Commit Graph

1496 Commits

Author SHA1 Message Date
Max Filippov 7f709ce739 target/xtensa: import libisa source
The canonical way of dealing with Xtensa instructions decoding and
encoding is through the libisa. Libisa is a configuration-independent
library with a stable interface plus generated configuration-specific
xtensa-modules.c file with implementations of decoding and encoding
functions. Libisa is MIT-licensed and originally disributed
xtensa-modules.c files are also MIT-licensed and are available as a
part of xtensa configuration overlay.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2017-12-18 21:26:19 -08:00
Max Filippov 2eb967c4e9 target/xtensa: pass actual frame size to the entry helper
Currently 'entry' opcode helper accepts frame size divided by 8, as it
is encoded in the opcode. Make it more natural and accept actual frame
size instead.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2017-12-18 21:26:18 -08:00
Richard Henderson 6f1c2af641 target/sh4: Convert to DisasContextBase
Signed-off-by: Richard Henderson <rth@twiddle.net>
[aurel32: fix whitespace]
Message-Id: <20170907185057.23421-5-richard.henderson@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:35:33 +01:00
Richard Henderson 34cf567808 target/sh4: Do not singlestep after exceptions
If we've already raised an exception (and set NORETURN),
do not emit unreachable code to raise a debug exception.
Note that gen_goto_tb takes single-stepping into account.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170907185057.23421-4-richard.henderson@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:29:34 +01:00
Richard Henderson 4834871bc9 target/sh4: Convert to DisasJumpType
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170907185057.23421-3-richard.henderson@linaro.org>
[aurel32: fix whitespace]
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:29:34 +01:00
Richard Henderson f85da3081d target/sh4: Use cmpxchg for movco when parallel_cpus
As for other targets, cmpxchg isn't quite right for ll/sc,
suffering from an ABA race, but is sufficient to implement
portable atomic operations.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170907185057.23421-2-richard.henderson@linaro.org>
[aurel32: fix whitespace]
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:29:31 +01:00
Alex Bennée 6d56fc6cc3 target/sh4: fix TCG leak during gusa sequence
This fixes bug #1735384 while running java under qemu-sh4. When debug
was enabled it showed a problem with TCG temps. Once fixed I was able
to run java -version normally.

Cc: qemu-stable@nongnu.org
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20171206093050.25308-1-alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:01:33 +01:00
Philippe Mathieu-Daudé e691e0ed13 target/sh4: add missing tcg_temp_free() in _decode_opc()
missed in c55497ecb8 and 852d481faf.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20171205170013.22337-3-f4bug@amsat.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2017-12-18 23:00:56 +01:00
Philippe Mathieu-Daudé 9d80865724 nios2: remove duplicated includes (in code commented out)
applied using ./scripts/clean-includes

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Philippe Mathieu-Daudé 6f144ff081 i386/hax: remove duplicated include
this file in include in "target/i386/hax-i386.h":

    #ifdef CONFIG_WIN32
    #include "target/i386/hax-windows.h"
    #endif

which guaranties that sysemu/os-win32.h is previously included (CONFIG_WIN32)

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Philippe Mathieu-Daudé 744fc0540d i386/hax: remove duplicated includes
applied using ./scripts/clean-includes

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Philippe Mathieu-Daudé 1945e6ab47 ppc: remove duplicated includes
applied using ./scripts/clean-includes

not needed since 7ebaf79556

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Philippe Mathieu-Daudé ff676046fb misc: remove duplicated includes
exec: housekeeping (funny since 02d0e09503)

applied using ./scripts/clean-includes

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Ladi Prosek 3c254ab8d7 Remove empty statements
Thanks to Laszlo Ersek for spotting the double semicolon in target/i386/kvm.c

I have trivially grepped the tree for ';;' in C files.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18 17:07:02 +03:00
Peter Maydell a7cf5391a4 s390x changes for 2.12:
- Lots of tcg improvements: ccw hotplug is now working and we can run
   a Linux kernel built for z12 under tcg
 - zPCI improvements to get virtio-pci working
 - get rid of the cssid restrictions for virtual and non-virtual channel
   devices
 - we now support 8TB+ systems
 - 2.12 compat machine
 - fixes and cleanups
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaM6p9AAoJEN7Pa5PG8C+vCp4P/RXSQhetDZYxCRQw68IlX6q3
 8yiYCL4vn/kaO5Ylb3+RkRFy9Wl/4JAiJLz8h0WoVSaxPIQ2nwp2l+muOFsPGVfy
 ysPYMvHvobX/Odnva6uWZOdQ0TmANUVLofN8d0SHfGiL2dflrvSb3Nj2y82dv4MM
 cbSiNRqvwMjfUrdZq2SK1KRjKx9jSFiqB9EnhQvJ4rBNIVneCA5ozfPSjQ5P9ZLL
 ZvdnFj6lIobrdIx4P4gFeOANH/gPtipiztVqVCshyPu0Ru8XnJFx48Wwz5qfK8YE
 UHojyg2z3o1ySb83EEO/cmsAgsnozT1bGxhJwfCNGxtppc3ONeoqm8RUQev12mP8
 Lxmn9UwK3m+tMsVMlsUMWa4tQ4f1T4f1eeumysbbkVFKNZHFuP2oY/ybelcqLZX/
 dbxwoOm0Db1Aa+EeCgJb5l7S/vQV3pYITs3JKA4NeBESsGGaYFhzk9FlDDJQDP5j
 bwh2VrNxF0o1HFNbuZQsGEBZdwCHOWXAoxsoXGlCuMAk/UJSVxiULTNtHX0t4Aba
 GsUuIfQx1m/JqvDYagMgq8qF9KxQlgBMofUVxWTEvCPclvJX3ku4rBzG5FVtNrpJ
 oVvQrk2JORKMiKgnjNuG2FLofsHS6yDoDCX7agrNOCyJ22caAwmLFnpxg4t97JXT
 KkBpwpt857plfkelqv0r
 =xSZX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171215-v2' into staging

s390x changes for 2.12:
- Lots of tcg improvements: ccw hotplug is now working and we can run
  a Linux kernel built for z12 under tcg
- zPCI improvements to get virtio-pci working
- get rid of the cssid restrictions for virtual and non-virtual channel
  devices
- we now support 8TB+ systems
- 2.12 compat machine
- fixes and cleanups

# gpg: Signature made Fri 15 Dec 2017 10:57:01 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20171215-v2: (46 commits)
  s390-ccw-virtio: allow for systems larger that 7.999TB
  s390x: change the QEMU cpu model to a stripped down z12
  s390x/tcg: we already implement the Set-Program-Parameter facility
  s390x/tcg: implement extract-CPU-time facility
  s390x/tcg: Implement SIGNAL ADAPTER instruction
  s390x/tcg: Implement STORE CHANNEL PATH STATUS
  s390x/tcg: wire up SET CHANNEL MONITOR
  s390x/tcg: wire up SET ADDRESS LIMIT
  s390x/tcg: implement Interlocked-Access Facility 2
  s390x/tcg: ASI/ASGI/ALSI/ALSGI are atomic with Interlocked-acccess facility 1
  s390x/tcg: wire up STORE CHANNEL REPORT WORD
  s390x/tcg: indicate value of TODPR in STCKE
  s390x/tcg: implement SET CLOCK PROGRAMMABLE FIELD
  s390x/tcg: fix and cleanup mcck injection
  s390x/kvm: factor out build_channel_report_mcic() into cpu.h
  s390x/css: attach css bridge
  s390x: deprecate s390-squash-mcss machine prop
  s390x/css: unrestrict cssids
  s390x/pci: search for subregion inside the BARs
  s390x/pci: move the memory region write from pcistg
  ...

# Conflicts:
#	include/hw/compat.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-15 12:58:17 +00:00
Cédric Le Goater 2a83f9976e target/ppc: introduce the PPC_BIT() macro
and use them in a couple of obvious places. Other macros will be used
in the model of the XIVE interrupt controller.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15 09:49:24 +11:00
Cédric Le Goater 9a94ee5bb1 spapr/rtas: disable the decrementer interrupt when a CPU is unplugged
When a CPU is stopped with the 'stop-self' RTAS call, its state
'halted' is switched to 1 and, in this case, the MSR is not taken into
account anymore in the cpu_has_work() routine. Only the pending
hardware interrupts are checked with their LPCR:PECE* enablement bit.

If the DECR timer fires after 'stop-self' is called and before the CPU
'stop' state is reached, the nearly-dead CPU will have some work to do
and the guest will crash. This case happens very frequently with the
not yet upstream P9 XIVE exploitation mode. In XICS mode, the DECR is
occasionally fired but after 'stop' state, so no work is to be done
and the guest survives.

I suspect there is a race between the QEMU mainloop triggering the
timers and the TCG CPU thread but I could not quite identify the root
cause. To be safe, let's disable in the LPCR all the exceptions which
can cause an exit while the CPU is in power-saving mode and reenable
them when the CPU is started.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15 09:49:24 +11:00
Cédric Le Goater 403aacdb44 pcc: define the Power-saving mode Exit Cause Enable bits in PowerPCCPUClass
and use the value to define precisely the default value of the LPCR in
the helper routine cpu_ppc_set_papr()

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15 09:49:23 +11:00
Richard Henderson c4a2e3a970 target/ppc: Use tcg_gen_lookup_and_goto_ptr
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15 09:49:23 +11:00
David Hildenbrand 35b4df6417 s390x: change the QEMU cpu model to a stripped down z12
We are good enough to boot upstream Linux kernels / Fedora 26/27. That
should be sufficient for now.

