Commit Graph

60850 Commits

Author SHA1 Message Date
Thomas Huth
442da403ea net: Get rid of 'vlan' terminology and use 'hub' instead in the source files
'vlan' is very confusing since it does not mean something like IEEE
802.1Q, but rather emulated hubs, so let's switch to that terminology
instead.

Buglink: https://bugs.launchpad.net/qemu/+bug/658904
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-05-14 15:47:14 +08:00
Thomas Huth
af1a5c3eb4 net: Remove the deprecated "vlan" parameter
It's been marked as deprecated since QEMU v2.9.0, so that should have
been enough time for everybody to either just drop unnecessary "vlan=0"
parameters, to switch to the modern -device + -netdev syntax for connecting
guest NICs with host network backends, or to switch to the "hubport" netdev
in case hubs are really wanted instead.

Buglink: https://bugs.launchpad.net/qemu/+bug/658904
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-05-14 15:47:14 +08:00
Thomas Huth
9d94619189 net: Fix memory leak in net_param_nic()
The early exits in case of errors leak the memory allocated for nd_id.
Fix it by using a "goto out" to the cleanup at the end of the function
instead.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-05-14 15:47:12 +08:00
Peter Maydell
c74e62ee3e * Fix all next_page checks for overflow.
* Convert six targets to the translator loop.
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJa8y3rAAoJEGTfOOivfiFf2C0H/3vvTgrXUru2fNbyX/Gw/qEP
 u0V4XPb94gdjMV16oKWfOIGlCb2f7u+z3cvKFJoyiaqIHCBzK28yGkDyLHQvDeqU
 uTo4OyB2AX0MbkSjWsR3ym61RWoLCzzP3OtHGKsTGAh9+OuFKYxUBMVciLwJ9/X+
 utx7xm20vM72JOEK9g3Zf7VcVI75s5JhgLmXbwfyN5Y2M1VzGuWOO6RV3vGxJnml
 F1wwPf+9ZC61eqYWOzi1IruHmBVDi4k9xV50inDtxvLNmaKmPDcE0vq8YkrP/Vcx
 3j2FmxfUEGnc3e5OW4jtvdfn15ITKYlANkN7YMQJA7XuiaHgyXr74yh3EZzRNvI=
 =7fmA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/cota-target-pull-request' into staging

* Fix all next_page checks for overflow.
* Convert six targets to the translator loop.

# gpg: Signature made Wed 09 May 2018 18:20:43 BST
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/cota-target-pull-request: (28 commits)
  target/riscv: convert to TranslatorOps
  target/riscv: convert to DisasContextBase
  target/riscv: convert to DisasJumpType
  target/openrisc: convert to TranslatorOps
  target/openrisc: convert to DisasContextBase
  target/s390x: convert to TranslatorOps
  target/s390x: convert to DisasContextBase
  target/s390x: convert to DisasJumpType
  target/mips: convert to TranslatorOps
  target/mips: use *ctx for DisasContext
  target/mips: convert to DisasContextBase
  target/mips: convert to DisasJumpType
  target/mips: use lookup_and_goto_ptr on BS_STOP
  target/sparc: convert to TranslatorOps
  target/sparc: convert to DisasContextBase
  target/sparc: convert to DisasJumpType
  target/sh4: convert to TranslatorOps
  translator: merge max_insns into DisasContextBase
  target/mips: avoid integer overflow in next_page PC check
  target/s390x: avoid integer overflow in next_page PC check
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-11 15:41:29 +01:00
Peter Maydell
6d7cde809d Queued TCG patches
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJa8xfNAAoJEGTfOOivfiFf1FoIAI5Fs+aIvIc6hOAw4e6HnVX9
 qq4DCQq35V/EafXsvq6g3rdflVseX1L1YekHm1mzJK5+DriaSs2v26p37grQ4+r2
 jLVIji8rac5kDopdXY27bEfGZtMYFyZQ15/u+mjUIJJ+JhaaUxZE4fFeBi9GGqYw
 VPSxQgMPATQvHw7NCgB82Xdxl7Ze+Oh+wdPkbRVIb4SfhwME+HbwJsWeTvi0oYyf
 slnftOOhJVI57AnF09GGDZje9fGEb0+j10Wcp+iGkXB2PKoeGSDO0NRtJ4hE2kNB
 MJCIxauVTICXYG9ouDbGGf6+Nv2ZC7IdHw1h3ZGoPjHh8gat4JlJ3PMTP4ZAMhk=
 =NU0u
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/tcg-next-pull-request' into staging

Queued TCG patches

# gpg: Signature made Wed 09 May 2018 16:46:21 BST
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/tcg-next-pull-request:
  tcg: Limit the number of ops in a TB
  tcg/i386: Fix dup_vec in non-AVX2 codepath

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-11 14:41:38 +01:00
Richard Henderson
5cbc611107 target/m68k: Fix build Werror with gcc 8.0.1
Fedora 28 ships with the released gcc 8.

