aboutsummaryrefslogtreecommitdiff
path: root/target/s390x
AgeCommit message (Collapse)Author
2021-06-02docs: fix references to docs/devel/tracing.rstStefano Garzarella
Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst. We still have several references to the old file, so let's fix them with the following command: sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt) Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210517151702.109066-2-sgarzare@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-05-26hw/core: Constify TCGCPUOpsRichard Henderson
We no longer have any runtime modifications to this struct, so declare them all const. Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-ID: <20210227232519.222663-3-richard.henderson@linaro.org>
2021-05-26cpu: Move CPUClass::get_phys_page_debug to SysemuCPUOpsPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210517105140.1062037-21-f4bug@amsat.org> [rth: Drop declaration movement from target/*/cpu.h] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-26cpu: Move CPUClass::write_elf* to SysemuCPUOpsPhilippe Mathieu-Daudé
The write_elf*() handlers are used to dump vmcore images. This feature is only meaningful for system emulation. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210517105140.1062037-19-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-26cpu: Move CPUClass::get_crash_info to SysemuCPUOpsPhilippe Mathieu-Daudé
cpu_get_crash_info() is called on GUEST_PANICKED events, which only occur in system emulation. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210517105140.1062037-18-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-26cpu: Move CPUClass::vmsd to SysemuCPUOpsPhilippe Mathieu-Daudé
Migration is specific to system emulation. - Move the CPUClass::vmsd field to SysemuCPUOps, - restrict VMSTATE_CPU() macro to sysemu, - vmstate_dummy is now unused, remove it. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210517105140.1062037-16-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-26cpu: Introduce SysemuCPUOps structurePhilippe Mathieu-Daudé
Introduce a structure to hold handler specific to sysemu. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210517105140.1062037-15-f4bug@amsat.org> [rth: Squash "restrict hw/core/sysemu-cpu-ops.h" patch] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-26cpu: Rename CPUClass vmsd -> legacy_vmsdPhilippe Mathieu-Daudé
Quoting Peter Maydell [*]: There are two ways to handle migration for a CPU object: (1) like any other device, so it has a dc->vmsd that covers migration for the whole object. As usual for objects that are a subclass of a parent that has state, the first entry in the VMStateDescription field list is VMSTATE_CPU(), which migrates the cpu_common fields, followed by whatever the CPU's own migration fields are. (2) a backwards-compatible mechanism for CPUs that were originally migrated using manual "write fields to the migration stream structures". The on-the-wire migration format for those is based on the 'env' pointer (which isn't a QOM object), and the cpu_common part of the migration data is elsewhere. cpu_exec_realizefn() handles both possibilities: * for type 1, dc->vmsd is set and cc->vmsd is not, so cpu_exec_realizefn() does nothing, and the standard "register dc->vmsd for a device" code does everything needed * for type 2, dc->vmsd is NULL and so we register the vmstate_cpu_common directly to handle the cpu-common fields, and the cc->vmsd to handle the per-CPU stuff You can't change a CPU from one type to the other without breaking migration compatibility, which is why some guest architectures are stuck on the cc->vmsd form. New targets should use dc->vmsd. To avoid new targets to start using type (2), rename cc->vmsd as cc->legacy_vmsd. The correct field to implement is dc->vmsd (the DeviceClass one). See also commit b170fce3dd0 ("cpu: Register VMStateDescription through CPUState") for historic background. [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg800849.html Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210517105140.1062037-13-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-20target/s390x: Fix translation exception on illegal instructionIlya Leoshkevich
Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What happens is: * uretprobe maps a userspace page containing an invalid instruction. * uretprobe replaces the target function's return address with the address of that page. * When tb_gen_code() is called on that page, tb->size ends up being 0 (because the page starts with the invalid instruction), which causes virt_page2 to point to the previous page. * The previous page is not mapped, so this causes a spurious translation exception. tb->size must never be 0: even if there is an illegal instruction, the instruction bytes that have been looked at must count towards tb->size. So adjust s390x's translate_one() to act this way for both illegal instructions and instructions that are known to generate exceptions. Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20210416154939.32404-2-iii@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-05-02Do not include exec/address-spaces.h if it's not really necessaryThomas Huth