As the QEMU CPU model is migration safe, let's add compatibility code.
Generate the feature list to reduce the chance of messing things up in the
future.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208165529.14124-1-david@redhat.com>
[CH: squashed 's390x/cpumodel: make qemu cpu model play with "none" machine'
(20171213132407.5227-1-david@redhat.com) and 's390x/tcg: don't include z13
features in the qemu model' (20171213171512.17601-1-david@redhat.com) into
patch]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 33ae8a4242 s390x/tcg: we already implement the Set-Program-Parameter facility
The Set-Program-Parameter facility (also known as Load-Program-Parameter
facility) provides the LPP instruction used to load the program
parameter. We already implement that instruction in TCG, so add it to our
list.

Note: Not documented in the PoP but in "The Load-Program-Parameter and
CPU-Measurement Facilities) - SA23-2260-05 document.

While at it, make the whole list ordered (according to cpu_features_def.h).

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-14-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 4bac52f5c4 s390x/tcg: implement extract-CPU-time facility
It only provides the EXTRACT CPU TIME instruction. We can reuse the stpt
helper, which calculates the CPU timer value.

As the instruction is not privileged, but we don't have a CPU timer
value in case of linux user, we simply reuse cpu_get_host_ticks() to
produce some descending value.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-13-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand ad0ccf1e6a s390x/tcg: Implement SIGNAL ADAPTER instruction
KVM suppresses SIGA, setting cc=3. Let's do the same for TCG, so we're at
least equal.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-12-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand b9b0a4dc13 s390x/tcg: Implement STORE CHANNEL PATH STATUS
Just like KVM does, we should suppress this instruction:
    When this instruction is not provided, it is
    checked for privileged operation exception and the
    instruction is suppressed by the machine

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-11-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand a9de75a0b8 s390x/tcg: wire up SET CHANNEL MONITOR
Let's just wire it up like KVM.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-10-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 86c34633c5 s390x/tcg: wire up SET ADDRESS LIMIT
Let's handle it just like KVM:
    Depending on the model, this instruction may not be
    provided. When this instruction is not provided, it is
    checked for operand exception and privileged-opera-
    tion exception, and then is suppressed.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-9-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand f400be1813 s390x/tcg: implement Interlocked-Access Facility 2
With this facility, OI/OIY, NI/NIY and XI/XIY are atomic. All operate on
one byte (MO_UB). Emulate old behavior.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-8-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 0e9383bca8 s390x/tcg: ASI/ASGI/ALSI/ALSGI are atomic with Interlocked-acccess facility 1
The semantics of ASI/ASGI/ALSI/ALSGI changed. Let's implement them just
like LOAD AND ADD, so they are atomic. Emulate old behavior.

This fixes random crashes when booting a Linux kernel compiled for
z196+ with SMP + MTTCG.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-7-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 5a59bc1de2 s390x/tcg: wire up STORE CHANNEL REPORT WORD
CRW machine check handling requires STCRW. So let's wire it up.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-6-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand a63b7cbf88 s390x/tcg: indicate value of TODPR in STCKE
We were not yet using the value of the TOD Programmable Register.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-5-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 257a119ee3 s390x/tcg: implement SET CLOCK PROGRAMMABLE FIELD
Needed for machine check handling inside Linux (when restoring registers).

Except for SIGP and machine checks, we don't make use of the register
yet. Sufficient for now.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-4-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand b8d55db070 s390x/tcg: fix and cleanup mcck injection
The architecture mode indication wasn't stored. The split of certain
64bit fields was unnecessary. Also, the complete clock comparator, not
just bit 0-55 (starting at byte 1) was stored.

We now generate a proper MCIC via the same helper we use for KVM.

There is more to clean up, but we will change the other parts later on
either way.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand b700d75eda s390x/kvm: factor out build_channel_report_mcic() into cpu.h
We'll need it later on in two places. Refactor it to just indicate the
validity bits. While at it, introduce a define for the used CR14 bit (we'll
also need later on).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171208160207.26494-2-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand cb3129c376 s390x/tcg: drop potential_page_fault()
Only one user left, get rid of it so we don't get any new users.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-17-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 51dcdbd319 s390x/tcg: drop program_interrupt()
All users are gone, we can finally drop it and make sure that all new
program interrupt injections are reminded of the retaddr - as they have to
use s390_program_interrupt() now.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-16-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 5e8f154e88 s390x/tcg: use s390_program_interrupt() in STSI
STSI needs some more love, but let's do one step at a time.
We can now drop potential_page_fault().

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-15-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 005a049184 s390x/tcg: use s390_program_interrupt() in SACF
Convert this user, too.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-14-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 8808338200 s390x/tcg: use s390_program_interrupt() in per_check_exception()
We can now drop updating the cc.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-13-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 277b156d8d s390x/tcg: use s390_program_interrupt() in DIAG
Now we can drop the two save statements in the translate function.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-12-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 1a38921a61 s390x/tcg: use s390_program_interrupt() in SCLP Service Call
Now we can drop potential_page_fault(). While at it, move the
unlock further up, looks cleaner.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-11-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 0ef2849776 s390x/tcg: io instructions don't need potential_page_fault()
As we handle the retaddr in all cases properly now, we can drop it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-10-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 820613b1c1 s390x/tcg: don't exit the cpu loop in s390_cpu_virt_mem_rw()
s390_cpu_virt_mem_rw() must always return, so callers can react on
an exception (e.g. see ioinst_handle_stcrw()).

Therefore, using program_interrupt() is wrong. Fix that up.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-9-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 98ee9bedc7 s390x: handle exceptions during s390_cpu_virt_mem_rw() correctly (TCG)
s390_cpu_virt_mem_rw() must always return, so callers can react on
an exception (e.g. see ioinst_handle_stcrw()).

However, for TCG we always have to exit the cpu loop (and restore the
cpu state before that) if we injected a program interrupt. So let's
introduce and use s390_cpu_virt_mem_handle_exc() in code that is not
purely KVM.

Directly pass the retaddr we already have available in these functions.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-8-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 968db419de s390x/diag: pass the retaddr into handle_diag_308()
Needed to later drop potential_page_fault() from the diag TCG translate
function.

Convert program_interrupt() to s390_program_interrupt() directly, making
use of the passed address.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-7-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 468a93898a s390x/pci: pass the retaddr to all PCI instructions
Once we wire up TCG, we will need the retaddr to correctly inject
program interrupts. As we want to get rid of the function
program_interrupt(), convert PCI code too.

For KVM, we can simply use RA_IGNORED.

Convert program_interrupt() to s390_program_interrupt() directly, making
use of the passed address.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-6-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 1b98fb99d3 s390x/ioinst: pass the retaddr to all IO instructions
TCG needs the retaddr when injecting an interrupt. Let's just pass it
along and use RA_IGNORED for KVM. The value will be completely ignored for
KVM.

Convert program_interrupt() to s390_program_interrupt() directly, making
use of the passed address.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-5-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand fc21eb6bd9 s390x/tcg: rip out dead tpi code
It is broken and not even wired up. We'll add a new handler soon, but
that will live somewhere else.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-4-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 7693f77a7f s390x/tcg: get rid of runtime_exception()
Let's use s390_program_interrupt() instead.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
David Hildenbrand 8d2f850a5a s390x/tcg: introduce and use s390_program_interrupt()
Allows to easily convert more callers of program_interrupt() and to
easily introduce new exceptions without forgetting about the cpu state
reset.

Use s390_program_interrupt() in places where we already had the same
pattern. We will later get rid of program_interrupt().

RA != 0 checks are already done behind the scenes.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171130162744.25442-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
Cornelia Huck 9879003bb8 target/s390x: nuke DPRINTF in helper.c
It is not used anywhere.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
Christian Borntraeger 39b28b26cf s390x/migration: use zero flag parameter
valgrind pointed out that we call KVM_S390_GET_IRQ_STATE with an
undefined value for flags. Kernels prior to 4.15 did not use that
field, and later kernels ignore it for compatibility reasons, but we
better play safe.

The same is true for SET_IRQ_STATE. We should make sure to not use the
flag field, either.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20171122142627.73170-2-borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-12-14 17:56:54 +01:00
Edgar E. Iglesias 1313e2d7e2 target/arm: Extend PAR format determination
Now that do_ats_write() is entirely in control of whether to
generate a 32-bit PAR or a 64-bit PAR, we can make it use the
correct (complicated) condition for doing so.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1512503192-2239-13-git-send-email-peter.maydell@linaro.org
[PMM: Rebased Edgar's patch on top of get_phys_addr() refactoring;
 use arm_s1_regime_using_lpae_format() rather than
 regime_using_lpae_format() because the latter will assert
 if passed ARMMMUIdx_S12NSE0 or ARMMMUIdx_S12NSE1;
 updated commit message appropriately]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-13 17:59:25 +00:00
Peter Maydell bc52bfeb3b target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()
All of the callers of get_phys_addr() and arm_tlb_fill() now ignore
the FSR values they return, so we can just remove the argument
entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-12-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell 5efe9ed45d target/arm: Ignore fsr from get_phys_addr() in do_ats_write()
In do_ats_write(), rather than using the FSR value from get_phys_addr(),
construct the PAR values using the information in the ARMMMUFaultInfo
struct. This allows us to create a PAR of the correct format regardless
of what the translation table format is.