The Werror stems from the compiler finding a path through the second
switch via a missing default case in which src1 is uninitialized, and
not being able to prove that the missing default case is unreachable
due to the first switch.

Simplify the second switch to merge default with OS_LONG,
which returns directly.  This removes the unreachable path.

Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 20180508185520.23757-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-11 11:12:02 +01:00
Peter Maydell
a8a94ef726 RISC-V: QEMU 2.13 Minor Fixes
* Require libfdt when configuring for 'riscv*-softmmu'
 * Increase HTIF priority and allow zero base address
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQR8mZMOsXzYugc9Xvpr8dezV+8+TwUCWvLKRQAKCRBr8dezV+8+
 TyOrAKCBiArCoNOD0lIvSdgu8Dv7dKOUaQCeMfS/FkM9wSTOnZgOPKPEZ3xreLY=
 =wUet
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riscv/tags/riscv-qemu-2.13-minor-fixes-3' into staging

RISC-V: QEMU 2.13 Minor Fixes

* Require libfdt when configuring for 'riscv*-softmmu'
* Increase HTIF priority and allow zero base address

# gpg: Signature made Wed 09 May 2018 11:15:33 BST
# gpg:                using DSA key 6BF1D7B357EF3E4F
# gpg: Good signature from "Michael Clark <michaeljclark@mac.com>"
# gpg:                 aka "Michael Clark <mjc@sifive.com>"
# gpg:                 aka "Michael Clark <michael@metaparadigm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7C99 930E B17C D8BA 073D  5EFA 6BF1 D7B3 57EF 3E4F

* remotes/riscv/tags/riscv-qemu-2.13-minor-fixes-3:
  riscv: requires libfdt
  riscv: htif: increase the priority of the htif subregion
  riscv: spike: allow base == 0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-10 10:25:15 +01:00
Emilio G. Cota
5b4f1d2db9 target/riscv: convert to TranslatorOps
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Clark <mjc@sifive.com>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
0114db1c82 target/riscv: convert to DisasContextBase
Notes:

- Did not convert {num,max}_insns, since the corresponding code
  will go away in the next patch.

- ctx->pc becomes ctx->base.pc_next, and ctx->next_pc becomes
  ctx->pc_succ_insn.

While at it, convert the remaining tb->cflags readers to tb_cflags().

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Michael Clark <mjc@sifive.com>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
b2e32021e7 target/riscv: convert to DisasJumpType
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Michael Clark <mjc@sifive.com>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
a4fd3ec3c7 target/openrisc: convert to TranslatorOps
Notes:

- Changed the num_insns test in insn_start to check for
  dc->base.num_insns > 1, since when tb_start is first
  called in a TB, base.num_insns is already set to 1.

- Removed DISAS_NEXT from the switch in tb_stop; use
  DISAS_TOO_MANY instead.

- Added an assert_not_reached on tb_stop for DISAS_NEXT
  and the default case.

- Merged the two separate log_target_disas calls into the
  disas_log op.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
1ffa4bced0 target/openrisc: convert to DisasContextBase
While at it, set is_jmp to DISAS_NORETURN when generating
an exception.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
c88691aadd target/s390x: convert to TranslatorOps
Note: I looked into dropping dc->do_debug. However, I don't see
an easy way to do it given that TOO_MANY is also valid
when we just translate more than max_insns. Thus, the check
for do_debug in "case DISAS_PC_CC_UPDATED" would still need
additional state to know whether or not we came from
breakpoint_check.

Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by:   David Hildenbrand <david@redhat.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-s390x@nongnu.org
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
eccf741ab8 target/s390x: convert to DisasContextBase
Notes:

- Did not convert {num,max}_insns and is_jmp, since the corresponding
  code will go away in the next patch.

- Avoided a checkpatch error in use_exit_tb.

- As suggested by David, (1) Drop ctx.pc and use
  ctx.base.pc_next instead, and (2) Rename ctx.next_pc to
  ctx.pc_tmp and add a comment about it.

Acked-by: Cornelia Huck <cohuck@redhat.com>
Suggested-by: David Hildenbrand <david@redhat.com>
Reviewed-by:  David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-s390x@nongnu.org
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
21a8eced9b target/s390x: convert to DisasJumpType
The only non-trivial modification is the use of DISAS_TOO_MANY
in the same way is used by the generic translation loop.

Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-s390x@nongnu.org
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
18f440edfb target/mips: convert to TranslatorOps
Notes:

- DISAS_TOO_MANY replaces the former "break" in the translation loop.
  However, care must be taken not to overwrite a previous condition
  in is_jmp; that's why in translate_insn we first check is_jmp and
  return if it's != DISAS_NEXT.

