VPD BL support. - scsi_handle_inquiry_reply will now check the available VPD pages from the Inquiry EVPD reply in case the device needs VPD BL emulation, adding the Block Limits page (0xb0) to the list. This will make the guest kernel aware of the support that we're now providing by emulation. - a new function scsi_emulate_block_limits creates the emulated Block Limits response. This function is called inside scsi_read_complete in case the device requires Block Limits VPD emulation and we detected a SCSI Sense error in the VPD Block Limits reply that was issued from the guest kernel to the device. This error is expected: we're reporting support from our side, but the device isn't aware of it. With this patch, the guest now queries the Block Limits page during the device configuration because it is being advertised in the Supported Pages response. It will either receive the Block Limits page from the hardware, if it supports it, or will receive an emulated response from QEMU. At any rate, the guest now has the information to set the max_sectors_kb parameter accordingly, sparing the user of SCSI sense errors that would happen without the emulated response and in the absence of Block Limits support from the hardware. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1566195 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1566195 Reported-by: Dac Nguyen <dacng@us.ibm.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20180627172432.11120-4-danielhb413@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-29hw/scsi: centralize SG_IO calls into single functionDaniel Henrique Barboza
For the VPD Block Limits emulation with SCSI passthrough, we'll issue an Inquiry request with EVPD set to retrieve the available VPD pages of the device. This would be done in a way similar of what scsi_generic_read_device_identification does: create a SCSI command and a reply buffer, fill in the sg_io_hdr_t structure, call blk_ioctl, check if an error occurred, process the response. This same process is done in other 2 functions, get_device_type and get_stream_blocksize. They differ in the command/reply buffer and post-processing, everything else is almost a copy/paste. Instead of adding a forth copy/pasted-ish code when adding the passthrough VPD BL emulation, this patch extirpates this repetition of those 3 functions and put it into a new one called scsi_SG_IO_FROM_DEV. Any future code that wants to execute an SG_DXFER_FROM_DEV to the device can use it, avoiding filling sg_io_hdr_t again and et cetera. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20180627172432.11120-3-danielhb413@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-29hw/scsi: cleanups before VPD BL emulationDaniel Henrique Barboza
To add support for the emulation of Block Limits VPD page for passthrough devices, a few adjustments in the current code base is required to avoid repetition and improve clarity. In scsi-generic.c, detach the Inquiry handling from scsi_read_complete and put it into a new function called scsi_handle_inquiry_reply. This change aims to avoid cluttering of scsi_read_complete when we more logic in the Inquiry response handling is added in the next patches, centralizing the changes in the new function. In scsi-disk.c, take the build of all emulated VPD pages from scsi_disk_emulate_inquiry and make it available to other files into a non-static function called scsi_disk_emulate_vpd_page. Making it public will allow the future VPD BL emulation code for passthrough devices to use it from scsi-generic.c, avoiding copy/pasting this code solely for that purpose. It also has the advantage of providing emulation of all VPD pages in case we need to emulate other pages in other scenarios. As a bonus, scsi_disk_emulate_inquiry got tidier. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20180627172432.11120-2-danielhb413@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28hmp: obsolete "info ioapic"Peter Xu
Let's start to use "info pic" just like other platforms. For now we keep the command for a while so that old users can know what is the new command to use. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20171229073104.3810-6-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28ioapic: support "info irq"Peter Xu
This include both userspace and in-kernel ioapic. Note that the numbers can be inaccurate for kvm-ioapic. One reason is the same with kvm-i8259, that when irqfd is used, irqs can be delivered all inside kernel without our notice. Meanwhile, kvm-ioapic is specially treated when irq numbers <ISA_NUM_IRQS, those irqs will be delivered in kernel too via kvm-i8259 (please refer to kvm_pc_gsi_handler). Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20171229073104.3810-5-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28esp: remove legacy esp_init() functionMark Cave-Ayland
