* tag 'kraxel-20220927-pull-request' of https://gitlab.com/kraxel/qemu: (24 commits)
virtio-gpu: update scanout if there is any area covered by the rect
hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
audio: remove abort() in audio_bug()
Revert "audio: Log context for audio bug"
audio: Add sndio backend
usbnet: Report link-up via interrupt endpoint in CDC-ECM mode
usbnet: Detect short packets as sent by the xHCI controller
usbnet: Accept mandatory USB_CDC_SET_ETHERNET_PACKET_FILTER request
usbnet: Add missing usb_wakeup() call in usbnet_receive()
hcd-xhci: drop operation with secondary stream arrays enabled
usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
usb/msd: move usb_msd_packet_complete()
hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
hw/usb/hcd-xhci: Check whether DMA accesses fail
ui/console: fix three double frees in png_save()
ui/vdagent: fix serial reset of guest agent
ui/clipboard: reset the serial state on reset
ui/vdagent: always reset the clipboard serial on caps
ui/clipboard: fix serial priority
ui: add some vdagent related traces
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 27 Sep 2022 11:56:56 +0000 (07:56 -0400)]
Merge tag 'pull-riscv-to-apply-20220927' of https://github.com/alistair23/qemu into staging
Second RISC-V PR for QEMU 7.2
* Fixup typos and register addresses for Ibex SPI
* Cleanup the RISC-V virt machine documentation
* Remove the sideleg and sedeleg CSR macros
* Fix the CSR check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h}
* Remove fixed numbering from GDB xml feature files
* Allow setting the resetvec for the OpenTitan machine
* Check the correct exception cause in vector GDB stub
* Fix inheritance of SiFiveEState
* Improvements to the RISC-V debugger spec
* Simplify some vector code
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmMymHIACgkQIeENKd+X
# cFQPxwf8DhYeJ+Ctsi9/fFTIHLAE3ciZ15Hf/BJGc5maeVGupYG64+9Cs0fGX4bY
# CBlmE5xqn8hanEQXTQxmbC3AoNyykRV+arUrdawlUrJR5hQy/PNVq4yTxFPHcEjJ
# bOsQxkMvMzZiWbJfG8SZObXfFZ+6HjWd2qjbCUwyVAa5mWDHsuPy22/RDcaR9KSV
# Sb217kNIY3a2WkDUrY84zqOfks3NDFA1GuCge7EcQGV9iPxH06KO3ANpGvCE/31i
# FnfA9qUu7ts+ls2lSj+2ARsZUzMciZuC3ggTRYIKbyf0QNTK6fILuzlMPPvf0ORZ
# vbq8rSTDPrWzmrLskba1jADbWPtiXA==
# =b3zl
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 02:30:10 EDT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* tag 'pull-riscv-to-apply-20220927' of https://github.com/alistair23/qemu: (22 commits)
target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered
target/riscv: rvv-1.0: Simplify vfwredsum code
target/riscv: debug: Add initial support of type 6 trigger
target/riscv: debug: Check VU/VS modes for type 2 trigger
target/riscv: debug: Create common trigger actions function
target/riscv: debug: Introduce tinfo CSR
target/riscv: debug: Restrict the range of tselect value can be written
target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs
target/riscv: debug: Introduce build_tdata1() to build tdata1 register content
target/riscv: debug: Determine the trigger type from tdata1.type
hw/riscv/sifive_e: Fix inheritance of SiFiveEState
target/riscv: Check the correct exception cause in vector GDB stub
hw/riscv: opentitan: Expose the resetvec as a SoC property
hw/riscv: opentitan: Fixup resetvec
target/riscv: Set the CPU resetvec directly
target/riscv: remove fixed numbering from GDB xml feature files
target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml
target/riscv: fix csr check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h}
target/riscv: Remove sideleg and sedeleg
docs/system: clean up code escape for riscv virt platform
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Dongwon Kim [Fri, 9 Sep 2022 01:40:52 +0000 (18:40 -0700)]
virtio-gpu: update scanout if there is any area covered by the rect
The scanout is currently updated only if the whole rect is inside the
scanout space. This is not a correct condition because the scanout should
be updated even a small area in the scanout space is covered by the rect.
Commit 584acf34cb0 ("ati-vga: Fix reverse bit blts") introduced
the local dst_x and dst_y which adjust the (x, y) coordinates
depending on the direction in the SRCCOPY ROP3 operation, but
forgot to address the same issue for the PATCOPY, BLACKNESS and
WHITENESS operations, which also call pixman_fill().
Fix that now by using the adjusted coordinates in the pixman_fill
call, and update the related debug printf().
Reported-by: Qiang Liu <qiangliu@zju.edu.cn> Fixes: 584acf34cb0 ("ati-vga: Fix reverse bit blts") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-Id: <20210906153103.1661195-1-philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit ab32b78cd1 "audio: Simplify audio_bug() removing old code"
introduced abort() in audio_bug() for regular builds.
audio_bug() was never meant to abort QEMU for the following
reasons.
- There's code in audio_bug() that expects audio_bug() gets
called more than once with error condition true. The variable
'shown' is only 0 on first error.
