aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2019-04-25exec: Introduce qemu_maxrampagesize() and rename qemu_getrampagesize()David Hildenbrand
Rename qemu_getrampagesize() to qemu_minrampagesize(). While at it, properly rename find_max_supported_pagesize() to find_min_backend_pagesize(). s390x is actually interested into the maximum ram pagesize, so introduce and use qemu_maxrampagesize(). Add a TODO, indicating that looking at any mapped memory backends is not 100% correct in some cases. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190417113143.5551-3-david@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-04-25s390x/kvm: Configure page size after memory has actually been initializedDavid Hildenbrand
Right now we configure the pagesize quite early, when initializing KVM. This is long before system memory is actually allocated via memory_region_allocate_system_memory(), and therefore memory backends marked as mapped. Instead, let's configure the maximum page size after initializing memory in s390_memory_init(). cap_hpage_1m is still properly configured before creating any CPUs, and therefore before configuring the CPU model and eventually enabling CMMA. This is not a fix but rather a preparation for the future, when initial memory might reside on memory backends (not the case for s390x right now) We will replace qemu_getrampagesize() soon by a function that will always return the maximum page size (not the minimum page size, which only works by pure luck so far, as there are no memory backends). Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190417113143.5551-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-04-18disas: Rename include/disas/bfd.h back to include/disas/dis-asm.hMarkus Armbruster
Commit dc99065b5f9 (v0.1.0) added dis-asm.h from binutils. Commit 43d4145a986 (v0.1.5) inlined bfd.h into dis-asm.h to remove the dependency on binutils. Commit 76cad71136b (v1.4.0) moved dis-asm.h to include/disas/bfd.h. The new name is confusing when you try to match against (pre GPLv3+) binutils. Rename it back. Keep it in the same directory, of course. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190417191805.28198-17-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2019-04-18qom/cpu: Simplify how CPUClass:cpu_dump_state() printsMarkus Armbruster
CPUClass method dump_statistics() takes an fprintf()-like callback and a FILE * to pass to it. Most callers pass fprintf() and stderr. log_cpu_state() passes fprintf() and qemu_log_file. hmp_info_registers() passes monitor_fprintf() and the current monitor cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The callback gets passed around a lot, which is tiresome. The type-punning around monitor_fprintf() is ugly. Drop the callback, and call qemu_fprintf() instead. Also gets rid of the type-punning, since qemu_fprintf() takes NULL instead of the current monitor cast to FILE *. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-15-armbru@redhat.com>
2019-04-18qom/cpu: Simplify how CPUClass::dump_statistics() printsMarkus Armbruster
CPUClass method dump_statistics() takes an fprintf()-like callback and a FILE * to pass to it. Its only caller hmp_info_cpustats() (via cpu_dump_statistics()) passes monitor_fprintf() and the current monitor cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The type-punning is ugly. Drop the callback, and call qemu_printf() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-13-armbru@redhat.com>
2019-04-18target/i386: Simplify how x86_cpu_dump_local_apic_state() printsMarkus Armbruster
x86_cpu_dump_local_apic_state() takes an fprintf()-like callback and a FILE * to pass to it, and so do its helper functions. Its only caller hmp_info_local_apic() passes monitor_fprintf() and the current monitor cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The type-punning is ugly. Drop the callback, and call qemu_printf() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-12-armbru@redhat.com>
2019-04-18target: Clean up how the dump_mmu() printMarkus Armbruster
The various dump_mmu() take an fprintf()-like callback and a FILE * to pass to it, and so do their helper functions. Passing around callback and argument is rather tiresome. Most dump_mmu() are called only by the target's hmp_info_tlb(). These all pass monitor_printf() cast to fprintf_function and the current monitor cast to FILE *. SPARC's dump_mmu() gets also called from target/sparc/ldst_helper.c a few times #ifdef DEBUG_MMU. These calls pass fprintf() and stdout. The type-punning is technically undefined behaviour, but works in practice. Clean up: drop the callback, and call qemu_printf() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-11-armbru@redhat.com>
2019-04-18target: Simplify how the TARGET_cpu_list() printMarkus Armbruster
The various TARGET_cpu_list() take an fprintf()-like callback and a FILE * to pass to it. Their callers (vl.c's main() via list_cpus(), bsd-user/main.c's main(), linux-user/main.c's main()) all pass fprintf() and stdout. Thus, the flexibility provided by the (rather tiresome) indirection isn't actually used. Drop the callback, and call qemu_printf() instead. Calling printf() would also work, but would make the code unsuitable for monitor context without making it simpler. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190417191805.28198-10-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2019-04-18s390x/kvm: Report warnings with warn_report(), not error_printf()Markus Armbruster