For the moment we leave the condition for "when should this be a
64 bit PAR" as it was previously; this will need to be fixed to
properly support AArch32 Hyp mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-11-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell 681f9a89d2 target/arm: Use ARMMMUFaultInfo in deliver_fault()
Now that ARMMMUFaultInfo is guaranteed to have enough information
to construct a fault status code, we can pass it in to the
deliver_fault() function and let it generate the correct type
of FSR for the destination, rather than relying on the value
provided by get_phys_addr().

I don't think there are any cases the old code was getting
wrong, but this is more obviously correct.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-10-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell 3f551b5b73 target/arm: Convert get_phys_addr_pmsav8() to not return FSC values
Make get_phys_addr_pmsav8() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-9-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell 9375ad1533 target/arm: Convert get_phys_addr_pmsav7() to not return FSC values
Make get_phys_addr_pmsav7() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-8-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell 53a4e5c5b0 target/arm: Convert get_phys_addr_pmsav5() to not return FSC values
Make get_phys_addr_pmsav5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Note that PMSAv5 does not define any guest-visible fault status
register, so the different "fsr" values we were previously
returning are entirely arbitrary. So we can just switch to using
the most appropriae fi->type values without worrying that we
need to special-case FaultInfo->FSC conversion for PMSAv5.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-7-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:25 +00:00
Peter Maydell da909b2c23 target/arm: Convert get_phys_addr_lpae() to not return FSC values
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-6-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell f06cf24394 target/arm: Convert get_phys_addr_v6() to not return FSC values
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-5-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell f989983e8d target/arm: Convert get_phys_addr_v5() to not return FSC values
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-4-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell 3795a6de9f target/arm: Remove fsr argument from arm_ld*_ptw()
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value
that those functions store in the fsr argument on failure: if they
return failure to their callers they will always overwrite the fsr
value with something else.

Remove the argument from these functions and S1_ptw_translate().
This will simplify removing fsr from the calling functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-3-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell 1fa498fe0d target/arm: Provide fault type enum and FSR conversion functions
Currently get_phys_addr() and its various subfunctions return
a hard-coded fault status register value for translation
failures. This is awkward because FSR values these days may
be either long-descriptor format or short-descriptor format.
Worse, the right FSR type to use doesn't depend only on the
translation table being walked -- some cases, like fault
info reported to AArch32 EL2 for some kinds of ATS operation,
must be in long-descriptor format even if the translation
table being walked was short format. We can't get those cases
right with our current approach.

Provide fields in the ARMMMUFaultInfo struct which allow
get_phys_addr() to provide sufficient information for a caller to
construct an FSR value themselves, and utility functions which do
this for both long and short format FSR values, as a first step in
switching get_phys_addr() and its children to only returning the
failure cause in the ARMMMUFaultInfo struct.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-2-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell 5158de241b target/arm: Implement TT instruction
Implement the TT instruction which queries the security
state and access permissions of a memory location.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-8-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:24 +00:00
Peter Maydell 54317c0ff3 target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()
For the TT instruction we're going to need to do an MPU lookup that
also tells us which MPU region the access hit. This requires us
to do the MPU lookup without first doing the SAU security access
check, so pull the MPU lookup parts of get_phys_addr_pmsav8()
out into their own function.

The TT instruction also needs to know the MPU region number which
the lookup hit, so provide this information to the caller of the
MPU lookup code, even though get_phys_addr_pmsav8() doesn't
need to know it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-7-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13 17:59:24 +00:00
Peter Maydell ec8e334028 target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()
The TT instruction is going to need to look up the MMU index
for a specified security and privilege state. Refactor the
existing arm_v7m_mmu_idx_for_secstate() into a version that
lets you specify the privilege state and one that uses the
current state of the CPU.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-6-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13 17:59:23 +00:00
Peter Maydell 62593718d7 target/arm: Split M profile MNegPri mmu index into user and priv
For M profile, we currently have an mmu index MNegPri for
"requested execution priority negative". This fails to
distinguish "requested execution priority negative, privileged"
from "requested execution priority negative, usermode", but
the two can return different results for MPU lookups. Fix this
by splitting MNegPri into MNegPriPriv and MNegPriUser, and
similarly for the Secure equivalent MSNegPri.

This takes us from 6 M profile MMU modes to 8, which means
we need to bump NB_MMU_MODES; this is OK since the point
where we are forced to reduce TLB sizes is 9 MMU modes.

(It would in theory be possible to stick with 6 MMU indexes:
{mpu-disabled,user,privileged} x {secure,nonsecure} since
in the MPU-disabled case the result of an MPU lookup is
always the same for both user and privileged code. However
we would then need to rework the TB flags handling to put
user/priv into the TB flags separately from the mmuidx.
Adding an extra couple of mmu indexes is simpler.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-5-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:23 +00:00
Peter Maydell 871bec7c44 target/arm: Add missing M profile case to regime_is_user()
When we added the ARMMMUIdx_MSUser MMU index we forgot to
add it to the case statement in regime_is_user(), so we
weren't treating it as unprivileged when doing MPU lookups.
Correct the omission.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-4-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13 17:59:23 +00:00
Peter Maydell 83d7f86d3d target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL
in Handler mode. In v8M the behaviour is slightly different:
writes to the bit are permitted but will have no effect.

We've already done the hard work to handle the value in
CONTROL.SPSEL being out of sync with what stack pointer is
actually in use, so all we need to do to fix this last loose
end is to update the condition we use to guard whether we
call write_v7m_control_spsel() on the register write.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-3-git-send-email-peter.maydell@linaro.org
2017-12-13 17:59:23 +00:00
Peter Maydell 1169d3aa5b target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads
For v8M it is possible for the CONTROL.SPSEL bit value and the
current stack to be out of sync. This means we need to update
the checks used in reads and writes of the PSP and MSP special
registers to use v7m_using_psp() rather than directly checking
the SPSEL bit in the control register.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-12-13 17:59:23 +00:00
Peter Maydell 7472e2efb0 target/arm: Generate UNDEF for 32-bit Thumb2 insns
The refactoring of commit 296e5a0a6c has a nasty bug:
it accidentally dropped the generation of code to raise
the UNDEF exception when disas_thumb2_insn() returns nonzero.
This means that 32-bit Thumb2 instruction patterns that
ought to UNDEF just act like nops instead. This is likely
to break any number of things, including the kernel's "disable
the FPU and use the UNDEF exception to identify when to turn
it back on again" trick.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1513006964-3371-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2017-12-11 17:11:27 +00:00
Richard Purdie 044897ef4a target/ppc: Fix system lockups caused by interrupt_request state corruption
Occasionally in Linux guests on x86_64 we're seeing logs like:

ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000004

when they should read:

ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000002

The "00000004" is CPU_INTERRUPT_EXITTB yet the code calls
cpu_interrupt(cs, CPU_INTERRUPT_HARD) ("00000002") in this function
just before the log message. Something is causing the HARD bit setting
to get lost.

The knock on effect of losing that bit is the decrementer timer interrupts
don't get delivered which causes the guest to sit idle in its idle handler
and 'hang'.

The issue occurs due to races from code which sets CPU_INTERRUPT_EXITTB.

Rather than poking directly into cs->interrupt_request, that code needs to:

a) hold BQL
b) use the cpu_interrupt() helper

This patch fixes the call sites to do this, fixing the hang. The calls
are made from a variety of contexts so a helper function is added to handle
the necessary locking. This can likely be improved and optimised in the future
but it ensures the code is correct and doesn't lockup as it stands today.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-05 12:28:42 +11:00
Kurban Mallachiev be1b21e885 target-ppc: Don't invalidate non-supported msr bits
The msr invalidation code (commits 993eb and 2360b) inverts all
bits except MSR_TGPR and MSR_HVB. On non PowerPC 601 processors
this leads to incorrect change of excp_prefix in hreg_store_msr()
function. The problem is that new msr value get multiplied by msr_mask
and inverted msr does not, thus values of MSR_EP bit in new msr value
and inverted msr are distinct, so that excp_prefix changes but should
not.

Signed-off-by: Kurban Mallachiev <mallachiev@ispras.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-30 14:56:42 +11:00
Suraj Jitindar Singh e07cc19295 target/ppc: Fix setting of cpu->compat_pvr on incoming migration
cpu->compat_pvr is used to store the current compat mode of the cpu.

On the receiving side during incoming migration we check compatibility
with the compat mode by calling ppc_set_compat(). However we fail to set
the compat mode with the hypervisor since the "new" compat mode doesn't
differ from the current (due to a "cpu->compat_pvr != compat_pvr" check).
This means that kvm runs the vcpus without a compat mode, which is the
incorrect behaviour. The implication being that a compatibility mode
will never be in effect after migration.

To fix this so that the compat mode is correctly set with the
hypervisor, store the desired compat mode and reset cpu->compat_pvr to
zero before calling ppc_set_compat().

