Peter Maydell [Fri, 24 Aug 2018 12:17:49 +0000 (13:17 +0100)]
hw/display/bcm2835_fb: Drop unused size and pitch fields
The BCM2835FBState struct has a 'pitch' field which is a
cached copy of xres * (bpp >> 3), and a 'size' field which is
a cached copy of pitch * yres. However we don't actually do
anything with these fields; delete them. We retain the
now-unused slots in the VMState struct for migration
compatibility.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814144436.679-4-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:48 +0000 (13:17 +0100)]
hw/misc/bcm2835_property: Track fb settings using BCM2835FBConfig
Refactor the fb property setting code so that rather than
using a set of pointers to local variables to track
whether a config value has been updated in the current
mbox and if so what its new value is, we just copy
all the current settings of the fb at the start, and
then update that copy as we go along, before asking
the fb to switch to it at the end.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814144436.679-3-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:48 +0000 (13:17 +0100)]
hw/misc/bcm2835_fb: Move config fields to their own struct
The handling of framebuffer properties in the bcm2835_property code
is a bit clumsy, because for each of the many fb related properties
we try to track the value we're about to set and whether we're going
to be setting a value, and then we hand all the new values off
to the framebuffer via a function which takes them all as separate
arguments. It would be simpler if the property code could easily
copy all the framebuffer's current settings, update them with
the new specified values and then ask the framebuffer to switch
to the new set.
As the first part of this refactoring, pull all the fb config
settings fields in BCM2835FBState out into their own struct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814144436.679-2-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:48 +0000 (13:17 +0100)]
target/arm: Remove a handful of stray tabs
Following the bulk conversion of the iwMMXt code, there are
just a handful of hard coded tabs in target/arm; fix them.
This is a whitespace-only patch.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180821165215.29069-4-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:48 +0000 (13:17 +0100)]
target/arm: Untabify iwmmxt_helper.c
Untabify the arm iwmmxt_helper.c. This affects only the iwMMXt code.
We've never touched that code in years, so it's not going to get
fixed up by our "change when touched" process, and a bulk change is
not going to be too disruptive.
This commit was produced using Emacs "untabify" (plus one
by-hand removal of a space to fix a checkpatch nit); it is
a whitespace-only change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180821165215.29069-3-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:47 +0000 (13:17 +0100)]
target/arm: Untabify translate.c
Untabify the arm translate.c. This affects only some lines,
mostly comments, in the iwMMXt code. We've never touched
that code in years, so it's not going to get fixed up
by our "change when touched" process, and a bulk change
is not going to be too disruptive.
This commit was produced using Emacs "untabify"; it is
a whitespace-only change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180821165215.29069-2-peter.maydell@linaro.org
Some of the config register values we were setting for the MPS2 SCC
weren't correct:
* the SCC_AID bits [23:20] specify the FPGA build target board revision,
and the SCC_CFG4 register specifies the actual board revision, so
these should have matching values. Claim to be board revision C,
consistently -- we had the revision in the wrong part of SCC_AID.
* SCC_ID bits [15:4] should be 0x505, not decimal 505
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-23-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:47 +0000 (13:17 +0100)]
hw/arm/mps2-tz: Instantiate SPI controllers
The SPI controllers in the MPS2 AN505 board are PL022s.
We have a model of the PL022, so create these devices.
We don't currently model the LCD controller that sits behind
one of the PL022s; the others are intended to control devices
that sit on the FPGA's general purpose SPI connector or
"shield" expansion connectors.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-22-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:46 +0000 (13:17 +0100)]
hw/ssi/pl022: Correct wrong DMACR and ICR handling
In the PL022, register offset 0x20 is the ICR, a write-only
interrupt-clear register. Register offset 0x24 is DMACR, the DMA
control register. We were incorrectly implementing (a stub version
of) DMACR at 0x20, and not implementing anything at 0x24. Fix this
bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-21-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:46 +0000 (13:17 +0100)]
hw/ssi/pl022: Correct wrong value for PL022_INT_RT
The PL022 interrupt registers have bits allocated as:
0: ROR (receive overrun)
1: RT (receive timeout)
2: RX (receive FIFO half full or less)
3: TX (transmit FIFO half full or less)
A cut and paste error meant we had the wrong value for
the PL022_INT_RT constant. This bug doesn't affect device
behaviour, because we don't implement the receive timeout
feature and so never set that interrupt bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-20-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:45 +0000 (13:17 +0100)]
hw/ssi/pl022: Use DeviceState::realize rather than SysBusDevice::init
Move from the legacy SysBusDevice::init method to using
DeviceState::realize.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-19-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Use the DeviceState vmsd pointer rather than calling vmstate_register()
directly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-18-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:45 +0000 (13:17 +0100)]
hw/ssi/pl022: Set up reset function in class init
Currently the PL022 calls pl022_reset() from its class init
function. Make it register a DeviceState reset method instead,
so that we reset the device on system reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-17-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:44 +0000 (13:17 +0100)]
hw/ssi/pl022: Allow use as embedded-struct device
Create a new include file for the pl022's device struct,
type macros, etc, so that it can be instantiated using
the "embedded struct" coding style.
