Commit Graph

25709 Commits

Author SHA1 Message Date
Philippe Mathieu-Daudé 91e7fd3ae5 hw/display/dpcd: Fix memory region size
The memory region size is 512K.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-8-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé 6152772174 hw/display/cirrus_vga: Convert debug printf() to trace event
Convert the final bit of DEBUG_BITBLT to a tracepoint.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-7-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé 2b55f4d350 hw/display/cirrus_vga: Use qemu_log_mask(ERROR) instead of debug printf
Replace some debug printf() calls by qemu_log_mask(LOG_GUEST_ERROR).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-6-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé bb6e9e9407 hw/display/cirrus_vga: Use qemu_log_mask(UNIMP) instead of debug printf
Replace some debug printf() calls by qemu_log_mask(LOG_UNIMP),
and add a new one in cirrus_linear_bitblt_read().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-5-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé bee61ca2b9 hw/display/cirrus_vga: Convert debug printf() to trace event
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-4-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Philippe Mathieu-Daudé 85664cf0a4 hw/display/cg3: Convert debug printf()s to trace events
Convert DPRINTF() to trace events and remove ifdef'ry.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200526062252.19852-3-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-28 11:38:57 +02:00
Peter Maydell 8b92b9ef86 ppc patch queue 2020-05-27
Here's the next pull request for qemu-5.1.  It includes:
  * Support for the scv and rfscv POWER9 instructions in TCG
  * Support for the new SPAPR_LMB_FLAGS_HOTREMOVABLE flag, which
    provides a way for guests to know memory which should be removable
    (so the guest can avoid putting immovable allocations there).
  * Some fixes for the recently added partition scope radix translation
    in softmmu
  * Assorted minor fixes and cleanups
 
 It includes one patch to avoid a clash with SELinux when using NVLink
 VFIO devices.  That's not technically within the files under my
 maintainership, but it is in a section of the VFIO quirks code that's
 specific to the POWER-only NVLink devices, and has an ack from Alex
 Williamson.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl7N/HsACgkQbDjKyiDZ
 s5L3hw/9Fv8/8hdf9gtLqPLDsSw8Unakr8sWsMGzWkkBXQ4HVJs7d6AGjv2dqRGj
 raLWgW/U37cdHEpfK0wmhtzeLeeVL0cgd6ySH2bbzsn9pAYxTGRc2ekkXp3VN1ua
 uNlQrgPdSm7Z0D063giaFlNHaDgJSJcNSOTZOL+U6/W5MWdChgDXw99muonmbT5l
 UbfNdv150/0TVXuvibtQ24KSUJcXn8pIeO+Gb3xOkM3+gViUy60+yQhRGDCtO5wJ
 HXQO00NzOP3mbsy3O4WdkKSmeMix0oRKkUs2VeUZCWiUwAn6nG7NwzN7NSixfDH9
 2PmpW1IAif5mu9NgZRWCgALVZWEFb96VSm66BsLJ/U0/gdO4mzSya3FUyTenB6O+
 VRnAQhW8pXOSXnEJSdDW7CWnEVeZjmqqVyKADlCR+4r3kq4tAhEovENvm+oldgEk
 dL9xXko+UfjxtbqobjO6tK+5Yzd8pcYeMr7ujn5x4vPSlRWNkx6jctmwHNwrxe31
 nUp0vM/o1eML0EXRYbeiNpMsno3qc4BcvW1CGHe9qrdxVWBjGxIicqnJdHfPt5mI
 t/rHVYPAXkBRgNrBYdv4pkqycp201jL/VEpDQ4FXzp6ovNRTtFsBhUEbO1fBs6Wv
 8/Mj9UxyzlcM+lGMCLw0IlWMcYeziCFqRAdHhEIIOF7jsYFyM9w=
 =mkPg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200527' into staging

ppc patch queue 2020-05-27

Here's the next pull request for qemu-5.1.  It includes:
 * Support for the scv and rfscv POWER9 instructions in TCG
 * Support for the new SPAPR_LMB_FLAGS_HOTREMOVABLE flag, which
   provides a way for guests to know memory which should be removable
   (so the guest can avoid putting immovable allocations there).
 * Some fixes for the recently added partition scope radix translation
   in softmmu
 * Assorted minor fixes and cleanups

It includes one patch to avoid a clash with SELinux when using NVLink
VFIO devices.  That's not technically within the files under my
maintainership, but it is in a section of the VFIO quirks code that's
specific to the POWER-only NVLink devices, and has an ack from Alex
Williamson.

# gpg: Signature made Wed 27 May 2020 06:36:59 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.1-20200527:
  vfio/nvlink: Remove exec permission to avoid SELinux AVCs
  target/ppc: Fix argument to ppc_radix64_partition_scoped_xlate() again
  hw/nvram/mac_nvram: Convert debug printf()s to trace events
  hw/pci-bridge/dec: Remove dead debug code
  target/ppc: Don't update radix PTE R/C bits with gdbstub
  target/ppc: Fix arguments to ppc_radix64_partition_scoped_xlate()
  target/ppc: Add missing braces in ppc_radix64_partition_scoped_xlate()
  target/ppc: Don't initialize some local variables in ppc_radix64_xlate()
  target/ppc: Pass const pointer to ppc_radix64_get_fully_qualified_addr()
  target/ppc: Pass const pointer to ppc_radix64_get_prot_amr()
  ppc/spapr: Add hotremovable flag on DIMM LMBs on drmem_v2
  target/ppc: Add support for scv and rfscv instructions
  target/ppc: Untabify excp_helper.c
  ppc/spapr: add a POWER10 CPU model
  ppc/pnv: Fix NMI system reset SRR1 value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-27 22:23:13 +01:00
Markus Armbruster 3b914406cf arm/sabrelite: Consistently use &error_fatal in sabrelite_init()
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505101908.6207-10-armbru@redhat.com>
[Straightforward conflict with resolved d2623129a7 "qom: Drop
parameter @errp of object_property_add() & friends"]
2020-05-27 07:45:45 +02:00
Markus Armbruster 3e1df4cc46 mips/boston: Plug memory leak in boston_mach_init()
Fixes: df1d8a1f29
Cc: Paul Burton <pburton@wavecomp.com>
Cc: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-9-armbru@redhat.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
2020-05-27 07:45:44 +02:00
Markus Armbruster 932d3a65c8 mips/boston: Fix boston_mach_init() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL.  Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.

boston_mach_init() is wrong that way.  The last calls treats an error
as fatal.  Do that for the prior ones, too.

Fixes: df1d8a1f29
Cc: Paul Burton <pburton@wavecomp.com>
Cc: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-8-armbru@redhat.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
2020-05-27 07:45:41 +02:00
Markus Armbruster a729f9bc84 mips/malta: Fix create_cps() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL.  Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second

create_cps() is wrong that way.  The last calls treats an error as
fatal.  Do that for the prior ones, too.

Fixes: bff384a4fb
Cc: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505101908.6207-7-armbru@redhat.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
2020-05-27 07:45:30 +02:00
Markus Armbruster 5217f1887a error: Use error_reportf_err() where appropriate
Replace

    error_report("...: %s", ..., error_get_pretty(err));

by

    error_reportf_err(err, "...: ", ...);

One of the replaced messages lacked a colon.  Add it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200505101908.6207-6-armbru@redhat.com>
2020-05-27 07:45:30 +02:00
Markus Armbruster 56f9dde414 xen: Fix and improve handling of device_add usb-host errors
usbback_portid_add() leaks the error when qdev_device_add() fails.
Fix that.  While there, use the error to improve the error message.