- All call sites test the return code of audio_bug(), print
an error context message and handle the errror.
- The abort() in audio_bug() enables a class of guest-triggered
aborts similar to the Launchpad Bug #1910603 at
https://bugs.launchpad.net/bugs/1910603.
Michael Brown [Tue, 6 Sep 2022 18:30:52 +0000 (19:30 +0100)]
usbnet: Detect short packets as sent by the xHCI controller
The xHCI controller will ignore the endpoint MTU and so may deliver
packets of any length. Detect short packets as being any packet that
has a length of zero or a length that is not a multiple of the MTU.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-4-mcb30@ipxe.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB_CDC_SET_ETHERNET_PACKET_FILTER request is mandatory for
CDC-ECM devices. Accept this request, ignoring the actual filter
value (to match the existing behaviour for RNDIS).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-3-mcb30@ipxe.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Michael Brown [Tue, 6 Sep 2022 18:30:50 +0000 (19:30 +0100)]
usbnet: Add missing usb_wakeup() call in usbnet_receive()
usbnet_receive() does not currently wake up the USB endpoint, leading
to a dead RX datapath when used with a host controller such as xHCI
that relies on being woken up.
Fix by adding a call to usb_wakeup() at the end of usbnet_receive().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-2-mcb30@ipxe.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Qiang Liu [Sun, 4 Sep 2022 12:59:26 +0000 (20:59 +0800)]
hcd-xhci: drop operation with secondary stream arrays enabled
The abort() in xhci_find_stream() can be triggered via enabling the secondary
stream arrays by setting linear stream array (LSA) bit (in endpoint context) to
0. We may show warnings and drop this operation.
Gerd Hoffmann [Tue, 30 Aug 2022 06:38:27 +0000 (08:38 +0200)]
usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
Add handler for fatal errors. Moves device into error state where it
stops responding until the guest resets it.
Guest can send illegal requests where scsi command and usb packet
transfer directions are inconsistent. Use the new usb_msd_fatal_error()
function instead of assert() in that case.
Reported-by: Qiang Liu <cyruscyliu@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
Yang Liu [Wed, 17 Aug 2022 07:48:02 +0000 (15:48 +0800)]
target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered
Starting with RVV1.0, the original vf[w]redsum_vs instruction was renamed
to vf[w]redusum_vs. The distinction between ordered and unordered is also
more consistent with other instructions, although there is no difference
in implementation between the two for QEMU.
Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-2-liuyang22@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Yang Liu [Wed, 17 Aug 2022 07:48:01 +0000 (15:48 +0800)]
target/riscv: rvv-1.0: Simplify vfwredsum code
Remove duplicate code by wrapping vfwredsum_vs's OP function.
Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-1-liuyang22@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:15 +0000 (21:42 +0800)]
target/riscv: debug: Add initial support of type 6 trigger
Type 6 trigger is similar to a type 2 trigger, but provides additional
functionality and should be used instead of type 2 in newer
implementations.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-9-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:14 +0000 (21:42 +0800)]
target/riscv: debug: Check VU/VS modes for type 2 trigger
Type 2 trigger cannot be fired in VU/VS modes.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-8-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:13 +0000 (21:42 +0800)]
target/riscv: debug: Create common trigger actions function
Trigger actions are shared among all triggers. Extract to a common
function.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: handle the DBG_ACTION_NONE case] Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-7-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:12 +0000 (21:42 +0800)]
target/riscv: debug: Introduce tinfo CSR
tinfo.info:
One bit for each possible type enumerated in tdata1.
If the bit is set, then that type is supported by the currently
selected trigger.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-6-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:11 +0000 (21:42 +0800)]
target/riscv: debug: Restrict the range of tselect value can be written
The value of tselect CSR can be written should be limited within the
range of supported triggers number.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-5-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:10 +0000 (21:42 +0800)]
target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs
Replace type2_trigger_t with the real tdata1, tdata2, and tdata3 CSRs,
which allows us to support more types of triggers in the future.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-4-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:09 +0000 (21:42 +0800)]
target/riscv: debug: Introduce build_tdata1() to build tdata1 register content
Introduce build_tdata1() to build tdata1 register content, which can be
shared among all types of triggers.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: moved RV{32,64}_DATA_MASK definition to this patch] Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-3-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Fri, 9 Sep 2022 13:42:08 +0000 (21:42 +0800)]
target/riscv: debug: Determine the trigger type from tdata1.type
Current RISC-V debug assumes that only type 2 trigger is supported.
To allow more types of triggers to be supported in the future
(e.g. type 6 trigger, which is similar to type 2 trigger with additional
functionality), we should determine the trigger type from tdata1.type.
RV_MAX_TRIGGERS is also introduced in replacement of TRIGGER_TYPE2_NUM.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: fixed MXL_RV128 case, and moved macros to the following patch] Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-2-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bernhard Beschow [Thu, 22 Sep 2022 07:52:32 +0000 (09:52 +0200)]
hw/riscv/sifive_e: Fix inheritance of SiFiveEState
SiFiveEState inherits from SysBusDevice while it's TypeInfo claims it to
inherit from TYPE_MACHINE. This is an inconsistency which can cause
undefined behavior such as memory corruption.