Remove the legacy esp_init() function now that there are no more remaining users. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20180613094727.11326-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org>
2018-06-28pc-dimm: get_memory_region() will not fail after realizeDavid Hildenbrand
Let's try to reduce error handling a bit. In the plug/unplug case, the device was realized and therefore we can assume that getting access to the memory region will not fail. For get_vmstate_memory_region() this is already handled that way. Document both cases. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180619134141.29478-13-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28nvdimm: convert nvdimm_mr into a pointerDavid Hildenbrand
This way we can easily check if the region has already been inititalized without having to rely on the size of an uninitialized region being 0. Free the region in nvdimm_finalize() and not in unrealize() as we will allow to create the region before realization in following patches. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180619134141.29478-11-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28pc-dimm: merge get_(vmstate_)memory_region()David Hildenbrand
Importantly, get_vmstate_memory_region() should also fail with a proper error if called before the device is realized. For a PCDIMM, both functions are to return the same thing, so share the implementation. All current users are called after the device has been realized, so we can expect the calls to succeed. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180619134141.29478-9-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28pc-dimm: remove pc_dimm_get_free_slot() from headerDavid Hildenbrand
Not used outside of pc-dimm.c and there shouldn't be other users. If other devices (e.g. memory devices) ever have to also use slots, then we will have to factor this out. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180619134141.29478-5-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-28pc-dimm: rename pc_dimm_memory_* to pc_dimm_*David Hildenbrand
Let's rename it to make it look more consistent. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180619134141.29478-4-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-06-27compiler: add a sizeof_field() macroStefan Hajnoczi
Determining the size of a field is useful when you don't have a struct variable handy. Open-coding this is ugly. This patch adds the sizeof_field() macro, which is similar to typeof_field(). Existing instances are updated to use the macro. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 20180614164431.29305-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-06-26Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20180626' into staging target-arm queue: * aspeed: set APB clocks correctly (fixes slowdown on palmetto) * smmuv3: cache config data and TLB entries * v7m/v8m: support read/write from MPU regions smaller than 1K * various: clean up logging/debug messages * xilinx_spips: Make dma transactions as per dma_burst_size # gpg: Signature made Tue 26 Jun 2018 17:55:46 BST # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180626: (32 commits) aspeed/timer: use the APB frequency from the SCU aspeed: initialize the SCU controller first aspeed/scu: introduce clock frequencies hw/arm/smmuv3: Add notifications on invalidation hw/arm/smmuv3: IOTLB emulation hw/arm/smmuv3: Cache/invalidate config data hw/arm/smmuv3: Fix translate error handling target/arm: Handle small regions in get_phys_addr_pmsav8() target/arm: Set page (region) size in get_phys_addr_pmsav7() tcg: Support MMU protection regions smaller than TARGET_PAGE_SIZE hw/arm/stellaris: Use HWADDR_PRIx to display register address hw/arm/stellaris: Fix gptm_write() error message hw/net/smc91c111: Use qemu_log_mask(UNIMP) instead of fprintf hw/net/smc91c111: Use qemu_log_mask(GUEST_ERROR) instead of hw_error hw/net/stellaris_enet: Use qemu_log_mask(GUEST_ERROR) instead of hw_error hw/net/stellaris_enet: Fix a typo hw/arm/stellaris: Use qemu_log_mask(UNIMP) instead of fprintf hw/arm/omap: Use qemu_log_mask(GUEST_ERROR) instead of fprintf hw/arm/omap1: Use qemu_log_mask(GUEST_ERROR) instead of fprintf hw/i2c/omap_i2c: Use qemu_log_mask(UNIMP) instead of fprintf ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26aspeed/timer: use the APB frequency from the SCUCédric Le Goater
