aboutsummaryrefslogtreecommitdiff
path: root/target-s390x
AgeCommit message (Collapse)Author
2015-06-17s390/ioinst: fix endianness in ioinst_schib_validAlexander Graf
The ioinst_schib_valid gets a SCHIB in guest endianness, we should byteswap the fields we access. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17s390/ioinst: fix IO_INT_WORD_ISC macroAurelien Jarno
The I/O-Interruption Subclass field corresponds to bits 2 to 5 (BE notation) of the Interruption-Identification Word. The value should be shift by 27 instead of 24. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-15Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150615' into ↵Peter Maydell
staging s390x/kvm/watchdog 1. Implement a diag288 based watchdog 2. Fix virtio-ccw BIOS for gcc >= 4.9 # gpg: Signature made Mon Jun 15 12:36:25 2015 BST using RSA key ID B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" * remotes/borntraeger/tags/s390x-20150615: s390/bios: build with -fdelete-null-pointer-checks watchdog: Add new Virtual Watchdog action INJECT-NMI nmi: Implement inject_nmi() for non-monitor context use s390x/watchdog: diag288 migration support s390x/kvm: diag288 instruction interception and handling s390x/watchdog: introduce diag288 watchdog device watchdog: change option wording to allow for more watchdogs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-12migration: Use normal VMStateDescriptions for SubsectionsJuan Quintela
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-06-11s390x/kvm: diag288 instruction interception and handlingXu Wang
Intercept the diag288 requests from kvm guests, and hand the requested command to the diag288 watchdog device for further handling. Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-09Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150609' into ↵Peter Maydell
staging s390x/virtio-ccw: migration and virtio for 2.4 1. Migration fixups 2. virtio 9pfs # gpg: Signature made Tue Jun 9 09:00:05 2015 BST using RSA key ID B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" * remotes/borntraeger/tags/s390x-20150609: s390x/migration: add comment about floating point migration s390x/kvm: always ignore empty vcpu interrupt state virtio-ccw/migration: Migrate config vector for virtio devices virtio-ccw: add support for 9pfs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-09s390x/migration: add comment about floating point migrationChristian Borntraeger
commit 46c804def4bd ("s390x: move fpu regs into a subsection of the vmstate") moved the fprs into a subsection and bumped the version number. This will allow to not transfer fprs in the future if necessary. Add a comment to mark the return true as intentional. CC: Juan Quintela <quintela@redhat.com> CC: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <1433758884-2997-1-git-send-email-borntraeger@de.ibm.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
2015-06-05target-s390x: Only access allocated storage keysAlexander Graf
We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that we only access that many. Unfortunately the code can overrun this array by one, potentially overwriting unrelated memory. Fix it by limiting storage keys to their scope. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
2015-06-05target-s390x: fix MVC instruction when areas overlapAurelien Jarno
The MVC instruction and the memmove C funtion do not have the same semantic when memory areas overlap: MVC: When the operands overlap, the result is obtained as if the operands were processed one byte at a time and each result byte were stored immediately after fetching the necessary operand byte. memmove: Copying takes place as though the bytes in src are first copied into a temporary array that does not overlap src or dest, and the bytes are then copied from the temporary array to dest. The behaviour is therefore the same when the destination is at a lower address than the source, but not in the other case. This is actually a trick for propagating a value to an area. While the current code detects that and call memset in that case, it only does for 1-byte value. This trick can and is used for propagating two or more bytes to an area. In the softmmu case, the call to mvc_fast_memmove is correct as the above tests verify that source and destination are each within a page, and both in a different page. The part doing the move 8 bytes by 8 bytes is wrong and we need to check that if the source and destination overlap, they do with a distance of minimum 8 bytes before copying 8 bytes at a time. In the user code, we should check check that the destination is at a lower address than source or than the end of the source is at a lower address than the destination before calling memmove. In the opposite case we fallback to the same code as the softmmu one. Note that l represents (length - 1). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: use softmmu functions for mvcp/mvcsAurelien Jarno
mvcp and mvcs helper get access to the physical memory by a call to mmu_translate for the virtual to real conversion and then using ldb_phys and stb_phys to physically access the data. In practice this is quite slow because it bypasses the QEMU softmmu TLB and because stb_phys calls try to invalidate the corresponding memory for each access. Instead use cpu_ldb_{primary,secondary} for the loads and cpu_stb_{primary,secondary} for the stores. Ideally this should be further optimized by a call to memcpy, but that already improves the boot time of a guest by a factor 1.8. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: support non current ASC in s390_cpu_handle_mmu_faultAurelien Jarno
s390_cpu_handle_mmu_fault currently looks at the current ASC mode defined in PSW mask instead of the MMU index. This prevent emulating easily instructions using a specific ASC mode. Fix that by using the MMU index converted back to ASC using the just added cpu_mmu_idx_to_asc function. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: add a cpu_mmu_idx_to_asc functionAurelien Jarno