Change SiFiveEState to inherit from MachineState since it is registered
as a machine.
Fixes: 0869490b1c ("riscv: sifive_e: Manually define the machine") Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220922075232.33653-1-shentey@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Sun, 18 Sep 2022 08:32:44 +0000 (16:32 +0800)]
target/riscv: Check the correct exception cause in vector GDB stub
After RISCVException enum is introduced, riscv_csrrw_debug() returns
RISCV_EXCP_NONE to indicate there's no error. RISC-V vector GDB stub
should check the result against RISCV_EXCP_NONE instead of value 0.
Otherwise, 'E14' packet would be incorrectly reported for vector CSRs
when using "info reg vector" GDB command.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Jim Shu <jim.shu@sifive.com> Reviewed-by: Tommy Wu <tommy.wu@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220918083245.13028-1-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alistair Francis [Wed, 14 Sep 2022 10:11:08 +0000 (12:11 +0200)]
hw/riscv: opentitan: Expose the resetvec as a SoC property
On the OpenTitan hardware the resetvec is fixed at the start of ROM. In
QEMU we don't run the ROM code and instead just jump to the next stage.
This means we need to be a little more flexible about what the resetvec
is.
This patch allows us to set the resetvec from the command line with
something like this:
-global driver=riscv.lowrisc.ibex.soc,property=resetvec,value=0x20000400
This way as the next stage changes we can update the resetvec.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-4-alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alistair Francis [Wed, 14 Sep 2022 10:11:07 +0000 (12:11 +0200)]
hw/riscv: opentitan: Fixup resetvec
The resetvec for the OpenTitan machine ended up being set to an out of
date value, so let's fix that and bump it to the correct start address
(after the boot ROM)
Fixes: bf8803c64d75 "hw/riscv: opentitan: bump opentitan version" Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220914101108.82571-3-alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alistair Francis [Wed, 14 Sep 2022 10:11:06 +0000 (12:11 +0200)]
target/riscv: Set the CPU resetvec directly
Instead of using our properties to set a config value which then might
be used to set the resetvec (depending on your timing), let's instead
just set the resetvec directly in the env struct.
This allows us to set the reset vec from the command line with:
-global driver=riscv.hart_array,property=resetvec,value=0x20000400
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-2-alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Andrew Burgess [Wed, 31 Aug 2022 08:41:23 +0000 (09:41 +0100)]
target/riscv: remove fixed numbering from GDB xml feature files
The fixed register numbering in the various GDB feature files for
RISC-V only exists because these files were originally copied from the
GDB source tree.
However, the fixed numbering only exists in the GDB source tree so
that GDB, when it connects to a target that doesn't provide a target
description, will use a specific numbering scheme.
That numbering scheme is designed to be compatible with the first
versions of QEMU (for RISC-V), that didn't send a target description,
and relied on a fixed numbering scheme.
Because of the way that QEMU manages its target descriptions,
recording the number of registers in each feature, and just relying on
GDB's numbering starting from 0, then I propose that we remove all the
fixed numbering from the RISC-V feature xml files, and just rely on
the standard numbering scheme. Plenty of other targets manage their
xml files this way, e.g. ARM, AArch64, Loongarch, m68k, rx, and s390.
Signed-off-by: Andrew Burgess <aburgess@redhat.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Message-Id: <6069395f90e6fc24dac92197be815fedf42f5974.1661934573.git.aburgess@redhat.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Andrew Burgess [Wed, 31 Aug 2022 08:41:22 +0000 (09:41 +0100)]
target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml
While testing some changes to GDB's handling for the RISC-V registers
fcsr, fflags, and frm, I spotted that QEMU includes these registers
twice in the target description it sends to GDB, once in the fpu
feature, and once in the csr feature.
Right now things basically work OK, QEMU maps these registers onto two
different register numbers, e.g. fcsr maps to both 68 and 73, and GDB
can use either of these to access the register.
However, GDB's target descriptions don't really work this way, each
register should appear just once in a target description, mapping the
register name onto the number GDB should use when accessing the
register on the target. Duplicate register names actually result in
duplicate registers on the GDB side, however, as the registers have
the same name, the user can only access one of these registers.
Currently GDB has a hack in place, specifically for RISC-V, to spot
the duplicate copies of these three registers, and hide them from the
user, ensuring the user only ever sees a single copy of each.
In this commit I propose fixing this issue on the QEMU side, and in
the process, simplify the fpu register handling a little.
I think we should, remove fflags, frm, and fcsr from the two (32-bit
and 64-bit) fpu feature xml files. These files will only contain the
32 core floating point register f0 to f31. The fflags, frm, and fcsr
registers will continue to be advertised in the csr feature as they
currently are.
With that change made, I will simplify riscv_gdb_get_fpu and
riscv_gdb_set_fpu, removing the extra handling for the 3 status
registers.