The timer controller can be driven by either an external 1MHz clock or by the APB clock. Today, the model makes the assumption that the APB frequency is always set to 24MHz but this is incorrect. The AST2400 SoC on the palmetto machines uses a 48MHz input clock source and the APB can be set to 48MHz. The consequence is a general system slowdown. The QEMU machines using the AST2500 SoC do not seem impacted today because the APB frequency is still set to 24MHz. We fix the timer frequency for all SoCs by linking the Timer model to the SCU model. The APB frequency driving the timers is now the one configured for the SoC. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 20180622075700.5923-4-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26aspeed/scu: introduce clock frequenciesCédric Le Goater
All Aspeed SoC clocks are driven by an input source clock which can have different frequencies : 24MHz or 25MHz, and also, on the Aspeed AST2400 SoC, 48MHz. The H-PLL (CPU) clock is defined from a calculation using parameters in the H-PLL Parameter register or from a predefined set of frequencies if the setting is strapped by hardware (Aspeed AST2400 SoC). The other clocks of the SoC are then defined from the H-PLL using dividers. We introduce first the APB clock because it should be used to drive the Aspeed timer model. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Andrew Jeffery <andrew@aj.id.au> Message-id: 20180622075700.5923-2-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26hw/arm/smmuv3: Add notifications on invalidationEric Auger
On TLB invalidation commands, let's call registered IOMMU notifiers. Those can only be UNMAP notifiers. SMMUv3 does not support notification on MAP (VFIO). This patch allows vhost use case where IOTLB API is notified on each guest IOTLB invalidation. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1529653501-15358-5-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26hw/arm/smmuv3: IOTLB emulationEric Auger
We emulate a TLB cache of size SMMU_IOTLB_MAX_SIZE=256. It is implemented as a hash table whose key is a combination of the 16b asid and 48b IOVA (Jenkins hash). Entries are invalidated on TLB invalidation commands, either globally, or per asid, or per asid/iova. Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-id: 1529653501-15358-4-git-send-email-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26hw/arm/smmuv3: Cache/invalidate config dataEric Auger
Let's cache config data to avoid fetching and parsing STE/CD structures on each translation. We invalidate them on data structure invalidation commands. We put in place a per-smmu mutex to protect the config cache. This will be useful too to protect the IOTLB cache. The caches can be accessed without BQL, ie. in IO dataplane. The same kind of mutex was put in place in the intel viommu. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1529653501-15358-3-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26hw/arm/omap: Use qemu_log_mask(GUEST_ERROR) instead of fprintfPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20180624040609.17572-10-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26hw/arm/omap1: Use qemu_log_mask(GUEST_ERROR) instead of fprintfPhilippe Mathieu-Daudé
TCMI_VERBOSE is no more used, drop the OMAP_8/16/32B_REG macros. Suggested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20180624040609.17572-9-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26xilinx_spips: Make dma transactions as per dma_burst_sizeSai Pavan Boddu
Qspi dma has a burst length of 64 bytes, So limit the transactions w.r.t dma-burst-size property. Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1529660880-30376-1-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180626-pull-request' ↵Peter Maydell
into staging vga: bugfix collection. # gpg: Signature made Tue 26 Jun 2018 17:27:23 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180626-pull-request: virtio-gpu-3d: Drop workaround for VIRTIO_GPU_CAPSET_VIRGL2 define ramfb: fix overflow vga: set owner for mmio regions Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-26virtio-gpu-3d: Drop workaround for VIRTIO_GPU_CAPSET_VIRGL2 definePeter Maydell
In commit a8bff79e9f27df we added a definition to hw/virtio/virtio-gpu.h for VIRTIO_GPU_CAPSET_VIRGL2, as a workaround for it not yet being in the Linux kernel headers. In commit 77d361b13c19 we updated our kernel headers to a version which does define the macro, so we can now remove our workaround. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180622173249.29963-1-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-06-26Merge remote-tracking branch ↵Peter Maydell