kvm_s390_mem_op() can fail in two ways: when !cap_mem_op, it returns -ENOSYS, and when kvm_vcpu_ioctl() fails, it returns -errno set by ioctl(). Its caller s390_cpu_virt_mem_rw() recovers from both failures. kvm_s390_mem_op() prints "KVM_S390_MEM_OP failed" with error_printf() in the latter failure mode. Since this is obviously a warning, use warn_report(). Perhaps the reporting should be left to the caller. It could warn on failure other than -ENOSYS. Cc: Thomas Huth <thuth@redhat.com> Cc: qemu-s390x@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20190417190641.26814-9-armbru@redhat.com>
2019-04-09target/i386: Generate #UD for LOCK on a register incrementPeter Maydell
Fix a TCG crash due to attempting an atomic increment operation without having set up the address first. This is a similar case to that dealt with in commit e84fcd7f662a0d8198703, and we fix it in the same way. Fixes: https://bugs.launchpad.net/qemu/+bug/1807675 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20190328104750.25046-1-peter.maydell@linaro.org
2019-03-29target/ppc: Fix QEMU crash with stxsdxGreg Kurz
I've been hitting several QEMU crashes while running a fedora29 ppc64le guest under TCG. Each time, this would occur several minutes after the guest reached login: Fedora 29 (Twenty Nine) Kernel 4.20.6-200.fc29.ppc64le on an ppc64le (hvc0) Web console: https://localhost:9090/ localhost login: tcg/tcg.c:3211: tcg fatal error This happens because a bug crept up in the gen_stxsdx() helper when it was converted to use VSR register accessors by commit 8b3b2d75c7c04 "target/ppc: introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access". The code creates a temporary, passes it directly to gen_qemu_st64_i64() and then to set_cpu_vrsh()... which looks like this was mistakenly coded as a load instead of a store. Reverse the logic: read the VSR to the temporary first and then store it to memory. Fixes: 8b3b2d75c7c0481544e277dad226223245e058eb Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155371035249.2038502.12364252604337688538.stgit@bahia.lan> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-03-29target/ppc: Improve comment of bcctr used for spectre v2 mitigationGreg Kurz
Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155359567174.1794128.3183997593369465355.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-03-29target/ppc: Consolidate 64-bit server processor detection in a helperGreg Kurz
We use PPC_SEGMENT_64B in various places to guard code that is specific to 64-bit server processors compliant with arch 2.x. Consolidate the logic in a helper macro with an explicit name. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155327783157.1283071.3747129891004927299.stgit@bahia.lan> Tested-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-03-29target/ppc: Enable "decrement and test CTR" version of bcctrGreg Kurz
Even if all ISAs up to v3 indeed mention: If the "decrement and test CTR" option is specified (BO2=0), the instruction form is invalid. The UMs of all existing 64-bit server class processors say: If BO[2] = 0, the contents of CTR (before any update) are used as the target address and for the test of the contents of CTR to resolve the branch. The contents of the CTR are then decremented and written back to the CTR. The linux kernel has spectre v2 mitigation code that relies on a BO[2] = 0 variant of bcctr, which is now activated by default on spapr, even with TCG. This causes linux guests to panic with the default machine type under TCG. Since any CPU model can provide its own behaviour for invalid forms, we could possibly introduce a new instruction flag to handle this. In practice, since the behaviour is shared by all 64-bit server processors starting with 970 up to POWER9, let's reuse the PPC_SEGMENT_64B flag. Caveat: this may have to be fixed later if POWER10 introduces a different behaviour. The existing behaviour of throwing a program interrupt is kept for all other CPU models. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155327782604.1283071.10640596307206921951.stgit@bahia.lan> Tested-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-03-29target/ppc: Fix TCG temporary leaks in gen_bcond()Greg Kurz
Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <155327782047.1283071.10234727692461848972.stgit@bahia.lan> Tested-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-03-28Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Kconfig improvements (msi_nonbroken, imply for default PCI devices) * intel-iommu: sharing passthrough FlatViews (Peter) * Fix for SEV with VFIO (Brijesh) * Allow compilation without CONFIG_PARALLEL (Thomas) # gpg: Signature made Thu 21 Mar 2019 16:42:24 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (23 commits) virtio-vga: only enable for specific boards config-all-devices.mak: rebuild on reconfigure minikconf: fix parser typo intel-iommu: optimize nodmar memory regions test-announce-self: convert to qgraph hw/alpha/Kconfig: DP264 hardware requires e1000 network card hw/hppa/Kconfig: Dino board requires e1000 network card hw/sh4/Kconfig: r2d machine requires the rtl8139 network card hw/ppc/Kconfig: e500 based machines require virtio-net-pci device hw/ppc/Kconfig: Bamboo machine requires e1000 network card hw/mips/Kconfig: Fulong 2e board requires ati-vga/rtl8139 PCI devices hw/mips/Kconfig: Malta machine requires the pcnet network card hw/i386/Kconfig: enable devices that can be created by default hw/isa/Kconfig: PIIX4 southbridge requires USB UHCI hw/isa/Kconfig: i82378 SuperIO requires PC speaker device prep: do not select I82374 hw/i386/Kconfig: PC uses I8257, not I82374 hw/char/parallel: Make it possible to compile also without CONFIG_PARALLEL target/i386: sev: Do not pin the ram device memory region memory: Fix the memory region type assignment order ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/rdma/Makefile.objs # hw/riscv/sifive_plic.c
2019-03-28Merge remote-tracking branch 'remotes/xtensa/tags/20190326-xtensa' into stagingPeter Maydell
target/xtensa fixes for v4.0: - fix translation of FLIX bundles with multiple references to the same register; - don't announce exit simcall; - clean up tests/tcg/xtensa. # gpg: Signature made Tue 26 Mar 2019 17:58:59 GMT # gpg: using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044 # gpg: issuer "jcmvbkbc@gmail.com" # gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown] # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" [full] # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" [full] # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20190326-xtensa: tests/tcg/xtensa: clean up test set target/xtensa: don't announce exit simcall target/xtensa: fix break_dependency for repeated resources Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-26target/arm: Set SIMDMISC and FPMISC for 32-bit -cpu maxRichard Henderson
Fixes: https://bugs.launchpad.net/bugs/1821430 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190325161338.6536-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-26target/riscv: Fix wrong expanding for c.fswspKito Cheng
base register is no rs1 not rs2 for fsw. Signed-off-by: Kito Cheng <kito.cheng@gmail.com> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-26Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.0-rc1' ↵Peter Maydell
into staging A Single RISC-V Patch for 4.0-rc1 If this is too late I'm OK with it being in rc2, but it fixes a concrete regression and nobody has complained yet so I'd prefer it to be in rc1 if possible. The fix is to zero-extend the inputs to DIVUW and REMUW, which was exposed by the GCC test suite. # gpg: Signature made Tue 26 Mar 2019 05:54:20 GMT # gpg: using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41 # gpg: issuer "palmer@dabbelt.com" # gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown] # gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41 * remotes/palmer/tags/riscv-for-master-4.0-rc1: target/riscv: Zero extend the inputs of divuw and remuw Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-25Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' ↵Peter Maydell
into staging Pull request Compilation fixes and cleanups for QEMU 4.0.0. # gpg: Signature made Mon 25 Mar 2019 15:58:28 GMT # gpg: using RSA key 9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/tracing-pull-request: trace-events: Fix attribution of trace points to source trace-events: Delete unused trace points scripts/cleanup-trace-events: Update for current practice trace-events: Shorten file names in comments trace-events: Consistently point to docs/devel/tracing.txt trace: avoid SystemTap dtrace(1) warnings on empty files trace: handle tracefs path truncation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-25target/arm: make pmccntr_op_start/finish staticAndrew Jones
These functions are not used outside helper.c Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190322162333.17159-4-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-25target/arm: cortex-a7 and cortex-a15 have pmusAndrew Jones
cortex-a7 and cortex-a15 have pmus (PMUv2) and they advertise them in ID_DFR0. Let's allow them to function. This also enables the pmu cpu property to work with these cpu types, i.e. we can now do '-cpu cortex-a15,pmu=off' to remove the pmu. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190322162333.17159-3-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-25target/arm: fix crash on pmu register accessAndrew Jones
Fix a QEMU NULL derefence that occurs when the guest attempts to enable PMU counters with a non-v8 cpu model or a v8 cpu model which has not configured a PMU. Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow") Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190322162333.17159-2-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-25target/arm: Fix non-parallel expansion of CASPRichard Henderson
The second word has been loaded from the unincremented address since the first commit. Fixes: 44ac14b06fa Reported-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20190322234302.12770-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-23target/xtensa: don't announce exit simcallMax Filippov