While we're adding the new file to MAINTAINERS, add
also the .c file, which was missing an entry.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-16-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:44 +0000 (13:17 +0100)]
hw/arm/mps2-tz: Create PL081s and MSCs
The AN505 FPGA image includes four PL081 DMA controllers, each
of which is gated by a Master Security Controller that allows
the guest to prevent a non-secure DMA controller from accessing
memory that is used by secure guest code. Create and wire
up these devices.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-15-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:44 +0000 (13:17 +0100)]
hw/arm/iotkit: Wire up the lines for MSCs
The IoTKit doesn't have any MSCs itself but it does need
some wiring to connect the external signals from MSCs
in the outer board model up to the registers and the
NVIC IRQ line.
We also need to expose a MemoryRegion corresponding to
the AHB bus, so that MSCs in the outer board model can
use that as their downstream port. (In the FPGA this is
the "AHB Slave Expansion" ports shown in the block
diagram in the AN505 documentation.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-14-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:44 +0000 (13:17 +0100)]
hw/misc/iotkit-secctl: Wire up registers for controlling MSCs
The IoTKit does not have any Master Security Contollers itself,
but it does provide registers in the secure privilege control
block which allow control of MSCs in the external system.
Add support for these registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180820141116.9118-13-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:43 +0000 (13:17 +0100)]
hw/misc/tz-msc: Model TrustZone Master Security Controller
Implement a model of the TrustZone Master Securtiy Controller,
as documented in the Arm CoreLink SIE-200 System IP for
Embedded TRM (DDI0571G):
https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g
The MSC is intended to sit in front of a device which can
be a bus master (eg a DMA controller) and programmably gate
its transactions. This allows a bus-mastering device to be
controlled by non-secure code but still restricted from
making accesses to addresses which are secure-only.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20180820141116.9118-12-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Aug 2018 12:17:43 +0000 (13:17 +0100)]
hw/misc/iotkit: Wire up the sysctl and sysinfo register blocks
Wire up the system control element's register banks
(sysctl and sysinfo).
This is the last of the previously completely unimplemented
components in the IoTKit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-11-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:43 +0000 (13:17 +0100)]
hw/misc/iotkit-sysinfo: Implement IoTKit system information block
Implement the IoTKit system control element's system information
block; this is just a pair of read-only version/config registers,
plus the usual PID/CID ID registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-10-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:42 +0000 (13:17 +0100)]
hw/misc/iotkit-sysctl: Implement IoTKit system control element
The Arm IoTKit includes a system control element which
provides a block of read-only ID registers and a block
of read-write control registers. Implement a minimal
version of this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-9-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:42 +0000 (13:17 +0100)]
hw/arm/iotkit: Wire up the S32KTIMER
The IoTKit has a CMSDK timer device that runs on the S32KCLK.
Create this and wire it up.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-8-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:42 +0000 (13:17 +0100)]
hw/arm/iotkit: Wire up the watchdogs
The IoTKit includes three different instances of the
CMSDK APB watchdog; create and wire them up.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-7-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:42 +0000 (13:17 +0100)]
hw/arm/mps2: Wire up dual-timer in mps2-an385 and mps2-an511
The MPS2 FPGA images for the Cortex-M3 (mps2-an385 and mps2-511)
both include a CMSDK dual-timer module. Wire this up.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-6-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:41 +0000 (13:17 +0100)]
hw/arm/iotkit: Wire up the dualtimer
Now we have a model of the CMSDK dual timer, we can wire it
up in the IoTKit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-5-peter.maydell@linaro.org
The Arm Cortex-M System Design Kit includes a "dual-input timer module"
which combines two programmable down-counters. Implement a model
of this device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-4-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:40 +0000 (13:17 +0100)]
hw/misc/mps2-fpgaio: Implement PSCNTR and COUNTER
In the MPS2 FPGAIO, PSCNTR is a free-running downcounter with
a reload value configured via the PRESCALE register, and
COUNTER counts up by 1 every time PSCNTR reaches zero.
Implement these counters.
We can just increment the counters migration subsection's
version ID because we only added it in the previous commit,
so no released QEMU versions will be using it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-3-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:40 +0000 (13:17 +0100)]
hw/misc/mps2-fpgaio: Implement 1Hz and 100Hz counters
The MPS2 FPGAIO block includes some simple free-running counters.