Stop including exec/address-spaces.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-5-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include sysemu/sysemu.h if it's not really necessaryThomas Huth
Stop including sysemu/sysemu.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-2-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02hw: Do not include qemu/log.h if it is not necessaryThomas Huth
Many files include qemu/log.h without needing it. Remove the superfluous include statements. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20210328054833.2351597-1-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-04-23target/s390x: fix s390_probe_access to check PAGE_WRITE_ORG for writeabilityAlex Bennée
We can remove PAGE_WRITE when (internally) marking a page read-only because it contains translated code. This can get confused when we are executing signal return code on signal stacks. Fixes: e56552cf07 ("target/s390x: Implement the MVPG condition-code-option bit") Found-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-id: 20210422154427.13038-1-alex.bennee@linaro.org Cc: Cornelia Huck <cohuck@redhat.com> Cc: Thomas Huth <thuth@redhat.com> Cc: David Hildenbrand <david@redhat.com> Cc: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-26s390x: move S390_ADAPTER_SUPPRESSIBLEGerd Hoffmann
The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per suggestion of Thomas Huth. From interface design perspective, IMHO, not a good thing as it belongs to the public interface of css_register_io_adapters(). We did this because CONFIG_KVM requeires NEED_CPU_H and Thomas, and other commenters did not like the consequences of that. Moving the interrupt related declarations to s390_flic.h was suggested by Cornelia Huck. Signed-off-by: Halil Pasic <pasic@linux.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Halil Pasic <pasic@linux.ibm.com> Tested-by: Halil Pasic <pasic@linux.ibm.com> Message-Id: <20210317095622.2839895-2-kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15target/s390x: Store r1/r2 for page-translation exceptions during MVPGDavid Hildenbrand
The PoP states: When EDAT-1 does not apply, and a program interruption due to a page-translation exception is recognized by the MOVE PAGE instruction, the contents of the R1 field of the instruction are stored in bit positions 0-3 of location 162, and the contents of the R2 field are stored in bit positions 4-7. If [...] an ASCE-type, region-first-translation, region-second-translation, region-third-translation, or segment-translation exception was recognized, the contents of location 162 are unpredictable. So we have to write r1/r2 into the lowcore on page-translation exceptions. Simply handle all exceptions inside our mvpg helper now. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210315085449.34676-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-15target/s390x: Implement the MVPG condition-code-option bitRichard Henderson
If the CCO bit is set, MVPG should not generate an exception but report page translation faults via a CC code. Create a new helper, access_prepare_nf, which can use probe_access_flags in non-faulting mode, and then handle watchpoints. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> [thuth: Added logic to still inject protection exceptions] Signed-off-by: Thomas Huth <thuth@redhat.com> [david: Look at env->tlb_fill_exc to determine if there was an exception] Signed-off-by: David Hildenbrand <david@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210315085449.34676-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-15s390x/cpu_model: use official name for 8562Cornelia Huck
The single-frame z15 is called "z15 T02" (and the multi-frame z15 "z15 T01"). Signed-off-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20210311132746.1777754-1-cohuck@redhat.com>
2021-03-15s390x/kvm: Get rid of legacy_s390_alloc()David Hildenbrand
legacy_s390_alloc() was required for dealing with the absence of the ESOP feature -- on old HW (< gen 10) and old z/VM versions (< 6.3). As z/VM v6.2 (and even v6.3) is no longer supported since 2017 [1] and we don't expect to have real users on such old hardware, let's drop legacy_s390_alloc(). Still check+report an error just in case someone still runs on such old z/VM environments, or someone runs under weird nested KVM setups (where we can manually disable ESOP via the CPU model). No need to check for KVM_CAP_GMAP - that should always be around on kernels that also have KVM_CAP_DEVICE_CTRL (>= v3.15). [1] https://www.ibm.com/support/lifecycle/search?q=z%2FVM Suggested-by: Cornelia Huck <cohuck@redhat.com> Suggested-by: Thomas Huth <thuth@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Halil Pasic <pasic@linux.ibm.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Thomas Huth <thuth@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20210303130916.22553-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04target/s390x/kvm: Simplify debug codePhilippe Mathieu-Daudé
We already have the 'run' variable holding 'cs->kvm_run' value. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210303182219.1631042-3-philmd@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04css: SCHIB measurement block origin must be alignedPierre Morel