Use constants to define the MMU indexes, and add a function to do the reverse conversion of cpu_mmu_index. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement high-word facilityAurelien Jarno
Besides RISBHG and RISBLG, all high-word instructions are not implemented. Fix that. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement load-and-trap facilityAurelien Jarno
At the same time move the trap code from op_ct into gen_trap and use it for all new functions. The value needs to be stored back to register before the exception, but also before the brcond (as we don't use temp locals). That's why we can't use wout helper. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement miscellaneous-instruction-extensions facilityAurelien Jarno
RISBGN is the same as RISBG, but without setting the condition code. CLT and CLGT are the same as CLRT and CLGRT, but using memory for the second operand. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement LPDFR and LNDFR instructionsAurelien Jarno
This complete the floating point support sign handling facility. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement TRANSLATE EXTENDED instructionAurelien Jarno
It is part of the basic zArchitecture instructions. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement TRANSLATE AND TEST instructionAurelien Jarno
It is part of the basic zArchitecture instructions. Allow it to be call from EXECUTE. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement LOAD FP INTEGER instructionsAurelien Jarno
This is needed to pass the gcc.c-torture/execute/ieee/20010114-2.c test in the gcc testsuite. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: move SET DFP ROUNDING MODE to the correct facilityAurelien Jarno
It belongs to the DFP rounding facility. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: move STORE CLOCK FAST to the correct facilityAurelien Jarno
STORE CLOCK FAST should be in the SCF facility. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: change CHRL and CGHRL format to RIL-bAurelien Jarno
Change to match the PoP. In practice both format RIL-a and RIL-b have the same fields. They differ on the way we decode the fields, and it's done correctly in QEMU. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix CLGIT instructionAurelien Jarno
The COMPARE LOGICAL IMMEDIATE AND TRAP instruction should compare the numbers as unsigned, as its name implies. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix exception for invalid operation codeAurelien Jarno
When an operation code is not recognized (ie invalid instruction) an operation exception should be generated instead of a specification exception. The latter is for valid opcode, with invalid operands or modifiers. This give a very basic GDB support in the guest, as it uses the invalid opcode 0x0001 to generate a trap. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement LAY and LAEY instructionsAurelien Jarno
This complete the general-instructions-extension facility, enable it. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> [agraf: remove facility bit] Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: move a few instructions to the correct facilityAurelien Jarno
LY is part of the long-displacement facility. RISBHG and RISBLG are part of the high-word facility. STCMH is part of the z/Architecture. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: detect tininess before rounding for FP operationsAurelien Jarno
The s390x floating point unit detects tininess before rounding, so set the softfloat fp_status up appropriately. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: silence NaNs for LOAD LENGTHENED and LOAD ROUNDEDAurelien Jarno
LOAD LENGTHENED and LOAD ROUNDED are considered as FP operations and thus need to convert input sNaN into corresponding qNaN. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix MMU index computationAurelien Jarno
The cpu_mmu_index function wrongly looks at PSW P bit to determine the MMU index, while this bit actually only control the use of priviledge instructions. The addressing mode is detected by looking at the PSW ASC bits instead. This used to work more or less correctly up to kernel 3.6 as the kernel was running in primary space and userland in secondary space. Since kernel 3.7 the default is to run the kernel in home space and userland in primary space. While the current QEMU code seems to work it open some security issues, like accessing the lowcore memory in R/W mode from a userspace process once it has been accessed by the kernel (it is then cached by the QEMU TLB). At the same time change the MMU_USER_IDX value so that it matches the value used in recent kernels. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix PSW value on dynamical exception from helpersAurelien Jarno
runtime_exception computes the psw.addr value using the actual exception address and the instruction length computed by calling the get_ilen function. However as explained above the get_ilen code, it returns the actual instruction length, and not the ILC. Therefore there is no need to multiply the value by 2. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix LOAD MULTIPLE instruction on page boundaryAurelien Jarno
When consecutive memory locations are on page boundary a page fault might occur when using the LOAD MULTIPLE instruction. In that case real hardware doesn't load any register. This is an important detail in case the base register is in the list of registers to be loaded. If a page fault occurs this register might be overwritten and when the instruction is later restarted the wrong base register value is useD. Fix this by first loading the first and last value from memory, hence triggering all possible page faults, and then the remaining registers. This fixes random segmentation faults seen in the guest. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement STPT helperAurelien Jarno
Save the timer target value in the SPT helper, so that the STPT helper can compute the remaining time. This allow the Linux kernel to correctly do time accounting. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: implement STCKC helperAurelien Jarno
The STCKC instruction just returns the last written clock comparator value and KVM already provides the corresponding variable. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: streamline STCK helperAurelien Jarno
Now that clock_value is only used in one place, we can inline it in the STCK helper. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: simplify SCKC helperAurelien Jarno
The clock comparator and the QEMU timer work the same way, triggering at a given time, they just differ by the origin and the scale. It is therefore possible to go from one to another without using the current clock value. This spares two calls to qemu_clock_get_ns, which probably return slightly different values, possibly reducing the accuracy. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: add a tod2time functionAurelien Jarno
Add a tod2time function similar to the time2tod one, instead of open coding the conversion. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: remove unused helpersAurelien Jarno
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: optimize (negative-) abs computationAurelien Jarno
Now that movcond exists, it's easy to write (negative-) absolute value using TCG code instead of an helper. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix CC computation for LOAD POSITIVE instructionsAurelien Jarno
LOAD POSITIVE instructions (LPR, LPGR and LPGFR) set the following condition code: 0: Result zero; no overflow 1: -- 2: Result greater than zero; no overflow 3: Overflow The current code wrongly returns 1 instead of 2 in case of a result greater than 0. This patches fixes that. This fixes the marshalling of the value '0L' in Python. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-05target-s390x: fix CC computation for EX instructionAurelien Jarno
Commit 7a6c7067f optimized CC computation by only saving cc_op before calling helpers as they either don't touch the CC or generate a new static value. This however doesn't work for the EX instruction as the helper changes or not the CC value depending on the actual executed instruction (e.g. MVC vs CLC). This patches force a CC computation before calling the helper. This fixes random memory corruption occuring in guests. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> [agraf: remove set_cc_static in op_ex as suggested by rth] Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03s390x/kvm: always ignore empty vcpu interrupt stateSascha Silbe
kvm_s390_vcpu_interrupt_pre_save() and kvm_s390_vcpu_interrupt_post_load() are essentially no-ops on hosts without KVM_CAP_S390_IRQ_STATE. Move the capability check after the check for saved IRQ state in kvm_s390_vcpu_interrupt_post_load() so that migration between hosts without KVM_CAP_S390_IRQ_STATE (including save / restore on the same host) continues to work. Fixes: 3cda44f7bae5 ("s390x/kvm: migrate vcpu interrupt state") Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Reviewed-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-02kvm: introduce kvm_arch_msi_data_to_gsiEric Auger
On ARM the MSI data corresponds to the shared peripheral interrupt (SPI) ID. This latter equals to the SPI index + 32. to retrieve the SPI index, matching the gsi, an architecture specific function is introduced. Signed-off-by: Eric Auger <eric.auger@linaro.org> Acked-by: Christoffer Dall <christoffer.dall@linaro.org> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-27s390x: Enable vector processing capabilityEric Farman
Everything is finally in place, inform the kernel that user space supports vector registers. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Migrate vector registersEric Farman
When migrating a guest, be sure to include the vector registers. The vector registers are defined in a subsection, similar to the existing subsection for floating point registers. Since the floating point registers are always present (and thus migrated), we can skip them when performing the migration of the vector registers which may or may not be present. Suggested-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Add vector registers to ELF dumpEric Farman
Create ELF notes for the vector registers where applicable, so that their contents can be examined by utilities such as crash or readelf. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Add vector registers to HMP outputEric Farman
There are mechanisms to dump registers via the qemu HMP interface, such as the "info registers" command. Expand this output to dump the new vector registers. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: gdb updates for vector registersEric Farman
gdb allows registers to be displayed/modified, and is being updated to account for the new vector registers. Mirror these changes in the gdb stub in qemu so that this can be performed when gdb is attached to the qemu gdbserver. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Store Additional Status SIGP orderEric Farman
Add handling for the Store Additional Status at Address order that exists for the Signal Processor (SIGP) instruction. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Vector Register IOCTLsEric Farman
Handle the actual syncing of the vector registers with kernel space, via the get/put register IOCTLs. The vector registers that were introduced with the z13 overlay the existing floating point registers. FP registers 0-15 are the high-halves of vector registers 0-15. Thus, remove the freg fields and replace them with the equivalent vector field to avoid errors in duplication. Moreover, synchronize either the vector registers via kvm_sync_regs, or floating point registers via the GET/SET FPU IOCTLs. Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27s390x: Common access to floating point registersEric Farman
Provide a routine to access the correct floating point register, to simplify future expansion. Suggested-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>