'remotes/ehabkost/tags/machine-next-pull-request' into staging Machine queue, 2018-06-25 * Don't support --daemonize and --preconfig together * Deprecate machine types pc-0.10 and pc-0.11 # gpg: Signature made Mon 25 Jun 2018 23:37:59 BST # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/machine-next-pull-request: hw/i386: Deprecate the machine types pc-0.10 and pc-0.11 vl.c: do not allow --daemonize in combination with --preconfig CLI option Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-25Merge branch 'master' of git://git.qemu.org/qemu into x86-nextEduardo Habkost
2018-06-25hw/i386: Deprecate the machine types pc-0.10 and pc-0.11Thomas Huth
The oldest machine type which is still used in a still maintained distro is a pc-0.12 based machine type in RHEL6, so everything that is older than pc-0.12 should not be used anymore. Thus let's deprecate pc-0.10 and pc-0.11 so that we can finally remove them in a future release. Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1529917512-10528-1-git-send-email-thuth@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-06-25Merge remote-tracking branch ↵Peter Maydell
'remotes/kraxel/tags/audio-20180625-pull-request' into staging audio: new timer code for hda codec, fix audio_get_conf_int # gpg: Signature made Mon 25 Jun 2018 14:12:41 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20180625-pull-request: audio: Convert use of atoi to qemu_strtoi audio/hda: enable new timer code by default. audio/hda: detect output buffer overruns audio/hda: tweak timer adjust logic audio/hda: turn some dprintfs into trace points audio/hda: create millisecond timers that handle IO Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-25audio/hda: enable new timer code by default.Gerd Hoffmann
Also add a compat property to disable it for old machine types, needed for live migration compatibility. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20180622111200.30561-6-kraxel@redhat.com
2018-06-22i386: Enable TOPOEXT feature on AMD EPYC CPUBabu Moger
Enable TOPOEXT feature on EPYC CPU. This is required to support hyperthreading on VM guests. Also extend xlevel to 0x8000001E. Disable topoext on PC_COMPAT_2_12 and keep xlevel 0x8000000a. Signed-off-by: Babu Moger <babu.moger@amd.com> Message-Id: <1529443919-67509-3-git-send-email-babu.moger@amd.com> [ehabkost: Added EPYC-IBPB.xlevel to PC_COMPAT_2_12] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-06-22Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20180622' into staging target-arm queue: * hw/intc/arm_gicv3: fix wrong values when reading IPRIORITYR * target/arm: fix read of freed memory in kvm_arm_machine_init_done() * virt: support up to 512 CPUs * virt: support 256MB ECAM PCI region (for more PCI devices) * xlnx-zynqmp: Use Cortex-R5F, not Cortex-R5 * mps2-tz: Implement and use the TrustZone Memory Protection Controller * target/arm: enforce alignment checking for v6M cores * xen: Don't use memory_region_init_ram_nomigrate() in pci_assign_dev_load_option_rom() * vl.c: Don't zero-initialize statics for serial_hds # gpg: Signature made Fri 22 Jun 2018 13:56:00 BST # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180622: (28 commits) xen: Don't use memory_region_init_ram_nomigrate() in pci_assign_dev_load_option_rom() vl.c: Don't zero-initialize statics for serial_hds target/arm: Strict alignment for ARMv6-M and ARMv8-M Baseline target/arm: Introduce ARM_FEATURE_M_MAIN hw/arm/mps2-tz.c: Instantiate MPCs hw/arm/iotkit: Wire up MPC interrupt lines hw/arm/iotkit: Instantiate MPC hw/misc/iotkit-secctl.c: Implement SECMPCINTSTATUS hw/misc/tz_mpc.c: Honour the BLK_LUT settings in translate hw/misc/tz-mpc.c: Implement correct blocked-access behaviour hw/misc/tz-mpc.c: Implement registers hw/misc/tz-mpc.c: Implement the Arm TrustZone Memory Protection Controller xlnx-zynqmp: Swap Cortex-R5 for Cortex-R5F target-arm: Add the Cortex-R5F hw/arm/virt: Increase max_cpus to 512 hw/arm/virt: Use 256MB ECAM region by default hw/arm/virt: Add virt-3.0 machine type hw/arm/virt: Add a new 256MB ECAM region hw/arm/virt: Register two redistributor regions when necessary hw/arm/virt-acpi-build: Advertise one or two GICR structures ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-22hw/arm/iotkit: Wire up MPC interrupt linesPeter Maydell
The interrupt outputs from the MPC in the IoTKit and the expansion MPCs in the board must be wired up to the security controller, and also all ORed together to produce a single line to the NVIC. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20180620132032.28865-8-peter.maydell@linaro.org