Fixes: 5dfaa532 ("ppc: fix ppc_set_compat() with KVM PR")

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-27 12:20:11 +11:00
Laurent Vivier 6dd836f5d3 ppc: fix VTB migration
Migration of a system under stress (for example, with
"stress-ng --numa 2") triggers on the destination
some kernel watchdog messages like:

NMI watchdog: BUG: soft lockup - CPU#0 stuck for 3489660870s!
NMI watchdog: BUG: soft lockup - CPU#1 stuck for 3489660884s!

This problem appears with the changes introduced by
    42043e4 spapr: clock should count only if vm is running

I think this commit only triggers the problem.

Kernel computes the soft lockup duration using the
Virtual Timebase register (VTB), not using the Timebase
Register (TBR, the one 42043e4 stops).

It appears VTB is not migrated, so this patch adds it in
the list of the SPRs to migrate, and fixes the problem.

For the migration, I've tested a migration from qemu-2.8.0 and
pseries-2.8.0 to a patched master (qemu-2.11.0-rc1). The received
VTB is 0 (as is it not initialized by qemu-2.8.0), but the value
seems to be ignored by KVM and a non zero VTB is used by the kernel.
I have no explanation for that, but as the original problem appears
only with SMP system under stress I suspect some problems in KVM
(I think because VTB is shared by all threads of a core).

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-22 15:28:37 +11:00
Peter Maydell 1b4e6e8cf8 late linux-user fixes for Qemu 2.11
-----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCAA1FiEE/4IDyMORmK4FgUHvtEiQ3t48m8AFAloTRsQXHHJpa3Uudm9p
 cGlvQGxpbmFyby5vcmcACgkQtEiQ3t48m8AFrQ//SZRfvk7DASsXvGP55p8Iyql2
 Xw2aaRDlaP5HVJwOnOh1E5wzvERJouvaS2czi2YLTOl9T8pt6mYeyUriU+gBNDQp
 M6hmrvw3yTA6QAcf+s6oIaJeOSY6ymnrTRrnEezbxmDvDyaukcgydlDSh2jk36Ez
 d3R9HLkcLHT4g9wfA6i0DbXI/2jbZQgBOQ0iPyEBzft/dRqflo3qxyzKGRQBLFip
 R2dYl5t0p0gSbc0sIz5cr0R1aCk6JOIua1BqW3t6EClxNt5IKI277JLcI/++cnlW
 BY006iMsrZeR9cRuHsE/1lctqzq0pCZT/XYQmrQdq7XWvKnMWHXfP0Ue5H1UUN1l
 +SnHkQAdW4W12aoC1zgae7YzIrN5jcI5CtuEVZGk7EETt6sJAd8Qs5jcEpGyUViJ
 yh8I99iA5tb1QSCDbEwZTljmA4kyD+tvO4WMOrl9n19QeFXB9qwzFCIpfN/lvuyn
 iZEC94O3IbxfbIpAzrn0ZDgFamusqy8MRrIxmki3QzCdA0m8IUMIfI9qK4X4lOsk
 gSxQnNFuiJLr5AUzQu5OuIeEm9ehwdB3m2UztV8qE5JUKo+slfje9LPNh18TWBf9
 q6bMH5TYm2jvMl6efDN6aVkheMv+T4Yux1kTA4tWbY2zIo9avGgBVprVW+QCq9rP
 L0KJ54c8tjoFcEn1Wow=
 =dddR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20171120' into staging

late linux-user fixes for Qemu 2.11

# gpg: Signature made Mon 20 Nov 2017 21:19:00 GMT
# gpg:                using RSA key 0xB44890DEDE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"
# Primary key fingerprint: FF82 03C8 C391 98AE 0581  41EF B448 90DE DE3C 9BC0

* remotes/riku/tags/pull-linux-user-20171120:
  linux-user: Fix calculation of auxv length
  linux-user: Handle rt_sigaction correctly for SPARC
  linux-user/sparc: Put address for data faults where linux-user expects it
  linux-user/ppc: Report correct fault address for data faults
  linux-user/s390x: Mask si_addr for SIGSEGV
  linux-user: return EINVAL from prctl(PR_*_SECCOMP)
  linux-user: fix 'finshed' typo in comment
  linux-user/syscall.c: Handle SH4's exceptional alignment for p{read, write}64
  linux-user: Handle TARGET_MAP_STACK and TARGET_MAP_HUGETLB
  linux-user/hppa: Fix TARGET_F_RDLCK, TARGET_F_WRLCK, TARGET_F_UNLCK
  linux-user/hppa: Fix TARGET_MAP_TYPE
  linux-user/hppa: Fix typo for TARGET_NR_epoll_wait
  linux-user/hppa: Fix cpu_clone_regs
  linux-user/hppa: Fix TARGET_SA_* defines
  linux-user: Restrict usage of sa_restorer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-21 10:44:44 +00:00
Peter Maydell 5f49d73cb3 target-arm queue:
* hw/arm: Silence xlnx-ep108 deprecation warning during tests
  * hw/arm/aspeed: Unlock SCU when running kernel
  * arm: check regime, not current state, for ATS write PAR format
  * nvic: Fix ARMv7M MPU_RBAR reads
  * target/arm: Report GICv3 sysregs present in ID registers if needed
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaExJdAAoJEDwlJe0UNgzeKCAP/0YzjL87it6HkbBzX9yP5Mpv
 UZk0HcNfrCGV69zy/4CiL33tqwwwSUZv16kVyNVtuqsJRDR3riy5C+YjqZBkvkCG
 iVAQ24i5NbSIvcOvNc4YBy2aA1FOU+qMbpdKZ1k8pkBwwLaNaY6OtbxwHYa9MqCZ
 iH/nylgRvOlNZKCmajRPudaagqEGrcj0xuszlhPM7HSYbYgYsnLabnaNJgSBLqxD
 MM4hCGFrJtNXDJoYu/FEZrKrWbuL9RHma31Vc2Fa1Lys9GO3sp+hhbZXDO7m/Q1L
 Id1/Q+EMAxuuSF7TyGAPBpKzHERTaOfYDqRY6CPcmBBxwwVx89E2KW49Tc8Gbijj
 i2tlWWrExUfMKnz51aoPaPrg97JIn3ql1UqsZ6RlqdZjT+pY3I3wt5o56Ys6PwCN
 19J96AnMLKeglkSXztvsAGmo09uFRD4nuxueylUvrJoGCnPRbkvdJ1PDARw2XY8N
 gROwgw8eizxQ92d3yVzVl3v81jozwxX6X2ufNlLIiHRpg1LPTtQxWXxWJQobPia8
 zZcm14QKF4r99UsfC/itkKi/D3ULUkH1r9eL8DH9EDyTd+E4rCuA+i8nlitDX7Tp
 54UmWO62L9A6fidiYqNXTKJLLAosUpg0wGwWV4nN+7a2OaKembtbbs0Xyrb1uQOw
 ykdO9ZF2D5uwk7m20LrG
 =hxAO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20171120' into staging

target-arm queue:
 * hw/arm: Silence xlnx-ep108 deprecation warning during tests
 * hw/arm/aspeed: Unlock SCU when running kernel
 * arm: check regime, not current state, for ATS write PAR format
 * nvic: Fix ARMv7M MPU_RBAR reads
 * target/arm: Report GICv3 sysregs present in ID registers if needed

# gpg: Signature made Mon 20 Nov 2017 17:35:25 GMT
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20171120:
  hw/arm: Silence xlnx-ep108 deprecation warning during tests
  hw/arm/aspeed: Unlock SCU when running kernel
  arm: check regime, not current state, for ATS write PAR format
  nvic: Fix ARMv7M MPU_RBAR reads
  target/arm: Report GICv3 sysregs present in ID registers if needed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-21 09:56:05 +00:00
Peter Maydell 50cd71b0d3 arm: check regime, not current state, for ATS write PAR format
In do_ats_write(), rather than using extended_addresses_enabled() to
decide whether the value we get back from get_phys_addr() is a 64-bit
format PAR or a 32-bit one, use arm_s1_regime_using_lpae_format().

This is not really the correct answer, because the PAR format
depends on the AT instruction being used, not just on the
translation regime. However getting this correct requires a
significant refactoring, so that get_phys_addr() returns raw
information about the fault which the caller can then assemble
into a suitable FSR/PAR/syndrome for its purposes, rather than
get_phys_addr() returning a pre-formatted FSR.

However this change at least improves the situation by making
the PAR work correctly for address translation operations done
at AArch64 EL2 on the EL2 translation regime. In particular,
this is necessary for Xen to be able to run in our emulation,
so this seems like a safer interim fix given that we are in freeze.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1509719814-6191-1-git-send-email-peter.maydell@linaro.org
2017-11-20 13:42:25 +00:00
Peter Maydell 96a8b92ed8 target/arm: Report GICv3 sysregs present in ID registers if needed
The CPU ID registers ID_AA64PFR0_EL1, ID_PFR1_EL1 and ID_PFR1
have a field for reporting presence of GICv3 system registers.
We need to report this field correctly in order for Xen to
work as a guest inside QEMU emulation. We mustn't incorrectly
claim the sysregs exist when they don't, though, or Linux will
crash.