The Measurement Block Origin inside the SCHIB is used when Measurement Block format 1 is in used and must be aligned on 64 bytes otherwise an operand exception is recognized when issuing the Modify Sub CHannel (MSCH) instruction. Signed-off-by: Pierre Morel <pmorel@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <1613741973-3711-2-git-send-email-pmorel@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04target/s390x/arch_dump: Fix warning for the name field in the PT_NOTE sectionThomas Huth
There is a compiler warning with GCC 9.3 when compiling with the -fsanitize=thread compiler flag: In function 'strncpy', inlined from 's390x_write_elf64_notes' at ../target/s390x/arch_dump.c:219:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 8 equals destination size [-Werror=stringop-truncation] Since the name should always be NUL-terminated, let's use g_strlcpy() to silence this warning. And while we're at it, also add an assert() to make sure that the provided names always fit the size field (which is fine for the current callers, the function is called once with "CORE" and once with "LINUX" as a name). Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20210205093921.848260-1-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04s390x/cpu_model: disallow unpack for --only-migratableChristian Borntraeger
Secure execution (aka protected virtualization) guests cannot be migrated at the moment. If the unpack facility is provided in the cpu model, a guest may choose to transition to secure mode, making the guest unmigratable at that point in time. If the machine was explicitly started with --only-migratable, we would get a failure only when the guest actually tries to transition; instead, explicitly disallow the unpack facility if --only-migratable was specified to avoid late surprises. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Halil Pasic <pasic@linux.ibm.com> Message-Id: <20210125135332.181324-1-borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-02-17Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * HVF fixes * Extra qos-test debugging output (Christian) * SEV secret address autodetection (James) * SEV-ES support (Thomas) * Relocatable paths bugfix (Stefan) * RR fix (Pavel) * EventNotifier fix (Greg) # gpg: Signature made Tue 16 Feb 2021 16:15:59 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (21 commits) replay: fix icount request when replaying clock access event_notifier: Set ->initialized earlier in event_notifier_init() hvf: Fetch cr4 before evaluating CPUID(1) target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT hvf: x86: Remove unused definitions target/i386/hvf: add vmware-cpuid-freq cpu feature hvf: Guard xgetbv call util/cutils: Skip "." when looking for next directory component tests/qtest/qos-test: dump QEMU command if verbose tests/qtest/qos-test: dump environment variables if verbose tests/qtest/qos-test: dump qos graph if verbose libqos/qgraph_internal: add qos_printf() and qos_printf_literal() libqos/qgraph: add qos_node_create_driver_named() sev/i386: Enable an SEV-ES guest based on SEV policy kvm/i386: Use a per-VM check for SMM capability sev/i386: Don't allow a system reset under an SEV-ES guest sev/i386: Allow AP booting under SEV-ES sev/i386: Require in-kernel irqchip support for SEV-ES guests sev/i386: Add initial support for SEV-ES sev: update sev-inject-launch-secret to make gpa optional ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16sev/i386: Don't allow a system reset under an SEV-ES guestTom Lendacky
An SEV-ES guest does not allow register state to be altered once it has been measured. When an SEV-ES guest issues a reboot command, Qemu will reset the vCPU state and resume the guest. This will cause failures under SEV-ES. Prevent that from occuring by introducing an arch-specific callback that returns a boolean indicating whether vCPUs are resettable. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Jiaxun Yang <jiaxun.yang@flygoat.com> Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: David Hildenbrand <david@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Venu Busireddy <venu.busireddy@oracle.com> Message-Id: <1ac39c441b9a3e970e9556e1cc29d0a0814de6fd.1611682609.git.thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-16exec: Use cpu_untagged_addr in g2h; split out g2h_untaggedRichard Henderson
Use g2h_untagged in contexts that have no cpu, e.g. the binary loaders that operate before the primary cpu is created. As a colollary, target_mmap and friends must use untagged addresses, since they are used by the loaders. Use g2h_untagged on values returned from target_mmap, as the kernel never applies a tag itself. Use g2h_untagged on all pc values. The only current user of tags, aarch64, removes tags from code addresses upon branch, so "pc" is always untagged. Use g2h with the cpu context on hand wherever possible. Use g2h_untagged in lock_user, which will be updated soon. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-13-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-05cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClassClaudio Fontana
