Commit Graph

20558 Commits

Author SHA1 Message Date
Peter Maydell
a57946ff2a VFIO updates 2018-03-13
- Display support for vGPUs (Gerd Hoffmann)
 
  - Enable new kernel support for mmaps overlapping MSI-X vector table,
    disable MSI-X emulation on POWER (Alexey Kardashevskiy)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJaqCshAAoJECObm247sIsivFQP/3Y0e0mW4fbf1Z0uRiduZ3Bh
 bAKD52n8Id3alAmelo1P7OUS8LP0vdw9lLAJz9m3VB+Nvye0XewFn0/9SVLnL022
 aCBIj9cGg57hraTd6PUfsfG8T1HryDeQqE/PRIYEaqf9htBZ51VM2EY3+n2O7Bcy
 TVDnac0IOaWb8FrXK+lGpLP6dPFQ0Z+mhkAvDR7v7FZGEy000D71+gKOe4aIAMib
 X/NJa42O1x9cbDE39AEpVMub/QYwtRD/HkcZwNylyY4YKIjsMtxPYYz2Ndt+wm0r
 e21s/4iy2a1HXen4OBc2KAnpVoZyGnXya6KZ0dzirt8Q1dK606Az/HxifVb/CJQZ
 L10NSfYTWNPfPlf0gYZmPlZeZDuNeZaHi8bZGqTquL4AAOTdqtQOMEoT+68qd74s
 00B9XrA2Jmjvpya2pHQSqvAsuSqZ1E2iRMGMC9r/+UYb54OnXnrl9fOw/TtbrLMm
 isbB1Ll0hDcJvacikYJ5ck+lGrFLHbYpWtBIrokBHbw9fwl1I9aY5MloBYZwmcTz
 e65L7M4MvA/y6gSlCi6DS1fmdZ5ecNnBkuW6YseDI884P4c4+YDMOhs/B/rO16v6
 In2fSWvb+DSuAPmn+6QDV0msJg34J2oykbKcdDK7F1g7By/yDNVVgHPoWhi4EGBA
 u09A/2nM0VwhXYNrElJI
 =LVMf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20180313.0' into staging

VFIO updates 2018-03-13

 - Display support for vGPUs (Gerd Hoffmann)

 - Enable new kernel support for mmaps overlapping MSI-X vector table,
   disable MSI-X emulation on POWER (Alexey Kardashevskiy)

# gpg: Signature made Tue 13 Mar 2018 19:48:49 GMT
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-update-20180313.0:
  ppc/spapr, vfio: Turn off MSIX emulation for VFIO devices
  vfio-pci: Allow mmap of MSIX BAR
  vfio/pci: Relax DMA map errors for MMIO regions
  vfio/display: adding dmabuf support
  vfio/display: adding region support
  vfio/display: core & wireup
  vfio/common: cleanup in vfio_region_finalize
  secondary-vga: properly close QemuConsole on unplug
  console: minimal hotplug suport
  ui/pixman: add qemu_drm_format_to_pixman()
  standard-headers: add drm/drm_fourcc.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-16 09:51:47 +00:00
Peter Maydell
5bdd374347 * Migrate MSR_SMI_COUNT (Liran)
* Update kernel headers (Gerd, myself)
 * SEV support (Brijesh)
 
 I have not tested non-x86 compilation, but I reordered the SEV patches
 so that all non-x86-specific changes go first to catch any possible
 issues (which weren't there anyway :)).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJap/4yAAoJEL/70l94x66DmPoH/igfzYkxFyIHFqzb/hQEut3e
 IJA05u9DBSqqdSvL0UeLdUgyJTeDM3S5kKZqZ38BPHIudwOGtydoIM2utWtPSejf
 Z+mS77+dSgchEMgf1gxmD0oZ5TrO/2pdOYfaZZuQuGmGLruKsDgz6vH3F87cfk8b
 yJSJkoZkFc8C9SpwQERWYuhXn2fYFxSBFgEMc9xSFN+zqQUFqeIfOJhwZ+txjAUl
 y1EKlhhVyjkxTLR++SkzhKIJ8D5cycpcY/H19gw3ghHviY/tGwNLot3bLRPbwCM6
 QvrXDf4rhvFHTmmOfliCI5y6Xgj0u7IZv2fVoKXEtKk1qyfyD4ZnouYTaqP/U9I=
 =Q4/y
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-sev' into staging

* Migrate MSR_SMI_COUNT (Liran)
* Update kernel headers (Gerd, myself)
* SEV support (Brijesh)

I have not tested non-x86 compilation, but I reordered the SEV patches
so that all non-x86-specific changes go first to catch any possible
issues (which weren't there anyway :)).

# gpg: Signature made Tue 13 Mar 2018 16:37:06 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream-sev: (22 commits)
  sev/i386: add sev_get_capabilities()
  sev/i386: qmp: add query-sev-capabilities command
  sev/i386: qmp: add query-sev-launch-measure command
  sev/i386: hmp: add 'info sev' command
  cpu/i386: populate CPUID 0x8000_001F when SEV is active
  sev/i386: add migration blocker
  sev/i386: finalize the SEV guest launch flow
  sev/i386: add support to LAUNCH_MEASURE command
  target/i386: encrypt bios rom
  sev/i386: add command to encrypt guest memory region
  sev/i386: add command to create launch memory encryption context
  sev/i386: register the guest memory range which may contain encrypted data
  sev/i386: add command to initialize the memory encryption context
  include: add psp-sev.h header file
  sev/i386: qmp: add query-sev command
  target/i386: add Secure Encrypted Virtualization (SEV) object
  kvm: introduce memory encryption APIs
  kvm: add memory encryption context
  docs: add AMD Secure Encrypted Virtualization (SEV)
  machine: add memory-encryption option
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-15 16:49:30 +00:00
Alexey Kardashevskiy
fcad0d2121 ppc/spapr, vfio: Turn off MSIX emulation for VFIO devices
This adds a possibility for the platform to tell VFIO not to emulate MSIX
so MMIO memory regions do not get split into chunks in flatview and
the entire page can be registered as a KVM memory slot and make direct
MMIO access possible for the guest.

This enables the entire MSIX BAR mapping to the guest for the pseries
platform in order to achieve the maximum MMIO preformance for certain
devices.

Tested on:
LSI Logic / Symbios Logic SAS3008 PCI-Express Fusion-MPT SAS-3 (rev 02)

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:31 -06:00
Alexey Kardashevskiy
ae0215b2bb vfio-pci: Allow mmap of MSIX BAR
At the moment we unconditionally avoid mapping MSIX data of a BAR and
emulate MSIX table in QEMU. However it is 1) not always necessary as
a platform may provide a paravirt interface for MSIX configuration;
2) can affect the speed of MMIO access by emulating them in QEMU when
frequently accessed registers share same system page with MSIX data,
this is particularly a problem for systems with the page size bigger
than 4KB.

A new capability - VFIO_REGION_INFO_CAP_MSIX_MAPPABLE - has been added
to the kernel [1] which tells the userspace that mapping of the MSIX data
is possible now. This makes use of it so from now on QEMU tries mapping
the entire BAR as a whole and emulate MSIX on top of that.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a32295c612c57990d17fb0f41e7134394b2f35f6

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:31 -06:00
Alexey Kardashevskiy
567b5b309a vfio/pci: Relax DMA map errors for MMIO regions
At the moment if vfio_memory_listener is registered in the system memory
address space, it maps/unmaps every RAM memory region for DMA.
It expects system page size aligned memory sections so vfio_dma_map
would not fail and so far this has been the case. A mapping failure
would be fatal. A side effect of such behavior is that some MMIO pages
would not be mapped silently.

However we are going to change MSIX BAR handling so we will end having
non-aligned sections in vfio_memory_listener (more details is in
the next patch) and vfio_dma_map will exit QEMU.

In order to avoid fatal failures on what previously was not a failure and
was just silently ignored, this checks the section alignment to
the smallest supported IOMMU page size and prints an error if not aligned;
it also prints an error if vfio_dma_map failed despite the page size check.
Both errors are not fatal; only MMIO RAM regions are checked
(aka "RAM device" regions).

If the amount of errors printed is overwhelming, the MSIX relocation
could be used to avoid excessive error output.