- Added an assert in translate_insn, before exiting due to an exception,
  to make sure that is_jmp is set to DISAS_NORETURN (the exception
  generation function always sets it.)

- Added an assert for the default case in is_jmp's switch.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
12be92588c target/mips: use *ctx for DisasContext
No changes to the logic here; this is just to make the diff
that follows easier to read.

While at it, remove the unnecessary 'struct' in
'struct TranslationBlock'.

Note that checkpatch complains with a false positive:
  ERROR: space prohibited after that '&' (ctx:WxW)
  #75: FILE: target/mips/translate.c:20220:
  +    ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
                                                              ^
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
eeb3bba847 target/mips: convert to DisasContextBase
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
b28425babc target/mips: convert to DisasJumpType
Notes:

- BS_EXCP in generate_exception_err and after hen_helper_wait
  becomes DISAS_NORETURN, because we do not return after
  raising an exception.

- Some uses of BS_EXCP are misleading in that they're used
  only as a "not BS_STOP" exit condition, i.e. they have nothing
  to do with an actual exception. For those cases, define
  and use DISAS_EXIT, which is clearer. With this and the
  above change, BS_EXCP goes away completely.

- fix a comment typo (s/intetrupt/interrupt/).

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
cd314a7d01 target/mips: use lookup_and_goto_ptr on BS_STOP
The TB after BS_STOP is not fixed (e.g. helper_mtc0_hwrena
changes hflags, which ends up changing the TB flags via
cpu_get_tb_cpu_state). This requires a full lookup (i.e.
with flags) via lookup_and_goto_ptr instead of gen_goto_tb,
since the latter only looks at the PC for in-page goto's. Fix it.

Reported-by: Richard Henderson <richard.henderson@linaro.org>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
6e61bc9410 target/sparc: convert to TranslatorOps
Notes:

- Moved the cross-page check from the end of translate_insn to
  init_disas_context.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
af00be490b target/sparc: convert to DisasContextBase
Notes:

- pc and npc are left unmodified, since they can point to out-of-TB
  jump targets.

- Got rid of last_pc in gen_intermediate_code(), using base.pc_next
  instead. Only update pc_next (1) on a breakpoint (so that tb->size
  includes the insn), and (2) after reading the current instruction
  from memory. This allows us to use base.pc_next in the BP check,
  which is what the translator loop does.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
c5e6ccdf6c target/sparc: convert to DisasJumpType
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
fd1b3d3864 target/sh4: convert to TranslatorOps
This was fairly straightforward since it had already been converted
to DisasContextBase; just had to add TARGET_TOO_MANY to the switch
in tb_stop.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
b542683d77 translator: merge max_insns into DisasContextBase
While at it, use int for both num_insns and max_insns to make
sure we have same-type comparisons.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Clark <mjc@sifive.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
6cd79443d3 target/mips: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
071bd2b628 target/s390x: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: qemu-s390x@nongnu.org
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
bfe7ad5be7 target/arm: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
56371527f3 target/microblaze: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
5c433a7aac target/tilegx: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
818c187781 target/unicore32: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
4e8b44b6c2 target/xtensa: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
4302303d3c target/lm32: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Michael Walle <michael@walle.cc>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
3ac5e413c0 target/cris: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Emilio G. Cota
33572269a5 target/riscv: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reported-by: Richard Henderson <richard.henderson@linaro.org>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Clark <mjc@sifive.com>
Acked-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Michael Clark <mjc@sifive.com>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 10:12:21 -07:00
Richard Henderson
abebf92597 tcg: Limit the number of ops in a TB
In 6001f7729e we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case.  This is still
much less than the maximum forward branch distance of 32764 bytes.

Cc: qemu-stable@nongnu.org
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 08:30:57 -07:00
Peter Maydell
7eb30ef0ba tcg/i386: Fix dup_vec in non-AVX2 codepath
The VPUNPCKLD* instructions are all "non-destructive source",
indicated by "NDS" in the encoding string in the x86 ISA manual.
This means that they take two source operands, one of which is
encoded in the VEX.vvvv field. We were incorrectly treating them
as if they were destructive-source and passing 0 as the 'v'
argument of tcg_out_vex_modrm(). This meant we were always
using %xmm0 as one of the source operands, causing incorrect
results if the register allocator happened to want to use
something else. For instance the input AArch64 insn:
 DUP v26.16b, w21
which becomes TCG IR ops:
 dup_vec v128,e8,tmp2,x21
 st_vec v128,e8,tmp2,env,$0xa40
was assembled to:
0x607c568c:  c4 c1 7a 7e 86 e8 00 00  vmovq    0xe8(%r14), %xmm0
0x607c5694:  00
0x607c5695:  c5 f9 60 c8              vpunpcklbw %xmm0, %xmm0, %xmm1
0x607c5699:  c5 f9 61 c9              vpunpcklwd %xmm1, %xmm0, %xmm1
0x607c569d:  c5 f9 70 c9 00           vpshufd  $0, %xmm1, %xmm1
0x607c56a2:  c4 c1 7a 7f 8e 40 0a 00  vmovdqu  %xmm1, 0xa40(%r14)
0x607c56aa:  00