The qemu_opts_from_qdict() similarly leaks on failure.  But any
failure there is a programming error.  Pass &error_abort.

Fixes: 816ac92ef7
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Paul Durrant <paul@xen.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: xen-devel@lists.xenproject.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-3-armbru@redhat.com>
Acked-by: Paul Durrant <paul@xen.org>
2020-05-27 07:45:17 +02:00
Markus Armbruster 75de4efa00 nvdimm: Plug memory leak in uuid property setter
nvdimm_set_uuid() leaks memory on qemu_uuid_parse() failure.  Fix
that.

Fixes: 6c5627bb24
Cc: Xiao Guangrong <xiaoguangrong.eric@gmail.com>
Cc: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-2-armbru@redhat.com>
Tested-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Reviewed-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
2020-05-27 07:44:59 +02:00
Leonardo Bras 9c7c040702 vfio/nvlink: Remove exec permission to avoid SELinux AVCs
If SELinux is setup without 'execmem' permission for qemu, all mmap
with (PROT_WRITE | PROT_EXEC) will fail and print a warning in
SELinux log.

If "nvlink2-mr" memory allocation fails (fist diff), it will cause
guest NUMA nodes to not be correctly configured (V100 memory will
not be visible for guest, nor its NUMA nodes).

Not having 'execmem' permission is intesting for virtual machines to
avoid buffer-overflow based attacks, and it's adopted in distros
like RHEL.

So, removing the PROT_EXEC flag seems the right thing to do.

Browsing some other code that mmaps memory for usage with
memory_region_init_ram_device_ptr, I could notice it's usual to
not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be
no problem around this.

Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Message-Id: <20200501055448.286518-1-leobras.c@gmail.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:29:36 +10:00
Philippe Mathieu-Daudé 1521735c2a hw/nvram/mac_nvram: Convert debug printf()s to trace events
Convert NVR_DPRINTF() to trace events and remove ifdef'ry.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200524165126.13920-1-f4bug@amsat.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:29:36 +10:00
Philippe Mathieu-Daudé a1cf0c7ce5 hw/pci-bridge/dec: Remove dead debug code
Remove debug code never used since added in commit e1c6bbabee.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200525033910.26166-1-f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:29:36 +10:00
Leonardo Bras 0911a60c76 ppc/spapr: Add hotremovable flag on DIMM LMBs on drmem_v2
On reboot, all memory that was previously added using object_add and
device_add is placed in this DIMM area.

The new SPAPR_LMB_FLAGS_HOTREMOVABLE flag helps Linux to put this memory in
the correct memory zone, so no unmovable allocations are made there,
allowing the object to be easily hot-removed by device_del and
object_del.

This new flag was accepted in Power Architecture documentation.

Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Reviewed-by: Bharata B Rao <bharata@linux.ibm.com>
Message-Id: <20200511200201.58537-1-leobras.c@gmail.com>
[dwg: Fixed syntax error spotted by Cédric Le Goater]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:29:36 +10:00
Cédric Le Goater 0bbf14a095 ppc/spapr: add a POWER10 CPU model
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200507073855.2485680-1-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:27:29 +10:00
Nicholas Piggin fe837714f3 ppc/pnv: Fix NMI system reset SRR1 value
Commit a77fed5bd926 ("ppc/pnv: Add support for NMI interface") got the
SRR1 setting wrong for sresets that hit outside of power-save states.

Fix this, better documenting the source for the bit definitions.

Fixes: 01b552b05b ("ppc/pnv: Add support for NMI interface")
Cc: Cédric Le Goater <clg@kaod.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200507114824.788942-1-npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[dwg: Fixed up some tab indentation]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-05-27 15:27:25 +10:00
Peter Maydell 06539ebc76 MIPS hardware updates
- MAINTAINERS updated to welcome Huacai Chen and Jiaxun Yang,
   and update Aleksandar Rikalo's email address,
 - Trivial improvements in the Bonito64 North Bridge and the
   Fuloong 2e machine,
 - MIPS Machines names unified without 'mips_' prefix.
 
 CI: https://travis-ci.org/github/philmd/qemu/builds/691247975
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl7NGlgACgkQ4+MsLN6t
 wN5uARAApdR1oIHEtkQuhO4nUKdpaV+m8f2hLCZFeRYoSNo+sBvMFy9VT5eTLhmt
 /aRTwoDJhbXYG2q2Wi8dc3TXJNZAYkurtmxLHLV58Zxugtv6anGfiCdqB1ELTcUb
 pfkGhGsAWFoFFTQ2Y0nW3K6waPki0mAj9rsniZUCknbud24aOlSQyo/6ZILKc/9B
 aM3lImk1FgkyXPXVhDTRHvziSniiMKiNntNdOFnZhiQT/+hznWWStZfdWKiM6fTc
 2jJww2smZgc9TlqYzeq2XzJ6mjwthkIMO/0e2jjgSMCAXkDbWV+cUycbxAjb2Wik
 ClIpDu5I4fPvUxvZVC9/3kIn/HqY2xri/VVgbhil3OabrMjJogWGczbcEEmThixk
 s4v7I7aQc2M/bT/JTLCaihH7x8X8xTnWMGDJhuq2l6vepDt+flzHV5BtSYrY/+sS
 AEQVdLgrSQW7XG4/oqxV0j8LVG9Jcwq7ZUCGDErwD/c/p+dC/nqpeSzkvJk5ij8g
 O42MdPTQI75g/HUp7rdK55rMIcK+4wF6tdaXpEN+khjlM4vHRlQRd5to2NJspmFs
 9d9Xe6mJxfS0bEyN7SoFasQ7f0ZjcECPlWmLC70idwYBHFxEhvcnD31ZS7RagwQb
 WYHWdIUxwqApob+OLHoUo9mgoPQI51B8eYp68dGhUNwxfBfm9SA=
 =P/VE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-hw-next-20200526' into staging

MIPS hardware updates

- MAINTAINERS updated to welcome Huacai Chen and Jiaxun Yang,
  and update Aleksandar Rikalo's email address,
- Trivial improvements in the Bonito64 North Bridge and the
  Fuloong 2e machine,
- MIPS Machines names unified without 'mips_' prefix.