This is unlikely to cause any behavioral change.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[aw: Fix Int128 bit ops]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:30 -06:00
Gerd Hoffmann
8b818e059b vfio/display: adding dmabuf support
Wire up dmabuf-based display.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:30 -06:00
Gerd Hoffmann
00195ba710 vfio/display: adding region support
Wire up region-based display.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed By: Kirti Wankhede <kwankhede@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:30 -06:00
Gerd Hoffmann
a9994687cb vfio/display: core & wireup
Infrastructure for display support.  Must be enabled
using 'display' property.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed By: Kirti Wankhede <kwankhede@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:29 -06:00
Gerd Hoffmann
92f86bff08 vfio/common: cleanup in vfio_region_finalize
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed by: Kirti Wankhede <kwankhede@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:29 -06:00
Gerd Hoffmann
fc70514ccf secondary-vga: properly close QemuConsole on unplug
Using the new graphic_console_close() function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-13 11:17:29 -06:00
Brijesh Singh
952e0668c4 target/i386: encrypt bios rom
SEV requires that guest bios must be encrypted before booting the guest.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-13 17:36:05 +01:00
Brijesh Singh
db5881949f machine: add memory-encryption option
When CPU supports memory encryption feature, the property can be used to
specify the encryption object to use when launching an encrypted guest.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-13 12:04:03 +01:00
Peter Maydell
1396156f50 usbredir: reorder fields in USBRedirDevice to reduce padding
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJapl7vAAoJEEy22O7T6HE4WeMQAIEEyKiIY9KemRRUPskcAJrs
 IOC+FK+9GulAqOm09ISm4BJN5fMNh3R/shPNqPm0WjORdnSBxF9SHQ/85HkodMCW
 phnPUeMjMTD140F7UckFnvkgbpJWQUq8McmeMKGhoUM3IlaJ5xDIttRwG9qJXjQo
 xljdzwh5ZQ6SS2lHCwZqlrWzwiP1rlGaA40nnIZG2u+CTeitfSyq5830sJnSC0Yr
 /zhmP9MzPgYPD/0bsY9v3KWdtj9BZ+2UrhPXaiDQNNQCYFmoVpqLmwC+1feVlBaO
 CjGeoBKP3opTGxXryi0oy22am32mcqxt7ZU8EZeky0l3aOdQPhMQNBxrwfxGlVyt
 yU33t/7KmQ95Wspyi6y8s1/Q4N5+wLRWWMXQyZZkuOfN6jk2hf+4koLL1X5L6zTg
 OU9GFyvwMFzCo7vTqmmWeXgcnja9Tu4LRttfrDsnpV2ZTcWCvWToBkdzhAVbosYA
 tjvvcXtl+Fg4p7lQaCHotGu6MUJsoOa0zxwkUnb1E+FZaYW5eBLB9+bg4f/yAKvO
 AVdvI7w0KMaLfpTw2DWk/CoyVYd9Vq3VQfTrVtfsqQcw3ovuTfPyZjMlcIpptjMi
 MRH0Y87mRhHVEzFXl/O5LEcr3NP9xBQ/nqPpkfCMqE7MYfR+QZZaoS54DIpkwq9/
 4yDaihdZ+BnP3Qi/+OGY
 =vv6O
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180312-pull-request' into staging

usbredir: reorder fields in USBRedirDevice to reduce padding

# gpg: Signature made Mon 12 Mar 2018 11:05:19 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20180312-pull-request:
  usbredir: reorder fields in USBRedirDevice to reduce padding

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-12 19:40:44 +00:00
Peter Maydell
fb5fff1588 7cdc61becd vga: fix region calculation
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJapl2MAAoJEEy22O7T6HE49uEP/1CDmBqVzijc+2hjygDNb5Fr
 bMyzosvXaKQKsV7W01eB7QzrQInfpmR1SppkKJVLvMd/26WbxZJr9NO583uDAFdF
 9XVq6Ihvr7agd1Vd7e0jieGi4v3KHXJTCLQ2f1sjfal0oj5w4mrl50QvRKqfbVyp
 dL7Hj/3ru0pY9qZ6tBYyb27NHijf0HjVstd7q8RRqlbT02D4yu3a4djxBP412T+v
 YVPJPJLensgkfm5+h2j9Gcyg913BKZwlYPvWHoUKFPVvpK3zpE0wIfeTPlXcJe1W
 sBy0/AMyJDG/MzZVLhglVq5aCJ3XH7qwqR26UQGlfMLfYsjC5SSZd4AplLBgXlIw
 1Zoszjxutv1brQkHIXebEx+7GNAot+xhd1PEDzmoHN9RUH3xGK8zl0hgU9bUpbBf
 pYsqImoEeb1bahTq39lW3ZgKw2h3eodBULihKz87ht08kFodMIODt6BD7c3V/CqP
 hqEUZO62nQZ3PkWwQkkiCWru5czA80rBvcIsnUJHwCvkSC0YvaduDJ0wFWBeRkyW
 yGZzxK9hnMaej1q/WlC/8IkSOOIfHfyMuGDH1e9Ua79XLuglzQnrzn+t1tG1Q3sx
 4sdHeCPlqSFjFM1cJYuWW8UaTJIEbj7CQBAYBeh+StRHlZBWXygrEOxB49pwEkXO
 eT3YLOSjjk1rD2VMaSoB
 =IZPD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180312-pull-request' into staging

7cdc61becd vga: fix region calculation

# gpg: Signature made Mon 12 Mar 2018 10:59:24 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180312-pull-request:
  vga: fix region calculation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-12 18:35:37 +00:00
Peter Maydell
5df089564b target-arm queue:
* i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board
  * Report the correct core count in A53 L2CTLR on the ZynqMP board
  * linux-user: preliminary SVE support work (signal handling)
  * hw/arm/boot: fix memory leak in case of error loading ELF file
  * hw/arm/boot: avoid reading off end of buffer if passed very
    small image file
  * hw/arm: Use more CONFIG switches for the object files
  * target/arm: Add "-cpu max" support
  * hw/arm/virt: Support -machine gic-version=max
  * hw/sd: improve debug tracing
  * hw/sd: sdcard: Add the Tuning Command (CMD 19)
  * MAINTAINERS: add Philippe as odd-fixes maintainer for SD
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaosNHAAoJEDwlJe0UNgzexcoP/RHqkdKk91Dzg4MirndihMrJ
 nCu4n1J68uEOt79SlS4ES+EVKmfPvo2DP94Kp8L4bjqiHuvSMQfjX7YnPzCvQKOC
 Idz4BklbjYg3QP+UWFysoHvv5vXvytRhwu6LeVoTgebpBIwvKKyQh/89mwp1hKRm
 ZkpdkTRP2lsQUCG36kYUiAyhcJH+9nxQBtecfYjpzKsQg49Piltt999l9c8VzTfw
 yY72rEw4vFKFUjHfkbi0m2lPhZWIwGMoU0/qFNfIrMRi4vp6WDeQaRYgDgxpGfwy
 ZCbHVQeuQg87xD48HQMoQO+F3iaCvbjllDKnqAL80W8NreAyKJX8e8Cz9FD2k0n5
 RvDeQ6QOq5jzOW6uSDlJgT71kajiEzJH43TLLB6k7/mdJICt/JGU7EWVSP6C0fZz
 cEjRLfx8JoZN4HmFy2f8K+IwdWpGkshzTVO1XmFsWZmSHUD+6vcUv9Nd1MP3ACGN
 BPqmbjk2guiacuKs3gbOSCB1mLWXCu4HMAc6ppO1d3pVHRWaR9UAVCiYJNuXd/VU
 dXELAbcP6WOwHteBxgwGnEALcgz40gx149+gePD3MLc3ImZEqWba91Ghp8T6NNSu
 p8ZJqN7Dsow6mOxaS5iYfFfXdf8K13cTmB371Q+0IOi3Z0cO2CgEmFZ8fj5yKCSK
 wjtYIFhwzFdWqzGb4e/Q
 =CWr5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180309' into staging

target-arm queue:
 * i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board
 * Report the correct core count in A53 L2CTLR on the ZynqMP board
 * linux-user: preliminary SVE support work (signal handling)
 * hw/arm/boot: fix memory leak in case of error loading ELF file
 * hw/arm/boot: avoid reading off end of buffer if passed very
   small image file
 * hw/arm: Use more CONFIG switches for the object files
 * target/arm: Add "-cpu max" support
 * hw/arm/virt: Support -machine gic-version=max
 * hw/sd: improve debug tracing
 * hw/sd: sdcard: Add the Tuning Command (CMD 19)
 * MAINTAINERS: add Philippe as odd-fixes maintainer for SD

# gpg: Signature made Fri 09 Mar 2018 17:24:23 GMT
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180309: (25 commits)
  MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard)
  sdhci: Fix a typo in comment
  sdcard: Add the Tuning Command (CMD19)
  sdcard: Display which protocol is used when tracing (SD or SPI)
  sdcard: Display command name when tracing CMD/ACMD
  sdcard: Do not trace CMD55, except when we already expect an ACMD
  hw/arm/virt: Support -machine gic-version=max
  hw/arm/virt: Add "max" to the list of CPU types "virt" supports
  target/arm: Make 'any' CPU just an alias for 'max'
  target/arm: Add "-cpu max" support
  target/arm: Move definition of 'host' cpu type into cpu.c
  target/arm: Query host CPU features on-demand at instance init
  arm: avoid heap-buffer-overflow in load_aarch64_image
  arm: fix load ELF error leak
  hw/arm: Use more CONFIG switches for the object files
  aarch64-linux-user: Add support for SVE signal frame records
  aarch64-linux-user: Add support for EXTRA signal frame records
  aarch64-linux-user: Remove struct target_aux_context
  aarch64-linux-user: Split out helpers for guest signal handling
  linux-user: Implement aarch64 PR_SVE_SET/GET_VL
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-12 11:47:52 +00:00
Gerd Hoffmann
7cdc61becd vga: fix region calculation
Typically the scanline length and the line offset are identical.  But
in case they are not our calculation for region_end is incorrect.  Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.

Fixes: CVE-2018-7550
Reported-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Message-id: 20180309143704.13420-1-kraxel@redhat.com
2018-03-12 11:45:21 +01:00
zhenwei.pi
c7ac1ab020 usbredir: reorder fields in USBRedirDevice to reduce padding
Changing the current ordering saves 8 bytes per entry in x86_64.