Signed-off-by: Andrew Burgess <aburgess@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <0fbf2a5b12e3210ff3867d5cf7022b3f3462c9c8.1661934573.git.aburgess@redhat.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Wed, 17 Aug 2022 08:37:56 +0000 (16:37 +0800)]
target/riscv: fix csr check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h}
- modify check for mcounteren to work in all less-privilege mode
- modify check for scounteren to work only when S mode is enabled
- distinguish the exception type raised by check for scounteren between U
and VU mode
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220817083756.12471-1-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rahul Pathak [Wed, 24 Aug 2022 14:52:55 +0000 (20:22 +0530)]
target/riscv: Remove sideleg and sedeleg
sideleg and sedeleg csrs are not part of riscv isa spec
anymore, these csrs were part of N extension which
is removed from the riscv isa specification.
These commits removed all traces of these csrs from
riscv spec (https://github.com/riscv/riscv-isa-manual) -
commit f8d27f805b65 ("Remove or downgrade more references to N extension (#674)")
commit b6cade07034d ("Remove N extension chapter for now")
Signed-off-by: Rahul Pathak <rpathak@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220824145255.400040-1-rpathak@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alex Bennée [Mon, 5 Sep 2022 16:39:39 +0000 (17:39 +0100)]
docs/system: clean up code escape for riscv virt platform
The example code is rendered slightly mangled due to missing code
block. Properly escape the code block and add shell prompt and qemu to
fit in with the other examples on the page.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220905163939.1599368-1-alex.bennee@linaro.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Wilfred Mallawa [Tue, 23 Aug 2022 06:12:00 +0000 (16:12 +1000)]
hw/ssi: ibex_spi: fixup typos in ibex_spi_host
This patch fixes up minor typos in ibex_spi_host
Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220823061201.132342-2-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* tag 'pull-target-arm-20220922' of https://git.linaro.org/people/pmaydell/qemu-arm: (39 commits)
configure: Avoid use of 'local' as it is non-POSIX
configure: Check mkdir result directly, not via $?
configure: Remove use of backtick `...` syntax
configure: Add './' on front of glob of */config-devices.mak.d
configure: Add missing quoting for some easy cases
configure: Remove unused meson_args variable
configure: Remove unused python_version variable
tests/unit/test-vmstate: Avoid dynamic stack allocation
ui/curses: Avoid dynamic stack allocation
hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
hw/i386/multiboot: Avoid dynamic stack allocation
hw/intc/xics: Avoid dynamic stack allocation
hw/ppc/pnv: Avoid dynamic stack allocation
hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1
chardev/baum: Avoid dynamic stack allocation
chardev/baum: Use definitions to avoid dynamic stack allocation
chardev/baum: Replace magic values by X_MAX / Y_MAX definitions
hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
hw/acpi: Add ospm_status hook implementation for acpi-ged
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Qiang Liu [Fri, 26 Aug 2022 05:15:56 +0000 (13:15 +0800)]
hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
An abort happens in ohci_frame_boundary() when ohci->done is 0 [1].
``` c
static void ohci_frame_boundary(void *opaque)
{
// ...
if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
if (!ohci->done)
abort(); <----------------------------------------- [1]
```
This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/,
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and
https://gitlab.com/qemu-project/qemu/-/issues/545. I can still reproduce it with
the latest QEMU.
This happends due to crafted ED with putting ISO_TD at physical address 0.
Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal
memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count
[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f,
suppose 1), we then control the value of relative_frame_number to be 1 [6]. The
control flow goes to [7] where ohci->done is 0. Have returned from
ohci_service_iso_td(), ohci_frame_boundary() will abort() [1].
``` c
static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
{
// ...
addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2]
if (ohci_read_iso_td(ohci, addr, &iso_td)) { // <-------- [3]
// ...
As only (afaik) a guest root user can manipulate ED, TD and the physical memory,
this assertion failure is not a security bug.
The idea to fix this issue is to drop ohci_service_iso_td() if ed->head &
OHCI_DPTR_MASK is 0, which is similar to the drop operation for
ohci_service_ed_list() when head is 0. Probably, a similar issue is in
ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0.
Fixes: 7bfe577702 ("OHCI USB isochronous transfers support (Arnon Gilboa)") Reported-by: Gaoning Pan <pgn@zju.edu.cn> Reported-by: Alexander Bulekov <alxndr@bu.edu> Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545 Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html Buglink: https://bugs.launchpad.net/qemu/+bug/1911216 Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Wed, 17 Aug 2022 16:00:16 +0000 (18:00 +0200)]
hw/usb/hcd-xhci: Check whether DMA accesses fail
If a guest sets up bad descriptors, it could force QEMU to access
non-existing memory regions. Thus we should check the return value
of dma_memory_read/write() to make sure that these errors don't go
unnoticed.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220817160016.49752-1-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210 Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG") Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In order to reset the guest agent, we send CLOSED & OPENED events.
They are correctly received by the guest kernel. However, they might not
be noticed by the guest agent process, as the IO task (poll() for
example) might be wake up after both CLOSED & OPENED have been
processed.
Wait until the guest agent is disconnected to re-open our side.
