From: "Emilio G. Cota" <cota@braap.org>

Fixes the following warning when compiling with gcc 5.4.0 with -O1

optimizations and --enable-debug:

target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’:

target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

if (!post_index) {

^

target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here

bool post_index;

^

target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

if (writeback) {

^

target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here

bool writeback;

^

Note that idx comes from selecting 2 bits, and therefore its value

can be at most 3.

Signed-off-by: Emilio G. Cota <cota@braap.org>

Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 1510087611-1851-1-git-send-email-cota@braap.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

target/arm/translate-a64.c | 2 ++

1 file changed, 2 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,

post_index = false;

writeback = true;

break;

+ default:

+ g_assert_not_reached();

}

if (rn == 31) {

--

2.7.4

From: Prasad J Pandit <pjp@fedoraproject.org>

An 'offset' parameter sent to highbank register r/w functions

could be greater than number(NUM_REGS=0x200) of hb registers,

leading to an OOB access issue. Add check to avoid it.

Reported-by: Moguofang (Dennis mo) <moguofang@huawei.com>

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>

Message-id: 20171113062658.9697-1-ppandit@redhat.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/highbank.c | 17 +++++++++++++++--

1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/highbank.c

+++ b/hw/arm/highbank.c

@@ -XXX,XX +XXX,XX @@

#include "hw/ide/ahci.h"

#include "hw/cpu/a9mpcore.h"

#include "hw/cpu/a15mpcore.h"

+#include "qemu/log.h"

#define SMP_BOOT_ADDR 0x100

#define SMP_BOOT_REG 0x40

@@ -XXX,XX +XXX,XX @@ static void hb_regs_write(void *opaque, hwaddr offset,

}

}

- regs[offset/4] = value;

+ if (offset / 4 >= NUM_REGS) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "highbank: bad write offset 0x%" HWADDR_PRIx "\n", offset);

+ return;

+ }

+ regs[offset / 4] = value;

}

static uint64_t hb_regs_read(void *opaque, hwaddr offset,

unsigned size)

{

+ uint32_t value;

uint32_t *regs = opaque;

- uint32_t value = regs[offset/4];

+

+ if (offset / 4 >= NUM_REGS) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "highbank: bad read offset 0x%" HWADDR_PRIx "\n", offset);

+ return 0;

+ }

+ value = regs[offset / 4];

if ((offset == 0x100) || (offset == 0x108) || (offset == 0x10C)) {

value |= 0x30000000;

--

2.7.4

From: Subbaraya Sundeep <sundeep.lkml@gmail.com>

Voluntarily add myself as maintainer for Smartfusion2

Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>

Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 1510552520-3566-1-git-send-email-sundeep.lkml@gmail.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

MAINTAINERS | 17 +++++++++++++++++

1 file changed, 17 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS

index XXXXXXX..XXXXXXX 100644

--- a/MAINTAINERS

+++ b/MAINTAINERS

@@ -XXX,XX +XXX,XX @@ M: Alistair Francis <alistair@alistair23.me>

S: Maintained

F: hw/arm/netduino2.c

+SmartFusion2

+M: Subbaraya Sundeep <sundeep.lkml@gmail.com>

+S: Maintained

+F: hw/arm/msf2-soc.c

+F: hw/misc/msf2-sysreg.c

+F: hw/timer/mss-timer.c

+F: hw/ssi/mss-spi.c

+F: include/hw/arm/msf2-soc.h

+F: include/hw/misc/msf2-sysreg.h

+F: include/hw/timer/mss-timer.h

+F: include/hw/ssi/mss-spi.h

+

+Emcraft M2S-FG484

+M: Subbaraya Sundeep <sundeep.lkml@gmail.com>

+S: Maintained

+F: hw/arm/msf2-som.c

+

CRIS Machines

-------------

Axis Dev88

--

2.7.4

From: "Emilio G. Cota" <cota@braap.org>

55c3cee ("qom: Introduce CPUClass.tcg_initialize", 2017-10-24)

introduces a per-CPUClass bool that we check so that the target CPU

is initialized for TCG only once. This works well except when

we end up creating more than one CPUClass, in which case we end

up incorrectly initializing TCG more than once, i.e. once for

each CPUClass.