when the vpunpcklwd insn should be "%xmm1, %xmm1, %xmm1".
This resulted in our incorrectly setting the output vector to
q26=0000320000003200:0000320000003200
when given an input of x21 == 0000000002803200
rather than the expected all-zeroes.

Pass the correct source register number to tcg_out_vex_modrm()
for these insns.

Fixes: 770c2fc7bb
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180504153431.5169-1-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-05-09 08:30:57 -07:00
KONRAD Frederic
a666409f0d
riscv: requires libfdt
When compiling on a machine without libfdt installed the configure script
should try to get libfdt from the git or should die because otherwise
CONFIG_LIBFDT is not set and the build process end in an error in the link
phase.. eg:

hw/riscv/virt.o: In function `riscv_virt_board_init':
qemu/src/hw/riscv/virt.c:317: undefined reference to `qemu_fdt_setprop_cell'
qemu/src/hw/riscv/virt.c:319: undefined reference to `qemu_fdt_setprop_cell'
qemu/src/hw/riscv/virt.c:345: undefined reference to `qemu_fdt_dumpdtb'
collect2: error: ld returned 1 exit status
make[1]: *** [qemu-system-riscv64] Error 1
make: *** [subdir-riscv64-softmmu] Error 2

Cc: qemu-stable@nongnu.org
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Clark <mjc@sifive.com>
Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Michael Clark <mjc@sifive.com>

Message-Id: <1525360636-18229-4-git-send-email-frederic.konrad@adacore.com>
2018-05-09 22:14:28 +12:00
KONRAD Frederic
6fad7d1893
riscv: htif: increase the priority of the htif subregion
The htif device is supposed to be mapped over an other subregion. So increase
its priority to one to avoid any conflict.

Here is the output of info mtree:

Before:
(qemu) info mtree
 address-space: memory
   0000000000000000-ffffffffffffffff (prio 0, i/o): system
     0000000000000000-000000000000000f (prio 0, i/o): riscv.htif.uart
     0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
     0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
     0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram

 address-space: I/O
   0000000000000000-000000000000ffff (prio 0, i/o): io

 address-space: cpu-memory-0
   0000000000000000-ffffffffffffffff (prio 0, i/o): system
     0000000000000000-000000000000000f (prio 0, i/o): riscv.htif.uart
     0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
     0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
     0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram

After:
 (qemu) info mtree
 address-space: memory
   0000000000000000-ffffffffffffffff (prio 0, i/o): system
     0000000000000000-000000000000000f (prio 1, i/o): riscv.htif.uart
     0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
     0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
     0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram

 address-space: I/O
   0000000000000000-000000000000ffff (prio 0, i/o): io

 address-space: cpu-memory-0
   0000000000000000-ffffffffffffffff (prio 0, i/o): system
     0000000000000000-000000000000000f (prio 1, i/o): riscv.htif.uart
     0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
     0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
     0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram

Reviewed-by: Michael Clark <mjc@sifive.com>
Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Michael Clark <mjc@sifive.com>

Message-Id: <1525360636-18229-3-git-send-email-frederic.konrad@adacore.com>
2018-05-09 07:57:46 +12:00
KONRAD Frederic
17b9751e85
riscv: spike: allow base == 0
The sanity check on base doesn't allow htif to be mapped @0. Check if the
symbol exists instead so we can map it where we want.

Reviewed-by: Michael Clark <mjc@sifive.com>
Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Michael Clark <mjc@sifive.com>