Unfortunately the way we've designed the GICv3 emulation in QEMU
puts the system registers as part of the GICv3 device, which
may be created after the CPU proper has been realized. This
means that we don't know at the point when we define the ID
registers what the correct value is. Handle this by switching
them to calling a function at runtime to read the value, where
we can fill in the GIC field appropriately.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1510066898-3725-1-git-send-email-peter.maydell@linaro.org
2017-11-20 13:39:12 +00:00
David Hildenbrand 7337c6eb98 s390x/tcg: fix DIAG 308 with > 1 VCPU (MTTCG)
Currently, multi threaded TCG with > 1 VCPU gets stuck during IPL, when
the bios tries to switch to the loaded kernel via DIAG 308.

As run_on_cpu() is used, we run into a deadlock after handling the reset.
We need the iolock (just like KVM).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171116170526.12643-4-david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-20 09:31:46 +01:00
David Hildenbrand dc0bbef5e6 s390x: fix storing CPU status (again)
Looks like the last fix + cleanup introduced another bug. (for now Linux
guests don't seem to care) - we store the crs into ars.

Fixes: 947a38bd6f ("s390x/kvm: fix and cleanup storing CPU status")
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171116170526.12643-2-david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-20 09:31:46 +01:00
Peter Maydell 62955e101e Miscellaneous bugfixes
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAloMXN0UHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNNAQf/e7/uT2tW7WNfamSOMYXswf0R6ak+
 KjVSG+qiNsKaZzXmMFkhm4n0u1vCW0VGEQGRHr0MoSCyyfhupzLRHxfHi8SytqTf
 S6wqNtIbOK0L8bW+U5vzADks33UCuuUNlVZeOAkEPaXiLlgxmBoHfyoXkIGemJc2
 epx5x22rloNQLaBoL7FGmAkQhQCSJg19hAtRLo0tkryCwBZ9P6a1K0aNAHU2RFaB
 LgRFcxwduwTydsHRYeQ8J7YR0fERle01QUB8y9tlOc8/d2x9yRPBWhPHwscKMv6I
 JwM0c2Mnw6Yqbwyj7snWty7epgUcHWrOVnZnaIpNW9Z8m/wgz28oZ3a09w==
 =6wL6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Miscellaneous bugfixes

# gpg: Signature made Wed 15 Nov 2017 15:27:25 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  fix scripts/update-linux-headers.sh here document
  exec: Do not resolve subpage in mru_section
  util/stats64: Fix min/max comparisons
  cpu-exec: avoid cpu_exec_nocache infinite loop with record/replay
  cpu-exec: don't overwrite exception_index
  vhost-user-scsi: add missing virtqueue_size param
  target-i386: adds PV_TLB_FLUSH CPUID feature bit
  thread-posix: fix qemu_rec_mutex_trylock macro
  Makefile: simpler/faster "make help"
  ioapic/tracing: Remove last DPRINTFs
  Enable 8-byte wide MMIO for 16550 serial devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-16 14:42:54 +00:00
Richard Henderson 3c5f9c3f35 target/arm: Fix GETPC usage in do_paired_cmpxchg64_l/be
Use of GETPC must be restricted to those functions that are
directly called from TCG generated code.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Fixes: 2399d4e7ce
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-15 10:34:33 +01:00
Richard Henderson 3bdb5fcc9a target/arm: Use helper_retaddr in stxp helpers
We use raw memory primitives along the !parallel_cpus paths in order to
simplify the endianness handling.  Because of that, we did not benefit
from the generic changes to cpu_ldst_user_only_template.h.

The simplest fix is to manipulate helper_retaddr here.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-15 10:34:05 +01:00
Wanpeng Li 6976af663d target-i386: adds PV_TLB_FLUSH CPUID feature bit
Adds PV_TLB_FLUSH CPUID feature bit.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim KrÄmář <rkrcmar@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Message-Id: <1510299947-11287-1-git-send-email-wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Emilio G. Cota 5ca66278c8 arm/translate-a64: mark path as unreachable to eliminate warning
Fixes the following warning when compiling with gcc 5.4.0 with -O1
optimizations and --enable-debug:

target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’:
target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (!post_index) {
        ^
target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here
     bool post_index;
          ^
target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (writeback) {
        ^
target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here
     bool writeback;
          ^

Note that idx comes from selecting 2 bits, and therefore its value
can be at most 3.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1510087611-1851-1-git-send-email-cota@braap.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:24 +00:00
Peter Maydell 508ba0f7e2 s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaBHPZAAoJEN7Pa5PG8C+vb4IP/ibDb1/PdlrS2/a/wpt2sRjr
 F1WBRcnk+A1sWbscQ+4D0wY5nAkHoooRbQ+UYpxEGAyVE2d9q+yZ1EbZ/U4BgC+z
 Z/j/kV4HNoYvSkzvs6lohPsAm7vlAImJGbpcx575OTjaN4SHx9uKTxz6gUF0/WFg
 EbT0ir40Xd/vhY0Ubw/vIf6xlBWWMrNew2rWiCB3cIoKNwxYdSpsw9RYmpS+kAbe
 9f0x83fsyE6ZN9bFKF1F0TrR5lKyq+LNU0zNcjo+KulcoEu2s7vOu/eZinfTbN2n
 KFLz0Y4UuWZpZF2rO8PlyZn91jdtfGF/hprcKEAsiTL/v7PNO7wcS8WtV6KmCQLc
 T9cSOegZGEHA7jsz+bicVpGntxDTbvOButbG69k14IFhqwOQbTk7wIfDK4L13yHV
 n0Bke64w3pIGJmOyhU9pirvxoPXNSt9MD41diw7qDdxPKek0nqqA01ykUeE9lSvJ
 NNH6MDfJI2SMiw4OcUEY8FfngPQSpc7FIyzMFGznkl5aO4wSwOwrtrI1CJgrnUv9
 VsIjFh0N1ipiumoQLnZR8YXpeh9QNwHbtER8sqvoy1BsvvhqmwriZ+XSQxrtW1Rh
 44FhsQoq5JuCdfHSk+CMa+7O/Se1nCU84AgtCSplT5cIEzSIbgtB1jUFV4tYOH0x
 9Y+seVZWm0cOLlQfIKFq
 =4fvh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171109' into staging

s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.

# gpg: Signature made Thu 09 Nov 2017 15:27:21 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20171109:
  target/s390x: Finish implementing RISBGN
  s390x/pci: let pci devices start in configured mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 11:41:47 +00:00
Peter Maydell 6b8d0ac031 Capstone fixes for 2.11
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaBAiFAAoJEGTfOOivfiFf3VAH/14ajkifffP3FhylMD9rYhEo
 O3JYLdBDC1bXaXnpHf/6v80XtLonFUK8RBW76k/fCG/iZqJlohP6cfXmgAUNIEHl
 Id7yzZ7sN9OGSMdqEKYDY5nUKKDlBnQ8dFYZJGHvwvuBliPB6eDx92FEczph6wv2
 WEjI+Z3ViavoNMQQv2PfvIgdSXMPOmXbdwIdcAX4/vn8LSzk1t+nSlmjwAtRsIFO
 UgKdj0Ov53V32ed6iSbM+vGR/rE5BXmm0vc7vN+ix40r91aQRUJUqIywzCIlrVE6
 8OWNWbbc/7ortI3auKv73K6TBBiTMvecvu0TyPk2mYUYS/el66UyWCbMvJYnmVE=
 =j6B5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-cap-20171109' into staging

Capstone fixes for 2.11

# gpg: Signature made Thu 09 Nov 2017 07:49:25 GMT
# gpg:                using RSA key 0x64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-cap-20171109:
  Makefile: Capstone: Add support for cross compile ranlib
  disas: Dump insn bytes along with capstone disassembly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 10:05:18 +00:00
Richard Henderson fdaae35143 target/s390x: Finish implementing RISBGN
We added the entry to insn-data.def, but failed to update op_risbg
to match.  No need to special-case the imask inversion, since that
is already ~0 for RISBG (and now RISBGN).

Fixes: 375ee58bed
Fixes: https://bugs.launchpad.net/qemu/+bug/1701798 (s390x part)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20171107145546.767-1-richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-09 10:36:06 +01:00
Richard Henderson 15fa1a0ae0 disas: Dump insn bytes along with capstone disassembly
This feature is present for some targets in the bfd disassembler(s).
Implement it generically for all capstone users.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-09 08:46:38 +01:00
Greg Kurz e4f0c6bb1a ppc: fix setting of compat mode
While trying to make KVM PR usable again, commit 5dfaa532ae introduced a
regression: the current compat_pvr value is passed to KVM instead of the
new one. This means that we always pass 0 instead of the max-cpu-compat
PVR during the initial machine reset. And at CAS time, we either pass
the PVR from the command line or even don't call kvmppc_set_compat() at
all, ie, the PCR will not be set as expected.

For example if we start a big endian fedora26 guest in power7 compat
mode on a POWER8 host, we get this in the guest:

$ cat /proc/cpuinfo
processor       : 0
cpu             : POWER7 (architected), altivec supported
clock           : 4024.000000MHz
revision        : 2.0 (pvr 004d 0200)

timebase        : 512000000
platform        : pSeries
model           : IBM pSeries (emulated by qemu)
machine         : CHRP IBM pSeries (emulated by qemu)
MMU             : Hash

but the guest can still execute POWER8 instructions, and the following
program succeeds:

int main()
{
        asm("vncipher 0,0,0"); // ISA 2.07 instruction
}

Let's pass the new compat_pvr to kvmppc_set_compat() and the program fails
with SIGILL as expected.