Implement these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180820141116.9118-2-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:39 +0000 (13:17 +0100)]
hw/arm/boot: AArch32 kernels should be started in Hyp mode if available
The kernel booting specification for an AArch32 kernel requires that
it is booted in Hyp mode if available; otherwise the kernel can't
enable KVM. We were incorrectly leaving the kernel in SVC mode.
If we're booting an AArch32 kernel in the Nonsecure state and Hyp
mode is available, start in it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-7-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:38 +0000 (13:17 +0100)]
target/arm: Clear CPSR.IL and CPSR.J on 32-bit exception entry
On 32-bit exception entry, CPSR.J must always be set to 0
(see v7A Arm ARM DDI0406C.c B1.8.5). CPSR.IL must also
be cleared on 32-bit exception entry (see v8A Arm ARM
DDI0487C.a G1.10).
Clear these bits. (This fixes a bug which will never be noticed
by non-buggy guests.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-6-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:38 +0000 (13:17 +0100)]
target/arm: Implement support for taking exceptions to Hyp mode
Implement the necessary support code for taking exceptions
to Hyp mode in AArch32.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-5-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:37 +0000 (13:17 +0100)]
target/arm: Factor out code for taking an AArch32 exception
Factor out the code which changes the CPU state so as to
actually take an exception to AArch32. We're going to want
to use this for handling exception entry to Hyp mode.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-4-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:37 +0000 (13:17 +0100)]
target/arm: Implement AArch32 HCR and HCR2
The AArch32 HCR and HCR2 registers alias HCR_EL2
bits [31:0] and [63:32]; implement them.
Since HCR2 exists in ARMv8 but not ARMv7, we need new
regdef arrays for "we have EL3, not EL2, we're ARMv8"
and "we have EL2, we're ARMv8" to hold the definitions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-3-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:36 +0000 (13:17 +0100)]
target/arm: Implement RAZ/WI HACTLR2
The v8 AArch32 HACTLR2 register maps to bits [63:32] of ACTLR_EL2.
We implement ACTLR_EL2 as RAZ/WI, so make HACTLR2 also RAZ/WI.
(We put the regdef next to ACTLR_EL2 as a reminder in case we
ever make ACTLR_EL2 something other than RAZ/WI).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180820153020.21478-2-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:35 +0000 (13:17 +0100)]
hw/arm/vexpress: Add "virtualization" property controlling presence of EL2
Add a "virtualization" property to the vexpress-a15 board,
controlling presence of EL2. As with EL3, we default to
enabling it, but the user can disable it if they have an
older guest which can't cope with it being present.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-10-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:35 +0000 (13:17 +0100)]
hw/arm/vexpress: Don't set info->secure_boot if CPU doesn't have EL3
Don't request that the arm_load_kernel() code should boot in secure
state if the CPU doesn't have a secure state. Currently this
doesn't make a difference because the boot.c code only examines
the secure_boot flag in code guarded by an ARM_FEATURE_EL3 check,
but upcoming changes for supporting booting into Hyp mode will
change that.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-9-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:34 +0000 (13:17 +0100)]
hw/cpu/a15mpcore: If CPU has EL2, enable it on the GIC and wire it up
For the A15MPCore internal peripheral object, we handle GIC
security extensions support by checking whether the CPUs
have EL3 enabled; if so then we enable it also on the GIC.
Handle the virtualization extensions in the same way: if the
CPU has EL2 then enable it on the GIC and wire up the
virtualization-specific memory regions and the maintenance
interrupt.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-8-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:34 +0000 (13:17 +0100)]
hw/arm/fsl-imx6ul: Connect VIRQ and VFIQ
Connect the VIRQ and VFIQ lines from the GIC to the CPU;
these exist always for both CPU and GIC whether the
virtualization extensions are enabled or not, so we
can just unconditionally connect them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-7-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:33 +0000 (13:17 +0100)]
hw/arm/fsl-imx6ul: Connect VIRQ and VFIQ
Connect the VIRQ and VFIQ lines from the GIC to the CPU;
these exist always for both CPU and GIC whether the
virtualization extensions are enabled or not, so we
can just unconditionally connect them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-6-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:33 +0000 (13:17 +0100)]
hw/arm/highbank: Connect VIRQ and VFIQ
Connect the VIRQ and VFIQ lines from the GIC to the CPU;
these exist always for both CPU and GIC whether the
virtualization extensions are enabled or not, so we
can just unconditionally connect them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-5-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:32 +0000 (13:17 +0100)]
hw/arm/vexpress: Connect VIRQ and VFIQ
Connect the VIRQ and VFIQ lines from the GIC to the CPU;
these exist always for both CPU and GIC whether the
virtualization extensions are enabled or not, so we
can just unconditionally connect them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-4-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Aug 2018 12:17:31 +0000 (13:17 +0100)]
hw/intc/arm_gic: Make per-cpu GICH memory regions 0x200 bytes large
Reduce the size of the per-cpu GICH memory regions from 0x1000
to 0x200. The registers only cover 0x200 bytes, and the Cortex-A15
wants to map them at a spacing of 0x200 bytes apart. Having the
region be too large interferes with mapping them like that, so
reduce it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180821132811.17675-3-peter.maydell@linaro.org
target/arm: Use the float-to-int-scale softfloat routines
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814002653.12828-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Use the int-to-float-scale softfloat routines
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814002653.12828-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814002653.12828-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180814002653.12828-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 23 Aug 2018 11:21:53 +0000 (12:21 +0100)]
tests/vm: Increase timeout waiting for VM to boot to 5 minutes
The VM tests currently have a timeout of 2 minutes for trying
to connect to ssh. Since the guest VM has to boot from cold
to the point of accepting inbound ssh during this time, if the
host machine is heavily loaded it can spuriously time out.