Message-Id: <1525360636-18229-2-git-send-email-frederic.konrad@adacore.com>
2018-05-09 07:57:32 +12:00
Peter Maydell
e5cd695266 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJa8b++AAoJEL2+eyfA3jBXtLwP/imBRBHjruK9LWH56wQPUBjS
 DHqObGRuN3wthq2NxfhsInV0b7XbJ94V5n0n8/L0KR8u533JEd/vgONNHi+KBJdI
 we/Idv+UWpbr95aXmPgHYn0bWroKd6roke31h/MuPhAB4gxQRE2P8H7Mi5wu2DYj
 VJRHEKJabaE1wIYFI+4yL/vbxDqxIaDHAannx1MhM4VusnRoc5kOZTtxIYWPQXtj
 X6BiytL6d4SqCBFaeZu77vf3xLBd2cSCAvZeGpj7tRQ1MxEd4Am/V5YCtaQtYiu1
 5668g+8Im1PBDrjBUu2zspmDhDde9xjDwqJSiqLlU54zyK+04/0ivR0iWg73qrf1
 N0C00Q3XeBfPz6vHZiYWy8e7JRWGOZrjr6YNy6t///GuPJphr4uJyrnKmyjxv/TZ
 StSvmg2KYa12yvlHRr7Se4kfGFwZ+GBOc2+oj1Nh0qCZledKk6nf8nsZqvn5hetr
 Tn5rQPyf2zcDmKKKp5HOyGQOQEt+d2yREzHItLDamrCLGslo1pRXk8NX3jySVKEr
 hvzunyOo4X9oL8x6YYUemsppIOEcnWi7YaCKekaOXAII8MgmlvMQzkqvs0at7zGa
 a6XC0ZWlV2oAX8g+bgGJ+WKre6VkpSkFh7G57fwzUs0NxkaXKm1+nCLTkQ55+DbH
 8xRQq+03BjIKEMwy2+Qx
 =eOou
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging

# gpg: Signature made Tue 08 May 2018 16:18:22 BST
# gpg:                using RSA key BDBE7B27C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"
# Primary key fingerprint: 9957 4B4D 3474 90E7 9D98  D624 BDBE 7B27 C0DE 3057

* remotes/cody/tags/block-pull-request:
  sheepdog: Fix sd_co_create_opts() memory leaks
  iotests: Add test for cancelling a mirror job
  block/mirror: Make cancel always cancel pre-READY
  block/mirror: honor ratelimit again

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 17:05:58 +01:00
Kevin Wolf
a2cb9239b7 sheepdog: Fix sd_co_create_opts() memory leaks
Both the option string for the 'redundancy' option and the
SheepdogRedundancy object that is created accordingly could be leaked in
error paths. This fixes the memory leaks.

Reported by Coverity (CID 1390614 and 1390641).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 20180503153509.22223-1-kwolf@redhat.com
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-05-08 10:47:27 -04:00
Max Reitz
dc885fff97 iotests: Add test for cancelling a mirror job
We already have an extensive mirror test (041) which does cover
cancelling a mirror job, especially after it has emitted the READY
event.  However, it does not check what exact events are emitted after
block-job-cancel is executed.  More importantly, it does not use
throttling to ensure that it covers the case of block-job-cancel before
READY.

It would be possible to add this case to 041, but considering it is
already our largest test file, it makes sense to create a new file for
these cases.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20180501220509.14152-3-mreitz@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-05-08 10:47:27 -04:00
Max Reitz
eb36639f7b block/mirror: Make cancel always cancel pre-READY
Commit b76e4458b1 made the mirror block
job respect block-job-cancel's @force flag: With that flag set, it would
now always really cancel, even post-READY.

Unfortunately, it had a side effect: Without that flag set, it would now
never cancel, not even before READY.  Considering that is an
incompatible change and not noted anywhere in the commit or the
description of block-job-cancel's @force parameter, this seems
unintentional and we should revert to the previous behavior, which is to
immediately cancel the job when block-job-cancel is called before source
and target are in sync (i.e. before the READY event).

Cc: qemu-stable@nongnu.org
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1572856
Reported-by: Yanan Fu <yfu@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20180501220509.14152-2-mreitz@redhat.com
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-05-08 10:47:27 -04:00
Stefan Hajnoczi
ddc4115efd block/mirror: honor ratelimit again
Commit b76e4458b1 ("block/mirror: change
the semantic of 'force' of block-job-cancel") accidentally removed the
ratelimit in the mirror job.

Reintroduce the ratelimit but keep the block-job-cancel force=true
behavior that was added in commit
b76e4458b1.

Note that block_job_sleep_ns() returns immediately when the job is
cancelled.  Therefore it's safe to unconditionally call
block_job_sleep_ns() - a cancelled job does not sleep.

This commit fixes the non-deterministic qemu-iotests 185 output.  The
test relies on the ratelimit to make the job sleep until the 'quit'
command is processed.  Previously the job could complete before the
'quit' command was received since there was no ratelimit.