Not only we have to reset the vdagent clipboards serial state, but also
the current QEMU clipboards info serial (the value is currently used by
qemu_clipboard_check_serial, only used by -display dbus).
The incoming grab event should have a higher serial.
See also "vdagent: introduce VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL":
https://gitlab.freedesktop.org/spice/spice-protocol/-/commit/045a6978d6dbbf7046affc5c321fa8177c8cce56
This is only a relevant fix for the -display dbus, only user of that
function.
Akihiko Odaki [Fri, 19 Aug 2022 13:27:54 +0000 (22:27 +0900)]
ui/cocoa: Run qemu_init in the main thread
This work is based on:
https://patchew.org/QEMU/20220317125534.38706-1-philippe.mathieu.daude@gmail.com/
Simplify the initialization dance by running qemu_init() in the main
thread before the Cocoa event loop starts. The secondary thread only
runs only qemu_main_loop() and qemu_cleanup().
This fixes a case where addRemovableDevicesMenuItems() calls
qmp_query_block() while expecting the main thread to still hold
the BQL.
Overriding the code after calling qemu_init() is done by dynamically
replacing a function pointer variable, qemu_main when initializing
ui/cocoa, which unifies the static implementation of main() for
builds with ui/cocoa and ones without ui/cocoa.
Cal Peake [Thu, 11 Aug 2022 22:01:38 +0000 (18:01 -0400)]
ui/console: Get tab completion working again in the SDL monitor vc
Define a QEMU special key constant for the tab key and add an entry for
it in the qcode_to_keysym table. This allows tab completion to work again
in the SDL monitor virtual console, which has been broken ever since the
migration from SDL1 to SDL2.
Signed-off-by: Cal Peake <cp@absolutedigital.net>
Message-Id: <7054816e-99c-7e2-6737-7cf98cc56e2@absolutedigital.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Stefan Hajnoczi [Thu, 22 Sep 2022 17:21:50 +0000 (13:21 -0400)]
Merge tag 'pull-hex-20220919' of https://github.com/quic/qemu into staging
Hexagon update
remove unused encodings
add fmin/fmax tests for signed zero
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEENjXHiM5iuR/UxZq0ewJE+xLeRCIFAmMou7IACgkQewJE+xLe
# RCIYbQgAgjFujecgbbCJfBPVMmpTXNOgk+Jt3w+jfg7/WJRZuhxAU3xB2qpismUH
# 5MntMlFHAGOjlPXfg6U5AZFSw3RhlanH/RChHpVKuL6peOXFImIfEqdyVXHXfCuu
# FlpQFGwJ3Rs50UJhd7lVdlx0I7lup4E4X77hFvFcZQP6aNrt6Ic1Zq5eXhEq9k2A
# NnXol1R416JRT/senujYVvcTpgYVHlQCS+4dJEzKUqvFlTdo7lnAbPdjO8MPrz7B
# 0NgPUGjGZJ70Dcqvd1n8HePIU1YyKTlHJNaWyTlAmw4MECyHyAJnd64jEMNECDb5
# 0BrpHcY1HCt1Rh4QratemTfJglAJlA==
# =UUyr
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Sep 2022 14:57:54 EDT
# gpg: using RSA key 3635C788CE62B91FD4C59AB47B0244FB12DE4422
# gpg: Good signature from "Taylor Simpson (Rock on) <tsimpson@quicinc.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 3635 C788 CE62 B91F D4C5 9AB4 7B02 44FB 12DE 4422
* tag 'pull-hex-20220919' of https://github.com/quic/qemu:
Hexagon (tests/tcg/hexagon): add fmin/fmax tests for signed zero
Hexagon (target/hexagon) remove unused encodings
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Yusuke Okada [Thu, 18 Aug 2022 18:46:19 +0000 (14:46 -0400)]
virtiofsd: use g_date_time_get_microsecond to get subsecond
The "%f" specifier in g_date_time_format() is only available in glib
2.65.2 or later. If combined with older glib, the function returns null
and the timestamp displayed as "(null)".
For backward compatibility, g_date_time_get_microsecond should be used
to retrieve subsecond.
In this patch the g_date_time_format() leaves subsecond field as "%06d"
and let next snprintf to format with g_date_time_get_microsecond.
Signed-off-by: Yusuke Okada <okada.yusuke@jp.fujitsu.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20220818184618.2205172-1-yokada.996@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Thu, 25 Aug 2022 15:07:03 +0000 (16:07 +0100)]
configure: Avoid use of 'local' as it is non-POSIX
We use the non-POSIX 'local' keyword in just two places in configure;
rewrite to avoid it.
In do_compiler(), just drop the 'local' keyword. The variable
'compiler' is only used elsewhere in the do_compiler_werror()
function, which already uses the variable as a normal non-local one.
In probe_target_compiler(), $try and $t are both local; make them
normal variables and use a more obviously distinct variable name
for $t.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-8-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:07:02 +0000 (16:07 +0100)]
configure: Check mkdir result directly, not via $?