Don't announce that exit simcall has been invoked: this is just noise. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-03-22trace-events: Shorten file names in commentsMarkus Armbruster
We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved verbatim. Delete the sub/dir/ part from these comments. Gets rid of several misspellings. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190314180929.27722-3-armbru@redhat.com Message-Id: <20190314180929.27722-3-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-03-22target/riscv: Zero extend the inputs of divuw and remuwPalmer Dabbelt
While running the GCC test suite against 4.0.0-rc0, Kito found a regression introduced by the decodetree conversion that caused divuw and remuw to sign-extend their inputs. The ISA manual says they are supposed to be zero extended: DIVW and DIVUW instructions are only valid for RV64, and divide the lower 32 bits of rs1 by the lower 32 bits of rs2, treating them as signed and unsigned integers respectively, placing the 32-bit quotient in rd, sign-extended to 64 bits. REMW and REMUW instructions are only valid for RV64, and provide the corresponding signed and unsigned remainder operations respectively. Both REMW and REMUW always sign-extend the 32-bit result to 64 bits, including on a divide by zero. Here's Kito's reduced test case from the GCC test suite unsigned calc_mp(unsigned mod) { unsigned a,b,c; c=-1; a=c/mod; b=0-a*mod; if (b > mod) { a += 1; b-=mod; } return b; } int main(int argc, char *argv[]) { unsigned x = 1234; unsigned y = calc_mp(x); if ((sizeof (y) == 4 && y != 680) || (sizeof (y) == 2 && y != 134)) abort (); exit (0); } I haven't done any other testing on this, but it does fix the test case. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-21target/xtensa: fix break_dependency for repeated resourcesMax Filippov
break_dependency incorrectly handles the case of dependency on an opcode that references the same register multiple times. E.g. the following instruction is translated incorrectly: { or a2, a3, a3 ; or a3, a2, a2 } This happens because resource indices of both dependency graph nodes are incremented, and a copy for the second instance of the same register in the ending node is not done. Only increment resource index of the ending node of the dependency. Add test. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-03-20i386: Disable OSPKE on CPU model definitionsEduardo Habkost
Currently, the Cascadelake-Server, Icelake-Client, and Icelake-Server are always generating the following warning: qemu-system-x86_64: warning: \ host doesn't support requested feature: CPUID.07H:ECX [bit 4] This happens because OSPKE was never returned by GET_SUPPORTED_CPUID or x86_cpu_get_supported_feature_word(). OSPKE is a runtime flag automatically set by the KVM module or by TCG code, was always cleared by x86_cpu_filter_features(), and was not supposed to appear on the CPU model table. Remove the OSPKE flag from the CPU model table entries, to avoid the bogus warning and avoid returning invalid feature data on query-cpu-* QMP commands. As OSPKE was always cleared by x86_cpu_filter_features(), this won't have any guest-visible impact. Include a test case that should detect the problem if we introduce a similar bug again. Fixes: c7a88b52f62b ("i386: Add new model of Cascadelake-Server") Fixes: 8a11c62da914 ("i386: Add new CPU model Icelake-{Server,Client}") Cc: Tao Xu <tao3.xu@intel.com> Cc: Robert Hoo <robert.hu@linux.intel.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190319200515.14999-1-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-03-20i386: Make arch_capabilities migratableEduardo Habkost
Now that kvm_arch_get_supported_cpuid() will only return arch_capabilities if QEMU is able to initialize the MSR properly, we know that the feature is safely migratable. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190125220606.4864-3-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-03-20i386: kvm: Disable arch_capabilities if MSR can't be setEduardo Habkost
KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES: 1) Linux commit commit 1eaafe91a0df ("kvm: x86: IA32_ARCH_CAPABILITIES is always supported") makes GET_SUPPORTED_CPUID return arch_capabilities even if running on SVM. This makes "-cpu host,migratable=off" incorrectly expose arch_capabilities on CPUID on AMD hosts (where the MSR is not emulated by KVM). 2) KVM_GET_MSR_INDEX_LIST does not return MSR_IA32_ARCH_CAPABILITIES if the MSR is not supported by the host CPU. This makes QEMU not initialize the MSR properly at kvm_put_msrs() on those hosts. Work around both bugs on the QEMU side, by checking if the MSR was returned by KVM_GET_MSR_INDEX_LIST before returning the feature flag on kvm_arch_get_supported_cpuid(). This has the unfortunate side effect of making arch_capabilities unavailable on hosts without hardware support for the MSR until bug #2 is fixed on KVM, but I can't see another way to work around bug #1 without that side effect. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190125220606.4864-2-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-03-19target/riscv: Remove unused structAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Update load reservation comment in do_interruptMichael Clark
Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Convert trap debugging to trace eventsMichael Clark
Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Add support for vectored interruptsMichael Clark
If vectored interrupts are enabled (bits[1:0] of mtvec/stvec == 1) then use the following logic for trap entry address calculation: pc = mtvec + cause * 4 In addition to adding support for vectored interrupts this patch simplifies the interrupt delivery logic by making sync/async cause decoding and encoding steps distinct. The cause code and the sign bit indicating sync/async is split at the beginning of the function and fixed cause is renamed to cause. The MSB setting for async traps is delayed until setting mcause/scause to allow redundant variables to be eliminated. Some variables are renamed for conciseness and moved so that decls are at the start of the block. Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Change local interrupts from edge to levelMichael Clark
This effectively changes riscv_cpu_update_mip from edge to level. i.e. cpu_interrupt or cpu_reset_interrupt are called regardless of the current interrupt level. Fixes WFI doesn't return when a IPI is issued: - https://github.com/riscv/riscv-qemu/issues/132 To test: 1) Apply RISC-V Linux CPU hotplug patch: - http://lists.infradead.org/pipermail/linux-riscv/2018-May/000603.html 2) Enable CONFIG_CPU_HOTPLUG in linux .config 3) Try to offline and online cpus: echo 1 > /sys/devices/system/cpu/cpu2/online echo 0 > /sys/devices/system/cpu/cpu2/online echo 1 > /sys/devices/system/cpu/cpu2/online Reported-by: Atish Patra <atishp04@gmail.com> Cc: Atish Patra <atishp04@gmail.com> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: linux-user support for RVE ABIKito Cheng
This change checks elf_flags for EF_RISCV_RVE and if present uses the RVE linux syscall ABI which uses t0 for the syscall number instead of a7. Warn and exit if a non-RVE ABI binary is run on a cpu with the RVE extension as it is incompatible. Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Alistair Francis <Alistair.Francis@wdc.com> Co-authored-by: Kito Cheng <kito.cheng@gmail.com> Co-authored-by: Michael Clark <mjc@sifive.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Allow interrupt controllers to claim interruptsMichael Clark
We can't allow the supervisor to control SEIP as this would allow the supervisor to clear a pending external interrupt which will result in lost a interrupt in the case a PLIC is attached. The SEIP bit must be hardware controlled when a PLIC is attached. This logic was previously hard-coded so SEIP was always masked even if no PLIC was attached. This patch adds riscv_cpu_claim_interrupts so that the PLIC can register control of SEIP. In the case of models without a PLIC (spike), the SEIP bit remains software controlled. This interface allows for hardware control of supervisor timer and software interrupts by other interrupt controller models. Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Alistair Francis <Alistair.Francis@wdc.com> Signed-off-by: Michael Clark <mjc@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19riscv: pmp: Log pmp access errors as guest errorsAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Add hooks to use the gdb xml files.Jim Wilson
The gdb CSR xml file has registers in documentation order, not numerical order, so we need a table to map the register numbers. This also adds fairly standard gdb hooks to access xml specified registers. notice: The fpu xml from gdb 8.3 has unused register #, 65 and make first csr register # become 69. We register extra register on gdb to correct csr offset calculation Signed-off-by: Jim Wilson <jimw@sifive.com> Signed-off-by: Chih-Min Chao <chihmin.chao@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Add debug support for accessing CSRs.Jim Wilson
Add a debugger field to CPURISCVState. Add riscv_csrrw_debug function to set it. Disable mode checks when debugger field true. Signed-off-by: Jim Wilson <jimw@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190212230903.9215-1-jimw@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-19RISC-V: Fixes to CSR_* register macros.Jim Wilson
This adds some missing CSR_* register macros, and documents some as being priv v1.9.1 specific. Signed-off-by: Jim Wilson <jimw@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190212230830.9160-1-jimw@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-18target/i386: sev: Do not pin the ram device memory regionSingh, Brijesh
The RAM device presents a memory region that should be handled as an IO region and should not be pinned. In the case of the vfio-pci, RAM device represents a MMIO BAR and the memory region is not backed by pages hence KVM_MEMORY_ENCRYPT_REG_REGION fails to lock the memory range. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1667249 Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20190204222322.26766-3-brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-03-17target/riscv: Fix manually parsed 16 bit insnBastian Koppelmann