Cc: Liang Li <liliang.opensource@gmail.com>
Cc: Jeff Cody <jcody@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20180424123527.19168-1-stefanha@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-05-08 10:47:27 -04:00
Peter Maydell
cc8f8ba754 Machine queue, 2018-05-07
* pc-dimm: factor out MemoryDevice
   (virtio-pmem and virtio-mem will make use of the new abstraction later)
 * scripts/device-crash-test: Removed fixed CAN entries
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJa8IZ2AAoJECgHk2+YTcWmmD0P/2Lddw+ilGhGS/CWarq4uLSF
 ILtEMwNgbJeJAEza6IQx/IIuUER3H5UcxgZhO49nELpurobhl5yW9JKP1qjH9z9i
 7hVPORGioiyGkjgjbm8jWtljePAloTIwEiIcrqYkVHpWDCUJaZ7SES2VQL7ltY/W
 AU3uSFQQMDfVqr/MXDxZq084wFK3Jm2aIE+p8a0MF7B+29RSHdFU9iKysCC1Wu/1
 AllXCkQ4yWHCGoSRBfzFz9EWBb4VlzM+VNj9nhHu75zdF3hm7J05yIiGuZLiOjmB
 MDOkvKhSeXNj+21mXVLmSxkfI65z6jrq3aI7iTp4+orrd2SCXoHsOZoj4Q2cRSnw
 kJlY62+p85H9NYIKTgMCM/oURpL2ZnqPKmCto1NRFywSBGLXll2weyKpX9ByvXe2
 gL8hqra/K8eUPW4zSsPYbbN1b16EnK4MY2nkYvG0Y/aAXGZF6V9zQwKNT4/F5GyY
 SRMC4c2OtQOgZNDSuPdgZ5Lu5PXfetvvcqWCj0tXNdaScOp6Omsc/i/YCUtu6r/3
 IbBIclJ+K5aD+U4QP4DKZ+DJbEkIGMU4pSHgR2i8bK7MmoJpJcAIB1mL5nA/TknP
 /RVgtnP7gVbfGIVVwjUw9bMurvOti4PBp0/DxC/VqUqGs9e8avE1yb9grVJdj/jA
 oEGJ6EIsmO1URbk1+f93
 =Hhge
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine queue, 2018-05-07

* pc-dimm: factor out MemoryDevice
  (virtio-pmem and virtio-mem will make use of the new abstraction later)
* scripts/device-crash-test: Removed fixed CAN entries

# gpg: Signature made Mon 07 May 2018 18:01:42 BST
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  scripts/device-crash-test: Removed fixed CAN entries
  vl: allow 'maxmem' without 'slot'
  spapr: rename "hotplug memory" terminology to "device memory"
  pc: rename "hotplug memory" terminology to "device memory"
  machine: rename MemoryHotplugState to DeviceMemoryState
  pc-dimm: move actual plug/unplug of a memory region to MemoryDevice
  pc-dimm: factor out capacity and slot checks into MemoryDevice
  pc-dimm: factor out address search into MemoryDevice code
  pc-dimm: pass in the machine and to the MemoryHotplugState
  pc-dimm: no need to pass the memory region
  machine: make MemoryHotplugState accessible via the machine
  pc-dimm: factor out MemoryDevice interface

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 15:25:17 +01:00
Peter Maydell
d01beac177 qxl: fix local renderer crash
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJa8CHJAAoJEEy22O7T6HE4pyAP/2toRs2qXKXjYpLmgiuVdbq9
 lB1przwVXyHWSQYjXcQWCe0ZuIip7JWX8u0ccP4k6rDZVEaWPeLJlHjxLDl/U0hx
 jBZOPuO0Lch9OAELZOnkdrUwttNOkjTLkRW6LXWzdch5w5xIz6vJIHT6g0lmUcdu
 DXTTIShB7br3QdeG6R8SdGFxGTOu6iwBKErAgOl8cCqM1vRQGGvjxauHwsZjk5mq
 RWZ6e8PyOpHF71wxDT+rQD0f/m9yoCIkQ9ipBvb3KRoiFVxfKrRd4qCc7GR9KCwe
 4XAS80absO4BI9kSGFKRvljaDkVO/E/Mbg1TdS9+7dZFeZNniBDPTtInMyjZxDrd
 JgBxDchgB6ba7Lvby8UePKb39KT5ii6CVwtBUAXA8IVWlNeyp/AYVuy/WsjZ/RJZ
 +NcRbhBw0EN983SE9Ta7vG+Od7JpotVSqawksuInPhfgezND/r08VkxGLQ5hihIe
 26WsG423gLAGSdTV5ahGQwctzW85ChdDgKOGO5+MeoYqmU6daIsQ+zQ+rjqmmRmR
 TLboHwvVlZzhig5aPF2FNA7j5s3UYR/iirOOR07DjiscFppFg85K9EuYndFlvznm
 mfZmM3tu44yOSslkbOgYVDlIA5+lefao7Hy9bnaTOohkUhQ2wxk1DdCrXgT6PKyq
 9xkD9gu42I24kqZy8m4J
 =jtMg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180507-pull-request' into staging

qxl: fix local renderer crash

# gpg: Signature made Mon 07 May 2018 10:52:09 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180507-pull-request:
  qxl: fix local renderer crash

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 14:23:02 +01:00
Peter Maydell
3add3f7edc RISC-V: QEMU 2.13 Privileged ISA emulation updates
Several code cleanups, minor specification conformance changes,
 fixes to make ROM read-only and add device-tree size checks.
 