Increase the timeout from 2 to 5 minutes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Fam Zheng <famz@redhat.com>
Message-id: 20180823112153.15279-1-peter.maydell@linaro.org
Peter Maydell [Thu, 23 Aug 2018 18:03:53 +0000 (19:03 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* x86 TCG fixes for 64-bit call gates (Andrew)
* qumu-guest-agent freeze-hook tweak (Christian)
* pm_smbus improvements (Corey)
* Move validation to pre_plug for pc-dimm (David)
* Fix memory leaks (Eduardo, Marc-André)
* synchronization profiler (Emilio)
* Convert the CPU list to RCU (Emilio)
* LSI support for PPR Extended Message (George)
* vhost-scsi support for protection information (Greg)
* Mark mptsas as a storage device in the help (Guenter)
* checkpatch tweak cherry-picked from Linux (me)
* Typos, cleanups and dead-code removal (Julia, Marc-André)
* qemu-pr-helper support for old libmultipath (Murilo)
* Annotate fallthroughs (me)
* MemoryRegionOps cleanup (me, Peter)
* Make s390 qtests independent from libqos, which doesn't actually support it (me)
* Make cpu_get_ticks independent from BQL (me)
* Introspection fixes (Thomas)
* Support QEMU_MODULE_DIR environment variable (ryang)
* remotes/bonzini/tags/for-upstream: (69 commits)
KVM: cleanup unnecessary #ifdef KVM_CAP_...
target/i386: update MPX flags when CPL changes
i2c: pm_smbus: Add the ability to force block transfer enable
i2c: pm_smbus: Don't delay host status register busy bit when interrupts are enabled
i2c: pm_smbus: Add interrupt handling
i2c: pm_smbus: Add block transfer capability
i2c: pm_smbus: Make the I2C block read command read-only
i2c: pm_smbus: Fix the semantics of block I2C transfers
i2c: pm_smbus: Clean up some style issues
pc-dimm: assign and verify the "addr" property during pre_plug
pc: drop memory region alignment check for 0
util/oslib-win32: indicate alignment for qemu_anon_ram_alloc()
pc-dimm: assign and verify the "slot" property during pre_plug
ipmi: Use proper struct reference for BT vmstate
vhost-scsi: expose 't10_pi' property for VIRTIO_SCSI_F_T10_PI
vhost-scsi: unify vhost-scsi get_features implementations
vhost-user-scsi: move host_features into VHostSCSICommon
cpus: allow cpu_get_ticks out of BQL
cpus: protect TimerState writes with a spinlock
seqlock: add QemuLockable support
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Corey Minyard [Mon, 20 Aug 2018 20:26:08 +0000 (15:26 -0500)]
i2c: pm_smbus: Add the ability to force block transfer enable
The PIIX4 hardware has block transfer buffer always enabled in
the hardware, but the i801 does not. Add a parameter to pm_smbus_init
to force on the block transfer so the PIIX4 handler can enable this
by default, as it was disabled by default before.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-9-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:07 +0000 (15:26 -0500)]
i2c: pm_smbus: Don't delay host status register busy bit when interrupts are enabled
Change 880b1ffe6ec2f0ae "smbus: do not immediately complete commands"
changed pm_smbus to delay setting the host busy bit until the status
register was read, to work around a bug in AMIBIOS. Unfortunately,
when interrupts are enabled, the status register will never get read
and the processing will never happen.
Modify the code to only delay setting the host busy bit if interrupts
are not enabled.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <1534796770-10295-8-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:06 +0000 (15:26 -0500)]
i2c: pm_smbus: Add interrupt handling
Add the necessary code so that interrupts actually work from
the pm_smbus device.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-7-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:04 +0000 (15:26 -0500)]
i2c: pm_smbus: Add block transfer capability
There was no block transfer code in pm_smbus.c, and it is needed
for some devices. So add it.