we cannot in principle make the TCG Operations field definitions conditional on CONFIG_TCG in code that is included by both common_ss and specific_ss modules. Therefore, what we can do safely to restrict the TCG fields to TCG-only builds, is to move all tcg cpu operations into a separate header file, which is only included by TCG, target-specific code. This leaves just a NULL pointer in the cpu.h for the non-TCG builds. This also tidies up the code in all targets a bit, having all TCG cpu operations neatly contained by a dedicated data struct. Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20210204163931.7358-16-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: move do_unaligned_access to tcg_opsClaudio Fontana
make it consistently SOFTMMU-only. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> [claudio: make the field presence in cpu.h unconditional, removing the ifdefs] Message-Id: <20210204163931.7358-12-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: move cc->do_interrupt to tcg_opsClaudio Fontana
Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210204163931.7358-10-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: Move debug_excp_handler to tcg_opsEduardo Habkost
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210204163931.7358-8-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: Move tlb_fill to tcg_opsEduardo Habkost
[claudio: wrapped target code in CONFIG_TCG] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210204163931.7358-7-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: Move cpu_exec_* to tcg_opsEduardo Habkost
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> [claudio: wrapped target code in CONFIG_TCG] Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210204163931.7358-6-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: Introduce TCGCpuOperations structEduardo Habkost
The TCG-specific CPU methods will be moved to a separate struct, to make it easier to move accel-specific code outside generic CPU code in the future. Start by moving tcg_initialize(). The new CPUClass.tcg_opts field may eventually become a pointer, but keep it an embedded struct for now, to make code conversion easier. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> [claudio: move TCGCpuOperations inside include/hw/core/cpu.h] Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210204163931.7358-2-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-01-21s390x: Use strpadcpy for copying vm nameMiroslav Rezanina
Using strncpy with length equal to the size of target array, GCC 11 reports following warning: warning: '__builtin_strncpy' specified bound 256 equals destination size [-Wstringop-truncation] We can prevent this warning by using strpadcpy that copies string up to specified length, zeroes target array after copied string and does not raise warning when length is equal to target array size (and ending '\0' is discarded). Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <6f86915755219cf6a671788075da4809b57f7d7b.1610607906.git.mrezanin@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-21s390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTEDavid Hildenbrand
In our EXECUTE fast path, we have to ignore the content of r0, if specified by b1 or b2. Fixes: d376f123c7de ("target/s390x: Re-implement a few EXECUTE target insns directly") Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210111163845.18148-6-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-21s390x/tcg: Don't ignore content in r0 when not specified via "b" or "x"David Hildenbrand
Using get_address() with register identifiers comming from an "r" field is wrong: if the "r" field designates "r0", we don't read the content and instead assume 0 - which should only be applied when the register was specified via "b" or "x". PoP 5-11 "Operand-Address Generation": "A zero in any of the B1, B2, X2, B3, or B4 fields indicates the absence of the corresponding address component. For the absent component, a zero is used in forming the intermediate sum, regardless of the contents of general register 0. A displacement of zero has no special significance." This BUG became visible for CSPG as generated by LLVM-12 in the upstream Linux kernel (v5.11-rc2), used while creating the linear mapping in vmem_map_init(): Trying to store to address 0 results in a Low Address Protection exception. Debugging this was more complicated than it could have been: The program interrupt handler in the kernel will try to crash the kernel: doing so, it will enable DAT. As the linear mapping is not created yet (asce=0), we run into an addressing exception while tring to walk non-existant DAT tables, resulting in a program exception loop. This allows for booting upstream Linux kernels compiled by clang-12. Most of these cases seem to be broken forever. Reported-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Cc: Guenter Roeck <linux@roeck-us.net> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210111163845.18148-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-21s390x/tcg: Fix RISBHGDavid Hildenbrand