 * Honour privileged ISA v1.10 counter enable CSRs.
 * Implements WARL behavior for CSRs that don't support writes
   * Past behavior of raising traps was non-conformant
     with the RISC-V Privileged ISA Specification v1.10.
 * Allow S-mode access to sstatus.MXR when priv ISA >= v1.10
 * Sets mtval/stval to zero on exceptions without addresses
   * Past behavior of leaving the last value was non-conformant
     with the RISC-V Privileged ISA Specition v1.10. mtval/stval
     must be set on all exceptions; to zero if not supported.
 * Make ROMs read-only and implement device-tree size checks
   * Uses memory_region_init_rom and rom_add_blob_fixed_as
 * Adds hexidecimal instruction bytes to disassembly output.
 * Fixes missing break statement for rv128 disassembly.
 * Several code cleanups
   * Replacing hard-coded constants with enums
   * Dead-code elimination
 
 This is an incremental pull that contains 20 reviewed changes out
 of 38 changes currently queued in the qemu-2.13-for-upstream branch.
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQR8mZMOsXzYugc9Xvpr8dezV+8+TwUCWu496QAKCRBr8dezV+8+
 T1ZEAJ4wQRHZtn4suN5yMEHQMA2FkX1iNACgiYWLtcNcgoa88eaTcJJJu4QZryY=
 =I2wf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riscv/tags/riscv-qemu-2.13-pull-20180506' into staging

RISC-V: QEMU 2.13 Privileged ISA emulation updates

Several code cleanups, minor specification conformance changes,
fixes to make ROM read-only and add device-tree size checks.

* Honour privileged ISA v1.10 counter enable CSRs.
* Implements WARL behavior for CSRs that don't support writes
  * Past behavior of raising traps was non-conformant
    with the RISC-V Privileged ISA Specification v1.10.
* Allow S-mode access to sstatus.MXR when priv ISA >= v1.10
* Sets mtval/stval to zero on exceptions without addresses
  * Past behavior of leaving the last value was non-conformant
    with the RISC-V Privileged ISA Specition v1.10. mtval/stval
    must be set on all exceptions; to zero if not supported.
* Make ROMs read-only and implement device-tree size checks
  * Uses memory_region_init_rom and rom_add_blob_fixed_as
* Adds hexidecimal instruction bytes to disassembly output.
* Fixes missing break statement for rv128 disassembly.
* Several code cleanups
  * Replacing hard-coded constants with enums
  * Dead-code elimination

This is an incremental pull that contains 20 reviewed changes out
of 38 changes currently queued in the qemu-2.13-for-upstream branch.

# gpg: Signature made Sun 06 May 2018 00:27:37 BST
# gpg:                using DSA key 6BF1D7B357EF3E4F
# gpg: Good signature from "Michael Clark <michaeljclark@mac.com>"
# gpg:                 aka "Michael Clark <mjc@sifive.com>"
# gpg:                 aka "Michael Clark <michael@metaparadigm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7C99 930E B17C D8BA 073D  5EFA 6BF1 D7B3 57EF 3E4F

* remotes/riscv/tags/riscv-qemu-2.13-pull-20180506:
  RISC-V: Mark ROM read-only after copying in code
  RISC-V: No traps on writes to misa,minstret,mcycle
  RISC-V: Make mtvec/stvec ignore vectored traps
  RISC-V: Add mcycle/minstret support for -icount auto
  RISC-V: Use [ms]counteren CSRs when priv ISA >= v1.10
  RISC-V: Allow S-mode mxr access when priv ISA >= v1.10
  RISC-V: Clear mtval/stval on exceptions without info
  RISC-V: Hardwire satp to 0 for no-mmu case
  RISC-V: Update E and I extension order
  RISC-V: Remove erroneous comment from translate.c
  RISC-V: Remove EM_RISCV ELF_MACHINE indirection
  RISC-V: Make virt header comment title consistent
  RISC-V: Make some header guards more specific
  RISC-V: Fix missing break statement in disassembler
  RISC-V: Include instruction hex in disassembly
  RISC-V: Remove unused class definitions
  RISC-V: Remove identity_translate from load_elf
  RISC-V: Use ROM base address and size from memmap
  RISC-V: Make virt board description match spike
  RISC-V: Replace hardcoded constants with enum values

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 13:34:03 +01:00
Peter Maydell
302a84e878 usb: fixes for mtp and host.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJa8B/6AAoJEEy22O7T6HE4ZQcP+waDHAjd4RKtEz9ifgjKlpNQ
 8EyXp/fmD0tVyuFO/nnU89tQOAWj9PkSAkVfPVSyCCqL0wSr7kIGtlInVHFLJniW
 IU6wpVSWlItz1Hof5giu5REpdFA/vpTv0EVgV85QEpfMNo2xe2zx90KLe74qaHqf
 P7N/o/HTp2ZZA//UtcbLMUDa/2krQVFaVCzr4bjr1otiaRAOBIb3fZg/qvfkyxxU
 o9QCfmHm2BuuWjeQ7tJWQKbnvlHahkDPGxUWRb+MVlG0X1s9A/bZ7pMx4yCqkW1z
 EYVA2+9zy/JLDXNYCyQb+fDE6RQUbnkNy0KAKjJ5FGPeINwNtEyhfM+VhY1pUTDh
 TeeKoqJrK1lBqN9oKVSY8kK5PkDXrPD5JWoK5Zm6xrCgygXf+7fsVYWE4cTgbYuS
 IzdhtRctD286bE8rPSwm2mDra8PgTL2ahY8k5nVf7yye5QeF0tDN0UwPMe1JQzQ8
 4WQb5XMpgmHJoy0avTqM4mIZI32d6T1o8CtCcSAC82sWHdLTNtrDYQZqY8aLmISp
 Q7TdZF0DL9juKI4u94pwQGie0cYQOzXedlxCpYrRyqcln1/BTf00KIewgIINGXhQ
 Hqenf2kr+L6a/7Gb39YScrDIm28anxg+ESypFlv7LhRo9d3rBtJ0AFQM1m4egXFe
 2fDuEtyyFBbangZM7vkh
 =uG6k
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180507-pull-request' into staging

usb: fixes for mtp and host.

# gpg: Signature made Mon 07 May 2018 10:44:26 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20180507-pull-request:
  usb-host: skip open on pending postload bh
  usb-mtp: Unconditionally check for the readonly bit
  usb-mtp: Add some NULL checks for issues pointed out by coverity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 12:02:18 +01:00
Greg Kurz
2fb513d3b1 ppc: e500: use g_strdup_printf() instead of snprintf()
qemu-system-ppc fails to build with GCC 8.0.1:

/home/hsp/src/qemu-master/hw/ppc/e500.c: In function ‘ppce500_load_device_tree’:
/home/hsp/src/qemu-master/hw/ppc/e500.c:442:37: error: ‘/pic@’
directive output may be truncated writing 5 bytes into a region of
size between 1 and 128 [-Werror=format-truncation=]
     snprintf(mpic, sizeof(mpic), "%s/pic@%llx", soc, MPC8544_MPIC_REGS_OFFSET);
                                     ^~~~~
In file included from /usr/include/stdio.h:862,
                 from /home/hsp/src/qemu-master/include/qemu/osdep.h:68,
                 from /home/hsp/src/qemu-master/hw/ppc/e500.c:17:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’
output between 11 and 138 bytes into a destination of size 128
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/hsp/src/qemu-master/hw/ppc/e500.c:470:39: error:
‘/global-utilities@’ directive output may be truncated writing 18
bytes into a region of size between 1 and 128
[-Werror=format-truncation=]
     snprintf(gutil, sizeof(gutil), "%s/global-utilities@%llx", soc,
                                       ^~~~~~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:862,
                 from /home/hsp/src/qemu-master/include/qemu/osdep.h:68,
                 from /home/hsp/src/qemu-master/hw/ppc/e500.c:17:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’
output between 24 and 151 bytes into a destination of size 128
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/hsp/src/qemu-master/hw/ppc/e500.c:477:36: error: ‘/msi@’
directive output may be truncated writing 5 bytes into a region of
size between 0 and 127 [-Werror=format-truncation=]
     snprintf(msi, sizeof(msi), "/%s/msi@%llx", soc, MPC8544_MSI_REGS_OFFSET);
                                    ^~~~~
In file included from /usr/include/stdio.h:862,
                 from /home/hsp/src/qemu-master/include/qemu/osdep.h:68,
                 from /home/hsp/src/qemu-master/hw/ppc/e500.c:17:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’
output between 12 and 139 bytes into a destination of size 128
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix this by converting e500 to use g_strdup_printf()+g_free() instead
of snprintf(). This is done globally, even for call sites that don't
break build, since this is the preferred practice in QEMU.

Reported-by: Howard Spoelstra <hsp.cat7@gmail.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 152568372989.443627.900708381919207053.stgit@bahia.lan
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-08 12:00:54 +01:00