This adds both byte-by-byte block transfers and buffered block
transfers.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-5-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:03 +0000 (15:26 -0500)]
i2c: pm_smbus: Make the I2C block read command read-only
It did have write capability, but the manual says the behavior
with write enabled is undefined. So just set an error in this
case.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-4-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:02 +0000 (15:26 -0500)]
i2c: pm_smbus: Fix the semantics of block I2C transfers
The I2C block transfer commands was not implemented correctly, it
read a length byte and such like it was an smbus transfer.
So fix the smbus_read_block() and smbus_write_block() functions
so they can properly handle I2C transfers, and normal SMBus
transfers (for upcoming changes). Pass in a transfer size and
a bool to know whether to use the size byte (like SMBus) or use
the length given (like I2C).
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-3-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:26:01 +0000 (15:26 -0500)]
i2c: pm_smbus: Clean up some style issues
Fix some spacing issues, remove extraneous comments, add some
defines instead of hard-coding numbers.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1534796770-10295-2-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
pc-dimm: assign and verify the "addr" property during pre_plug
We can assign and verify the address before realizing and trying to plug.
reading/writing the address property should never fail for DIMMs, so let's
reduce error handling a bit by using &error_abort. Getting access to the
memory region now might however fail. So forward errors from
get_memory_region() properly.
As all memory devices should use the alignment of the underlying memory
region for guest physical address asignment, do detection of the
alignment in pc_dimm_pre_plug(), but allow pc.c to overwrite the
alignment for compatibility handling.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180801133444.11269-5-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
All applicable memory regions always have an alignment > 0. All memory
backends result in file_ram_alloc() or qemu_anon_ram_alloc() getting
called, setting the alignment to > 0.
So a PCDIMM memory region always has an alignment > 0. NVDIMM copy the
alignment of the original memory memory region into the handcrafted memory
region that will be used at this place.
So the check for 0 can be dropped and we can reduce the special
handling.
Dropping this check makes factoring out of alignment handling easier as
compat handling only has to look at pcmc->enforce_aligned_dimm and not
care about the alignment of the memory region.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180801133444.11269-4-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
util/oslib-win32: indicate alignment for qemu_anon_ram_alloc()
Let's set the alignment just like for the posix variant. This will
implicitly set the alignment of the underlying memory region and
therefore make memory_region_get_alignment(mr) return something > 0 for
all memory backends applicable to PCDIMM/NVDIMM.
The allocation granularity is ususally 64k, while the page size is 4k.
The documentation of VirtualAlloc is not really comprehensible in case
only MEM_COMMIT is specified without an address. We'll detect the actual
values and then go for the bigger one. The expection is, that it will
always be 64k aligned. (The assumption is that MEM_COMMIT does an
implicit MEM_RESERVE, so the address will always be aligned to the
allocation granularity. And the allocation granularity is always bigger
than the page size).
This will allow us to drop special handling in pc.c for
memory_region_get_alignment(mr) == 0, as we can then assume that it is
always set (and AFAICS >= getpagesize()).
For pc in pc_memory_plug(), under Windows TARGET_PAGE_SIZE == getpagesize(),
therefore alignment of DIMMs will not change, and therefore also not the
guest physical memory layout.
For spapr in spapr_memory_plug(), an alignment of 0 would have been used
until now. As QEMU_ALIGN_UP will crash with the alignment being 0, this
never worked, so we don't have to care about compatibility handling.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180801133444.11269-3-david@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
pc-dimm: assign and verify the "slot" property during pre_plug
We can assign and verify the slot before realizing and trying to plug.
reading/writing the slot property should never fail, so let's reduce
error handling a bit by using &error_abort.
To do this during pre_plug, add and use (x86, ppc) pc_dimm_pre_plug().
Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180801133444.11269-2-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Corey Minyard [Mon, 20 Aug 2018 20:57:24 +0000 (15:57 -0500)]
ipmi: Use proper struct reference for BT vmstate
The vmstate for isa_ipmi_bt was referencing into the bt structure,
instead create a bt structure separate and use that.
The version 1 of the BT transfer was fairly broken, if a migration
occured during an IPMI operation, it is likely the migration would
be corrupted because I misunderstood the VMSTATE_VBUFFER_UINT32()
handling, I thought it handled transferring the length field,
too. So I just remove support for that. I doubt anyone is using
it at this point.
This also removes the transfer of use_irq, since that should come
from configuration.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1534798644-13587-1-git-send-email-minyard@acm.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move the enablement of preset host features into the common
vhost_scsi_common_get_features() function. This is in preparation for
having vhost-scsi also make use of host_features.