during the refactor to decodetree we removed the manual decoding that is necessary for c.jal/c.addiw and removed the translation of c.flw/c.ld and c.fsw/c.sd. This reintroduces the manual parsing and the omited implementation. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Tested-by: Palmer Dabbelt <palmer@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Tested-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-03-15target/hppa: Avoid squishing DISAS_IAQ_N_STALE_EXITRichard Henderson
Within a delay slot, we were squishing both DISAS_IAQ_N_STALE and DISAS_IAQ_N_STALE_EXIT to DISAS_IAQ_N_UPDATED. This lost the required exit to the main loop, and could result in interrupts never being delivered. Tested-by: Sven Schnelle <svens@stackframe.org> Reported-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-03-15target/arm: Check access permission to ADDVL/ADDPL/RDVLAmir Charif
These instructions do not trap when SVE is disabled in EL0, causing them to be executed with wrong size information. Signed-off-by: Amir Charif <amir.charif@cea.fr> Message-id: 1552579248-31025-1-git-send-email-amir.charif@cea.fr Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: added 'target/arm' prefix to subject] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-15target/arm: change arch timer registers access permissionDongjiu Geng
Some generic arch timer registers are Config-RW in the EL0, which means the EL0 exception level can have write permission if it is appropriately configured. When VM access registers, QEMU firstly checks whether they have RW permission, then check whether it is appropriately configured. If they are defined to read only in EL0, even though they have been appropriately configured, they still do not have write permission. So need to add the write permission according to ARMV8 spec when define it. Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com> Message-id: 1552395177-12608-1-git-send-email-gengdongjiu@huawei.com Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-13Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.0-sf4' ↵Peter Maydell
into staging target/riscv: Convert to decodetree Bastian: this patchset converts the RISC-V decoder to decodetree in four major steps: 1) Convert 32-bit instructions to decodetree [Patch 1-15]: Many of the gen_* functions are called by the decode functions for 16-bit and 32-bit functions. If we move translation code from the gen_* functions to the generated trans_* functions of decode-tree, we get a lot of duplication. Therefore, we mostly generate calls to the old gen_* function which are properly replaced after step 2). Each of the trans_ functions are grouped into files corresponding to their ISA extension, e.g. addi which is in RV32I is translated in the file 'trans_rvi.inc.c'. 2) Convert 16-bit instructions to decodetree [Patch 16-18]: All 16 bit instructions have a direct mapping to a 32 bit instruction. Thus, we convert the arguments in the 16 bit trans_ function to the arguments of the corresponding 32 bit instruction and call the 32 bit trans_ function. 3) Remove old manual decoding in gen_* function [Patch 19-29]: this move all manual translation code into the trans_* instructions of decode tree, such that we can remove the old decode_* functions. Palmer: This, with some additional cleanup patches, passed Alistar's testing on rv32 and rv64 as well as my testing on rv64, so I think it's good to go. I've run my standard test against this exact tag. I still don't have a Mac to try this on, sorry! # gpg: Signature made Wed 13 Mar 2019 13:44:49 GMT # gpg: using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41 # gpg: issuer "palmer@dabbelt.com" # gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown] # gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41 * remotes/palmer/tags/riscv-for-master-4.0-sf4: (29 commits) target/riscv: Remove decode_RV32_64G() target/riscv: Remove gen_system() target/riscv: Rename trans_arith to gen_arith target/riscv: Remove manual decoding of RV32/64M insn target/riscv: Remove shift and slt insn manual decoding target/riscv: make ADD/SUB/OR/XOR/AND insn use arg lists target/riscv: Move gen_arith_imm() decoding into trans_* functions target/riscv: Remove manual decoding from gen_store() target/riscv: Remove manual decoding from gen_load() target/riscv: Remove manual decoding from gen_branch() target/riscv: Remove gen_jalr() target/riscv: Convert quadrant 2 of RVXC insns to decodetree target/riscv: Convert quadrant 1 of RVXC insns to decodetree target/riscv: Convert quadrant 0 of RVXC insns to decodetree target/riscv: Convert RV priv insns to decodetree target/riscv: Convert RV64D insns to decodetree target/riscv: Convert RV32D insns to decodetree target/riscv: Convert RV64F insns to decodetree target/riscv: Convert RV32F insns to decodetree target/riscv: Convert RV64A insns to decodetree ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-13target/riscv: Remove decode_RV32_64G()Bastian Koppelmann
decodetree handles all instructions now so the fallback is not necessary anymore. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Peer Adelt <peer.adelt@hni.uni-paderborn.de>