Reported-by: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-08 13:21:37 +11:00
Peter Maydell 8d8cb956e0 linux-user/sparc: Put address for data faults where linux-user expects it
In the user-mode-only version of sparc_cpu_handle_mmu_fault(),
we must save the fault address for a data fault into the CPU
state's mmu registers, because the code in linux-user/main.c
expects to find it there in order to populate the si_addr
field of the guest siginfo.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:59:18 +02:00
Peter Maydell 3448d47b31 translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD
For AArch32 LDREXD and STREXD, architecturally the 32-bit word at the
lowest address is always Rt and the one at addr+4 is Rt2, even if the
CPU is big-endian. Our implementation does these with a single
64-bit store, so if we're big-endian then we need to put the two
32-bit halves together in the opposite order to little-endian,
so that they end up in the right places. We were trying to do
this with the gen_aa32_frob64() function, but that is not correct
for the usermode emulator, because there there is a distinction
between "load a 64 bit value" (which does a BE 64-bit access
and doesn't need swapping) and "load two 32 bit values as one
64 bit access" (where we still need to do the swapping, like
system mode BE32).

Fixes: https://bugs.launchpad.net/qemu/+bug/1725267
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1509622400-13351-1-git-send-email-peter.maydell@linaro.org
2017-11-07 13:03:51 +00:00
Andrew Baumann 5b2d261d60 arm: implement cache/shareability attribute bits for PAR registers
On a successful address translation instruction, PAR is supposed to
contain cacheability and shareability attributes determined by the
translation. We previously returned 0 for these bits (in line with the
general strategy of ignoring caches and memory attributes), but some
guest OSes may depend on them.

This patch collects the attribute bits in the page-table walk, and
updates PAR with the correct attributes for all LPAE translations.
Short descriptor formats still return 0 for these bits, as in the
prior implementation.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 20171031223830.4608-1-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-07 13:03:51 +00:00
Stefano Stabellini 58803318e5 fix WFI/WFE length in syndrome register
WFI/E are often, but not always, 4 bytes long. When they are, we need to
set ARM_EL_IL_SHIFT in the syndrome register.

Pass the instruction length to HELPER(wfi), use it to decrement pc
appropriately and to pass an is_16bit flag to syn_wfx, which sets
ARM_EL_IL_SHIFT if needed.

Set dc->insn in both arm_tr_translate_insn and thumb_tr_translate_insn.

Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: alpine.DEB.2.10.1710241055160.574@sstabellini-ThinkPad-X260
[PMM: move setting of dc->insn for Thumb so it is correct for 32 bit insns]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-31 11:50:50 +00:00
Peter Maydell abf6e752e5 s390x: fixups for 2.11
- missing \r in the BIOS console output
 - CPU type name is now "s390x-cpu"
 - fixup for the host-model on z14 and older machine versions
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZ9uQHAAoJEBF7vIC1phx8E8AP/0aBPGS3FHrAOf/mDQchh+Do
 +wKtEx3pLRnV8UyurmkaRKgUaemhC+JvGxqgvgq/BrhOqVnVtHdRQ3MQt5ThtDbQ
 kI4GXJn5nENujg4PtjTuCs+7xLC/4QXPyiHc59HAaRwXG0jBQn8mdGZj6ATvXLWp
 ePrGRAbbLclXyKLPl4SG9DR52L2OakSTz3m7qSHHS3pHBYrDjY9U0A1luIHOfyFq
 FXNF/NZ2fRvtDhip4PFC8tnns5G61JWrhnha4+wsePaAUgVTUP8jqoyaRLPxHxti
 4SDpVDCzRO+hmAGrgOEZOGjYxQ/zbxsRhT4qVyZ/KfKiNYqrjOsI5n+X3fiPZl3m
 y64TXSK9kW3qWB/ZNTgEYmtZHrmFtcQnL8bPgIJRXySedX+K6UIX384GBSf6NVSz
 2FUl/O/cksiMumHQfVPemRjC58gy3buCMGUTokENOyd5LzwjkLcdiJn6NmH5yo5A
 zNxVaISZjJ5zd5TCp8tQ+LNvXLHk9/Aah9yoirBpYnyoafwZaZtk6qLh/LN7isS/
 F+o58YP+SgEldynfbW9HKcjxut6COFqP9lDhALXwrWQGGjZIfSm9NMhrH/xNpoWW
 HEMpQ24QbqL7CKoMQVatuHDlPaIjxIWTdTepC0MBTmvoTwGJ8PbX0FIs7L0U344V
 Ze7HEhaR8KpQ0uKSBLVh
 =ir9v
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20171030' into staging

s390x: fixups for 2.11

- missing \r in the BIOS console output
- CPU type name is now "s390x-cpu"
- fixup for the host-model on z14 and older machine versions

# gpg: Signature made Mon 30 Oct 2017 08:34:15 GMT
# gpg:                using RSA key 0x117BBC80B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"
# Primary key fingerprint: F922 9381 A334 08F9 DBAB  FBCA 117B BC80 B5A6 1C7C

* remotes/borntraeger/tags/s390x-20171030:
  s390-*.img: update s390 bios with latest fixes
  s390-ccw: print carriage return with new lines
  s390x/kvm: use cpu model for gscb on compat machines
  target/s390x: change CPU type name to "s390x-cpu"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-30 13:02:45 +00:00
Peter Maydell ab752f237d x86/cpu/numa queue, 2017-10-27
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJZ8z/oAAoJECgHk2+YTcWmqGAQALy+nNFpQi048pydLmtbnv3y
 EDo4lsq29uimpcgim4GfZKLcrUygqVY6vorGsvRPw6/efWSzLoMHdsYee4cv5V6S
 fwXI6TIjyDbMZEoQ+TPf6zBPiGT7Ep5nMAl0zspvqZS7ssp0dWGrvAtpXzj3FFfB
 VwCs3eF7PILMBzMNeRoGrCweJu7mOMhTa7FF3o1FG135AoDljnL2oGj0TA/Z333N
 n3wOzl+rvXvYPGc8wEoixTzFQ1kw6vZwJk3sT77o+Zi2C0ihqcJ04F6cUFEyYdT3
 O+nH4rZcCWIEjHDYt4BgjfIigcih75zYHIFdMxzdfeofGThmf4UwnFl7LzJ1KF27
 RS3fnqZCGw41hUJ2usmSMkxbliXmohGczx+lN4/la/lSLp/LVoTxBhyfoMZHa8kL
 E52Waj2D1LfSg0KXJEYy8LgUrrLLABQ0fCEnZTSBcAlGJdd4m8nOTlbGjpovgwPf
 GKLiu6yHvfpoQuTyRHx/Nojq1UzhZ0BRm7N/2bJZWevvAsbGIP5TRXbnnwiMG5z5
 VRwwQ2vqG69SiI+gvjCvaJRGRbxuGANWYVUZAnjNuzL5V8WR+F7D3AaUlucp8Ui5
 7C822NHxvKxQoJvPRJspkrdoMu9FPkKdsFoOCywWJlZKn3mSxDkO1k1Gmw1UVSWi
 Ynvckz9k4NPG8ADj6ySE
 =ApN/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging

x86/cpu/numa queue, 2017-10-27

# gpg: Signature made Fri 27 Oct 2017 15:17:12 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-and-machine-pull-request: (39 commits)
  x86: Skip check apic_id_limit for Xen
  numa: fixup parsed NumaNodeOptions earlier
  mips: r4k: replace cpu_model with cpu_type
  mips: mipssim: replace cpu_model with cpu_type
  mips: Magnum/Acer Pica 61: replace cpu_model with cpu_type
  mips: fulong2e: replace cpu_model with cpu_type
  mips: malta/boston: replace cpu_model with cpu_type
  mips: use object_new() instead of gnew()+object_initialize()
  sparc: leon3: use generic cpu_model parsing
  sparc: sparc: use generic cpu_model parsing
  sparc: sun4u/sun4v/niagara: use generic cpu_model parsing
  sparc: cleanup cpu type name composition
  tricore: use generic cpu_model parsing
  tricore: cleanup cpu type name composition
  unicore32: use generic cpu_model parsing
  unicore32: cleanup cpu type name composition
  xtensa: lx60/lx200/ml605/kc705: use generic cpu_model parsing
  xtensa: sim: use generic cpu_model parsing
  xtensa: cleanup cpu type name composition
  sh4: remove SuperHCPUClass::name field
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-30 10:11:22 +00:00
Christian Borntraeger 0280b3eb7c s390x/kvm: use cpu model for gscb on compat machines
Starting a guest with
   <os>
    <type arch='s390x' machine='s390-ccw-virtio-2.9'>hvm</type>
  </os>
  <cpu mode='host-model'/>

on an IBM z14 results in

"qemu-system-s390x: Some features requested in the CPU model are not
available in the configuration: gs"

This is because guarded storage is fenced for compat machines that did
not have guarded storage support. While this prevents future migration
abort (by not starting the guest at all), not being able to start a
"host-model" guest is very much unexpected.  As it turns out, even if we
would modify libvirt to not expand the cpu model to contain "gs" for
compat machines, it cannot guarantee that a migration will succeed. For
example if the kernel changes its features (or the user has nested=1 on
one host but not on the other) the migration will fail nevertheless.  So
instead of fencing "gs" for machines <= 2.9 lets allow it for all
machine types that support the CPU model. This will make "host-model"
runnable all the time, while relying on the CPU model to reject invalid
migration attempts. We also need to change the migration for guarded
storage.
Additional discussions about host-model are still pending but are out
of scope of this patch.