Signed-off-by: Greg Edwards <gedwards@ddn.com>
Message-Id: <20180808195235.5843-3-gedwards@ddn.com> Reviewed-by: Felipe Franciosi <felipe@nutanix.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 14 Aug 2018 07:57:16 +0000 (09:57 +0200)]
cpus: protect TimerState writes with a spinlock
In the next patch, we will need to write cpu_ticks_offset from any
thread, even outside the BQL. Currently, it is protected by the BQL
just because cpu_enable_ticks and cpu_disable_ticks happen to hold it,
but the critical sections are well delimited and it's easy to remove
the BQL dependency.
Add a spinlock that matches vm_clock_seqlock, and hold it when writing
to the TimerState. This also lets us fix cpu_update_icount when 64-bit
atomics are not available.
Fields of TiemrState are reordered to avoid padding.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 14 Aug 2018 07:31:58 +0000 (09:31 +0200)]
cpus: protect all icount computation with seqlock
Move the icount->ns computation to cpu_get_icount, and make
cpu_get_icount_locked return the raw value. This makes the
atomic_read__nocheck safe, because it now happens always inside a
seqlock and any torn reads will be retried. qemu_icount_bias and
icount_time_shift also need to be accessed with atomics. At the
same time, however, you don't need atomic_read within the writer,
because no concurrent writes are possible.
The fix to vmstate lets us keep the struct nicely packed. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The current paths for modules are CONFIG_QEMU_MODDIR and paths relative
to the executable. Qemu and its modules can be installed and executed in
paths that are different from these search paths. This change allows
a search path to be specified by environment variable.
An example usage for this is postmarketOS[1]. This is a build environment
for Alpine Linux. It sets up Alpine Linux in a chroot environment.
Alpine's Qemu packages are installed in the chroot. The Alpine Linux Qemu
package is used to test compiled Alpine Linux system images. This way there
isn't a reliance on the which ever version of Qemu the host system / distro
provides.
postmarketOS executes Qemu on host system outside of the chroot
The Qemu module search path needs to point to the location of the
chroot relative to the host system.
e.g.
The root of the Alpine Linux chroot is:
~/.local/var/pmbootstrap/chroot_native/
Alpine's Qemu is installed at
~/.local/var/pmbootstrap/chroot_native/usr/bin/
The Qemu module search path needs to be:
QEMU_MODULE_DIR=~/.local/var/pmbootstrap/chroot_native/usr/lib/qemu/
[1] https://postmarketos.org/
Signed-off-by: ryang <decatf@gmail.com>
Message-Id: <20180704181010.GA918@computer> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Fri, 3 Aug 2018 10:19:43 +0000 (11:19 +0100)]
hw/intc/apic: Switch away from old_mmio
Switch the apic away from using the old_mmio MemoryRegionOps
accessor functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180803101943.23722-1-peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Sun, 19 Aug 2018 09:13:35 +0000 (05:13 -0400)]
qom: convert the CPU list to RCU
Iterating over the list without using atomics is undefined behaviour,
since the list can be modified concurrently by other threads (e.g.
every time a new thread is created in user-mode).
Fix it by implementing the CPU list as an RCU QTAILQ. This requires
a little bit of extra work to traverse list in reverse order (see
previous patch), but other than that the conversion is trivial.
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180819091335.22863-12-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Sun, 19 Aug 2018 09:13:34 +0000 (05:13 -0400)]
spapr: do not use CPU_FOREACH_REVERSE
This paves the way for implementing the CPU list with an RCU list,
which cannot be traversed in reverse order.
Note that this is the only caller of CPU_FOREACH_REVERSE.
Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20180819091335.22863-11-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andrew Oates [Thu, 16 Aug 2018 01:19:03 +0000 (21:19 -0400)]
target-i386: fix segment limit check in ljmp
The current implementation has three bugs,
* segment limits are not enforced in protected mode if the L bit is set
in the target segment descriptor
* segment limits are not enforced in compatibility mode (ljmp to 32-bit
code segment in long mode)
* #GP(new_cs) is generated rather than #GP(0)
Now the segment limits are enforced if we're not in long mode OR the
target code segment doesn't have the L bit set.
Signed-off-by: Andrew Oates <aoates@google.com>
Message-Id: <20180816011903.39816-1-andrew@andrewoates.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andrew Oates [Sun, 19 Aug 2018 18:17:25 +0000 (14:17 -0400)]
target-i386: Fix lcall/ljmp to call gate in IA-32e mode
Currently call gates are always treated as 32-bit gates. In IA-32e mode
(either compatibility or 64-bit submode), system segment descriptors are
always 64-bit. Treating them as 32-bit has the expected unfortunate
effect: only the lower 32 bits of the offset are loaded, the stack
pointer is truncated, a bad new stack pointer is loaded from the TSS (if
switching privilege levels), etc.