Shellcheck warns that we have one place where we run a command and
then check if it failed using $?; this is better written to simply
check the command in the 'if' statement directly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-7-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:07:01 +0000 (16:07 +0100)]
configure: Remove use of backtick `...` syntax
There's only one place in configure where we use `...` to execute a
command and capture the result. Switch to $() to match the rest of
the script. This silences a shellcheck warning.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-6-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:07:00 +0000 (16:07 +0100)]
configure: Add './' on front of glob of */config-devices.mak.d
Shellcheck warns that in
rm -f */config-devices.mak.d
the glob might expand to something with a '-' in it, which would
then be misinterpreted as an option to rm. Fix this by adding './'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-5-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:06:59 +0000 (16:06 +0100)]
configure: Add missing quoting for some easy cases
This commit adds quotes in some places which:
* are spotted by shellcheck
* are obviously incorrect
* are easy to fix just by adding the quotes
It doesn't attempt fix all of the places shellcheck finds errors,
or even all the ones which are easy to fix. It's just a random
sampling which is hopefully easy to review and which cuts
down the size of the problem for next time somebody wants to
try to look at shellcheck errors.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-4-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:06:58 +0000 (16:06 +0100)]
configure: Remove unused meson_args variable
The meson_args variable was added in commit 3b4da13293482134b, but
was not used in that commit and isn't used today. Delete the
unnecessary assignment.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-3-peter.maydell@linaro.org
Peter Maydell [Thu, 25 Aug 2022 15:06:57 +0000 (16:06 +0100)]
configure: Remove unused python_version variable
Shellcheck correctly reports that we set python_version and never use
it. This is a leftover from commit f9332757898a7: we used to use
python_version purely to as part of the summary information printed
at the end of a configure run, and that commit changed to printing
the information from meson (which looks up the python version
itself). Remove the unused variable.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220825150703.4074125-2-peter.maydell@linaro.org
Use autofree heap allocation instead of variable-length
array on the stack.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-12-peter.maydell@linaro.org
Use autofree heap allocation instead of variable-length
array on the stack.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-11-peter.maydell@linaro.org
hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
The compiler isn't clever enough to figure 'width' is a constant,
so help it by using a definitions instead.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-10-peter.maydell@linaro.org
Use autofree heap allocation instead of variable-length array on
the stack. Replace the snprintf() call by g_strdup_printf().
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-9-peter.maydell@linaro.org
Use autofree heap allocation instead of variable-length
array on the stack.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-8-peter.maydell@linaro.org
Use autofree heap allocation instead of variable-length
array on the stack.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-id: 20220819153931.3147384-7-peter.maydell@linaro.org
hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
The compiler isn't clever enough to figure 'min_buf_size'
is a constant, so help it by using a definitions instead.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-6-peter.maydell@linaro.org
io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1
The combined_key[... QIO_CHANNEL_WEBSOCK_GUID_LEN ...] array in
qio_channel_websock_handshake_send_res_ok() expands to a call
to strlen(QIO_CHANNEL_WEBSOCK_GUID), and the compiler doesn't
realize the string is const, so consider combined_key[] being
a variable-length array.
To remove the variable-length array, we provide it a hint to
the compiler by using sizeof() - 1 instead of strlen().
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-5-peter.maydell@linaro.org
chardev/baum: Use definitions to avoid dynamic stack allocation
We know 'x * y' will be at most 'X_MAX * Y_MAX' (which is not
a big value, it is actually 84). Instead of having the compiler
use variable-length array, declare an array able to hold the
maximum 'x * y'.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220819153931.3147384-3-peter.maydell@linaro.org
Lucas Dietrich [Mon, 29 Aug 2022 20:00:46 +0000 (22:00 +0200)]
hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
The LAN9118 allows the guest to specify a level for both the TX and
RX FIFOs at which an interrupt will be generated. We implement the
RSFL_INT interrupt for the RX FIFO but are missing the handling of
the equivalent TSFL_INT for the TX FIFO. Add the missing test to set
the interrupt if the TX FIFO has exceeded the guest-specified level.
This flag is required for Micrium lan911x ethernet driver to work.