CI: https://travis-ci.org/github/philmd/qemu/builds/691247975

# gpg: Signature made Tue 26 May 2020 14:32:08 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/mips-hw-next-20200526:
  MAINTAINERS: Change Aleksandar Rikalo's email address
  hw/mips/mips_int: De-duplicate KVM interrupt delivery
  hw/mips/malta: Add some logging for bad register offset cases
  hw/mips: Rename malta/mipssim/r4k/jazz files
  hw/mips/fuloong2e: Fix typo in Fuloong machine name
  hw/mips/fuloong2e: Move code and update a comment
  hw/pci-host/bonito: Set the Config register reset value with FIELD_DP32
  hw/pci-host/bonito: Better describe the I/O CS regions
  hw/pci-host/bonito: Map the different PCI ranges more detailed
  hw/pci-host/bonito: Map all the Bonito64 I/O range
  hw/pci-host/bonito: Map peripheral using physical address
  hw/pci-host/bonito: Fix DPRINTF() format strings
  hw/pci-host: Use CONFIG_PCI_BONITO to select the Bonito North Bridge
  MAINTAINERS: Add Huacai Chen as fuloong2e co-maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-26 20:25:06 +01:00
Peter Maydell ddc760832f - fix build with musl libc
- fix potential deadlock of QEMU main event loop (cannot be hit with linux
   client)
 - revert 9pfs reply truncation (LP 1877688)
 - xen backend waits for client to free space on the reply ring instead of
   truncating or disconnecting
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEtIKLr5QxQM7yo0kQcdTV5YIvc9YFAl7M4xcACgkQcdTV5YIv
 c9ZyjQ//X03vDTd3w7QgPT4ffJtNvEAjOhFkgVAxANz4qYpsB7sPReY4EIQSe3R2
 06z5CA1+ad6fI27+ogj1pNPdmMabkbVFl+8lS6aPk5mdZz3b/PHpcH5NfWjB3PLD
 Dm9EQIxqei0L3nbtro4Y3Rj2l4DFiv3q1hTkLjvGUxbljpOQUd4iNo9jIpasD5/h
 9TaZquHRcZc4EaQO5KzpyTfqFOYcApcXBm3tDVgKpeec5HbJKsszVUmXc6beKBHe
 Epvj3nTBs4hEEZCK2kzJqaJYaVAVyxn6AeGnXQzWAvIhtrrN6V1cGmPPHUV4i/pm
 Hgw75wD4Glzh62vNDHmpptt860T2d11FrljSUWgHVM2PG8+XAcNZqwppLOFKo2DZ
 yRCuBhvKCB6AiSe4l5mrduHAJatX14aK9+6DRscJEG/gKPcnKA3LlW5eMVLnZ+ue
 crxjTyPnPKiGRFdSa6Qg7tVO8Zg41r0QY7LeVByBDwN6sxRA4mbrfDIZhMTlLCX4
 xXueocG9TXSBNCEk4mOQFN6YsZ1oaSC90qw9txIfIsynlN1nugXrYQp4GetvdFgB
 Oj4rhHdwBX609kQRlBoaW0vex2dhgiRCsP1PYAXqYcKa+DnTKqn9fK2Ud6VBBkgM
 gH/0O/yNg7zVmjCqJpgn0F5kwNDxGwtSHM9Wzh+5vyAcjanhfQk=
 =XY8R
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-26' into staging

- fix build with musl libc
- fix potential deadlock of QEMU main event loop (cannot be hit with linux
  client)
- revert 9pfs reply truncation (LP 1877688)
- xen backend waits for client to free space on the reply ring instead of
  truncating or disconnecting

# gpg: Signature made Tue 26 May 2020 10:36:23 BST
# gpg:                using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>" [full]
# gpg:                 aka "Gregory Kurz <gregory.kurz@free.fr>" [full]
# gpg:                 aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3  4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/9p-next-2020-05-26:
  xen/9pfs: increase max ring order to 9
  xen/9pfs: yield when there isn't enough room on the ring
  Revert "9p: init_in_iov_from_pdu can truncate the size"
  9p: Lock directory streams with a CoMutex
  9pfs: include linux/limits.h for XATTR_SIZE_MAX

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-26 14:05:53 +01:00
Philippe Mathieu-Daudé 56b92eeeac hw/mips/mips_int: De-duplicate KVM interrupt delivery
Refactor duplicated code in a single place.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200429082916.10669-2-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:21:12 +02:00
Aleksandar Markovic c707f06fb1 hw/mips/malta: Add some logging for bad register offset cases
Log the cases where a guest attempts read or write using bad
register offset.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200518200920.17344-21-aleksandar.qemu.devel@gmail.com>
[PMD: Replaced TARGET_FMT_lx by HWADDR_PRIX]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:21:12 +02:00
Aleksandar Markovic 5298722eda hw/mips: Rename malta/mipssim/r4k/jazz files
Machine file names should not have prefix "mips_".

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200518200920.17344-22-aleksandar.qemu.devel@gmail.com>
[PMD: Fixed Fuloong line conflict due to rebase]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:21:12 +02:00
Philippe Mathieu-Daudé c3a09ff68d hw/mips/fuloong2e: Fix typo in Fuloong machine name
We always miswrote the Fuloong machine... Fix its name.
Add an machine alias to the previous name for backward
compatibility.

Suggested-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200526104726.11273-11-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:20:48 +02:00
Philippe Mathieu-Daudé 3e5fe8dd1f hw/mips/fuloong2e: Move code and update a comment
Move the RAM-related call closer to the RAM creation block,
rename the ROM comment.

Reviewed-by: Huacai Chen <chenhc@lemote.com>
Message-id: <20200510210128.18343-4-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:20:37 +02:00
Philippe Mathieu-Daudé 1f8a6c8b3c hw/pci-host/bonito: Set the Config register reset value with FIELD_DP32
Describe some bits of the Config registers fields with the
registerfields API. Use the FIELD_DP32() macro to set the
BONGENCFG register bits at reset.

Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-12-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:19:36 +02:00
Philippe Mathieu-Daudé 7a296990af hw/pci-host/bonito: Better describe the I/O CS regions
Better describe the I/O CS regions, add the ROMCS region.

Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-11-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:19:36 +02:00
Philippe Mathieu-Daudé a0b544c1c9 hw/pci-host/bonito: Map the different PCI ranges more detailed
Better describe the Bonito64 MEM HI/LO and I/O PCI ranges,
add more PCI regions as unimplemented.

Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200526104726.11273-7-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 13:18:57 +02:00
Philippe Mathieu-Daudé 25cca0a9b7 hw/pci-host/bonito: Map all the Bonito64 I/O range
To ease following guest accesses to the Bonito64 chipset,
map its I/O range as UnimplementedDevice.
We can now see the accesses to unimplemented peripheral
using the '-d unimp' command line option.

Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-9-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 12:09:18 +02:00
Philippe Mathieu-Daudé 86313bdc85 hw/pci-host/bonito: Map peripheral using physical address
Peripherals are mapped at physical address on busses.
Only CPU/IOMMU can use virtual addresses.

Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-id: <20200510210128.18343-8-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 12:09:18 +02:00
Philippe Mathieu-Daudé 3d14264cce hw/pci-host/bonito: Fix DPRINTF() format strings
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Message-id: <20200510210128.18343-7-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 12:09:18 +02:00
Philippe Mathieu-Daudé abc82de356 hw/pci-host: Use CONFIG_PCI_BONITO to select the Bonito North Bridge
Ease the kconfig selection by introducing CONFIG_PCI_BONITO to select
the Bonito North Bridge.

Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20200510210128.18343-6-f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-05-26 12:09:18 +02:00
Philippe Mathieu-Daudé b3b8a1fea6 hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include
The Fuloong machine never had to use "audio/audio.h", remove it.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Message-id: 20200515084209.9419-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 08:46:14 +02:00
Stefano Stabellini 84af75577c xen/9pfs: increase max ring order to 9
The max order allowed by the protocol is 9. Increase the max order
supported by QEMU to 9 to increase performance.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-3-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:40 +02:00
Stefano Stabellini a4c4d46272 xen/9pfs: yield when there isn't enough room on the ring
Instead of truncating replies, which is problematic, wait until the
client reads more data and frees bytes on the reply ring.