Signed-off-by: zhenwei.pi <zhenwei.pi@youruncloud.com>
Message-id: 1520318781-22644-1-git-send-email-zhenwei.pi@youruncloud.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-03-12 11:43:49 +01:00
Peter Maydell
e4ae62b802 -----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJaoonGAAoJEJykq7OBq3PIuvIH/1sU3LokJ9KroaKaqYyAQnOX
 V9ow3x4z3CQ8qOUpFWXA3l3lMLWE3YzGLvSMLsUVXafobX6qmK/LhtmLk3oNrg4j
 Q5T+d/JFZFZx+MsO4yqD29yJFi2BN1paZ1dpjo6uY5BtABg3zi/cKHOcwkCQDvBA
 XNHCSATt0neew51zZ7xKf2ja8tCPbaeshGY56FW1N118LTCNxIU42JKvK3sCZ8KL
 bgWRqg3FDZEF5MY0xZwCuCMwskIpu1nw6xgwXe5UdB42p2QntzGGfd9xzlmAcy2O
 nYjBqlL7ACN0kbKcPtTNPsikP7O4huoT+62s4cRkFuIUNssot3NSv+iV+HJ3ESs=
 =zmof
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Fri 09 Mar 2018 13:19:02 GMT
# gpg:                using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  vl: introduce vm_shutdown()
  virtio-scsi: fix race between .ioeventfd_stop() and vq handler
  virtio-blk: fix race between .ioeventfd_stop() and vq handler
  block: add aio_wait_bh_oneshot()
  virtio-blk: dataplane: Don't batch notifications if EVENT_IDX is present
  README: Fix typo 'git-publish'
  block: Fix qemu crash when using scsi-block

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:28:16 +00:00
Philippe Mathieu-Daudé
08022a916c sdhci: Fix a typo in comment
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180309153654.13518-8-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:45 +00:00
Philippe Mathieu-Daudé
0c3fb03f7e sdcard: Add the Tuning Command (CMD19)
From the "Physical Layer Simplified Specification Version 3.01":

  A known data block ("Tuning block") can be used to tune sampling
  point for tuning required hosts. [...]
  This procedure gives the system optimal timing for each specific
  host and card combination and compensates for static delays in
  the timing budget including process, voltage and different PCB
  loads and skews. [...]
  Data block, carried by DAT[3:0], contains a pattern for tuning
  sampling position to receive data on the CMD and DAT[3:0] line.

[based on a patch from Alistair Francis <alistair.francis@xilinx.com>
 from qemu/xilinx tag xilinx-v2015.2]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 20180309153654.13518-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Philippe Mathieu-Daudé
75a96f5e1c sdcard: Display which protocol is used when tracing (SD or SPI)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180309153654.13518-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Philippe Mathieu-Daudé
2ed61fb57b sdcard: Display command name when tracing CMD/ACMD
The SDBus will reuse these functions, so we put them in a new source file.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180309153654.13518-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: slight wordsmithing of comments, added note that string
 returned does not need to be freed]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Philippe Mathieu-Daudé
586634b9a8 sdcard: Do not trace CMD55, except when we already expect an ACMD
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 20180309153654.13518-2-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Peter Maydell
dc16538a98 hw/arm/virt: Support -machine gic-version=max
Add support for passing 'max' to -machine gic-version. By analogy
with the -cpu max option, this picks the "best available" GIC version
whether you're using KVM or TCG, so it behaves like 'host' when
using KVM, and gives you GICv3 when using TCG.

Also like '-cpu host', using -machine gic-version=max' means there
is no guarantee of migration compatibility between QEMU versions;
in future 'max' might mean '4'.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180308130626.12393-7-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2018-03-09 17:09:44 +00:00
Peter Maydell
9076ddb3f6 hw/arm/virt: Add "max" to the list of CPU types "virt" supports
Allow the virt board to support '-cpu max' in the same way
it already handles '-cpu host'.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180308130626.12393-6-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2018-03-09 17:09:44 +00:00
Marc-André Lureau
2764040785 arm: avoid heap-buffer-overflow in load_aarch64_image
Spotted by ASAN:

elmarco@boraha:~/src/qemu/build (master *%)$ QTEST_QEMU_BINARY=aarch64-softmmu/qemu-system-aarch64 tests/boot-serial-test
/aarch64/boot-serial/virt: ** (process:19740): DEBUG: 18:39:30.275: foo /tmp/qtest-boot-serial-cXaS94D
=================================================================
==19740==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000069648 at pc 0x7f1d2201cc54 bp 0x7fff331f6a40 sp 0x7fff331f61e8
READ of size 4 at 0x603000069648 thread T0
    #0 0x7f1d2201cc53  (/lib64/libasan.so.4+0xafc53)
    #1 0x55bc86685ee3 in load_aarch64_image /home/elmarco/src/qemu/hw/arm/boot.c:894
    #2 0x55bc86687217 in arm_load_kernel_notify /home/elmarco/src/qemu/hw/arm/boot.c:1047
    #3 0x55bc877363b5 in notifier_list_notify /home/elmarco/src/qemu/util/notify.c:40
    #4 0x55bc869331ea in qemu_run_machine_init_done_notifiers /home/elmarco/src/qemu/vl.c:2716
    #5 0x55bc8693bc39 in main /home/elmarco/src/qemu/vl.c:4679
    #6 0x7f1d1652c009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #7 0x55bc86255cc9 in _start (/home/elmarco/src/qemu/build/aarch64-softmmu/qemu-system-aarch64+0x1ae5cc9)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Marc-André Lureau
36f876cea4 arm: fix load ELF error leak
Spotted by ASAN:
QTEST_QEMU_BINARY=aarch64-softmmu/qemu-system-aarch64 tests/boot-serial-test

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7ff8a9b0ca38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
    #1 0x7ff8a8ea7f75 in g_malloc0 ../glib/gmem.c:124
    #2 0x55fef3d99129 in error_setv /home/elmarco/src/qemu/util/error.c:59
    #3 0x55fef3d99738 in error_setg_internal /home/elmarco/src/qemu/util/error.c:95
    #4 0x55fef323acb2 in load_elf_hdr /home/elmarco/src/qemu/hw/core/loader.c:393
    #5 0x55fef2d15776 in arm_load_elf /home/elmarco/src/qemu/hw/arm/boot.c:830
    #6 0x55fef2d16d39 in arm_load_kernel_notify /home/elmarco/src/qemu/hw/arm/boot.c:1022
    #7 0x55fef3dc634d in notifier_list_notify /home/elmarco/src/qemu/util/notify.c:40
    #8 0x55fef2fc3182 in qemu_run_machine_init_done_notifiers /home/elmarco/src/qemu/vl.c:2716
    #9 0x55fef2fcbbd1 in main /home/elmarco/src/qemu/vl.c:4679
    #10 0x7ff89dfed009 in __libc_start_main (/lib64/libc.so.6+0x21009)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Thomas Huth
0bbabbb414 hw/arm: Use more CONFIG switches for the object files
A lot of ARM object files are linked into the executable unconditionally,
even though we have corresponding CONFIG switches like CONFIG_PXA2XX or
CONFIG_OMAP. We should make sure to use these switches in the Makefile so
that the users can disable certain unwanted boards and devices more easily.
While we're at it, also add some new switches for the boards that do not
have a CONFIG option yet.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1520266949-29817-1-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
Andrey Smirnov
843361ed04 Implement support for i.MX7 Sabre board
Implement code needed to set up emulation of MCIMX7SABRE board from
NXP. For more info about the HW see:

https://www.nxp.com/support/developer-resources/hardware-development-tools/sabre-development-system/sabre-board-for-smart-devices-based-on-the-i.mx-7dual-applications-processors:MCIMX7SABRE

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Marcel Apfelbaum <marcel.apfelbaum@zoho.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org
Cc: yurovsky@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:43 +00:00
Andrey Smirnov
757282ada8 i.MX: Add i.MX7 SOC implementation.
The following interfaces are partially or fully emulated:

    * up to 2 Cortex A9 cores (SMP works with PSCI)
    * A7 MPCORE (identical to A15 MPCORE)
    * 4 GPTs modules
    * 7 GPIO controllers
    * 2 IOMUXC controllers
    * 1 CCM module
    * 1 SVNS module
    * 1 SRC module
    * 1 GPCv2 controller
    * 4 eCSPI controllers
    * 4 I2C controllers
    * 7 i.MX UART controllers
    * 2 FlexCAN controllers
    * 2 Ethernet controllers (FEC)
    * 3 SD controllers (USDHC)
    * 4 WDT modules
    * 1 SDMA module
    * 1 GPR module
    * 2 USBMISC modules
    * 2 ADC modules
    * 1 PCIe controller

Tested to boot and work with upstream Linux (4.13+) guest.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
[PMM: folded a couple of long lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:43 +00:00
Andrey Smirnov
d64e5eabc4 pci: Add support for Designware IP block
Add code needed to get a functional PCI subsytem when using in
conjunction with upstream Linux guest (4.13+). Tested to work against
"e1000e" (network adapter, using MSI interrupts) as well as
"usb-ehci" (USB controller, using legacy PCI interrupts).