This change adds support for 64-bit call gate to the lcall and ljmp
instructions. Additionally, there should be a check for non-canonical
stack pointers, but I've omitted that since there doesn't seem to be
checks for non-canonical addresses in this code elsewhere.
I've left the raise_exception_err_ra lines unwapped at 80 columns to
match the style in the rest of the file.
Signed-off-by: Andrew Oates <aoates@google.com>
Message-Id: <20180819181725.34098-1-andrew@andrewoates.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180730153639.26466-1-marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm: add call to qemu_add_opts() for -overcommit option
qemu command fails to process -overcommit option. Add the missing
call to qemu_add_opts() in vl.c.
Signed-off-by: Prasad Singamsetty <prasad.singamsetty@oracle.com>
Message-Id: <20180815175704.105902-1-prasad.singamsetty@oracle.com> Reviewed-by: Mark Kanda <mark.kanda@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
George Kennedy [Fri, 17 Aug 2018 17:25:48 +0000 (19:25 +0200)]
lsi_scsi: add support for PPR Extended Message
The LSI 53c895a code does not handle the PPR Extended Message. Add
support to handle PPR Extended Message like SDTR and WDTR are handled.
That is, to skip past the message bytes and ignore the message.
Signed-off-by: George Kennedy <george.kennedy@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eduardo Habkost [Thu, 16 Aug 2018 18:35:09 +0000 (15:35 -0300)]
i386: Fix arch_query_cpu_model_expansion() leak
Reported by Coverity:
Error: RESOURCE_LEAK (CWE-772): [#def439]
qemu-2.12.0/target/i386/cpu.c:3179: alloc_fn: Storage is returned from allocation function "qdict_new".
qemu-2.12.0/qobject/qdict.c:34:5: alloc_fn: Storage is returned from allocation function "g_malloc0".
qemu-2.12.0/qobject/qdict.c:34:5: var_assign: Assigning: "qdict" = "g_malloc0(4120UL)".
qemu-2.12.0/qobject/qdict.c:37:5: return_alloc: Returning allocated memory "qdict".
qemu-2.12.0/target/i386/cpu.c:3179: var_assign: Assigning: "props" = storage returned from "qdict_new()".
qemu-2.12.0/target/i386/cpu.c:3217: leaked_storage: Variable "props" going out of scope leaks the storage it points to.
This was introduced by commit b8097deb359b ("i386: Improve
query-cpu-model-expansion full mode").
The leak is only theoretical: if ret->model->props is set to
props, the qapi_free_CpuModelExpansionInfo() call will free props
too in case of errors. The only way for this to not happen is if
we enter the default branch of the switch statement, which would
never happen because all CpuModelExpansionType values are being
handled.
It's still worth to change this to make the allocation logic
easier to follow and make the Coverity error go away. To make
everything simpler, initialize ret->model and ret->model->props
earlier in the function.
While at it, remove redundant check for !prop because prop is
always initialized at the beginning of the function.
Emilio G. Cota [Tue, 8 Aug 2017 17:54:42 +0000 (13:54 -0400)]
hmp-commands-info: add sync-profile
The command introduced here is just for developers. This means that:
- the info displayed and the output format could change in the future
- the command is only meant to be used from HMP, not from QMP
Sample output:
(qemu) sync-profile
sync-profile is off
(qemu) info sync-profile
Type Object Call site Wait Time (s) Count Average (us)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(qemu) sync-profile on
(qemu) sync-profile
sync-profile is on
(qemu) info sync-profile 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 91.38235 2842 32154.24
BQL mutex 0x55a0171b7140 cpus.c:1434 12.56490 5787 2171.23
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.75846 2844 2728.01
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.09889 2884 1767.99
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 3.46140 3254 1063.74
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76333 8655 88.20
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60893 2941 207.05
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.00894 6425 1.39
mutex [ 3] util/qemu-timer.c:520 0.00342 50611 0.07
mutex [ 2] util/qemu-timer.c:426 0.00254 31336 0.08
mutex [ 3] util/qemu-timer.c:234 0.00107 19275 0.06
mutex 0x55a0171d9960 vl.c:763 0.00043 6425 0.07
mutex 0x55a0180d1bb0 monitor.c:458 0.00015 1603 0.09
mutex 0x55a0180e4c78 chardev/char.c:109 0.00002 217 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00001 162 0.08
----------------------------------------------------------------------------------------------
(qemu) info sync-profile -m 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 95.11196 3051 31174.03
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.92108 3052 2595.37
BQL mutex 0x55a0171b7140 cpus.c:1434 13.38253 6210 2155.00
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.09901 3093 1648.57