RISBHG is broken and currently hinders clang-11 builds of upstream kernels from booting: the kernel crashes early, while decompressing the image. [...] Kernel fault: interruption code 0005 ilc:2 Kernel random base: 0000000000000000 PSW : 0000200180000000 0000000000017a1e R:0 T:0 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:0 CC:2 PM:0 RI:0 EA:3 GPRS: 0000000000000001 0000000c00000000 00000003fffffff4 00000000fffffff0 0000000000000000 00000000fffffff4 000000000000000c 00000000fffffff0 00000000fffffffc 0000000000000000 00000000fffffff8 00000000008e25a8 0000000000000009 0000000000000002 0000000000000008 000000000000bce0 One example of a buggy instruction is: 17dde: ec 1e 00 9f 20 5d risbhg %r1,%r14,0,159,32 With %r14 = 0x9 and %r1 = 0x7 should result in %r1 = 0x900000007, however, results in %r1 = 0. Let's interpret values of i3/i4 as documented in the PoP and make computation of "mask" only based on i3 and i4 and use "pmask" only at the very end to make sure wrapping is only applied to the high/low doubleword. With this patch, I can successfully boot a v5.11-rc2 kernel built with clang-11, and gcc builds keep on working. Fixes: 2d6a869833d9 ("target-s390: Implement RISBG") Reported-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Cc: Guenter Roeck <linux@roeck-us.net> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210111163845.18148-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-21s390x/tcg: Fix ALGSIDavid Hildenbrand
Looks like something went wrong whiel touching that line. Instead of "r1" we need a new temporary. Also, we have to pass MO_TEQ, to indicate that we are working with 64-bit values. Let's revert these changes. Fixes: ff26d287bddc ("target/s390x: Improve cc computation for ADD LOGICAL") Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210111163845.18148-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-08Remove superfluous timer_del() callsPeter Maydell
This commit is the result of running the timer-del-timer-free.cocci script on the whole source tree. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Corey Minyard <cminyard@mvista.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201215154107.3255-4-peter.maydell@linaro.org
2021-01-01Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20201222' ↵Peter Maydell
into staging Further s390x updates: - enhance the s390 devices acceptance test - tcg: improve carry computation - qga: send the ccw address with the fsinfo data - fixes for protected virtualisation and zpci # gpg: Signature made Tue 22 Dec 2020 10:37:34 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck-gitlab/tags/s390x-20201222: tests/acceptance: Add a test with the Fedora 31 kernel and initrd s390x/pci: Fix memory_region_access_valid call s390x/pci: fix pcistb length tests/acceptance: Test the virtio-balloon device on s390x tests/acceptance: Test virtio-rng on s390 via /dev/hwrng tests/acceptance: Extract the code to clear dmesg and wait for CRW reports tests/acceptance: test hot(un)plug of ccw devices target/s390x: Improve SUB LOGICAL WITH BORROW target/s390x: Improve cc computation for SUBTRACT LOGICAL target/s390x: Improve ADD LOGICAL WITH CARRY target/s390x: Improve cc computation for ADD LOGICAL qga/commands-posix: Send CCW address on s390x with the fsinfo data MAINTAINERS: move my git tree to gitlab s390x: pv: Fence additional unavailable SCLP facilities for PV guests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-21target/s390x: Improve SUB LOGICAL WITH BORROWRichard Henderson
Now that SUB LOGICAL outputs borrow, we can use that as input directly. It also means we can re-use CC_OP_SUBU and produce an output borrow directly from SUB LOGICAL WITH BORROW. Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201214221356.68039-5-richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-21target/s390x: Improve cc computation for SUBTRACT LOGICALRichard Henderson
The resulting cc is only dependent on the result and the carry-out. Carry-out and borrow-out are inverses, so are trivially converted. With tcg ops, it is easier to compute borrow-out than carry-out, so save result and borrow-out rather than the inputs. Borrow-out for 64-bit inputs is had via tcg_gen_sub2_i64 directly into cc_src. Borrow-out for 32-bit inputs is had via extraction from a normal 64-bit sub (with zero-extended inputs). Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201214221356.68039-4-richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-21target/s390x: Improve ADD LOGICAL WITH CARRYRichard Henderson
Now that ADD LOGICAL outputs carry, we can use that as input directly. It also means we can re-use CC_OP_ADDU and produce an output carry directly from ADD LOGICAL WITH CARRY. Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201214221356.68039-3-richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-21target/s390x: Improve cc computation for ADD LOGICALRichard Henderson
The resulting cc is only dependent on the result and the carry-out. So save those things rather than the inputs. Carry-out for 64-bit inputs is had via tcg_gen_add2_i64 directly into cc_src. Carry-out for 32-bit inputs is had via extraction from a normal 64-bit add (with zero-extended inputs). Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201214221356.68039-2-richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-21s390x: pv: Fence additional unavailable SCLP facilities for PV guestsJanosch Frank
There's no VSIE support for a protected guest, so let's better not advertise it and its support facilities. Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility") Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20201211105109.2913-1-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-19qapi: Use QAPI_LIST_PREPEND() where possibleEric Blake