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
[PMM: Tweaked commit message and comment] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Keqian Zhu [Tue, 16 Aug 2022 09:49:57 +0000 (17:49 +0800)]
hw/acpi: Add ospm_status hook implementation for acpi-ged
Setup an ARM virtual machine of machine virt and execute qmp "query-acpi-ospm-status"
causes segmentation fault with following dumpstack:
#1 0x0000aaaaab64235c in qmp_query_acpi_ospm_status (errp=errp@entry=0xfffffffff030) at ../monitor/qmp-cmds.c:312
#2 0x0000aaaaabfc4e20 in qmp_marshal_query_acpi_ospm_status (args=<optimized out>, ret=0xffffea4ffe90, errp=0xffffea4ffe88) at qapi/qapi-commands-acpi.c:63
#3 0x0000aaaaabff8ba0 in do_qmp_dispatch_bh (opaque=0xffffea4ffe98) at ../qapi/qmp-dispatch.c:128
#4 0x0000aaaaac02e594 in aio_bh_call (bh=0xffffe0004d80) at ../util/async.c:150
#5 aio_bh_poll (ctx=ctx@entry=0xaaaaad0f6040) at ../util/async.c:178
#6 0x0000aaaaac00bd40 in aio_dispatch (ctx=ctx@entry=0xaaaaad0f6040) at ../util/aio-posix.c:421
#7 0x0000aaaaac02e010 in aio_ctx_dispatch (source=0xaaaaad0f6040, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:320
#8 0x0000fffff76f6884 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
#9 0x0000aaaaac0452d4 in glib_pollfds_poll () at ../util/main-loop.c:297
#10 os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:320
#11 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:596
#12 0x0000aaaaab5c9e50 in qemu_main_loop () at ../softmmu/runstate.c:734
#13 0x0000aaaaab185370 in qemu_main (argc=argc@entry=47, argv=argv@entry=0xfffffffff518, envp=envp@entry=0x0) at ../softmmu/main.c:38
#14 0x0000aaaaab16f99c in main (argc=47, argv=0xfffffffff518) at ../softmmu/main.c:47
target/arm: Add is_secure parameter to get_phys_addr_pmsav5
Remove the use of regime_is_secure from get_phys_addr_pmsav5.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-21-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add secure parameter to get_phys_addr_pmsav7
Remove the use of regime_is_secure from get_phys_addr_pmsav7,
using the new parameter instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-19-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add is_secure parameter to pmsav7_use_background_region
Remove the use of regime_is_secure from pmsav7_use_background_region,
using the new parameter instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-17-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add secure parameter to get_phys_addr_pmsav8
Remove the use of regime_is_secure from get_phys_addr_pmsav8.
Since we already had a local variable named secure, use that.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-16-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add is_secure parameter to get_phys_addr_v6
Remove the use of regime_is_secure from get_phys_addr_v6,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-15-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add is_secure parameter to get_phys_addr_v5
Remove the use of regime_is_secure from get_phys_addr_v5,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[PMM: Folded in definition of local is_secure in get_phys_addr(),
since I dropped the earlier patch that would have provided it]
Message-id: 20220822152741.1617527-14-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add secure parameter to pmsav8_mpu_lookup
Remove the use of regime_is_secure from pmsav8_mpu_lookup,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-13-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add is_secure parameter to v8m_security_lookup
Remove the use of regime_is_secure from v8m_security_lookup,
passing the new parameter to the lookup instead.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-12-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Remove is_subpage argument to pmsav8_mpu_lookup
This can be made redundant with result->page_size, by moving the basic
set of page_size from get_phys_addr_pmsav8. We still need to overwrite
page_size when v8m_security_lookup signals a subpage.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-11-richard.henderson@linaro.org
[PMM: Update a comment that used to refer to is_subpage] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in pmsav8_mpu_lookup
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-10-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-9-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-8-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_pmsav5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-7-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_v5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-6-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_v6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use GetPhysAddrResult in get_phys_addr_lpae
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Combine 5 output pointer arguments from get_phys_addr
into a single struct. Adjust all callers.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220822152741.1617527-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When requested, the alignment for VLD4.32 is 8 and not 16.
See ARM documentation about VLD4 encoding:
ebytes = 1 << UInt(size);
if size == '10' then
alignment = if a == '0' then 1 else 8;
else
alignment = if a == '0' then 1 else 4*ebytes;
Signed-off-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220914105058.2787404-1-chigot@adacore.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Anton Kochkov [Wed, 17 Aug 2022 14:22:03 +0000 (14:22 +0000)]
hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
For consistency, function "update_rx_fifo()" should use the RX FIFO
register field names, not the TX FIFO ones, even if they refer to the
same bit positions in the register.