Based on "i.MX6 Applications Processor Reference Manual" (Document
Number: IMX6DQRM Rev. 4) as well as corresponding dirver in Linux
kernel (circa 4.13 - 4.16 found in drivers/pci/dwc/*)

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:43 +00:00
Alistair Francis
8f2ba1f278 hw/arm: Set the core count for Xilinx's ZynqMP
Set the ARM CPU core count property for the A53's attached to the Xilnx
ZynqMP machine.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: fe0dd90b85ac73f9fc9548c253bededa70a07006.1520018138.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:43 +00:00
Peter Maydell
d9bbfea646 QEMU RISC-V Emulation Support (RV64GC, RV32GC)
This release renames the SiFive machines to sifive_e and sifive_u
 to represent the SiFive Everywhere and SiFive Unleashed platforms.
 SiFive has configurable soft-core IP, so it is intended that these
 machines will be extended to enable a variety of SiFive IP blocks.
 The CPU definition infrastructure has been improved and there are
 now vendor CPU modules including the SiFiVe E31, E51, U34 and U54
 cores. The emulation accuracy for the E series has been improved
 by disabling the MMU for the E series. S mode has been disabled on
 cores that only support M mode and U mode. The two Spike machines
 that support two privileged ISA versions have been coalesced into
 one file. This series has Signed-off-by from the core contributors.
 
 *** Known Issues ***
 
 * Disassembler has some checkpatch warnings for the sake of code brevity
 * scripts/qemu-binfmt-conf.sh has checkpatch warnings due to line length
 * PMP (Physical Memory Protection) is as-of-yet unused and needs testing
 
 *** Changelog ***
 
 v8.2
 
 * Rebase
 
 v8.1
 
 * Fix missed case of renaming spike_v1.9 to spike_v1.9.1
 
 v8
 
 * Added linux-user/riscv/target_elf.h during rebase
 * Make resetvec configurable and clear mpp and mie on reset
 * Use SiFive E31, E51, U34 and U54 cores in SiFive machines
 * Define SiFive E31, E51, U34 and U54 cores
 * Refactor CPU core definition in preparation for vendor cores
 * Prevent S or U mode unless S or U extensions are present
 * SiFive E Series cores have no MMU
 * SiFive E Series cores have U mode
 * Make privileged ISA v1.10 implicit in CPU types
 * Remove DRAM_BASE and EXT_IO_BASE as they vary by machine
 * Correctly handle mtvec and stvec alignment with respect to RVC
 * Print more machine mode state in riscv_cpu_dump_state
 * Make riscv_isa_string use compact extension order method
 * Fix bug introduced in v6 RISCV_CPU_TYPE_NAME macro change
 * Parameterize spike v1.9.1 config string
 * Coalesce spike_v1.9.1 and spike_v1.10 machines
 * Rename sifive_e300 to sifive_e, and sifive_u500 to sifive_u
 
 v7
 
 * Make spike_v1.10 the default machine
 * Rename spike_v1.9 to spike_v1.9.1 to match privileged spec version
 * Remove empty target/riscv/trace-events file
 * Monitor ROM 32-bit reset code needs to be target endian
 * Add TARGET_TIOCGPTPEER to linux-user/riscv/termbits.h
 * Add -initrd support to the virt board
 * Fix naming in spike machine interface header
 * Update copyright notice on RISC-V Spike machines
 * Update copyright notice on RISC-V HTIF Console device
 * Change CPU Core and translator to GPLv2+
 * Change RISC-V Disassembler to GPLv2+
 * Change SiFive Test Finisher to GPLv2+
 * Change SiFive CLINT to GPLv2+
 * Change SiFive PRCI to GPLv2+
 * Change SiFive PLIC to GPLv2+
 * Change RISC-V spike machines to GPLv2+
 * Change RISC-V virt machine to GPLv2+
 * Change SiFive E300 machine to GPLv2+
 * Change SiFive U500 machine to GPLv2+
 * Change RISC-V Hart Array to GPLv2+
 * Change RISC-V HTIF device to GPLv2+
 * Change SiFiveUART device to GPLv2+
 
 v6
 
 * Drop IEEE 754-201x minimumNumber/maximumNumber for fmin/fmax
 * Remove some unnecessary commented debug statements
 * Change RISCV_CPU_TYPE_NAME to use riscv-cpu suffix
 * Define all CPU variants for linux-user
 * qemu_log calls require trailing \n
 * Replace PLIC printfs with qemu_log
 * Tear out unused HTIF code and eliminate shouting debug messages
 * Fix illegal instruction when sfence.vma is passed (rs2) arguments
 * Make updates to PTE accessed and dirty bits atomic
 * Only require atomic PTE updates on MTTCG enabled guests
 * Page fault if accessed or dirty bits can't be updated
 * Fix get_physical_address PTE reads and writes on riscv32
 * Remove erroneous comments from the PLIC
 * Default enable MTTCG
 * Make WFI less conservative
 * Unify local interrupt handling
 * Expunge HTIF interrupts
 * Always access mstatus.mip under a lock
 * Don't implement rdtime/rdtimeh in system mode (bbl emulates them)
 * Implement insreth/cycleh for rv32 and always enable user-mode counters
 * Add GDB stub support for reading and writing CSRs
 * Rename ENABLE_CHARDEV #ifdef from HTIF code
 * Replace bad HTIF ELF code with load_elf symbol callback
 * Convert chained if else fault handlers to switch statements
 * Use RISCV exception codes for linux-user page faults
 
 v5
 
 * Implement NaN-boxing for flw, set high order bits to 1
 * Use float_muladd_negate_* flags to floatXX_muladd
 * Use IEEE 754-201x minimumNumber/maximumNumber for fmin/fmax
 * Fix TARGET_NR_syscalls
 * Update linux-user/riscv/syscall_nr.h
 * Fix FENCE.I, needs to terminate translation block
 * Adjust unusual convention for interruptno >= 0
 
 v4
 
 * Add @riscv: since 2.12 to CpuInfoArch
 * Remove misleading little-endian comment from load_kernel
 * Rename cpu-model property to cpu-type
 * Drop some unnecessary inline function attributes
 * Don't allow GDB to set value of x0 register
 * Remove unnecessary empty property lists
 * Add Test Finisher device to implement poweroff in virt machine
 * Implement priv ISA v1.10 trap and sret/mret xPIE/xIE behavior
 * Store fflags data in fp_status
 * Purge runtime users of helper_raise_exception
 * Fix validate_csr
 * Tidy gen_jalr
 * Tidy immediate shifts
 * Add gen_exception_inst_addr_mis
 * Add gen_exception_debug
 * Add gen_exception_illegal
 * Tidy helper_fclass_*
 * Split rounding mode setting to a new function
 * Enforce MSTATUS_FS via TB flags
 * Implement acquire/release barrier semantics
 * Use atomic operations as required
 * Fix FENCE and FENCE_I
 * Remove commented code from spike machines
 * PAGE_WRITE permissions can be set on loads if page is already dirty
 * The result of format conversion on an NaN must be a quiet NaN
 * Add missing process_queued_cpu_work to riscv linux-user
 * Remove float(32|64)_classify from cpu.h
 * Removed nonsensical unions aliasing the same type
 * Use uintN_t instead of uintN_fast_t in fpu_helper.c
 * Use macros for FPU exception values in softfloat_flags_to_riscv
 * Move code to set round mode into set_fp_round_mode function
 * Convert set_fp_exceptions from a macro to an inline function
 * Convert round mode helper into an inline function
 * Make fpu_helper ieee_rm array static const
 * Include cpu_mmu_index in cpu_get_tb_cpu_state flags
 * Eliminate MPRV influence on mmu_index
 * Remove unrecoverable do_unassigned_access function
 * Only update PTE accessed and dirty bits if necessary
 * Remove unnecessary tlb_flush in set_mode as mode is in mmu_idx
 * Remove buggy support for misa writes. misa writes are optional
   and are not implemented in any known hardware
 * Always set PTE read or execute permissions during page walk
 * Reorder helper function declarations to match order in helper.c
 * Remove redundant variable declaration in get_physical_address
 * Remove duplicated code from get_physical_address
 * Use mmu_idx instead of mem_idx in riscv_cpu_get_phys_page_debug
 
 v3
 
 * Fix indentation in PMP and HTIF debug macros
 * Fix disassembler checkpatch open brace '{' on next line errors
 * Fix trailing statements on next line in decode_inst_decompress
 * NOTE: the other checkpatch issues have been reviewed previously
 