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 4.21123 3468 1214.31
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60895 3156 192.95
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76337 9282 82.24
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.00944 6889 1.37
mutex 0x55a01813ce80 tcg/tcg.c:397 0.00000 24 0.15
mutex 0x55a0180d1bb0 monitor.c:458 0.00018 1922 0.09
mutex [ 2] util/qemu-timer.c:426 0.00266 32710 0.08
mutex 0x55a0180e4c78 chardev/char.c:109 0.00002 260 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00001 187 0.08
mutex 0x55a0171d9960 vl.c:763 0.00047 6889 0.07
mutex [ 3] util/qemu-timer.c:520 0.00362 53377 0.07
----------------------------------------------------------------------------------------------
(qemu) info sync-profile -m -n 15
Type Object Call site Wait Time (s) Count Average (us)
----------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 101.39331 3398 29839.12
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:432 7.92112 3399 2330.43
BQL mutex 0x55a0171b7140 cpus.c:1434 14.28280 6922 2063.39
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 5.77505 3445 1676.36
BQL mutex 0x55a0171b7140 accel/tcg/cpu-exec.c:529 5.66139 3883 1457.99
BQL mutex 0x55a0171b7140 cpus.c:1466 0.60901 3519 173.06
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:804 0.76351 10338 73.85
BQL mutex 0x55a0171b7140 util/main-loop.c:236 0.01032 7664 1.35
mutex 0x55a0180e4f08 util/qemu-timer.c:426 0.00041 901 0.45
mutex 0x55a01813ce80 tcg/tcg.c:397 0.00000 24 0.15
mutex 0x55a0180d1bb0 monitor.c:458 0.00022 2319 0.09
mutex 0x55a0180e4c78 chardev/char.c:109 0.00003 306 0.08
mutex 0x55a0180e4f08 util/qemu-timer.c:520 0.00068 8565 0.08
mutex 0x55a0180d1bb0 monitor.c:448 0.00002 215 0.08
mutex 0x55a0180e4f78 util/qemu-timer.c:426 0.00247 34224 0.07
----------------------------------------------------------------------------------------------
(qemu) sync-profile reset
(qemu) info sync-profile -m 2
Type Object Call site Wait Time (s) Count Average (us)
--------------------------------------------------------------------------------------------
condvar 0x55a01813ced0 cpus.c:1165 2.78756 99 28157.12
BQL mutex 0x55a0171b7140 accel/tcg/cputlb.c:870 0.33054 102 3240.55
--------------------------------------------------------------------------------------------
(qemu) sync-profile off
(qemu) sync-profile
sync-profile is off
(qemu) sync-profile reset
(qemu) info sync-profile
Type Object Call site Wait Time (s) Count Average (us)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Wed, 15 Aug 2018 20:00:03 +0000 (16:00 -0400)]
hmp-commands: add sync-profile
The command introduced here is just for developers. This means that:
- the interface implemented here could change in the future
- the command is only meant to be used from HMP, not from QMP
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Sat, 28 Oct 2017 06:16:41 +0000 (02:16 -0400)]
qsp: track BQL callers explicitly
The BQL is acquired via qemu_mutex_lock_iothread(), which makes
the profiler assign the associated wait time (i.e. most of
BQL wait time) entirely to that function. This loses the original
call site information, which does not help diagnose BQL contention.
Fix it by tracking the callers explicitly.
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Fri, 17 Aug 2018 03:29:49 +0000 (23:29 -0400)]
qsp: add qsp_reset
I first implemented this by deleting all entries in the global
hash table. But doing that safely slows down profiling, since
we'd need to introduce rcu_read_lock/unlock in the fast path.
What's implemented here avoids messing with the thread-local
data in the global hash table. It achieves this by taking a snapshot
of the current state, so that subsequent reports present the delta
wrt to the snapshot.
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Emilio G. Cota [Tue, 8 Aug 2017 17:53:15 +0000 (13:53 -0400)]
qsp: QEMU's Synchronization Profiler
The goal of this module is to profile synchronization primitives (i.e.
mutexes, recursive mutexes and condition variables) so that scalability
issues can be quickly diagnosed.
Sync primitives are profiled by QSP based on the vaddr of the object accessed
as well as the call site (file:line_nr). That means the same object called
from two different call sites will be tracked in separate entries, which
might be reported together or separately (see subsequent commit on
call site coalescing).
That is, a negligible slowdown due to the now indirect call to
qemu_mutex_lock. Note that using a branch instead of an indirect
call introduces a more severe slowdown (53.65 Mops/s, i.e. 2% slowdown).
Enabling the profiler (with -p, added in this series) is more interesting:
- No profiling: 54.75 Mops/s
- W/ profiling: 12.53 Mops/s
That is, a 4.36X slowdown.
We can break down this slowdown by removing the get_clock calls or
the entry lookup: