Peter Maydell [Fri, 24 May 2019 10:07:56 +0000 (11:07 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190522' into staging
Misc gvec improvements
# gpg: Signature made Wed 22 May 2019 23:25:48 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-tcg-20190522:
tcg/i386: Use MOVDQA for TCG_TYPE_V128 load/store
tcg/aarch64: Allow immediates for vector ORR and BIC
tcg/aarch64: Build vector immediates with two insns
tcg/aarch64: Use MVNI in tcg_out_dupi_vec
tcg/aarch64: Split up is_fimm
tcg/aarch64: Support vector bitwise select value
tcg/i386: Use umin/umax in expanding unsigned compare
tcg/i386: Remove expansion for missing minmax
tcg/i386: Support vector comparison select value
tcg: Add TCG_OPF_NOT_PRESENT if TCG_TARGET_HAS_foo is negative
tcg: Expand vector minmax using cmp+cmpsel
tcg: Introduce do_op3_nofail for vector expansion
tcg: Add support for vector compare select
tcg: Add support for vector bitwise select
tcg: Fix missing checks and clears in tcg_gen_gvec_dup_mem
tcg/i386: Fix dupi/dupm for avx1 and 32-bit hosts
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/pmaydell/tags/pull-target-arm-20190523:
hw/arm/exynos4210: QOM'ify the Exynos4210 SoC
hw/arm/exynos4210: Add DMA support for the Exynos4210
hw/arm/exynos4: Use the IEC binary prefix definitions
hw/arm/exynos4: Remove unuseful debug code
hw/intc/arm_gicv3: Fix writes to ICC_CTLR_EL3
hw/intc/arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
arm: Rename hw/arm/arm.h to hw/arm/boot.h
arm: Remove unnecessary includes of hw/arm/arm.h
arm: Move system_clock_scale to armv7m_systick.h
target/arm: Fix vector operation segfault
target/arm: Simplify BFXIL expansion
target/arm: Use extract2 for EXTR
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-5-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520214342.13709-4-philmd@redhat.com
[PMD: Do not set default qdev properties, create the controllers in the SoC
rather than the board (Peter Maydell), add dtsi in commit message] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/exynos4: Use the IEC binary prefix definitions
It eases code review, unit is explicit.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190520214342.13709-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 23 May 2019 13:47:44 +0000 (14:47 +0100)]
hw/intc/arm_gicv3: Fix writes to ICC_CTLR_EL3
The ICC_CTLR_EL3 register includes some bits which are aliases
of bits in the ICC_CTLR_EL1(S) and (NS) registers. QEMU chooses
to keep those bits in the cs->icc_ctlr_el1[] struct fields.
Unfortunately a missing '~' in the code to update the bits
in those fields meant that writing to ICC_CTLR_EL3 would corrupt
the ICC_CLTR_EL1 register values.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520162809.2677-5-peter.maydell@linaro.org
Peter Maydell [Thu, 23 May 2019 13:47:43 +0000 (14:47 +0100)]
hw/intc/arm_gicv3: Fix write of ICH_VMCR_EL2.{VBPR0, VBPR1}
In ich_vmcr_write() we enforce "writes of BPR fields to less than
their minimum sets them to the minimum" by doing a "read vbpr and
write it back" operation. A typo here meant that we weren't handling
writes to these fields correctly, because we were reading from VBPR0
but writing to VBPR1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190520162809.2677-4-peter.maydell@linaro.org
Peter Maydell [Thu, 23 May 2019 13:47:43 +0000 (14:47 +0100)]
arm: Rename hw/arm/arm.h to hw/arm/boot.h
The header file hw/arm/arm.h now includes only declarations
relating to hw/arm/boot.c functionality. Rename it accordingly,
and adjust its header comment.
The bulk of this commit was created via
perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h
In a few cases we can just delete the #include:
hw/arm/msf2-soc.c, include/hw/arm/aspeed_soc.h and
include/hw/arm/bcm2836.h did not require it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190516163857.6430-4-peter.maydell@linaro.org
Peter Maydell [Thu, 23 May 2019 13:47:43 +0000 (14:47 +0100)]
arm: Remove unnecessary includes of hw/arm/arm.h
The hw/arm/arm.h header now only includes declarations relating
to boot.c code, so it is only needed by Arm board or SoC code.
Remove some unnecessary inclusions of it from target/arm files
and from hw/intc/armv7m_nvic.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190516163857.6430-3-peter.maydell@linaro.org
Peter Maydell [Thu, 23 May 2019 13:47:43 +0000 (14:47 +0100)]
arm: Move system_clock_scale to armv7m_systick.h
The system_clock_scale global is used only by the armv7m systick
device; move the extern declaration to the armv7m_systick.h header,
and expand the comment to explain what it is and that it should
ideally be replaced with a different approach.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190516163857.6430-2-peter.maydell@linaro.org
Alistair Francis [Thu, 23 May 2019 13:47:43 +0000 (14:47 +0100)]
target/arm: Fix vector operation segfault
Commit 89e68b575 "target/arm: Use vector operations for saturation"
causes this abort() when booting QEMU ARM with a Cortex-A15:
0 0x00007ffff4c2382f in raise () at /usr/lib/libc.so.6
1 0x00007ffff4c0e672 in abort () at /usr/lib/libc.so.6
2 0x00005555559c1839 in disas_neon_data_insn (insn=<optimized out>, s=<optimized out>) at ./target/arm/translate.c:6673
3 0x00005555559c1839 in disas_neon_data_insn (s=<optimized out>, insn=<optimized out>) at ./target/arm/translate.c:6386
4 0x00005555559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at ./target/arm/translate.c:9289
5 0x00005555559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, cpu=<optimized out>) at ./target/arm/translate.c:13612
6 0x00005555558d1d39 in translator_loop (ops=0x5555561cc580 <arm_translator_ops>, db=0x7fffe59a9510, cpu=0x55555686a2f0, tb=<optimized out>, max_insns=<optimized out>) at ./accel/tcg/translator.c:96
7 0x00005555559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x55555686a2f0, tb=tb@entry=0x7fffd7840080 <code_gen_buffer+126091347>, max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
8 0x00005555558d06b9 in tb_gen_code (cpu=cpu@entry=0x55555686a2f0, pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at ./accel/tcg/translate-all.c:1736
9 0x00005555558ce467 in tb_find (cf_mask=524288, tb_exit=1, last_tb=0x7fffd783e640 <code_gen_buffer+126084627>, cpu=0x1) at ./accel/tcg/cpu-exec.c:407
10 0x00005555558ce467 in cpu_exec (cpu=cpu@entry=0x55555686a2f0) at ./accel/tcg/cpu-exec.c:728
11 0x000055555588b0cf in tcg_cpu_exec (cpu=0x55555686a2f0) at ./cpus.c:1431
12 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=0x55555686a2f0) at ./cpus.c:1735
13 0x000055555588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55555686a2f0) at ./cpus.c:1709
14 0x0000555555d2629a in qemu_thread_start (args=<optimized out>) at ./util/qemu-thread-posix.c:502
15 0x00007ffff4db8a92 in start_thread () at /usr/lib/libpthread.
This patch ensures that we don't hit the abort() in the second switch
case in disas_neon_data_insn() as we will return from the first case.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: ad91b397f360b2fc7f4087e476f7df5b04d42ddb.1558021877.git.alistair.francis@wdc.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The mask implied by the extract is redundant with the one
implied by the deposit. Also, fix spelling of BFXIL.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190514011129.11330-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is, after all, how we implement extract2 in tcg/aarch64.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190514011129.11330-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 23 May 2019 13:15:34 +0000 (14:15 +0100)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20190523-pull-request' into staging
fw_cfg patches for 2019-05-23
- Add trace events
- Get rid of globals in fw_cfg-test
- Explicit 'reboot-timeout' is little endian
- Add tests for 'reboot-timeout' and 'splash-time'
# gpg: Signature made Thu 23 May 2019 13:40:32 BST
# gpg: using RSA key E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/fw_cfg-20190523-pull-request:
tests: fw_cfg: add 'splash-time' test case
tests: fw_cfg: add 'reboot-timeout' test case
hw/nvram/fw_cfg: Store 'reboot-timeout' as little endian
tests: fw_cfg: add a function to get the fw_cfg file
tests: refactor fw_cfg_test
tests/fw_cfg: Free QFWCFG object after qtest has run
tests/libqos: Add pc_fw_cfg_uninit() and use it
tests/libqos: Add io_fw_cfg_uninit() and mm_fw_cfg_uninit()
hw/sparc64: Implement fw_cfg_arch_key_name()
hw/sparc: Implement fw_cfg_arch_key_name()
hw/ppc: Implement fw_cfg_arch_key_name()
hw/i386: Implement fw_cfg_arch_key_name()
hw/i386: Extract fw_cfg definitions to local "fw_cfg.h"
hw/nvram/fw_cfg: Add fw_cfg_arch_key_name()
hw/nvram/fw_cfg: Add trace events
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Li Qiang [Wed, 24 Apr 2019 14:06:43 +0000 (07:06 -0700)]
tests: fw_cfg: add 'splash-time' test case
Signed-off-by: Li Qiang <liq3ea@163.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-6-liq3ea@163.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Li Qiang [Wed, 24 Apr 2019 14:06:42 +0000 (07:06 -0700)]
tests: fw_cfg: add 'reboot-timeout' test case
Signed-off-by: Li Qiang <liq3ea@163.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-5-liq3ea@163.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Li Qiang [Wed, 24 Apr 2019 14:06:41 +0000 (07:06 -0700)]
hw/nvram/fw_cfg: Store 'reboot-timeout' as little endian
The current codebase is not specific about the endianess of the
fw_cfg 'file' entry 'reboot-timeout'.
Per docs/specs/fw_cfg.txt:
=== All Other Data Items ===
Please consult the QEMU source for the most up-to-date
and authoritative list of selector keys and their respective
items' purpose, format and writeability.
Checking the git history, this code was introduced in commit ac05f3492421, very similar to commit 3d3b8303c6f8 for the
'boot-menu-wait' entry, which explicitely use little-endian.
OVMF consumes 'boot-menu-wait' as little-endian, however it does
not consume 'reboot-timeout'.
Regarding the git history and OVMF use, we choose to explicit
'reboot-timeout' endianess as little-endian.
Signed-off-by: Li Qiang <liq3ea@163.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-4-liq3ea@163.com>
[PMD: Reword commit description based on review comments] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Li Qiang [Wed, 24 Apr 2019 14:06:40 +0000 (07:06 -0700)]
tests: fw_cfg: add a function to get the fw_cfg file
This is useful to write qtest about fw_cfg file entry.
Signed-off-by: Li Qiang <liq3ea@163.com> Acked-by: Thomas Huth <thuth@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-3-liq3ea@163.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Li Qiang [Sat, 18 May 2019 19:35:10 +0000 (21:35 +0200)]
tests: refactor fw_cfg_test
Currently, fw_cfg_test uses one QTestState for every test case.
This will add all command lines for every test case and
this is unnecessary. This patch split the test cases and for
every test case it uses his own QTestState. This patch does following
things:
1. Get rid of the global 'fw_cfg', this need add a uninit function
2. Convert every test case in a separate QTestState
After this patch, we can add fw_cfg test case freely and will not
have effect on other test cases.
Signed-off-by: Li Qiang <liq3ea@163.com> Acked-by: Thomas Huth <thuth@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-2-liq3ea@163.com>
[PMD: Removed 'ret' local variable in main()] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190422195020.1494-2-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Peter Maydell [Thu, 23 May 2019 11:57:17 +0000 (12:57 +0100)]
Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging
Introduce qemu_guest_getrandom.
Use qemu_guest_getrandom in aspeed, nrf51, bcm2835, exynos4210 rng devices.
Use qemu_guest_getrandom in target/ppc darn instruction.
Support ARMv8.5-RNG extension.
Support x86 RDRAND extension.
Acked-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Laurent Vivier <laurent@vivier.eu>
# gpg: Signature made Wed 22 May 2019 19:36:43 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-rng-20190522: (25 commits)
target/i386: Implement CPUID_EXT_RDRAND
target/ppc: Use qemu_guest_getrandom for DARN
target/ppc: Use gen_io_start/end around DARN
target/arm: Implement ARMv8.5-RNG
target/arm: Put all PAC keys into a structure
hw/misc/exynos4210_rng: Use qemu_guest_getrandom
hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail
hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail
aspeed/scu: Use qemu_guest_getrandom_nofail
linux-user: Remove srand call
linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys
linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM
linux-user: Call qcrypto_init if not using -seed
linux-user: Initialize pseudo-random seeds for all guest cpus
cpus: Initialize pseudo-random seeds for all guest cpus
util: Add qemu_guest_getrandom and associated routines
ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
ui/vnc: Split out authentication_failed
crypto: Change the qcrypto_random_bytes buffer type to void*
crypto: Use getrandom for qcrypto_random_bytes
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/vivier2/tags/trivial-branch-pull-request:
pci: msix: move 'MSIX_CAP_LENGTH' to header file
vfio: platform: fix a typo
hw: vfio: drop TYPE_FOO MACRO in VMStateDescription
vfio: pci: make "vfio-pci-nohotplug" as MACRO
configure: Fix spelling of sdl-image in --help
migration: Fix typo in migrate_add_blocker() error message
roms: List and describe the Makefile 'clean' rule
roms: Correct the EDK2_BASETOOLS_OPTFLAGS variable description
hw/virtio/virtio-mmio: Convert DPRINTF to trace and log
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This instruction raises #GP, aka SIGSEGV, if the effective address
is not aligned to 16-bytes.
We have assertions in tcg-op-gvec.c that the offset from ENV is
aligned, for vector types <= V128. But the offset itself does not
validate that the final pointer is aligned -- one must also remember
to use the QEMU_ALIGNED() attribute on the vector member within ENV.
PowerPC Altivec has vector load/store instructions that silently
discard the low 4 bits of the address, making alignment mistakes
difficult to discover. Aid that by making the most popular host
visibly signal the error.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg/aarch64: Build vector immediates with two insns
Use MOVI+ORR or MVNI+BIC in order to build some vector constants,
as opposed to dropping them to the constant pool. This includes
all 16-bit constants and a similar set of 32-bit constants.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
There are several sub-classes of vector immediate, and only MOVI
can use them all. This will enable usage of MVNI and ORRI, which
use progressively fewer sub-classes.
This patch adds no new functionality, merely splits the function
and moves part of the logic into tcg_out_dupi_vec.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The instruction set has 3 insns that perform the same operation,
only varying in which operand must overlap the destination. We
can represent the operation without overlap and choose based on
the operands seen.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We already had backend support for this feature. Expand the new
cmpsel opcode using vpblendb. The combination allows us to avoid
an extra NOT for some comparison codes.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg: Add TCG_OPF_NOT_PRESENT if TCG_TARGET_HAS_foo is negative
If INDEX_op_foo is always expanded by tcg_expand_vec_op, then
there may be no reasonable set of constraints to return from
tcg_target_op_def for that opcode.
Let TCG_TARGET_HAS_foo be specified as -1 in that case. Thus a
boolean test for TCG_TARGET_HAS_foo is true, but we will not
assert within process_op_defs when no constraints are specified.
Compare this with tcg_can_emit_vec_op, which already uses this
tri-state indication.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Perform a per-element conditional move. This combination operation is
easier to implement on some host vector units than plain cmp+bitsel.
Omit the usual gvec interface, as this is intended to be used by
target-specific gvec expansion call-backs.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg: Fix missing checks and clears in tcg_gen_gvec_dup_mem
The paths through tcg_gen_dup_mem_vec and through MO_128 were
missing the check_size_align. The path through MO_128 was also
missing the expand_clr. This last was not visible because the
only user is ARM SVE, which would set oprsz == maxsz, and not
require the clear.
Fix by adding the check_size_align and using do_dup directly
instead of duplicating the check in tcg_gen_gvec_dup_{i32,i64}.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The VBROADCASTSD instruction only allows %ymm registers as destination.
Rather than forcing VEX.L and writing to the entire 256-bit register,
revert to using MOVDDUP with an %xmm register. This is sufficient for
an avx1 host since we do not support TCG_TYPE_V256 for that case.
Also fix the 32-bit avx2, which should have used VPBROADCASTW.
Fixes: 1e262b49b533 Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail
The random number is intended for use by the guest. As such, we should
honor the -seed argument for reproducibility. Use the *_nofail routine
instead of rolling our own error handling locally.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail
The random number is intended for use by the guest. As such, we should
honor the -seed argument for reproducibility. Use the *_nofail routine
instead of error_abort directly.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The random number is intended for use by the guest. As such, we should
honor the -seed argument for reproducibility. Use the *_nofail routine
instead of rolling our own error handling locally.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
linux-user: Initialize pseudo-random seeds for all guest cpus
When the -seed option is given, call qemu_guest_random_seed_main,
putting the subsystem into deterministic mode. Pass derived seeds
to each cpu created during clone; which is a no-op unless the
subsystem is in deterministic mode.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
cpus: Initialize pseudo-random seeds for all guest cpus
When the -seed option is given, call qemu_guest_random_seed_main,
putting the subsystem into deterministic mode. Pass derived seeds
to each cpu created; which is a no-op unless the subsystem is in
deterministic mode.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
util: Add qemu_guest_getrandom and associated routines
This routine is intended to produce high-quality random numbers to the
guest. Normally, such numbers are crypto quality from the host, but a
command-line option can force the use of a fully deterministic sequence
for use while debugging.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
crypto: Change the qcrypto_random_bytes buffer type to void*
Using uint8_t* merely requires useless casts for use with
other types to be filled with randomness.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Avoids leaking the /dev/urandom fd into any child processes.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
crypto: Do not fail for EINTR during qcrypto_random_bytes
We can always get EINTR for read; /dev/urandom is no exception.
Rearrange the order of tests for likelihood; allow degenerate buflen==0
case to perform a no-op zero-length read. This means that the normal
success path is a straight line with a single test for success.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use #ifdef _WIN32 instead of #ifndef _WIN32.
This will make other tests easier to sequence.
Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
build: Link user-only with crypto random number objects
For user-only, we require only the random number bits of the
crypto subsystem. Rename crypto-aes-obj-y to crypto-user-obj-y,
and add the random number objects, plus init.o to handle any
extra stuff the crypto library requires.
Move the crypto libraries from libs_softmmu and libs_tools to
LIBS, so that they are universally used.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Li Qiang [Tue, 21 May 2019 15:15:41 +0000 (08:15 -0700)]
hw: vfio: drop TYPE_FOO MACRO in VMStateDescription
It's recommended that VMStateDescription names are decoupled from QOM
type names as the latter may freely change without consideration of
migration compatibility.
Link: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02175.html CC: qemu-trivial@nongnu.org Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20190521151543.92274-3-liq3ea@163.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Li Qiang [Tue, 21 May 2019 15:15:40 +0000 (08:15 -0700)]
vfio: pci: make "vfio-pci-nohotplug" as MACRO
The QOMConventions recommends we should use TYPE_FOO
for a TypeInfo's name. Though "vfio-pci-nohotplug" is not
used in other parts, for consistency we should make this change.
CC: qemu-trivial@nongnu.org Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20190521151543.92274-2-liq3ea@163.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Greg Kurz [Thu, 16 May 2019 10:58:05 +0000 (12:58 +0200)]
migration: Fix typo in migrate_add_blocker() error message
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <155800428514.543845.17558475870097990036.stgit@bahia.lan> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
roms: Correct the EDK2_BASETOOLS_OPTFLAGS variable description
In commit 1cab464136b4 we incorrectly described the
EDK2_BASETOOLS_OPTFLAGS can pass CPPFLAGS and CFLAGS
options to the EDK2 build tools, but it only expands
the CFLAGS (not to the CPPFLAGS).
Update the description to be more accurate.
cutils: Simplify how parse_uint() checks for whitespace
Use qemu_isspace() so we don't have to cast to unsigned char.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190514180311.16028-7-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
gdb_read_byte() passes its @ch argument to isxdigit(). Undefined
behavior when the value is negative. Two callers:
* gdb_chr_receive() passes an uint8_t value. Safe.
* gdb_handlesig() a char value. Unsafe. Not a security issue,
because the characters come from the gdb client, which is trusted.
The obvious fix would be casting @ch to unsigned char. But note that
gdb_read_byte() already casts @ch to uint8_t in many places. Uses of
@ch without such a cast:
"Debugging with GDB / Appendix E GDB Remote Serial Protocol /
Overview" specifies "The printable characters '#' and '$' or with a
numeric value greater than 126 must not be used." gdb_read_byte()
only rejects values < 32. This is wrong. Impact depends on the caller:
* gdb_handlesig() passes a char. Incorrectly accepts '#', '$' and
'\127'.
* gdb_chr_receive() passes an uint8_t. Additionally accepts
characters with the most-significant bit set.
Correct the validity check to match the specification.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190514180311.16028-4-armbru@redhat.com>
parse_acl_file() passes char values to isspace(). Undefined behavior
when the value is negative. Not a security issue, because the
characters come from trusted $prefix/etc/qemu/bridge.conf and the
files it includes.
Furthermore, isspace()'s locale-dependence means qemu-bridge-helper
uses the user's locale for parsing $prefix/etc/bridge.conf. Feels
wrong.
Use g_ascii_isspace() instead. This fixes the undefined behavior, and
makes parsing of $prefix/etc/bridge.conf locale-independent.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190514180311.16028-2-armbru@redhat.com>
Add a vhost-user input backend example, based on virtio-input-host
device. It takes an evdev path as argument, and can be associated with
a vhost-user-input device via a UNIX socket:
/home/pm215/qemu/contrib/libvhost-user/libvhost-user.c: In function
‘vu_set_mem_table_exec_postcopy’:
/home/pm215/qemu/contrib/libvhost-user/libvhost-user.c:666:9: error:
format ‘%llx’ expects argument of type ‘long long unsigned int’, but
argument 5 has type ‘__u64’ [-Werror=format=]
DPRINT("%s: region %d: Registered userfault for %llx + %llx\n",
^
/home/pm215/qemu/contrib/libvhost-user/libvhost-user.c:666:9: error:
format ‘%llx’ expects argument of type ‘long long unsigned int’, but
argument 6 has type ‘__u64’ [-Werror=format=]
cc1: all warnings being treated as errors
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190514104126.6294-3-marcandre.lureau@redhat.com
Peter Maydell [Tue, 21 May 2019 18:56:47 +0000 (19:56 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging
x86 MDS feature flags
md-clear and mds-no feature flags, for detection and mitigation
of MDS vulnerabilities (CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11091).
# gpg: Signature made Tue 21 May 2019 19:42:43 BST
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-next-pull-request:
target/i386: add MDS-NO feature
docs: recommend use of md-clear feature on all Intel CPUs
target/i386: define md-clear bit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Thu, 16 May 2019 18:53:20 +0000 (20:53 +0200)]
target/i386: add MDS-NO feature
Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.
Some Intel processors use the ARCH_CAP_MDS_NO bit in the
IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to guests.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20190516185320.28340-1-pbonzini@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
docs: recommend use of md-clear feature on all Intel CPUs
Update x86 CPU model guidance to recommend that the md-clear feature is
manually enabled with all Intel CPU models, when supported by the host
microcode.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190515141011.5315-3-berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Paolo Bonzini [Wed, 15 May 2019 14:10:10 +0000 (15:10 +0100)]
target/i386: define md-clear bit
md-clear is a new CPUID bit which is set when microcode provides the
mechanism to invoke a flush of various exploitable CPU buffers by invoking
the VERW instruction.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20190515141011.5315-2-berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Peter Maydell [Tue, 21 May 2019 15:30:13 +0000 (16:30 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190521-3' into staging
s390x update:
- have the bios tolerate bootmap signature entries
- next chunk of vector instruction support in tcg
- a headers update against Linux 5.2-rc1
- add more facilities and gen15 machines to the cpu model
s390x/cpumodel: wire up 8561 and 8562 as gen15 machines
8561 and 8562 will be gen15 machines. There is no name yet, let us use
gen15a and gen15b as base name. Later on we can provide aliases with
the proper name.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20190429090250.7648-10-borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
add several new features (msa9, sort, deflate, additional vector
instructions, new general purpose instructions) to generation 15.
Also disable csske and bpb from the default and base models >=15.
This will allow to migrate gen15 machines to future machines that
do not have these features.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20190429090250.7648-9-borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
projects / thirdparty / qemu.git / log