 v2
 
 * Remove redundant NULL terminators from disassembler register arrays
 * Change disassembler register name arrays to const
 * Refine disassembler internal function names
 * Update dates in disassembler copyright message
 * Remove #ifdef CONFIG_USER_ONLY version of cpu_has_work
 * Use ULL suffix on 64-bit constants
 * Move riscv_cpu_mmu_index from cpu.h to helper.c
 * Move riscv_cpu_hw_interrupts_pending from cpu.h to helper.c
 * Remove redundant TARGET_HAS_ICE from cpu.h
 * Use qemu_irq instead of void* for irq definition in cpu.h
 * Remove duplicate typedef from struct CPURISCVState
 * Remove redundant g_strdup from cpu_register
 * Remove redundant tlb_flush from riscv_cpu_reset
 * Remove redundant mode calculation from get_physical_address
 * Remove redundant debug mode printf and dcsr comment
 * Remove redundant clearing of MSB for bare physical addresses
 * Use g_assert_not_reached for invalid mode in get_physical_address
 * Use g_assert_not_reached for unreachable checks in get_physical_address
 * Use g_assert_not_reached for unreachable type in raise_mmu_exception
 * Return exception instead of aborting for misaligned fetches
 * Move exception defines from cpu.h to cpu_bits.h
 * Remove redundant breakpoint control definitions from cpu_bits.h
 * Implement riscv_cpu_unassigned_access exception handling
 * Log and raise exceptions for unimplemented CSRs
 * Match Spike HTIF exit behavior - don’t print TEST-PASSED
 * Make frm,fflags,fcsr writes trap when mstatus.FS is clear
 * Use g_assert_not_reached for unreachable invalid mode
 * Make hret,uret,dret generate illegal instructions
 * Move riscv_cpu_dump_state and int/fpr regnames to cpu.c
 * Lift interrupt flag and mask into constants in cpu_bits.h
 * Change trap debugging to use qemu_log_mask LOG_TRACE
 * Change CSR debugging to use qemu_log_mask LOG_TRACE
 * Change PMP debugging to use qemu_log_mask LOG_TRACE
 * Remove commented code from pmp.c
 * Change CpuInfoRISCV qapi schema docs to Since 2.12
 * Change RV feature macro to use target_ulong cast
 * Remove riscv_feature and instead use misa extension flags
 * Make riscv_flush_icache_syscall a no-op
 * Undo checkpatch whitespace fixes in unrelated linux-user code
 * Remove redudant constants and tidy up cpu_bits.h
 * Make helper_fence_i a no-op
 * Move include "exec/cpu-all" to end of cpu.h
 * Rename set_privilege to riscv_set_mode
 * Move redundant forward declaration for cpu_riscv_translate_address
 * Remove TCGV_UNUSED from riscv_translate_init
 * Add comment to pmp.c stating the code is untested and currently unused
 * Use ctz to simplify decoding of PMP NAPOT address ranges
 * Change pmp_is_in_range to use than equal for end addresses
 * Fix off by one error in pmp_update_rule
 * Rearrange PMP_DEBUG so that formatting is compile-time checked
 * Rearrange trap debugging so that formatting is compile-time checked
 * Rearrange PLIC debugging so that formatting is compile-time checked
 * Use qemu_log/qemu_log_mask for HTIF logging and debugging
 * Move exception and interrupt names into cpu.c
 * Add Palmer Dabbelt as a RISC-V Maintainer
 * Rebase against current qemu master branch
 
 v1
 
 * initial version based on forward port from riscv-qemu repository
 
 *** Background ***
 
 "RISC-V is an open, free ISA enabling a new era of processor innovation
 through open standard collaboration. Born in academia and research,
 RISC-V ISA delivers a new level of free, extensible software and
 hardware freedom on architecture, paving the way for the next 50 years
 of computing design and innovation."
 
 The QEMU RISC-V port has been developed and maintained out-of-tree for
 several years by Sagar Karandikar and Bastian Koppelmann. The RISC-V
 Privileged specification has evolved substantially over this period but
 has recently been solidifying. The RISC-V Base ISA has been frozon for
 some time and the Privileged ISA, GCC toolchain and Linux ABI are now
 quite stable. I have recently joined Sagar and Bastian as a RISC-V QEMU
 Maintainer and hope to support upstreaming the port.
 
 There are multiple vendors taping out, preparing to ship, or shipping
 silicon that implements the RISC-V Privileged ISA Version 1.10. There
 are also several RISC-V Soft-IP cores implementing Privileged ISA
 Version 1.10 that run on FPGA such as SiFive's Freedom U500 Platform
 and the U54‑MC RISC-V Core IP, among many more implementations from a
 variety of vendors. See https://riscv.org/ for more details.
 
 RISC-V support was upstreamed in binutils 2.28 and GCC 7.1 in the first
 half of 2016. RISC-V support is now available in LLVM top-of-tree and
 the RISC-V Linux port was accepted into Linux 4.15-rc1 late last year
 and is available in the Linux 4.15 release. GLIBC 2.27 added support
 for the RISC-V ISA running on Linux (requires at least binutils-2.30,
 gcc-7.3.0, and linux-4.15). We believe it is timely to submit the
 RISC-V QEMU port for upstream review with the goal of incorporating
 RISC-V support into the upcoming QEMU 2.12 release.
 
 The RISC-V QEMU port is still under active development, mostly with
 respect to device emulation, the addition of Hypervisor support as
 specified in the RISC-V Draft Privileged ISA Version 1.11, and Vector
 support once the first draft is finalized later this year. We believe
 now is the appropriate time for RISC-V QEMU development to be carried
 out in the main QEMU repository as the code will benefit from more
 rigorous review. The RISC-V QEMU port currently supports all the ISA
 extensions that have been finalized and frozen in the Base ISA.
 
 Blog post about recent additions to RISC-V QEMU: https://goo.gl/fJ4zgk
 
 The RISC-V QEMU wiki: https://github.com/riscv/riscv-qemu/wiki
 
 Instructions for building a busybox+dropbear root image, BBL (Berkeley
 Boot Loader) and linux kernel image for use with the RISC-V QEMU
 'virt' machine: https://github.com/michaeljclark/busybear-linux
 
 *** Overview ***
 
 The RISC-V QEMU port implements the following specifications:
 
 * RISC-V Instruction Set Manual Volume I: User-Level ISA Version 2.2
 * RISC-V Instruction Set Manual Volume II: Privileged ISA Version 1.9.1
 * RISC-V Instruction Set Manual Volume II: Privileged ISA Version 1.10
 
 The RISC-V QEMU port supports the following instruction set extensions:
 
 * RV32GC with Supervisor-mode and User-mode (RV32IMAFDCSU)
 * RV64GC with Supervisor-mode and User-mode (RV64IMAFDCSU)
 
 The RISC-V QEMU port adds the following targets to QEMU:
 
 * riscv32-softmmu
 * riscv64-softmmu
 * riscv32-linux-user
 * riscv64-linux-user
 
 The RISC-V QEMU port supports the following hardware:
 
 * HTIF Console (Host Target Interface)
 * SiFive CLINT (Core Local Interruptor) for Timer interrupts and IPIs
 * SiFive PLIC (Platform Level Interrupt Controller)
 * SiFive Test (Test Finisher) for exiting simulation
 * SiFive UART, PRCI, AON, PWM, QSPI support is partially implemented
 * VirtIO MMIO (GPEX PCI support will be added in a future patch)
 * Generic 16550A UART emulation using 'hw/char/serial.c'
 * MTTCG and SMP support (PLIC and CLINT) on the 'virt' machine
 
 The RISC-V QEMU full system emulator supports 5 machines:
 
 * 'spike_v1.9.1', CLINT, PLIC, HTIF console, config-string, Priv v1.9.1
 * 'spike_v1.10', CLINT, PLIC, HTIF console, device-tree, Priv v1.10
 * 'sifive_e', CLINT, PLIC, SiFive UART, HiFive1 compat, Priv v1.10
 * 'sifive_u', CLINT, PLIC, SiFive UART, device-tree, Priv v1.10
 * 'virt', CLINT, PLIC, 16550A UART, VirtIO, device-tree, Priv v1.10
 
 This is a list of RISC-V QEMU Port Contributors:
 
 * Alex Suykov
 * Andreas Schwab
 * Antony Pavlov
 * Bastian Koppelmann
 * Bruce Hoult
 * Chih-Min Chao
 * Daire McNamara
 * Darius Rad
 * David Abdurachmanov
 * Hesham Almatary
 * Ivan Griffin
 * Jim Wilson
 * Kito Cheng
 * Michael Clark
 * Palmer Dabbelt
 * Richard Henderson
 * Sagar Karandikar
 * Shea Levy
 * Stefan O'Rear
 
 Notes:
 
 * contributor email addresses available off-list on request.
 * checkpatch has been run on all 23 patches.
 * checkpatch exceptions are noted in patches that have errors.
 * passes "make check" on full build for all targets
 * tested riscv-linux-4.6.2 on 'spike_v1.9.1' machine
 * tested riscv-linux-4.15 on 'spike_v1.10' and 'virt' machines
 * tested SiFive HiFive1 binaries in 'sifive_e' machine
 * tested RV64 on 32-bit i386
 
 This patch series includes the following patches:
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQR8mZMOsXzYugc9Xvpr8dezV+8+TwUCWqGRpAAKCRBr8dezV+8+
 T2mMAJ9ptK/7Bs3lE+Mki/ymlTPqhXtyxACfZkyfQf1mfhcXnB+oTG1RvEtblY8=
 =TJc8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riscv/tags/riscv-qemu-upstream-v8.2' into staging

QEMU RISC-V Emulation Support (RV64GC, RV32GC)

This release renames the SiFive machines to sifive_e and sifive_u
to represent the SiFive Everywhere and SiFive Unleashed platforms.
SiFive has configurable soft-core IP, so it is intended that these
machines will be extended to enable a variety of SiFive IP blocks.
The CPU definition infrastructure has been improved and there are
now vendor CPU modules including the SiFiVe E31, E51, U34 and U54
cores. The emulation accuracy for the E series has been improved
by disabling the MMU for the E series. S mode has been disabled on
cores that only support M mode and U mode. The two Spike machines
that support two privileged ISA versions have been coalesced into
one file. This series has Signed-off-by from the core contributors.

*** Known Issues ***

* Disassembler has some checkpatch warnings for the sake of code brevity
* scripts/qemu-binfmt-conf.sh has checkpatch warnings due to line length
* PMP (Physical Memory Protection) is as-of-yet unused and needs testing

*** Changelog ***

v8.2

* Rebase

v8.1

* Fix missed case of renaming spike_v1.9 to spike_v1.9.1

v8

* Added linux-user/riscv/target_elf.h during rebase
* Make resetvec configurable and clear mpp and mie on reset
* Use SiFive E31, E51, U34 and U54 cores in SiFive machines
* Define SiFive E31, E51, U34 and U54 cores
* Refactor CPU core definition in preparation for vendor cores
* Prevent S or U mode unless S or U extensions are present
* SiFive E Series cores have no MMU
* SiFive E Series cores have U mode
* Make privileged ISA v1.10 implicit in CPU types
* Remove DRAM_BASE and EXT_IO_BASE as they vary by machine
* Correctly handle mtvec and stvec alignment with respect to RVC
* Print more machine mode state in riscv_cpu_dump_state
* Make riscv_isa_string use compact extension order method
* Fix bug introduced in v6 RISCV_CPU_TYPE_NAME macro change
* Parameterize spike v1.9.1 config string
* Coalesce spike_v1.9.1 and spike_v1.10 machines
* Rename sifive_e300 to sifive_e, and sifive_u500 to sifive_u

v7

* Make spike_v1.10 the default machine
* Rename spike_v1.9 to spike_v1.9.1 to match privileged spec version
* Remove empty target/riscv/trace-events file
* Monitor ROM 32-bit reset code needs to be target endian
* Add TARGET_TIOCGPTPEER to linux-user/riscv/termbits.h
* Add -initrd support to the virt board
* Fix naming in spike machine interface header
* Update copyright notice on RISC-V Spike machines
* Update copyright notice on RISC-V HTIF Console device
* Change CPU Core and translator to GPLv2+
* Change RISC-V Disassembler to GPLv2+
* Change SiFive Test Finisher to GPLv2+
* Change SiFive CLINT to GPLv2+
* Change SiFive PRCI to GPLv2+
* Change SiFive PLIC to GPLv2+
* Change RISC-V spike machines to GPLv2+
* Change RISC-V virt machine to GPLv2+
* Change SiFive E300 machine to GPLv2+
* Change SiFive U500 machine to GPLv2+
* Change RISC-V Hart Array to GPLv2+
* Change RISC-V HTIF device to GPLv2+
* Change SiFiveUART device to GPLv2+

v6

* Drop IEEE 754-201x minimumNumber/maximumNumber for fmin/fmax
* Remove some unnecessary commented debug statements
* Change RISCV_CPU_TYPE_NAME to use riscv-cpu suffix
* Define all CPU variants for linux-user
* qemu_log calls require trailing \n
* Replace PLIC printfs with qemu_log
* Tear out unused HTIF code and eliminate shouting debug messages
* Fix illegal instruction when sfence.vma is passed (rs2) arguments
* Make updates to PTE accessed and dirty bits atomic
* Only require atomic PTE updates on MTTCG enabled guests
* Page fault if accessed or dirty bits can't be updated
* Fix get_physical_address PTE reads and writes on riscv32
* Remove erroneous comments from the PLIC
* Default enable MTTCG
* Make WFI less conservative
* Unify local interrupt handling
* Expunge HTIF interrupts
* Always access mstatus.mip under a lock
* Don't implement rdtime/rdtimeh in system mode (bbl emulates them)
* Implement insreth/cycleh for rv32 and always enable user-mode counters
* Add GDB stub support for reading and writing CSRs
* Rename ENABLE_CHARDEV #ifdef from HTIF code
* Replace bad HTIF ELF code with load_elf symbol callback
* Convert chained if else fault handlers to switch statements
* Use RISCV exception codes for linux-user page faults

v5

* Implement NaN-boxing for flw, set high order bits to 1
* Use float_muladd_negate_* flags to floatXX_muladd
* Use IEEE 754-201x minimumNumber/maximumNumber for fmin/fmax
* Fix TARGET_NR_syscalls
* Update linux-user/riscv/syscall_nr.h
* Fix FENCE.I, needs to terminate translation block
* Adjust unusual convention for interruptno >= 0

v4

* Add @riscv: since 2.12 to CpuInfoArch
* Remove misleading little-endian comment from load_kernel
* Rename cpu-model property to cpu-type
* Drop some unnecessary inline function attributes
* Don't allow GDB to set value of x0 register
* Remove unnecessary empty property lists
* Add Test Finisher device to implement poweroff in virt machine
* Implement priv ISA v1.10 trap and sret/mret xPIE/xIE behavior
* Store fflags data in fp_status
* Purge runtime users of helper_raise_exception
* Fix validate_csr
* Tidy gen_jalr
* Tidy immediate shifts
* Add gen_exception_inst_addr_mis
* Add gen_exception_debug
* Add gen_exception_illegal
* Tidy helper_fclass_*
* Split rounding mode setting to a new function
* Enforce MSTATUS_FS via TB flags
* Implement acquire/release barrier semantics
* Use atomic operations as required
* Fix FENCE and FENCE_I
* Remove commented code from spike machines
* PAGE_WRITE permissions can be set on loads if page is already dirty
* The result of format conversion on an NaN must be a quiet NaN
* Add missing process_queued_cpu_work to riscv linux-user
* Remove float(32|64)_classify from cpu.h
* Removed nonsensical unions aliasing the same type
* Use uintN_t instead of uintN_fast_t in fpu_helper.c
* Use macros for FPU exception values in softfloat_flags_to_riscv
* Move code to set round mode into set_fp_round_mode function
* Convert set_fp_exceptions from a macro to an inline function
* Convert round mode helper into an inline function
* Make fpu_helper ieee_rm array static const
* Include cpu_mmu_index in cpu_get_tb_cpu_state flags
* Eliminate MPRV influence on mmu_index
* Remove unrecoverable do_unassigned_access function
* Only update PTE accessed and dirty bits if necessary
* Remove unnecessary tlb_flush in set_mode as mode is in mmu_idx
* Remove buggy support for misa writes. misa writes are optional
  and are not implemented in any known hardware
* Always set PTE read or execute permissions during page walk
* Reorder helper function declarations to match order in helper.c
* Remove redundant variable declaration in get_physical_address
* Remove duplicated code from get_physical_address
* Use mmu_idx instead of mem_idx in riscv_cpu_get_phys_page_debug

v3

* Fix indentation in PMP and HTIF debug macros
* Fix disassembler checkpatch open brace '{' on next line errors
* Fix trailing statements on next line in decode_inst_decompress
* NOTE: the other checkpatch issues have been reviewed previously

v2

* Remove redundant NULL terminators from disassembler register arrays
* Change disassembler register name arrays to const
* Refine disassembler internal function names
* Update dates in disassembler copyright message
* Remove #ifdef CONFIG_USER_ONLY version of cpu_has_work
* Use ULL suffix on 64-bit constants
* Move riscv_cpu_mmu_index from cpu.h to helper.c
* Move riscv_cpu_hw_interrupts_pending from cpu.h to helper.c
* Remove redundant TARGET_HAS_ICE from cpu.h
* Use qemu_irq instead of void* for irq definition in cpu.h
* Remove duplicate typedef from struct CPURISCVState
* Remove redundant g_strdup from cpu_register
* Remove redundant tlb_flush from riscv_cpu_reset
* Remove redundant mode calculation from get_physical_address
* Remove redundant debug mode printf and dcsr comment
* Remove redundant clearing of MSB for bare physical addresses
* Use g_assert_not_reached for invalid mode in get_physical_address
* Use g_assert_not_reached for unreachable checks in get_physical_address
* Use g_assert_not_reached for unreachable type in raise_mmu_exception
* Return exception instead of aborting for misaligned fetches
* Move exception defines from cpu.h to cpu_bits.h
* Remove redundant breakpoint control definitions from cpu_bits.h
* Implement riscv_cpu_unassigned_access exception handling
* Log and raise exceptions for unimplemented CSRs
* Match Spike HTIF exit behavior - don’t print TEST-PASSED
* Make frm,fflags,fcsr writes trap when mstatus.FS is clear
* Use g_assert_not_reached for unreachable invalid mode
* Make hret,uret,dret generate illegal instructions
* Move riscv_cpu_dump_state and int/fpr regnames to cpu.c
* Lift interrupt flag and mask into constants in cpu_bits.h
* Change trap debugging to use qemu_log_mask LOG_TRACE
* Change CSR debugging to use qemu_log_mask LOG_TRACE
* Change PMP debugging to use qemu_log_mask LOG_TRACE
* Remove commented code from pmp.c
* Change CpuInfoRISCV qapi schema docs to Since 2.12
* Change RV feature macro to use target_ulong cast
* Remove riscv_feature and instead use misa extension flags
* Make riscv_flush_icache_syscall a no-op
* Undo checkpatch whitespace fixes in unrelated linux-user code
* Remove redudant constants and tidy up cpu_bits.h
* Make helper_fence_i a no-op
* Move include "exec/cpu-all" to end of cpu.h
* Rename set_privilege to riscv_set_mode
* Move redundant forward declaration for cpu_riscv_translate_address
* Remove TCGV_UNUSED from riscv_translate_init
* Add comment to pmp.c stating the code is untested and currently unused
* Use ctz to simplify decoding of PMP NAPOT address ranges
* Change pmp_is_in_range to use than equal for end addresses
* Fix off by one error in pmp_update_rule
* Rearrange PMP_DEBUG so that formatting is compile-time checked
* Rearrange trap debugging so that formatting is compile-time checked
* Rearrange PLIC debugging so that formatting is compile-time checked
* Use qemu_log/qemu_log_mask for HTIF logging and debugging
* Move exception and interrupt names into cpu.c
* Add Palmer Dabbelt as a RISC-V Maintainer
* Rebase against current qemu master branch

v1

* initial version based on forward port from riscv-qemu repository

*** Background ***

"RISC-V is an open, free ISA enabling a new era of processor innovation
through open standard collaboration. Born in academia and research,
RISC-V ISA delivers a new level of free, extensible software and
hardware freedom on architecture, paving the way for the next 50 years
of computing design and innovation."