Do that by calling qemu_coroutine_yield(). The corresponding
qemu_coroutine_enter_if_inactive() is called from xen_9pfs_bh upon
receiving the next notification from the client.

We need to be careful to avoid races in case xen_9pfs_bh and the
coroutine are both active at the same time. In xen_9pfs_bh, wait until
either the critical section is over (ring->co == NULL) or until the
coroutine becomes inactive (qemu_coroutine_yield() was called) before
continuing. Then, simply wake up the coroutine if it is inactive.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-2-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:39 +02:00
Stefano Stabellini cf45183b71 Revert "9p: init_in_iov_from_pdu can truncate the size"
This reverts commit 16724a1730.
It causes https://bugs.launchpad.net/bugs/1877688.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-1-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:38 +02:00
Philippe Mathieu-Daudé 2f097e1964 hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h'
Use the generic AUDIO_HOST_ENDIANNESS definition instead
of a custom one.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200505100750.27332-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-25 11:30:03 +02:00
Prasad J Pandit 369ff955a8 es1370: check total frame count against current frame
A guest user may set channel frame count via es1370_write()
such that, in es1370_transfer_audio(), total frame count
'size' is lesser than the number of frames that are processed
'cnt'.

    int cnt = d->frame_cnt >> 16;
    int size = d->frame_cnt & 0xffff;

if (size < cnt), it results in incorrect calculations leading
to OOB access issue(s). Add check to avoid it.

Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20200514200608.1744203-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-25 11:30:03 +02:00
Greg Kurz ed463454ef 9p: Lock directory streams with a CoMutex
Locking was introduced in QEMU 2.7 to address the deprecation of
readdir_r(3) in glibc 2.24. It turns out that the frontend code is
the worst place to handle a critical section with a pthread mutex:
the code runs in a coroutine on behalf of the QEMU mainloop and then
yields control, waiting for the fsdev backend to process the request
in a worker thread. If the client resends another readdir request for
the same fid before the previous one finally unlocked the mutex, we're
deadlocked.

This never bit us because the linux client serializes readdir requests
for the same fid, but it is quite easy to demonstrate with a custom
client.

A good solution could be to narrow the critical section in the worker
thread code and to return a copy of the dirent to the frontend, but
this causes quite some changes in both 9p.c and codir.c. So, instead
of that, in order for people to easily backport the fix to older QEMU
versions, let's simply use a CoMutex since all the users for this
sit in coroutines.

Fixes: 7cde47d4a8 ("9p: add locking to V9fsDir")
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <158981894794.109297.3530035833368944254.stgit@bahia.lan>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 10:38:03 +02:00
Dan Robertson 03556ea920 9pfs: include linux/limits.h for XATTR_SIZE_MAX
linux/limits.h should be included for the XATTR_SIZE_MAX definition used
by v9fs_xattrcreate.

Fixes: 3b79ef2cf4 ("9pfs: limit xattr size in xattrcreate")
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200515203015.7090-2-dan@dlrobertson.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 10:38:03 +02:00
Mansour Ahmadi 1857b9db49 hw/block/pflash: Check return value of blk_pwrite()
When updating the PFLASH file contents, we should check for a
possible failure of blk_pwrite(). Similar to commit 3a688294e.

Reported-by: Coverity (CID 1357678 CHECKED_RETURN)
Signed-off-by: Mansour Ahmadi <mansourweb@gmail.com>
Message-Id: <20200408003552.58095-1-mansourweb@gmail.com>
[PMD: Add missing "qemu/error-report.h" include and TODO comment]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 19:38:14 +02:00
Philippe Mathieu-Daudé 3072182dc1 hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array'
Rename the 'reset_flash' as 'mode_read_array' to make explicit we
do not reset the device, we simply set its internal state machine
in the READ_ARRAY mode. We do not reset the status register error
bits, as a device reset would do.

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-5-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Philippe Mathieu-Daudé aba53a12bd hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00'
The command 0x00 is used by this model since its origin (commit
05ee37ebf6). In this commit the command is described with a
amusing '/* ??? */' comment, probably meaning 'FIXME'.

        switch (cmd) {
        case 0x00: /* ??? */
            ...

This comment survived 12 years because the 0x00 value is indeed
not specified by the CFI open standard (as of this commit).

The 'cmd' field is transfered during migration. To keep the
migration feature working with older QEMU version, we have to
take a lot of care with migrated field. We figured out it is
too late to remove a non-specified value from this model
(this would make migration review very complex). It is however
not too late to improve the documentation.

Add few comments to remember this is a special value related
to QEMU, and we won't find information about it on the CFI
spec.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-3-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Philippe Mathieu-Daudé d23048c05c hw/block/pflash_cfi01: Removed an unused timer
The 'CFI02' NOR flash was introduced in commit 29133e9a0f, with
timing modelled. One year later, the CFI01 model was introduced
(commit 05ee37ebf6) based on the CFI02 model. As noted in the
header, "It does not support timings". 12 years later, we never
had to model the device timings. Time to remove the unused timer,
we can still add it back if required.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
[Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html]
Message-Id: <20190716221555.11145-2-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Geert Uytterhoeven faf58e5369 ARM: PL061: Introduce N_GPIOS
Add a definition for the number of GPIO lines controlled by a PL061
instance, and use it instead of the hardcoded magic value 8.

Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200519085143.1376-1-geert+renesas@glider.be
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé a50fe66846 hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00"
Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4,
the default value on the APB bus is 0.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé 492edf3e30 hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé 5a0001ec7e hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé 9904625f1b hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck c4947e64ef hw/arm/fsl-imx7: Connect watchdog interrupts
i.MX7 supports watchdog pretimeout interupts. With this commit,
the watchdog in mcimx7d-sabre is fully operational, including
pretimeout support.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-9-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck 72465e1eba hw/arm/fsl-imx7: Instantiate various unimplemented devices
Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid
crashes when booting mainline Linux.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-8-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck 5671e960e2 hw/arm/fsl-imx6ul: Connect watchdog interrupts
With this commit, the watchdog on mcimx6ul-evk is fully operational,
including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-7-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck bd8045a704 hw/arm/fsl-imx6: Connect watchdog interrupts
With this patch applied, the watchdog in the sabrelite emulation
is fully operational, including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-6-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck b9e521dda3 hw/arm/fsl-imx31: Wire up watchdog
With this patch, the watchdog on i.MX31 emulations is fully operational.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-5-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck 4f0aff00f9 hw/arm/fsl-imx25: Wire up watchdog
With this commit, the watchdog on imx25-pdk is fully operational,
including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-4-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck daca13d495 hw/watchdog: Implement full i.MX watchdog support
Implement full support for the watchdog in i.MX systems.
Pretimeout support is optional because the watchdog hardware
on i.MX31 does not support pretimeouts.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-3-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added Property array terminator entry]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 20:00:18 +01:00
Guenter Roeck 37f95959c7 hw: Move i.MX watchdog driver to hw/watchdog
In preparation for a full implementation, move i.MX watchdog driver
from hw/misc to hw/watchdog. While at it, add the watchdog files
to MAINTAINERS.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-2-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 20:00:18 +01:00
Peter Maydell bffe88d139 Block layer patches:
- Introduce real BdrvChildRole
 - blk/bdrv_make_empty() functions instead of calling callbacks directly
 - mirror: Make sure that source and target size match
 - block-copy: Fix uninitialized variable
 - block/replication: Avoid cancelling the job twice
 - ahci: Log lost IRQs
 - iotests: Run pylint and mypy in a testcase
 - iotests: log messages from notrun()
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAl7CwFwRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9Y3HA/+N3FRGl6rszYkRWkMSuK1I38e7pe8tvPy
 NO4FxYnJN4wWI9ayCURf5DMi5IPglLTEfT8KOYiUM4Br5K3jJnWYzI7pqChm5pJr
 k2pRLVBKpyI7Et5S3gxAEOY56a3+SkR6a8nem6egrCUceuZpR/0nP3reBEkOaBky
 DMQvSgR9DDPUWNPX2H1ZfTJ/FaxLULDJR1dtdcj/Ze0u72dHRwW4t9X/XqRqLxAq
 UnFRXhx6PVmjlsX+zxXYxMpeEI+/GLTEwf0LRGsk0nBrJtBb21WhqzltMV/pbqgy
 U5b9f8o6lGaIKeDZaE1cdIsc8Q1+k9osHc5Jz6ibYrdIixTceDh/6BJdvg+3UdTr
 luYbYiDV0QfkRP75yjx9FJFJHVPlYdBhqgeXbLYMD7aHEKhh1IEjr2JBUlJ3N0L3
 T3p4s/5t8ljSsafnq1KR83xfFeZOslR0hfWz0TZYXlLZMtNuGHz2biR2NyOQO6jH
 cqbszoRVU/F8W0fk9s4OV+TNB7Ks7I207lO851sxXlz3rOu5qfCRD+KENaTuocZ2
 e7Wf455CFhdBDNZok9kGqCTUzJ2ZDP2wca0qU30zbn4VdhzXH+KcDyLRv/fVk+io
 r/9Hckd7Sdcd0PtTuCeTXBWzIlz1wQDUKrhdII+OaXWeGMHxgLUKVAQla5WGod/K
 g+tzRW5kJmM=
 =JSKK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- Introduce real BdrvChildRole
- blk/bdrv_make_empty() functions instead of calling callbacks directly
- mirror: Make sure that source and target size match
- block-copy: Fix uninitialized variable
- block/replication: Avoid cancelling the job twice
- ahci: Log lost IRQs
- iotests: Run pylint and mypy in a testcase
- iotests: log messages from notrun()

# gpg: Signature made Mon 18 May 2020 18:05:32 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream: (52 commits)
  hw: Use QEMU_IS_ALIGNED() on parallel flash block size
  iotests/030: Reduce run time by unthrottling job earlier
  hw/ide/ahci: Log lost IRQs
  iotests: log messages from notrun()
  block/block-copy: Simplify block_copy_do_copy()
  block/block-copy: Fix uninitialized variable in block_copy_task_entry
  block: Drop @child_class from bdrv_child_perm()
  block: Pass BdrvChildRole in remaining cases
  block: Drop child_file
  block: Drop bdrv_format_default_perms()
  block: Make bdrv_filter_default_perms() static
  block: Use bdrv_default_perms()
  tests: Use child_of_bds instead of child_file
  block: Use child_of_bds in remaining places
  block: Make filter drivers use child_of_bds
  block: Make format drivers use child_of_bds
  block: Drop child_backing
  block: Make backing files child_of_bds children
  block: Drop child_format
  block: Switch child_format users to child_of_bds
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-19 11:58:56 +01:00
Philippe Mathieu-Daudé 4cdd0a774d hw: Use QEMU_IS_ALIGNED() on parallel flash block size
Use the QEMU_IS_ALIGNED() macro to verify the flash block size
is properly aligned. It is quicker to process when reviewing.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200511205246.24621-1-philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18 19:05:25 +02:00
Philippe Mathieu-Daudé c5f12a80c6 hw/ide/ahci: Log lost IRQs
One might find interesting to look at AHCI IRQs.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200504094858.5975-1-f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Acked-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18 19:05:25 +02:00
Gerd Hoffmann 3fcf15df00 ramfb: fix size calculation
size calculation isn't correct with guest-supplied stride, the last
display line isn't accounted for correctly.

For the typical case of stride > linesize (add padding) we error on the
safe side (calculated size is larger than actual size).

With stride < linesize (scanlines overlap) the calculated size is
smaller than the actual size though so our guest memory mapping might
end up being too small.

While being at it also fix ramfb_create_display_surface to use hwaddr
for the parameters.  That way all calculation are done with hwaddr type
and we can't get funny effects from type castings.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-7-kraxel@redhat.com
2020-05-18 15:43:51 +02:00
Gerd Hoffmann 819c83e278 ramfb: add sanity checks to ramfb_create_display_surface
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-6-kraxel@redhat.com
2020-05-18 15:43:51 +02:00
Gerd Hoffmann 19aaee2a65 ramfb: don't update RAMFBState on errors
Store width & height & surface in local variables.  Update RAMFBState
with the new values only in case the ramfb_create_display_surface() call
succeeds.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-5-kraxel@redhat.com
2020-05-18 15:43:35 +02:00
Gerd Hoffmann 46a298d602 ramfb: drop leftover debug message
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-4-kraxel@redhat.com
2020-05-18 15:42:34 +02:00
Gerd Hoffmann c326eedc75 Revert "hw/display/ramfb: lock guest resolution after it's set"
This reverts commit a9e0cb67b7.

This breaks OVMF.  Reproducer: Just hit 'ESC' at early boot to enter
firmware setup.  OVMF wants switch from (default) 800x600 to 640x480 for
that, and this patch blocks it.

Cc: Hou Qiming <hqm03ster@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-3-kraxel@redhat.com
2020-05-18 15:42:34 +02:00
Gerd Hoffmann 2fc979cb9d Revert "hw/display/ramfb: initialize fw-config space with xres/ yres"
This reverts commit f79081b4b7.

Patch has broken byteorder handling: RAMFBCfg fields are in bigendian
byteorder, the reset function doesn't care so native byteorder is used
instead.  Given this went unnoticed so far the feature is obviously
unused, so just revert the patch.

Cc: Hou Qiming <hqm03ster@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20200429115236.28709-2-kraxel@redhat.com
2020-05-18 15:42:34 +02:00
Philippe Mathieu-Daudé 63dc3465d6 hw/display: Include local 'framebuffer.h'
The "framebuffer.h" header is not an exported include.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200504082003.16298-2-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-18 15:40:04 +02:00
BALATON Zoltan b0588cb51d ati-vga: Do not allow unaligned access via index register
According to docs bits 1 and 0 of MM_INDEX are hard coded to 0 so
unaligned access via this register should not be possible.
This also fixes problems reported in bug #1878134.

Buglink: https://bugs.launchpad.net/qemu/+bug/1878134
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-id: 20200516132352.39E9374594E@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-18 15:39:59 +02:00
Philippe Mathieu-Daudé 8e5c952b37 hw: Remove unnecessary DEVICE() cast
The DEVICE() macro is defined as:

  #define DEVICE(obj) OBJECT_CHECK(DeviceState, (obj), TYPE_DEVICE)

which expands to:

  ((DeviceState *)object_dynamic_cast_assert((Object *)(obj), (name),
                                             __FILE__, __LINE__,
                                             __func__))

This assertion can only fail when @obj points to something other
than its stated type, i.e. when we're in undefined behavior country.

Remove the unnecessary DEVICE() casts when we already know the
pointer is of DeviceState type.

Patch created mechanically using spatch with this script:

  @@
  typedef DeviceState;
  DeviceState *s;
  @@
  -   DEVICE(s)
  +   s

Acked-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Paul Durrant <paul@xen.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200512070020.22782-4-f4bug@amsat.org>
2020-05-15 07:08:52 +02:00
Philippe Mathieu-Daudé 688ffbb4f7 various: Remove unnecessary OBJECT() cast
The OBJECT() macro is defined as:

  #define OBJECT(obj) ((Object *)(obj))

Remove the unnecessary OBJECT() casts when we already know the
pointer is of Object type.

Patch created mechanically using spatch with this script:

  @@
  typedef Object;
  Object *o;
  @@
  -   OBJECT(o)
  +   o

Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200512070020.22782-3-f4bug@amsat.org>
[Trivial rebase conflict in hw/s390x/sclp.c resolved]
2020-05-15 07:08:14 +02:00
Markus Armbruster df4fe0b291 qom: Drop @errp parameter of object_property_del()
Same story as for object_property_add(): the only way
object_property_del() can fail is when the property with this name
does not exist.  Since our property names are all hardcoded, failure
is a programming error, and the appropriate way to handle it is
passing &error_abort.  Most callers do that, the commit before
previous fixed one that didn't (and got the error handling wrong), and
the two remaining exceptions ignore errors.

Drop the @errp parameter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-19-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-15 07:08:14 +02:00
Markus Armbruster 7ef1553dac spapr_pci: Drop some dead error handling
chassis_from_bus() uses object_property_get_uint() to get property
"chassis_nr" of the bridge device.  Failure would be a programming
error.  Pass &error_abort, and simplify its callers.

Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-18-armbru@redhat.com>
2020-05-15 07:08:14 +02:00
Markus Armbruster b69c3c21a5 qdev: Unrealize must not fail
Devices may have component devices and buses.

Device realization may fail.  Realization is recursive: a device's
realize() method realizes its components, and device_set_realized()
realizes its buses (which should in turn realize the devices on that
bus, except bus_set_realized() doesn't implement that, yet).

When realization of a component or bus fails, we need to roll back:
unrealize everything we realized so far.  If any of these unrealizes
failed, the device would be left in an inconsistent state.  Must not
happen.

device_set_realized() lets it happen: it ignores errors in the roll
back code starting at label child_realize_fail.

Since realization is recursive, unrealization must be recursive, too.
But how could a partly failed unrealize be rolled back?  We'd have to
re-realize, which can fail.  This design is fundamentally broken.

device_set_realized() does not roll back at all.  Instead, it keeps
unrealizing, ignoring further errors.

It can screw up even for a device with no buses: if the lone
dc->unrealize() fails, it still unregisters vmstate, and calls
listeners' unrealize() callback.

bus_set_realized() does not roll back either.  Instead, it stops
unrealizing.

Fortunately, no unrealize method can fail, as we'll see below.

To fix the design error, drop parameter @errp from all the unrealize
methods.

Any unrealize method that uses @errp now needs an update.  This leads
us to unrealize() methods that can fail.  Merely passing it to another
unrealize method cannot cause failure, though.  Here are the ones that
do other things with @errp:

* virtio_serial_device_unrealize()

  Fails when qbus_set_hotplug_handler() fails, but still does all the
  other work.  On failure, the device would stay realized with its
  resources completely gone.  Oops.  Can't happen, because
  qbus_set_hotplug_handler() can't actually fail here.  Pass
  &error_abort to qbus_set_hotplug_handler() instead.

* hw/ppc/spapr_drc.c's unrealize()

  Fails when object_property_del() fails, but all the other work is
  already done.  On failure, the device would stay realized with its
  vmstate registration gone.  Oops.  Can't happen, because
  object_property_del() can't actually fail here.  Pass &error_abort
  to object_property_del() instead.

* spapr_phb_unrealize()

  Fails and bails out when remove_drcs() fails, but other work is
  already done.  On failure, the device would stay realized with some
  of its resources gone.  Oops.  remove_drcs() fails only when
  chassis_from_bus()'s object_property_get_uint() fails, and it can't
  here.  Pass &error_abort to remove_drcs() instead.

Therefore, no unrealize method can fail before this patch.

device_set_realized()'s recursive unrealization via bus uses
object_property_set_bool().  Can't drop @errp there, so pass
&error_abort.

We similarly unrealize with object_property_set_bool() elsewhere,
always ignoring errors.  Pass &error_abort instead.

Several unrealize methods no longer handle errors from other unrealize
methods: virtio_9p_device_unrealize(),
virtio_input_device_unrealize(), scsi_qdev_unrealize(), ...
Much of the deleted error handling looks wrong anyway.

One unrealize methods no longer ignore such errors:
usb_ehci_pci_exit().

Several realize methods no longer ignore errors when rolling back:
v9fs_device_realize_common(), pci_qdev_unrealize(),
spapr_phb_realize(), usb_qdev_realize(), vfio_ccw_realize(),
virtio_device_realize().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-17-armbru@redhat.com>
2020-05-15 07:08:14 +02:00
Markus Armbruster 40c2281cc3 Drop more @errp parameters after previous commit
Several functions can't fail anymore: ich9_pm_add_properties(),
device_add_bootindex_property(), ppc_compat_add_property(),
spapr_caps_add_properties(), PropertyInfo.create().  Drop their @errp
parameter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-16-armbru@redhat.com>
2020-05-15 07:08:14 +02:00
Markus Armbruster d2623129a7 qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists.  Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.

Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent.  Parentage is
also under program control, so this is a programming error, too.

We have a bit over 500 callers.  Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.

The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.

Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL.  Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.  ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.

When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.

Drop parameter @errp and assert the preconditions instead.

There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification".  Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-15 07:07:58 +02:00
Markus Armbruster 9f742c28f5 qdev: Clean up qdev_connect_gpio_out_named()
Both qdev_connect_gpio_out_named() and device_set_realized() put
objects without a parent into the "/machine/unattached/" orphanage.

qdev_connect_gpio_out_named() needs a lengthy comment to explain how
it works.  It exploits that object_property_add_child() can fail only
when we got a parent already, and ignoring that error does what we
want.  True.  If it failed due to "duplicate property", we'd be in
trouble, but that would be a programming error.

device_set_realized() is cleaner: it checks whether we need a parent,
then calls object_property_add_child(), aborting on failure.  No need
for a comment, and programming errors get caught.

Change qdev_connect_gpio_out_named() to match.

Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200505152926.18877-14-armbru@redhat.com>
2020-05-15 07:07:58 +02:00
Markus Armbruster 5462cc8110 hw/arm/bcm2835: Drop futile attempts at QOM-adopting memory
The "bcm2835-peripherals" device's .instance_init() method
bcm2835_peripherals_init() attempts to make two memory regions QOM
children of the device.  This is futile, because memory_region_init()
already did.  The errors are ignored (a later commit will change
that).  Drop the useless calls.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Andrew Baumann <Andrew.Baumann@microsoft.com>
Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: qemu-arm@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200505152926.18877-13-armbru@redhat.com>
2020-05-15 07:07:58 +02:00
Markus Armbruster a13f20422d e1000: Don't run e1000_instance_init() twice
QOM object initialization runs .instance_init() for the type and all
its supertypes; see object_init_with_type().

Both TYPE_E1000_BASE and its concrete subtypes set .instance_init() to
e1000_instance_init().  For the concrete subtypes, it duly gets run
twice.  The second run fails, but the error gets ignored (a later
commit will change that).

Remove it from the subtypes.

Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-12-armbru@redhat.com>
2020-05-15 07:07:58 +02:00
Markus Armbruster e508430619 hw/isa/superio: Make the components QOM children
isa_superio_realize() attempts to make isa-parallel and isa-serial QOM
children, but this does not work, because it calls
object_property_add_child() after realizing with qdev_init_nofail().
Realizing a device without a parent gives it one: it gets put into the
"/machine/unattached/" orphanage.  The extra
object_property_add_child() fails, and isa_superio_realize() ignores
the error.

Move the object_property_add_child() before qdev_init_nofail(), and
pass &error_abort.

For the other components, isa_superio_realize() doesn't even try.  Add
object_property_add_child() there.

This affects machines 40p, clipper and fulong2e.

For instance, fulong2e has its vt82c686b-superio (which is an
isa-superio) at /machine/unattached/device[9].  Before the patch, its
components are at /machine/unattached/device[10] .. [14].  Afterwards,
they are at
/machine/unattached/device[9]/{parallel0,serial0,serial1,isa-fdc,i8042}.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-11-armbru@redhat.com>
2020-05-15 07:07:58 +02:00
Markus Armbruster 7eecec7d12 qom: Drop object_property_set_description() parameter @errp
object_property_set_description() and
object_class_property_set_description() fail only when property @name
is not found.

There are 85 calls of object_property_set_description() and
object_class_property_set_description().  None of them can fail:

* 84 immediately follow the creation of the property.

* The one in spapr_rng_instance_init() refers to a property created in
  spapr_rng_class_init(), from spapr_rng_properties[].

Every one of them still gets to decide what to pass for @errp.

51 calls pass &error_abort, 32 calls pass NULL, one receives the error
and propagates it to &error_abort, and one propagates it to
&error_fatal.  I'm actually surprised none of them violates the Error
API.

What are we gaining by letting callers handle the "property not found"
error?  Use when the property is not known to exist is simpler: you
don't have to guard the call with a check.  We haven't found such a
use in 5+ years.  Until we do, let's make life a bit simpler and drop
the @errp parameter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-8-armbru@redhat.com>
[One semantic rebase conflict resolved]
2020-05-15 07:06:49 +02:00
Markus Armbruster 44a17fe05a qom: Drop convenience method object_property_get_uint16List()
qom/object.c provides object_property_get_TYPE() and
object_property_set_TYPE() for a number of common types.  These are
all convenience wrappers around object_property_get_qobject() and
object_property_set_qobject().

Except for object_property_get_uint16List(), which is unusual in two ways:

* It bypasses object_property_get_qobject().  Fixable; the previous
  commit did it for object_property_get_enum())

* It stores the value through a parameter.  Its contract claims it
  returns the value, like the other functions do.  Also fixable.

Fixing is not worthwhile, though: object_property_get_uint16List() has
seen exactly one user in six years.

Convert the lone user to do its job with the generic
object_property_get_qobject(), and drop object_property_get_uint16List().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505152926.18877-6-armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[Commit message typo fixed]
2020-05-15 06:26:02 +02:00
Markus Armbruster ddfb0baaf2 qom: Clean up inconsistent use of gchar * vs. char *
Uses of gchar * in qom/object.h:

* ObjectProperty member @name

  Functions that take a property name argument all use char *.  Change
  the member to match.

* ObjectProperty member @type

  Functions that take a property type argument or return it all use
  char *.  Change the member to match.

* ObjectProperty member @description

  Functions that take a property description argument all use char *.
  Change the member to match.

* object_resolve_path_component() parameter @part

  Path components are property names.  Most callers pass char *
  arguments.  Change the parameter to match.  Adjust the few callers
  that pass gchar * to pass char *.

* Return value of object_get_canonical_path_component(),
  object_get_canonical_path()

  Most callers convert their return values right back to char *.
  Change the return value to match.  Adjust the few callers where that
  would add a conversion to gchar * to use char * instead.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-3-armbru@redhat.com>
2020-05-15 06:26:02 +02:00
Peter Maydell 013a18edbb target-arm queue:
* target/arm: Use correct GDB XML for M-profile cores
  * target/arm: Code cleanup to use gvec APIs better
  * aspeed: Add support for the sonorapass-bmc board
  * target/arm: Support reporting KVM host memory errors
    to the guest via ACPI notifications
  * target/arm: Finish conversion of Neon 3-reg-same insns to decodetree
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl69U2MZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3i6YD/9GvoF5+Mr/5gbJ2rwV3Vhy
 Aet+/npEYhRnmRDc8lOldY5utZxNQQGWo0gYF+STRLPpDmTpBkKKUCTzdKfRWjnu
 9SIp+qge7+XLmOjXFtib55jPz2bxQgUSyj2i/mYtkQlgnMY56MU6lF0MNNOOug98
 sCLnRS4KewJKr01wnTKPrBKndkfOOwAOl7fXJ5lHUCGJnwvDy2QqybTXMTZN+U94
 PDkQsj5Bi9fvw1Yh5vEpURrvejPIK18faavn0bNIcxMXrpY9YeXh+e1RGS0c10+w
 YQNQCGOMjXEjHWDT993hlZLMZcW3Y7Vl5qAtSwpu6K280BLFQZ4N3NFpwt42FOX4
 aEfCFqPjAydiEefW36sRjDaRJGf4zqkUkXAzR9B9dwO7kxbhB+u1qjPrGUzLovoh
 Fr6NGHGb1geoygDWTvCaOGSX2g8/cVTCqKeHdH4wvAxn7uPySxxny/5RQY/2HYfe
 L+YPNmLUGsEJnx50LhFlCoaLme5qfaHrCgBg8v9X+LUpXAYXuRRfAtaaiPxkZLN1
 qy7xdQyaUHykI9HKKTHiLfQmQpkAa2vDi62QeHBVhf6GsaoeBL9EPzzE2ibDk+5E
 TkEbZ8go29VzEQasl1Tt3aynVEKxTtYo/ca0NOKDv71hkWuySVTGp/zii3614Pnh
 ej93D6aKUecOxPemRRiNow==
 =qRlZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200514' into staging

target-arm queue:
 * target/arm: Use correct GDB XML for M-profile cores
 * target/arm: Code cleanup to use gvec APIs better
 * aspeed: Add support for the sonorapass-bmc board
 * target/arm: Support reporting KVM host memory errors
   to the guest via ACPI notifications
 * target/arm: Finish conversion of Neon 3-reg-same insns to decodetree

# gpg: Signature made Thu 14 May 2020 15:19:15 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200514: (45 commits)
  target/arm: Convert NEON VFMA, VFMS 3-reg-same insns to decodetree
  target/arm: Convert Neon fp VMAX/VMIN/VMAXNM/VMINNM/VRECPS/VRSQRTS to decodetree
  target/arm: Move 'env' argument of recps_f32 and rsqrts_f32 helpers to usual place
  target/arm: Convert Neon 3-reg-same compare insns to decodetree
  target/arm: Convert Neon fp VMUL, VMLA, VMLS 3-reg-same insns to decodetree
  target/arm: Convert Neon VPMIN/VPMAX/VPADD float 3-reg-same insns to decodetree
  target/arm: Convert Neon VADD, VSUB, VABD 3-reg-same insns to decodetree
  target/arm: Convert Neon VQDMULH/VQRDMULH 3-reg-same to decodetree
  target/arm: Convert Neon VPADD 3-reg-same insns to decodetree
  target/arm: Convert Neon VPMAX/VPMIN 3-reg-same insns to decodetree
  target/arm: Convert Neon VQSHL, VRSHL, VQRSHL 3-reg-same insns to decodetree
  target/arm: Convert Neon VRHADD, VHSUB 3-reg-same insns to decodetree
  target/arm: Convert Neon VABA/VABD 3-reg-same to decodetree
  target/arm: Convert Neon VHADD 3-reg-same insns
  target/arm: Convert Neon 64-bit element 3-reg-same insns
  target/arm: Convert Neon 3-reg-same SHA to decodetree
  target/arm: Convert Neon 3-reg-same VQRDMLAH/VQRDMLSH to decodetree
  MAINTAINERS: Add ACPI/HEST/GHES entries
  target-arm: kvm64: handle SIGBUS signal from kernel or KVM
  ACPI: Record Generic Error Status Block(GESB) table
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 16:17:55 +01:00
Dongjiu Geng 558b9d8640 ACPI: Record Generic Error Status Block(GESB) table
kvm_arch_on_sigbus_vcpu() error injection uses source_id as
index in etc/hardware_errors to find out Error Status Data
Block entry corresponding to error source. So supported source_id
values should be assigned here and not be changed afterwards to
make sure that guest will write error into expected Error Status
Data Block.

Before QEMU writes a new error to ACPI table, it will check whether
previous error has been acknowledged. If not acknowledged, the new
errors will be ignored and not be recorded. For the errors section
type, QEMU simulate it to memory section error.

Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200512030609.19593-9-gengdongjiu@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:09 +01:00
Dongjiu Geng a08a64627b ACPI: Record the Generic Error Status Block address
Record the GHEB address via fw_cfg file, when recording
a error to CPER, it will use this address to find out
Generic Error Data Entries and write the error.

In order to avoid migration failure, make hardware
error table address to a part of GED device instead
of global variable, then this address will be migrated
to target QEMU.

Acked-by: Xiang Zheng <zhengxiang9@huawei.com>
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200512030609.19593-7-gengdongjiu@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:09 +01:00
Dongjiu Geng 205cc75dee ACPI: Build Hardware Error Source Table
This patch builds Hardware Error Source Table(HEST) via fw_cfg blobs.
Now it only supports ARMv8 SEA, a type of Generic Hardware Error
Source version 2(GHESv2) error source. Afterwards, we can extend
the supported types if needed. For the CPER section, currently it
is memory section because kernel mainly wants userspace to handle
the memory errors.

This patch follows the spec ACPI 6.2 to build the Hardware Error
Source table. For more detailed information, please refer to
document: docs/specs/acpi_hest_ghes.rst

build_ghes_hw_error_notification() helper will help to add Hardware
Error Notification to ACPI tables without using packed C structures
and avoid endianness issues as API doesn't need explicit conversion.

Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200512030609.19593-6-gengdongjiu@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:09 +01:00
Dongjiu Geng aa16508f1d ACPI: Build related register address fields via hardware error fw_cfg blob
This patch builds error_block_address and read_ack_register fields
in hardware errors table , the error_block_address points to Generic
Error Status Block(GESB) via bios_linker. The max size for one GESB
is 1kb, For more detailed information, please refer to
document: docs/specs/acpi_hest_ghes.rst

Now we only support one Error source, if necessary, we can extend to
support more.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20200512030609.19593-5-gengdongjiu@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:09 +01:00
Dongjiu Geng 2afa8c8519 hw/arm/virt: Introduce a RAS machine option
RAS Virtualization feature is not supported now, so
add a RAS machine option and disable it by default.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20200512030609.19593-3-gengdongjiu@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:09 +01:00
Dongjiu Geng 1439f21307 acpi: nvdimm: change NVDIMM_UUID_LE to a common macro
The little end UUID is used in many places, so make
NVDIMM_UUID_LE to a common macro to convert the UUID
to a little end array.

Reviewed-by: Xiang Zheng <zhengxiang9@huawei.com>
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Message-id: 20200512030609.19593-2-gengdongjiu@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:08 +01:00
Patrick Williams 143b040f4a aspeed: Add support for the sonorapass-bmc board
Sonora Pass is a 2 socket x86 motherboard designed by Facebook
and supported by OpenBMC.  Strapping configuration was obtained
from hardware and i2c configuration is based on dts found at:

1633c87b8b/arch/arm/boot/dts/aspeed-bmc-facebook-sonorapass.dts

Booted a test image of http://github.com/facebook/openbmc to login
prompt.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Reviewed-by: Amithash Prasad <amithash@fb.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[PMM: fixed block comment style nit]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-14 15:03:08 +01:00
Edgar E. Iglesias 734e3befc2 hw/dma/xilinx_axidma: s2mm: Support stream fragments
Add support for stream fragments.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20200506082513.18751-9-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias 471fe8a252 hw/dma/xilinx_axidma: mm2s: Stream descriptor by descriptor
Stream descriptor by descriptor from memory instead of
buffering entire packets before pushing. This enables
non-packet streaming clients to work and also lifts the
limitation that our internal DMA buffer needs to be able
to hold entire packets.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20200506082513.18751-8-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias 2a4f26350c hw/net/xilinx_axienet: Handle fragmented packets from DMA
Add support for fragmented packets from the DMA.

Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20200506082513.18751-7-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias 51b19950ca hw/core: stream: Add an end-of-packet flag
Some stream clients stream an endless stream of data while
other clients stream data in packets. Stream interfaces
usually have a way to signal the end of a packet or the
last beat of a transfer.

This adds an end-of-packet flag to the push interface.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20200506082513.18751-6-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias e3a8926d0e hw/dma/xilinx_axidma: Add DMA memory-region property
Add DMA memory-region property to externally control what
address-space this DMA operates on.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200506082513.18751-5-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias da59e178d7 hw/net/xilinx_axienet: Remove unncessary cast
Remove unncessary cast, buf is already uint8_t *.
No functional change.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200506082513.18751-4-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias 0d9047c4d9 hw/net/xilinx_axienet: Cleanup stream->push assignment
Split the shared stream_class_init function to assign
stream->push with better type-safety.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200506082513.18751-3-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00
Edgar E. Iglesias 3e2a0cb99d hw/net/xilinx_axienet: Auto-clear PHY Autoneg
Auto-clear PHY CR Autoneg bits. This makes this model
work with recent Linux kernels.

Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <20200506082513.18751-2-edgar.iglesias@gmail.com>
2020-05-14 13:44:35 +02:00