Anywhere we create a list of just one item or by prepending items (typically because order doesn't matter), we can use QAPI_LIST_PREPEND(). But places where we must keep the list in order by appending remain open-coded until later patches. Note that as a side effect, this also performs a cleanup of two minor issues in qga/commands-posix.c: the old code was performing new = g_malloc0(sizeof(*ret)); which 1) is confusing because you have to verify whether 'new' and 'ret' are variables with the same type, and 2) would conflict with C++ compilation (not an actual problem for this file, but makes copy-and-paste harder). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20201113011340.463563-5-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> [Straightforward conflicts due to commit a8aa94b5f8 "qga: update schema for guest-get-disks 'dependents' field" and commit a10b453a52 "target/mips: Move mips_cpu_add_definition() from helper.c to cpu.c" resolved. Commit message tweaked.] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-12-11Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20201211' into stagingPeter Maydell
First set of 6.0 patches for s390x: - acceptance test for device detection - bugfixes # gpg: Signature made Fri 11 Dec 2020 12:21:45 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20201211: s390x/cpu: Use timer_free() in the finalize function to avoid memleaks tests/acceptance: test s390x zpci fid propagation tests/acceptance: verify s390x device detection tests/acceptance: test virtio-ccw revision handling tests/acceptance: add a test for devices on s390x hw/watchdog/wdt_diag288: Remove unnecessary includes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-11s390x/cpu: Use timer_free() in the finalize function to avoid memleaksGan Qixin
When running device-introspect-test, a memory leak occurred in the s390_cpu_initfn function, this patch use timer_free() in the finalize function to fix it. ASAN shows memory leak stack: Direct leak of 3552 byte(s) in 74 object(s) allocated from: #0 0xfffeb3d4e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0) #1 0xfffeb36e6800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800) #2 0xaaad51a8f9c4 in timer_new_full qemu/include/qemu/timer.h:523 #3 0xaaad51a8f9c4 in timer_new qemu/include/qemu/timer.h:544 #4 0xaaad51a8f9c4 in timer_new_ns qemu/include/qemu/timer.h:562 #5 0xaaad51a8f9c4 in s390_cpu_initfn qemu/target/s390x/cpu.c:304 #6 0xaaad51e00f58 in object_init_with_type qemu/qom/object.c:371 #7 0xaaad51e0406c in object_initialize_with_type qemu/qom/object.c:515 #8 0xaaad51e042e0 in object_new_with_type qemu/qom/object.c:729 #9 0xaaad51e3ff40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153 #10 0xaaad51910518 in qdev_device_help qemu/softmmu/qdev-monitor.c:283 #11 0xaaad51911918 in qmp_device_add qemu/softmmu/qdev-monitor.c:801 #12 0xaaad51911e48 in hmp_device_add qemu/softmmu/qdev-monitor.c:916 Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20201204081209.360524-4-ganqixin@huawei.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-12-10s390x: do not use ram_size globalPaolo Bonzini
Use the machine properties instead. Cc: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-18s390/kvm: fix diag318 propagation and reset functionalityCollin Walling
The Control Program Name Code (CPNC) portion of the diag318 info must be set within the SIE block of each VCPU in the configuration. The handler will iterate through each VCPU and dirty the diag318_info reg to be synced with KVM on a subsequent sync_regs call. Additionally, the diag318 info resets must be handled via userspace. As such, QEMU will reset this value for each VCPU during a modified clear, load normal, and load clear reset event. Fixes: fabdada9357b ("s390: guest support for diagnose 0x318") Signed-off-by: Collin Walling <walling@linux.ibm.com> Message-Id: <20201113221022.257054-1-walling@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Janosch Frank <frankja@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-11-10s390x: fix clang 11 warnings in cpu_models.cDaniele Buono
There are void * pointers that get casted to enums, in cpu_models.c Such casts can result in a small integer type and are caught as warnings with clang, starting with version 11: Clang 11 finds a bunch of spots in the code that trigger this new warnings: ../qemu-base/target/s390x/cpu_models.c:985:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390Feat feat = (S390Feat) opaque; ^~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1002:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390Feat feat = (S390Feat) opaque; ^~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1036:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390FeatGroup group = (S390FeatGroup) opaque; ^~~~~~~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1057:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390FeatGroup group = (S390FeatGroup) opaque; ^~~~~~~~~~~~~~~~~~~~~~ 4 errors generated. Avoid this warning by casting the pointer to uintptr_t first. Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com> Message-Id: <20201105221905.1350-3-dbuono@linux.vnet.ibm.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>