The QEMU RISC-V port has been developed and maintained out-of-tree for
several years by Sagar Karandikar and Bastian Koppelmann. The RISC-V
Privileged specification has evolved substantially over this period but
has recently been solidifying. The RISC-V Base ISA has been frozon for
some time and the Privileged ISA, GCC toolchain and Linux ABI are now
quite stable. I have recently joined Sagar and Bastian as a RISC-V QEMU
Maintainer and hope to support upstreaming the port.

There are multiple vendors taping out, preparing to ship, or shipping
silicon that implements the RISC-V Privileged ISA Version 1.10. There
are also several RISC-V Soft-IP cores implementing Privileged ISA
Version 1.10 that run on FPGA such as SiFive's Freedom U500 Platform
and the U54‑MC RISC-V Core IP, among many more implementations from a
variety of vendors. See https://riscv.org/ for more details.

RISC-V support was upstreamed in binutils 2.28 and GCC 7.1 in the first
half of 2016. RISC-V support is now available in LLVM top-of-tree and
the RISC-V Linux port was accepted into Linux 4.15-rc1 late last year
and is available in the Linux 4.15 release. GLIBC 2.27 added support
for the RISC-V ISA running on Linux (requires at least binutils-2.30,
gcc-7.3.0, and linux-4.15). We believe it is timely to submit the
RISC-V QEMU port for upstream review with the goal of incorporating
RISC-V support into the upcoming QEMU 2.12 release.

The RISC-V QEMU port is still under active development, mostly with
respect to device emulation, the addition of Hypervisor support as
specified in the RISC-V Draft Privileged ISA Version 1.11, and Vector
support once the first draft is finalized later this year. We believe
now is the appropriate time for RISC-V QEMU development to be carried
out in the main QEMU repository as the code will benefit from more
rigorous review. The RISC-V QEMU port currently supports all the ISA
extensions that have been finalized and frozen in the Base ISA.

Blog post about recent additions to RISC-V QEMU: https://goo.gl/fJ4zgk

The RISC-V QEMU wiki: https://github.com/riscv/riscv-qemu/wiki

Instructions for building a busybox+dropbear root image, BBL (Berkeley
Boot Loader) and linux kernel image for use with the RISC-V QEMU
'virt' machine: https://github.com/michaeljclark/busybear-linux

*** Overview ***

The RISC-V QEMU port implements the following specifications:

* RISC-V Instruction Set Manual Volume I: User-Level ISA Version 2.2
* RISC-V Instruction Set Manual Volume II: Privileged ISA Version 1.9.1
* RISC-V Instruction Set Manual Volume II: Privileged ISA Version 1.10

The RISC-V QEMU port supports the following instruction set extensions:

* RV32GC with Supervisor-mode and User-mode (RV32IMAFDCSU)
* RV64GC with Supervisor-mode and User-mode (RV64IMAFDCSU)

The RISC-V QEMU port adds the following targets to QEMU:

* riscv32-softmmu
* riscv64-softmmu
* riscv32-linux-user
* riscv64-linux-user

The RISC-V QEMU port supports the following hardware:

* HTIF Console (Host Target Interface)
* SiFive CLINT (Core Local Interruptor) for Timer interrupts and IPIs
* SiFive PLIC (Platform Level Interrupt Controller)
* SiFive Test (Test Finisher) for exiting simulation
* SiFive UART, PRCI, AON, PWM, QSPI support is partially implemented
* VirtIO MMIO (GPEX PCI support will be added in a future patch)
* Generic 16550A UART emulation using 'hw/char/serial.c'
* MTTCG and SMP support (PLIC and CLINT) on the 'virt' machine

The RISC-V QEMU full system emulator supports 5 machines:

* 'spike_v1.9.1', CLINT, PLIC, HTIF console, config-string, Priv v1.9.1
* 'spike_v1.10', CLINT, PLIC, HTIF console, device-tree, Priv v1.10
* 'sifive_e', CLINT, PLIC, SiFive UART, HiFive1 compat, Priv v1.10
* 'sifive_u', CLINT, PLIC, SiFive UART, device-tree, Priv v1.10
* 'virt', CLINT, PLIC, 16550A UART, VirtIO, device-tree, Priv v1.10

This is a list of RISC-V QEMU Port Contributors:

* Alex Suykov
* Andreas Schwab
* Antony Pavlov
* Bastian Koppelmann
* Bruce Hoult
* Chih-Min Chao
* Daire McNamara
* Darius Rad
* David Abdurachmanov
* Hesham Almatary
* Ivan Griffin
* Jim Wilson
* Kito Cheng
* Michael Clark
* Palmer Dabbelt
* Richard Henderson
* Sagar Karandikar
* Shea Levy
* Stefan O'Rear

Notes:

* contributor email addresses available off-list on request.
* checkpatch has been run on all 23 patches.
* checkpatch exceptions are noted in patches that have errors.
* passes "make check" on full build for all targets
* tested riscv-linux-4.6.2 on 'spike_v1.9.1' machine
* tested riscv-linux-4.15 on 'spike_v1.10' and 'virt' machines
* tested SiFive HiFive1 binaries in 'sifive_e' machine
* tested RV64 on 32-bit i386

This patch series includes the following patches:

# gpg: Signature made Thu 08 Mar 2018 19:40:20 GMT
# gpg:                using DSA key 6BF1D7B357EF3E4F
# gpg: Good signature from "Michael Clark <michaeljclark@mac.com>"
# gpg:                 aka "Michael Clark <mjc@sifive.com>"
# gpg:                 aka "Michael Clark <michael@metaparadigm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7C99 930E B17C D8BA 073D  5EFA 6BF1 D7B3 57EF 3E4F

* remotes/riscv/tags/riscv-qemu-upstream-v8.2: (23 commits)
  RISC-V Build Infrastructure
  SiFive Freedom U Series RISC-V Machine
  SiFive Freedom E Series RISC-V Machine
  SiFive RISC-V PRCI Block
  SiFive RISC-V UART Device
  RISC-V VirtIO Machine
  SiFive RISC-V Test Finisher
  RISC-V Spike Machines
  SiFive RISC-V PLIC Block
  SiFive RISC-V CLINT Block
  RISC-V HART Array
  RISC-V HTIF Console
  Add symbol table callback interface to load_elf
  RISC-V Linux User Emulation
  RISC-V Physical Memory Protection
  RISC-V TCG Code Generation
  RISC-V GDB Stub
  RISC-V FPU Support
  RISC-V CPU Helpers
  RISC-V Disassembler
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 10:58:57 +00:00
Stefan Hajnoczi
184b962346 virtio-scsi: fix race between .ioeventfd_stop() and vq handler
If the main loop thread invokes .ioeventfd_stop() just as the vq handler
function begins in the IOThread then the handler may lose the race for
the AioContext lock.  By the time the vq handler is able to acquire the
AioContext lock the ioeventfd has already been removed and the handler
isn't supposed to run anymore!

Use the new aio_wait_bh_oneshot() function to perform ioeventfd removal
from within the IOThread.  This way no races with the vq handler are
possible.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180307144205.20619-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-03-08 17:38:51 +00:00
Stefan Hajnoczi
1010cadf62 virtio-blk: fix race between .ioeventfd_stop() and vq handler
If the main loop thread invokes .ioeventfd_stop() just as the vq handler
function begins in the IOThread then the handler may lose the race for
the AioContext lock.  By the time the vq handler is able to acquire the
AioContext lock the ioeventfd has already been removed and the handler
isn't supposed to run anymore!

Use the new aio_wait_bh_oneshot() function to perform ioeventfd removal
from within the IOThread.  This way no races with the vq handler are
possible.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180307144205.20619-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-03-08 17:38:51 +00:00
Nia Alarie
24118af846 s390x/virtio: Convert virtio-ccw from *_exit to *_unrealize
Signed-off-by: Nia Alarie <nia.alarie@gmail.com>
Message-Id: <20180307162958.11232-1-nia.alarie@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 17:22:20 +01:00
Sergio Lopez
12c1c7d7ce virtio-blk: dataplane: Don't batch notifications if EVENT_IDX is present
Commit 5b2ffbe4d9 ("virtio-blk: dataplane:
notify guest as a batch") deferred guest notification to a BH in order
batch notifications, with purpose of avoiding flooding the guest with
interruptions.

This optimization came with a cost. The average latency perceived in the
guest is increased by a few microseconds, but also when multiple IO
operations finish at the same time, the guest won't be notified until
all completions from each operation has been run. On the contrary,
virtio-scsi issues the notification at the end of each completion.

On the other hand, nowadays we have the EVENT_IDX feature that allows a
better coordination between QEMU and the Guest OS to avoid sending
unnecessary interruptions.

With this change, virtio-blk/dataplane only batches notifications if the
EVENT_IDX feature is not present.