Signed-off-by: Anton Kochkov <anton.kochkov@proton.me> Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20220817141754.2105981-1-anton.kochkov@proton.me
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1123
[PMM: tweaked commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
* tag 'm68k-for-7.2-pull-request' of https://github.com/vivier/qemu-m68k:
target/m68k: always call gen_exit_tb() after writes to SR
target/m68k: rename M68K_FEATURE_M68000 to M68K_FEATURE_M68K
target/m68k: Perform writback before modifying SR
target/m68k: Fix MACSR to CCR
target/m68k: Implement atomic test-and-set
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 21 Sep 2022 17:11:57 +0000 (13:11 -0400)]
Merge tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu into staging
ppc patch queue for 2022-09-20:
This queue contains a implementation of PowerISA 3.1B hash insns, ppc
TCG insns cleanups and fixes, and miscellaneus fixes in the spapr and
pnv_phb models.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYyoWlAAKCRA82cqW3gMx
# ZDYhAP0eQMeA4NS3hiw7WMcAVg0pei3ZJL9oEh1UE3+MfK7MhQEA0q8qExWnQJAA
# a0hfnFH9pLjI+v0f/FbFK6QJBpu/bg8=
# =qT+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 15:37:56 EDT
# gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164
* tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu:
hw/ppc/spapr: Fix code style problems reported by checkpatch
hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure
hw/ppc: spapr: Use qemu_vfree() to free spapr->htab
target/ppc: Clear fpstatus flags on helpers missing it
target/ppc: Zero second doubleword of VSR registers for FPR insns
target/ppc: Set OV32 when OV is set
target/ppc: Zero second doubleword for VSX madd instructions
target/ppc: Set result to QNaN for DENBCD when VXCVI occurs
target/ppc: Zero second doubleword in DFP instructions
target/ppc: Remove unused xer_* macros
target/ppc: Remove extra space from s128 field in ppc_vsr_t
target/ppc: Merge fsqrt and fsqrts helpers
target/ppc: Move fsqrts to decodetree
target/ppc: Move fsqrt to decodetree
target/ppc: Implement hashstp and hashchkp
target/ppc: Implement hashst and hashchk
target/ppc: Add HASHKEYR and HASHPKEYR SPRs
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 21 Sep 2022 17:10:51 +0000 (13:10 -0400)]
Merge tag 'pull-testing-next-200922-2' of https://github.com/stsquad/qemu into staging
Testing and CI changes:
- reduce number of targets for cross_user_build
- update avocado xlnx_versal test with new binaries
- add explicit timeouts to a number of avocado TCG tests
- reduce default timeout to 120s
- update lcitool to support cross-amd64
- flatten a number of docker cross containers
- clean up stale qemu/debian10 dependencies
- remove obsolete Fedora VM test
- add configure workaround for meson --disable-pie bug
- disable --static-pie for aarch64 gitlab runner
- update aarch32/aarch64 jobs to 22.04
- deprecate 32 bit big-endian MIPS as a host
- remove FROM qemu/ support from docker.py
- remove Debian base images now everything is flat
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmMp8Q8ACgkQ+9DbCVqe
# KkQmlwf/awT+jOmAW7TjlQnUTgHJ2hyOo7EViY/nmRkPOCT3ZG32pWFHBorHPX7s
# BeqZzpzCvhzaIfObnjIssx13C5QId5XjJGuTgMAnSsGhzTrp7VUJc1/bBfHcD9L2
# dJJduG+bfAkh95heBkry5EhFt2ZMui5yv9DjEH44hUUc9nwKtIQGts3H3fnVqzvv
# rzLZ7c2lhdLpAxHjmjSiiD8H59lJ+DpoziaobW4D7teGgecnyGVvJ9m1YH4Rc+kM
# gpLTOGMhADkQlysf5e5cvxXSJbP7YpXYrsr9X+DfEy5PMt2L3y4Yv0wiAz9ClYvm
# obD4wMQS5echYvb77qS1G8A0VMEPqA==
# =3oYu
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 12:57:51 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-testing-next-200922-2' of https://github.com/stsquad/qemu: (30 commits)
tests/docker: remove the Debian base images
tests/docker: remove FROM qemu/ support from docker.py
tests/docker: update and flatten debian-toolchain
tests/docker: update and flatten debian-hexagon-cross
tests/docker: update and flatten debian-loongarch-cross
tests/docker: update and flatten debian-amd64-cross
tests/lcitool: bump to latest version
tests/docker: update and flatten debian-all-test-cross
tests/docker: flatten debian-riscv64-test-cross
Deprecate 32 bit big-endian MIPS
gitlab-ci: update aarch32/aarch64 custom runner jobs
gitlab-ci/custom-runners: Disable -static-pie for ubuntu-20.04-aarch64
configure: explicitly set cflags for --disable-pie
tests/vm: Remove obsolete Fedora VM test
tests/docker: remove amd64 qemu/debian10 dependency
tests/docker: remove tricore qemu/debian10 dependency
tests/docker: flatten debian-powerpc-test-cross
tests/docker: update and flatten debian-sparc64-cross
tests/docker: update and flatten debian-sh4-cross
tests/docker: update and flatten debian-mips64-cross
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Mark Cave-Ayland [Sat, 17 Sep 2022 11:25:15 +0000 (12:25 +0100)]
target/m68k: always call gen_exit_tb() after writes to SR
Any write to SR can change the security state so always call gen_exit_tb() when
this occurs. In particular MacOS makes use of andiw/oriw in a few places to
handle the switch between user and supervisor mode.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220917112515.83905-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Mark Cave-Ayland [Sat, 17 Sep 2022 11:25:12 +0000 (12:25 +0100)]
target/m68k: rename M68K_FEATURE_M68000 to M68K_FEATURE_M68K
The M68K_FEATURE_M68000 feature is misleading in that its name suggests the feature
is defined just for Motorola 68000 CPUs, whilst in fact it is defined for all
Motorola 680X0 CPUs.
In order to avoid confusion with the other M68K_FEATURE_M680X0 constants which
define the features available for specific Motorola CPU models, rename
M68K_FEATURE_M68000 to M68K_FEATURE_M68K and add comments to clarify its usage.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220917112515.83905-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Writes to SR may change security state, which may involve
a swap of %ssp with %usp as reflected in %a7. Finish the
writeback of %sp@+ before swapping stack pointers.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
First, we were writing to the entire SR register, instead
of only the flags portion. Second, we were not clearing C
as per the documentation (X was cleared via the 0xf mask).
projects / thirdparty / qemu.git / log