Suggested-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <Cornelia Huck <cohuck@redhat.com>
Acked-by: Halil Pasic <pasic@linux.vnet.ibm.com>
2017-10-30 09:03:45 +01:00
David Hildenbrand e555cbe78d target/s390x: change CPU type name to "s390x-cpu"
For now, e.g. host-s390-cpu wasn't exposed to the user. cpu-add, -cpu
and the CPU model qmp interfaces didn't care about the actual type,
as that information was hidden.

This changed with CPU hotplug via device_add. Now the type is visible to
the user. Before we get that supported in a stable version, this is our
last chance to change it.

So change it from "s390-cpu" to "s390x-cpu", to match the architecture
name. Example names are then e.g. z14-s390x-cpu or qemu-s390x-cpu.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171020115803.14093-1-david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2017-10-30 08:56:28 +01:00
Igor Mammedov a7519f2b39 mips: malta/boston: replace cpu_model with cpu_type
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-37-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:28 +02:00
Igor Mammedov 1d4bfc5496 sparc: cleanup cpu type name composition
introduce SPARC_CPU_TYPE_NAME macro and use it to
construct cpu type names.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-32-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:27 +02:00
Igor Mammedov b9ad9d5b21 tricore: cleanup cpu type name composition
introduce TRICORE_CPU_TYPE_NAME macro and use it to construct
cpu type names. While at it move cpu type_infos into one
array and register it directly with type_init_from_array()
instead of custom tricore_cpu_register_types()/cpu_register()

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-30-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:27 +02:00
Igor Mammedov 6a82686647 unicore32: cleanup cpu type name composition
use new UNICORE32_CPU_TYPE_NAME to compose CPU type
name and get rid of intermediate
   UniCore32CPUInfo/uc32_cpu_register_types()
which is replaced by static TypeInfo array and
type_init_from_array()

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-28-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:27 +02:00
Igor Mammedov a5247d761c xtensa: cleanup cpu type name composition
use new XTENSA_CPU_TYPE_NAME to compose CPU type name
to bring xtensa in line with all other targets that
will similar macro.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-25-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:27 +02:00
Igor Mammedov 633cd13556 sh4: remove SuperHCPUClass::name field
the field contains upper-cased cpu model name and is used
for printing supported cpu model names for '-cpu help'.

Considering that cpu model lookup in superh_cpu_class_by_name()
is case-insensitive, we can drop upper-casing when
printing supported cpus list and use cpu type directly
to do the same by cutting out SUPERH_CPU_TYPE_SUFFIX from
typename.

It allows to remove SuperHCPUClass::name, which practically
duplicates names defined by TYPE_SH*_CPU definitions and
simplify sh*_class_init()/SuperHCPUClass a bit.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-24-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:04:27 +02:00
Igor Mammedov d5ebe62556 sh4: simplify superh_cpu_class_by_name()
currently for sh4 cpu_model argument for '-cpu' option
could be either 'cpu model' name or cpu_typename.

however typically '-cpu' takes 'cpu model' name and
cpu type for sh4 target isn't advertised publicly
('-cpu help' prints only 'cpu model' names) so we
shouldn't care about this use case (it's more of a bug).

1. Drop '-cpu cpu_typename' to align with the rest of
   targets.
2. Compose searched for typename from cpu model and use
   it with object_class_by_name() directly instead of
   over-complicated
       object_class_get_list()
       g_slist_find_custom() + superh_cpu_name_compare()

With #1 droped, #2 could be used for both lookups which
simplifies superh_cpu_class_by_name() quite a bit.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-23-git-send-email-imammedo@redhat.com>
[ehabkost: Include fixup sent by Igor]
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:55 +02:00
Igor Mammedov 974e58d210 sh4: cleanup cpu type name composition
introduce SUPERH_CPU_TYPE_NAME macro and use it to construct
cpu type names. While at it move cpu type_infos into one
array and register it directly with type_init_from_array()
instead of custom superh_cpu_register_types()

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-22-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov a677273142 openrisc: cleanup cpu type name composition
use new OPENRISC_CPU_TYPE_NAME to compose CPU type name and get
rid of intermediate OpenRISCCPUInfo/openrisc_cpu_register_types()
which is replaced by static TypeInfo array.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-18-git-send-email-imammedo@redhat.com>
Acked-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov 0255db239e moxie: cleanup cpu type name composition
introduce MOXIE_CPU_TYPE_NAME macro and consistently use it
to construct cpu type names. While at it replace dynamic
cpu type name composition with static data.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-16-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov a7f981cc9f moxie: fix qemu-system-moxie failing to start with CLI "-cpu MoxieLite"
It 'works' with default CPU only because of bug in
moxie_cpu_class_by_name() where it treats cpu_model
as type name and default cpu_model also happens to be
type name. But specifying explicitly cpu on CLI,
ex: '-cpu MoxieLite', makes QEMU fail since
moxie_cpu_class_by_name() doesn't traslate cpu_model
to cpu type and fails to find corresponding object class.

Fix moxie_cpu_class_by_name() to do proper
   cpu_model -> cpu type
translation and fix default cpu_model to be cpu_model
instead of being typename.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-15-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov f61797bd94 m68k: cleanup cpu type name composition
use new M68K_CPU_TYPE_NAME to compose CPU type names
and get rid of intermediate M68kCPUInfo/register_cpu_type()
which is replaced by static TypeInfo array.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1507211474-188400-12-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov c6678108ba lm32: cleanup cpu type name composition
introduce LM32_CPU_TYPE_NAME macro and consistently use it
to construct cpu type names. While at it replace dynamic
cpu type name composition with static data.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Michael Walle <michael@walle.cc>
Message-Id: <1507211474-188400-9-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov 3936419121 cris: cleanup cpu type name composition
replace ambiguous TYPE macro with a new CRIS_CPU_TYPE_NAME
and use it consistently in the code.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1507211474-188400-7-git-send-email-imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:54 +02:00
Igor Mammedov 73a25e8340 alpha: cleanup cpu type name composition
Introduce ALPHA_CPU_TYPE_NAME macro to replace rather ununique
TYPE macro that alpha uses. With new macro it will follow
the same naming convention as other targets.

While at it put scattered TypeInfo into one array which places
type desriptions at one place and reduces code a bit.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1507211474-188400-5-git-send-email-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-10-27 16:03:53 +02:00
Peter Maydell 6e6430a821 Capstone disassembler
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZ8bGHAAoJEGTfOOivfiFfOXQH/jc3BbQ+ulxvQSgA3rI2JE1e
 Ww5FK5HEs4qZU3hz4EtE2Cd5p7qV5I4tWRtbxzc6BGBwLsfz3a60Abx7726sZiH0
 ZuULTsWXQ/71XfZHQysgOSoy36G8xj/1yvrMWHjDCfWp/pzz479YXWSSn2TWEHpI
 jI6nKP5ALdv5XTAaglGaNzqVeWgjKXJn4O8qZFS7axj7hndzLFguymfm8rV8DAdd
 LRuYWOizzzJ0dcaO/HHyLTzSl7rR0g+DmcOAuFCREy4f+r6tXijwiirB5f7ZJiqc
 hgEBq/6NfztW2+pAUSxqI2Kuq1zVETTpZORH1+UxvVk9GPu1ouYldMx0NrYhDtc=
 =fC5W
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-dis-20171026' into staging

Capstone disassembler

# gpg: Signature made Thu 26 Oct 2017 10:57:27 BST
# gpg:                using RSA key 0x64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-dis-20171026:
  disas: Add capstone as submodule
  disas: Remove monitor_disas_is_physical
  ppc: Support Capstone in disas_set_info
  arm: Support Capstone in disas_set_info
  i386: Support Capstone in disas_set_info
  disas: Support the Capstone disassembler library
  disas: Remove unused flags arguments
  target/arm: Don't set INSN_ARM_BE32 for CONFIG_USER_ONLY
  target/arm: Move BE32 disassembler fixup
  target/ppc: Convert to disas_set_info hook
  target/i386: Convert to disas_set_info hook

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	target/i386/cpu.c
#	target/ppc/translate_init.c
2017-10-27 08:04:51 +01:00
Richard Henderson 74d7fc7f63 tcg: Avoid setting tcg_initialize if !CONFIG_TCG
Fix the build for --disable-tcg.

Fixes: 55c3ceef61
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20171026135814.20773-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-26 17:47:36 +01:00
Richard Henderson ac226899db ppc: Support Capstone in disas_set_info
Cc: qemu-ppc@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:55:21 +02:00
Richard Henderson 110f6c703b arm: Support Capstone in disas_set_info
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:55:21 +02:00
Richard Henderson b666d2a41a i386: Support Capstone in disas_set_info
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:55:21 +02:00
Richard Henderson 1d48474d8e disas: Remove unused flags arguments
Now that every target is using the disas_set_info hook,
the flags argument is unused.  Remove it.

Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:55:09 +02:00
Richard Henderson 7bcdbf51ee target/arm: Don't set INSN_ARM_BE32 for CONFIG_USER_ONLY
This matches translator behaviour in arm_lduw_code.

Fixes: https://bugs.launchpad.net/qemu/+bug/1724485
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:55:09 +02:00
Richard Henderson 6cd61517fb target/arm: Move BE32 disassembler fixup
The Capstone disassembler has its own big-endian fixup.
Doing this twice does not work, of course.  Move our current
fixup from target/arm/cpu.c to disas/arm.c.

This makes read_memory_inner_func unused and can be removed.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:54:52 +02:00
Richard Henderson 0eea8cdd6d target/ppc: Convert to disas_set_info hook
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:41:42 +02:00
Richard Henderson f50f3dd5d6 target/i386: Convert to disas_set_info hook
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-25 11:41:42 +02:00
Richard Henderson 1c2adb958f tcg: Initialize cpu_env generically
This is identical for each target.  So, move the initialization to
common code.  Move the variable itself out of tcg_ctx and name it
cpu_env to minimize changes within targets.

This also means we can remove tcg_global_reg_new_{ptr,i32,i64},
since there are no longer global-register temps created by targets.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:42 -07:00
Emilio G. Cota b1311c4acf tcg: define tcg_init_ctx and make tcg_ctx a pointer
Groundwork for supporting multiple TCG contexts.

The core of this patch is this change to tcg/tcg.h:

> -extern TCGContext tcg_ctx;
> +extern TCGContext tcg_init_ctx;
> +extern TCGContext *tcg_ctx;

Note that for now we set *tcg_ctx to whatever TCGContext is passed
to tcg_context_init -- in this case &tcg_init_ctx.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:42 -07:00
Emilio G. Cota 87d757d60d target/sparc: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:42 -07:00
Emilio G. Cota 671f9a85d8 target/sh4: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:42 -07:00
Emilio G. Cota 6476615d38 target/s390x: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:42 -07:00
Emilio G. Cota f0ddf11b23 target/m68k: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:41 -07:00
Emilio G. Cota b5e3b4c2ac target/i386: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:41 -07:00
Emilio G. Cota f9f46db444 target/hppa: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:41 -07:00
Emilio G. Cota 2399d4e7ce target/arm: check CF_PARALLEL instead of parallel_cpus
Thereby decoupling the resulting translated code from the current state
of the system.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:41 -07:00
Emilio G. Cota c5a49c63fa tcg: convert tb->cflags reads to tb_cflags(tb)
Convert all existing readers of tb->cflags to tb_cflags, so that we
use atomic_read and therefore avoid undefined behaviour in C11.

Note that the remaining setters/getters of the field are protected
by tb_lock, and therefore do not need conversion.

Luckily all readers access the field via 'tb->cflags' (so no foo.cflags,
bar->cflags in the code base), which makes the conversion easily
scriptable:

FILES=$(git grep 'tb->cflags' target include/exec/gen-icount.h \
	 accel/tcg/translator.c | cut -f1 -d':' | sort | uniq)

perl -pi -e 's/([^.>])tb->cflags/$1tb_cflags(tb)/g' $FILES
perl -pi -e 's/([a-z->.]*)(->|\.)tb->cflags/tb_cflags($1$2tb)/g' $FILES

Then manually fixed the few errors that checkpatch reported.

Compile-tested for all targets.

Suggested-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 13:53:41 -07:00
Richard Henderson 55c3ceef61 qom: Introduce CPUClass.tcg_initialize
Move target cpu tcg initialization to common code,
called from cpu_exec_realizefn.

Acked-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 22:00:13 +02:00
Richard Henderson 11f4e8f8bf tcg: Remove TCGV_EQUAL*
When we used structures for TCGv_*, we needed a macro in order to
perform a comparison.  Now that we use pointers, this is just clutter.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 21:50:15 +02:00
Richard Henderson dc41aa7d34 tcg: Remove GET_TCGV_* and MAKE_TCGV_*
The GET and MAKE functions weren't really specific enough.
We now have a full complement of functions that convert exactly
between temporaries, arguments, tcgv pointers, and indices.

The target/sparc change is also a bug fix, which would have affected
a host that defines TCG_TARGET_HAS_extr[lh]_i64_i32, i.e. MIPS64.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-24 21:49:30 +02:00
Stafford Horne 6b4bbd6aeb openrisc/cputimer: Perparation for Multicore
In order to support multicore system we move some of the previously
static state variables into the state of each core.

On the other hand in order to allow timers to be synced between each
code the ttcr (tick timer count register) is moved out of the core.
This is not as per real hardware spec which has a separate timer counter
per core, but it seems the most simple way to keep each clock in sync.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2017-10-21 06:35:47 +09:00
Stafford Horne 8c949951ed target/openrisc: Make coreid and numcores variable
Previously coreid and numcores were hard coded as 0 and 1 respectively
as OpenRISC QEMU did not have multicore support.

Multicore support is now being added so these registers need to have
configured values.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
2017-10-21 06:35:47 +09:00
David Hildenbrand 2bcf018340 s390x/tcg: low-address protection support
This is a neat way to implement low address protection, whereby
only the first 512 bytes of the first two pages (each 4096 bytes) of
every address space are protected.

Store a tec of 0 for the access exception, this is what is defined by
Enhanced Suppression on Protection in case of a low address protection
(Bit 61 set to 0, rest undefined).

We have to make sure to to pass the access address, not the masked page
address into mmu_translate*().

Drop the check from testblock. So we can properly test this via
kvm-unit-tests.

This will check every access going through one of the MMUs.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20171016202358.3633-3-david@redhat.com>
[CH: restored error message for access register mode]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Halil Pasic 6bb6f19473 s390x: refactor error handling for MSCH handler
Simplify the error handling of the MSCH.  Let the code detecting the
condition tell (in a less ambiguous way) how it's to be handled. No
changes in behavior.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20171017140453.51099-8-pasic@linux.vnet.ibm.com>
[CH: fix return code for fctl != 0]
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Halil Pasic ae9f1be3bd s390x: refactor error handling for HSCH handler
Simplify the error handling of the HSCH.  Let the code detecting the
condition tell (in a less ambiguous way) how it's to be handled. No
changes in behavior.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20171017140453.51099-7-pasic@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Halil Pasic 773314426e s390x: refactor error handling for CSCH handler
Simplify the error handling of the CSCH.  Let the code detecting the
condition tell (in a less ambiguous way) how it's to be handled. No
changes in behavior.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20171017140453.51099-6-pasic@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Halil Pasic 963764081d s390x: refactor error handling for XSCH handler
Simplify the error handling of the XSCH.  Let the code detecting the
condition tell (in a less ambiguous way) how it's to be handled. No
changes in behavior.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20171017140453.51099-5-pasic@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Halil Pasic 66dc50f705 s390x: improve error handling for SSCH and RSCH
Simplify the error handling of the SSCH and RSCH handler avoiding
arbitrary and cryptic error codes being used to tell how the instruction
is supposed to end.  Let the code detecting the condition tell how it's
to be handled in a less ambiguous way.  It's best to handle SSCH and RSCH
in one go as the emulation of the two shares a lot of code.

For passthrough this change isn't pure refactoring, but changes the way
kernel reported EFAULT is handled. After clarifying the kernel interface
we decided that EFAULT shall be mapped to unit exception.  Same goes for
unexpected error codes and absence of required ORB flags.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20171017140453.51099-4-pasic@linux.vnet.ibm.com>
Tested-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
[CH: cosmetic changes]
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Igor Mammedov 32dc6aa061 s390x: move s390x_new_cpu() into board code
s390-virtio-ccw.c is the sole user of s390x_new_cpu(),
so move this helper there.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1508253203-119237-1-git-send-email-imammedo@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
Igor Mammedov ac7e4cbbab s390x: fix cpu object referrence leak in s390x_new_cpu()
object_new() returns cpu with refcnt == 1 and after realize
refcnt == 2*. s390x_new_cpu() as an owner of the first refcnt
should have released it on exit in both cases (on error and
success) to avoid it leaking. Do so for both cases.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1508247680-98800-2-git-send-email-imammedo@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
David Hildenbrand 741a4ec186 target/s390x: special handling when starting a CPU with WAIT PSW
When we try to start a CPU with a WAIT PSW, we have to take care that
TCG will actually try to continue executing instructions.

We must therefore really only unhalt the CPU if we don't have a WAIT
PSW. Also document the special order for restart interrupts, which
load a new PSW and change the state to operating.

To keep KVM working, simply don't have a look at the WAIT bit when
loading the PSW. Otherwise the behavior of a restart interrupt when
a CPU stopped would be changed.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20170928203708.9376-31-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
David Hildenbrand f74990a5d0 s390x/tcg: refactor stfl(e) to use s390_get_feat_block()
Refactor it to use s390_get_feat_block(). Directly write into the mapped
lowcore with stfl and make sure it is really only compiled if needed.

While at it, add an alignment check for STFLE and avoid
potential_page_fault() by properly restoring the CPU state.

Due to s390_get_feat_block(), we will now also indicate the
"Configuration-z-architectural-mode", which is with new SIGP code the
right thing to do.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20170928203708.9376-30-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00
David Hildenbrand 0fc60ca58a s390x/tcg: unlock NMI
Nothing hindering us anymore from unlocking the restart code (used for
NMI).

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20170928203708.9376-29-david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-10-20 13:32:10 +02:00