Some numbers obtained with fio (ioengine=sync, iodepth=1, direct=1):
 - Test specs:
   * fio-3.4 (ioengine=sync, iodepth=1, direct=1)
   * qemu master
   * virtio-blk with a dedicated iothread (default poll-max-ns)
   * backend: null_blk nr_devices=1 irqmode=2 completion_nsec=280000
   * 8 vCPUs pinned to isolated physical cores
   * Emulator and iothread also pinned to separate isolated cores
   * variance between runs < 1%

 - Not patched
   * numjobs=1:  lat_avg=327.32  irqs=29998
   * numjobs=4:  lat_avg=337.89  irqs=29073
   * numjobs=8:  lat_avg=342.98  irqs=28643

 - Patched:
   * numjobs=1:  lat_avg=323.92  irqs=30262
   * numjobs=4:  lat_avg=332.65  irqs=29520
   * numjobs=8:  lat_avg=335.54  irqs=29323

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-id: 20180307114459.26636-1-slp@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-03-08 15:59:03 +00:00
Claudio Imbrenda
1ffed98f24 s390x/sclp: clean up sclp masks
Introduce an sccb_mask_t to be used for SCLP event masks instead of just
unsigned int or uint32_t. This will allow later to extend the mask with
more ease.

Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Message-Id: <1519407778-23095-3-git-send-email-imbrenda@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Claudio Imbrenda
bc61c8c626 s390x/sclp: proper support of larger send and receive masks
Until 67915de9f0 ("s390x/event-facility: variable-length event masks")
we only supported sclp event masks with a size of exactly 4 bytes, even
though the architecture allows the guests to set up sclp event masks
from 1 to 1021 bytes in length.
After that patch, the behaviour was almost compliant, but some issues
were still remaining, in particular regarding the handling of selective
reads and migration.

When setting the sclp event mask, a mask size is also specified. Until
now we only considered the size in order to decide which bits to save
in the internal state. On the other hand, when a guest performs a
selective read, it sends a mask, but it does not specify a size; the
implied size is the size of the last mask that has been set.

Specifying bits in the mask of selective read that are not available in
the internal mask should return an error, and bits past the end of the
mask should obviously be ignored. This can only be achieved by keeping
track of the lenght of the mask.

The mask length is thus now part of the internal state that needs to be
migrated.

This patch fixes the handling of selective reads, whose size will now
match the length of the event mask, as per architecture.

While the default behaviour is to be compliant with the architecture,
when using older machine models the old broken behaviour is selected
(allowing only masks of size exactly 4), in order to be able to migrate
toward older versions.

Fixes: 67915de9f0 ("s390x/event-facility: variable-length event masks")
Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Message-Id: <1519407778-23095-2-git-send-email-imbrenda@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Cornelia Huck
08b824aa2d vfio-ccw: license text should indicate GPL v2 or later
The license text currently specifies "any version" of the GPL. It
is unlikely that GPL v1 was ever intended; change this to the
standard "or any later version" text.

Cc: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Cc: Xiao Feng Ren <renxiaof@linux.vnet.ibm.com>
Cc: Pierre Morel <pmorel@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Nia Alarie
2231384e56 s390x/sclpconsole: Remove dead code - remove exit handlers
The other event handlers (quiesce and cpu) do not define these
handlers, and this one does nothing, so it can be removed.

Signed-off-by: Nia Alarie <nia.alarie@gmail.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20180306100721.19419-1-nia.alarie@gmail.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
David Hildenbrand
81ce6aa51a numa: we don't implement NUMA for s390x
Right now it is possible to crash QEMU for s390x by providing e.g.
    -numa node,nodeid=0,cpus=0-1

Problem is, that numa.c uses mc->cpu_index_to_instance_props as an
indicator whether NUMA is supported by a machine type. We don't
implement NUMA for s390x ("topology") yet. However we need
mc->cpu_index_to_instance_props for query-cpus.

So let's fix this case by also checking for mc->get_default_cpu_node_id,
which will be needed by machine_set_cpu_numa_node().

qemu-system-s390x: -numa node,nodeid=0,cpus=0-1: NUMA is not supported by
                   this machine-type

While at it, make s390_cpu_index_to_props() look like on other
architectures.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180227110255.20999-1-david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Thomas Huth
3c4e9baacf hw/s390x: Add the possibility to specify the netboot image on the command line
The file name of the netboot binary is currently hard-coded to
"s390-netboot.img", without a possibility for the user to select
an alternative firmware image here. That's unfortunate, especially
since the basics are already there: The filename is a property of
the s390-ipl device. So we just have to add a check whether the user
already provided the property and only set the default if the string
is still empty. Now it is possible to select a different firmware
image with "-global s390-ipl.netboot_fw=/path/to/s390-netboot.img".

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1519731154-3127-1-git-send-email-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Collin L. Walling
5600086976 s390/ipl: only print boot menu error if -boot menu=on was specified
It is possible that certain QEMU configurations may not
create an IPLB (such as when -kernel is provided). In
this case, a misleading error message will be printed
stating that the "boot menu is not supported for this
device type".

To amend this, only print this message iff boot menu=on
was provided on the commandline. Otherwise, return silently.

While we're at it, remove trailing periods from error
messages.

Signed-off-by: Collin L. Walling <walling@linux.vnet.ibm.com>
Message-Id: <1519760121-24594-1-git-send-email-walling@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Thomas Huth
c575fa678b hw/s390x/ipl: Bail out if the network bootloader can not be found
If QEMU fails to load 's390-netboot.img', the guest firmware currently
loops forever and just floods the console with "Network boot device
detected" messages. The code in ipl.c apparently already tried to stop
the VM with vm_stop() in this case, but this is in vain since the run
state is later reset due to a call to vm_start() from vl.c again.
To avoid the ugly firmware loop, let's simply exit QEMU directly instead
since it just does not make sense to continue if the required firmware
image can not be loaded. While we're at it, also add the file name of
the netboot binary to the error message, so that the user has a better
hint about what is missing.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1519725913-24852-1-git-send-email-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-03-08 15:49:23 +01:00
Peter Maydell
83d2e94cba qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCAA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAlqg5NUeHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIf6/MH/jOYcwRktRF9ajBI
 WHOaNASmKigwrmyhdqfwUyaJUFvyxDD/biZrC597BG5+sPLj9l9t1fx+2RTSr7VJ
 2HLvPrFIoqlmIrE635O9r/9nJmEf9jQA8B48ndA7B61wbhwuLZ2duNbFxfIlRf8m
 3/FKH82azUqMQv/3XxYC/cATAZ6uV8taCmL9p9TGkMe6Kn9lUIVgj+/wAMOnnFmC
 OSCqUCo0tk88CVDEyNAVn6voj6NvazIBFp1JJAEYTBwhAnVTLAZUtjXFDdXbbIWV
 FBnRZyVgEOdTOd7jIOHw8t+4ZfnVpUimiy8yQedzMqcGdyIsfaD3x3cyCZoAcftM
 tMZZNcA=
 =hOHV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Thu 08 Mar 2018 07:23:01 GMT
# gpg:                using RSA key 5BC2C56FAE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-sparc-signed:
  sparc: fix leon3 casa instruction when MMU is disabled
  hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-08 13:42:26 +00:00
Peter Maydell
0ab4537f08 Merge tpm 2018/03/07
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJan94lAAoJEHWtZYAqC0IRu+8H/0CUEGgV7N0+y0/4Zo6+Wy1z
 tgmGkaZP7f4aVtbaor2nGER93wD5PLdV0Gm9fcl1U80qVqyn+ralCQekid6xDYuC
 pW7Wd3XCdk4ME5ifGPa+9j2DjqflL4+QzP08umgfdf8ZLLNFmy5qsixi22BjeuNF
 IOwWt8fvqFfYc+okgAgn3GyGklmD+VSOVco3V77/y3nT6/nipRgWDbN6SlrcvZtr
 Q0nL67/doeiNeqv7Nz7vwTEgm/VL/s8/Qiz2vZd3/S9Y0XRLQj/XH9LT7NISqpf2
 2hrMWRI/f7MGsJFfP4YiYr47oa7/ODQpoZW/rXohPU9XCeRSNmJQgEh9FhjPseo=
 =ie5s
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-03-07-1' into staging

Merge tpm 2018/03/07

# gpg: Signature made Wed 07 Mar 2018 12:42:13 GMT
# gpg:                using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE  C66B 75AD 6580 2A0B 4211

* remotes/stefanberger/tags/pull-tpm-2018-03-07-1:
  tpm: convert tpm_tis.c to use trace-events
  tpm: convert tpm_emulator.c to use trace-events
  tpm: convert tpm_util.c to use trace-events
  tpm: convert tpm_passthrough.c to use trace-events
  tpm: convert tpm_crb.c to use trace-events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-08 12:56:39 +00:00
Thomas Huth
12850b1bb3 hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices
The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the sun4m machines you now get:

$ sparc-softmmu/qemu-system-sparc -boot d -cdrom x.iso
qemu-system-sparc: -cdrom x.iso: machine type does not support if=scsi,bus=0,unit=2

Fix it by calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 1454509726
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2018-03-08 07:21:54 +00:00
Jack Schwartz
4b9006a41e multiboot: fprintf(stderr...) -> error_report()
Change all fprintf(stderr...) calls in hw/i386/multiboot.c to call
error_report() instead, including the mb_debug macro.  Remove the "\n"
from strings passed to all modified calls, since error_report() appends
one.

Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-07 11:53:37 +01:00
Jack Schwartz
ce5eb6dc4d multiboot: Use header names when displaying fields
Refer to field names when displaying fields in printf and debug statements.

Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-07 11:53:37 +01:00