2018-06-22hw/arm/iotkit: Instantiate MPCPeter Maydell
Wire up the one MPC that is part of the IoTKit itself. For the moment we don't wire up its interrupt line. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20180620132032.28865-7-peter.maydell@linaro.org
2018-06-22hw/misc/iotkit-secctl.c: Implement SECMPCINTSTATUSPeter Maydell
Implement the SECMPCINTSTATUS register. This is the only register in the security controller that deals with Memory Protection Controllers, and it simply provides a read-only view of the interrupt lines from the various MPCs in the system. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180620132032.28865-6-peter.maydell@linaro.org
2018-06-22hw/misc/tz-mpc.c: Implement registersPeter Maydell
Implement the missing registers for the TZ MPC. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 20180620132032.28865-3-peter.maydell@linaro.org
2018-06-22hw/misc/tz-mpc.c: Implement the Arm TrustZone Memory Protection ControllerPeter Maydell
Implement the Arm TrustZone Memory Protection Controller, which sits in front of RAM and allows secure software to configure it to either pass through or reject transactions. We implement the MPC as a QEMU IOMMU, which will direct transactions either through to the devices and memory behind it or to a special "never works" AddressSpace if they are blocked. This initial commit implements the skeleton of the device: * it always permits accesses * it doesn't implement most of the registers * it doesn't implement the interrupt or other behaviour for blocked transactions Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 20180620132032.28865-2-peter.maydell@linaro.org
2018-06-22hw/arm/virt: Use 256MB ECAM region by defaultEric Auger
With this patch, virt-3.0 machine uses a new 256MB ECAM region by default instead of the legacy 16MB one, if highmem is set (LPAE supported by the guest) and (!firmware_loaded || aarch64). Indeed aarch32 mode FW may not support this high ECAM region. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1529072910-16156-11-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-22hw/arm/virt: Add a new 256MB ECAM regionEric Auger
This patch defines a new ECAM region located after the 256GB limit. The virt machine state is augmented with a new highmem_ecam field which guards the usage of this new ECAM region instead of the legacy 16MB one. With the highmem ECAM region, up to 256 PCIe buses can be used. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1529072910-16156-9-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-22hw/arm/virt: GICv3 DT node with one or two redistributor regionsEric Auger
This patch allows the creation of a GICv3 node with 1 or 2 redistributor regions depending on the number of smu_cpus. The second redistributor region is located just after the existing RAM region, at 256GB and contains up to up to 512 vcpus. Please refer to kernel documentation for further node details: Documentation/devicetree/bindings/interrupt-controller/arm,gic-v3.txt Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1529072910-16156-6-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-22hw/intc/arm_gicv3: Introduce redist-region-count array propertyEric Auger
To prepare for multiple redistributor regions, we introduce an array of uint32_t properties that stores the redistributor count of each redistributor region. Non accelerated VGICv3 only supports a single redistributor region. The capacity of all redist regions is checked against the number of vcpus. Machvirt is updated to set those properties, ie. a single redistributor region with count set to the number of vcpus capped by 123. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1529072910-16156-4-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-06-22spapr: Use maximum page size capability to simplify memory backend checkingDavid Gibson
The way we used to handle KVM allowable guest pagesizes for PAPR guests required some convoluted checking of memory attached to the guest. The allowable pagesizes advertised to the guest cpus depended on the memory which was attached at boot, but then we needed to ensure that any memory later hotplugged didn't change which pagesizes were allowed. Now that we have an explicit machine option to control the allowable maximum pagesize we can simplify this. We just check all memory backends against that declared pagesize. We check base and cold-plugged memory at reset time, and hotplugged memory at pre_plug() time. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org>