This can be replicated with:

$ aarch64-softmmu/qemu-system-aarch64 -machine xlnx-zcu102 -smp 6 \

-global driver=xlnx,,zynqmp,property=has_rpu,value=on

In this case the class name of the "RPUs" is prefixed by "cortex-r5-",

whereas the "regular" CPUs are prefixed by "cortex-a53-". This

results in two CPUClass instances being created.

Fix it by introducing a static variable, so that only the first

target CPU being initialized will initialize the target-dependent

part of TCG, regardless of CPUClass instances.

Fixes: 55c3ceef61fcf06fc98ddc752b7cce788ce7680b

Signed-off-by: Emilio G. Cota <cota@braap.org>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Tested-by: Alistair Francis <alistair.francis@xilinx.com>

Message-id: 1510343626-25861-2-git-send-email-cota@braap.org

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/qom/cpu.h | 1 -

exec.c | 5 +++--

2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h

index XXXXXXX..XXXXXXX 100644

--- a/include/qom/cpu.h

+++ b/include/qom/cpu.h

@@ -XXX,XX +XXX,XX @@ typedef struct CPUClass {

/* Keep non-pointer data at the end to minimize holes. */

int gdb_num_core_regs;

bool gdb_stop_before_watchpoint;

- bool tcg_initialized;

} CPUClass;

#ifdef HOST_WORDS_BIGENDIAN

diff --git a/exec.c b/exec.c

index XXXXXXX..XXXXXXX 100644

--- a/exec.c

+++ b/exec.c

@@ -XXX,XX +XXX,XX @@ void cpu_exec_initfn(CPUState *cpu)

void cpu_exec_realizefn(CPUState *cpu, Error **errp)

{

CPUClass *cc = CPU_GET_CLASS(cpu);

+ static bool tcg_target_initialized;

cpu_list_add(cpu);

- if (tcg_enabled() && !cc->tcg_initialized) {

- cc->tcg_initialized = true;

+ if (tcg_enabled() && !tcg_target_initialized) {

+ tcg_target_initialized = true;

cc->tcg_initialize();

}

--

2.7.4

From: Alistair Francis <alistair.francis@xilinx.com>

Allow the -smp command line option to control the number of CPUs we

create.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

Reviewed-by: Emilio G. Cota <cota@braap.org>

Tested-by: Emilio G. Cota <cota@braap.org>

Message-id: 1510343626-25861-3-git-send-email-cota@braap.org

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/xlnx-zcu102.c | 3 ++-

hw/arm/xlnx-zynqmp.c | 26 ++++++++++++++++----------

2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/xlnx-zcu102.c

+++ b/hw/arm/xlnx-zcu102.c

@@ -XXX,XX +XXX,XX @@ static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data)

{

MachineClass *mc = MACHINE_CLASS(oc);

- mc->desc = "Xilinx ZynqMP ZCU102 board";

+ mc->desc = "Xilinx ZynqMP ZCU102 board with 4xA53s and 2xR5s based on " \

+ "the value of smp";

mc->init = xlnx_zcu102_init;

mc->block_default_type = IF_IDE;

mc->units_per_default_bus = 1;

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/xlnx-zynqmp.c

+++ b/hw/arm/xlnx-zynqmp.c

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_create_rpu(XlnxZynqMPState *s, const char *boot_cpu,

{

Error *err = NULL;

int i;

+ int num_rpus = MIN(smp_cpus - XLNX_ZYNQMP_NUM_APU_CPUS, XLNX_ZYNQMP_NUM_RPU_CPUS);

- for (i = 0; i < XLNX_ZYNQMP_NUM_RPU_CPUS; i++) {

+ for (i = 0; i < num_rpus; i++) {

char *name;

object_initialize(&s->rpu_cpu[i], sizeof(s->rpu_cpu[i]),

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_init(Object *obj)

{

XlnxZynqMPState *s = XLNX_ZYNQMP(obj);

int i;

+ int num_apus = MIN(smp_cpus, XLNX_ZYNQMP_NUM_APU_CPUS);

- for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) {

+ for (i = 0; i < num_apus; i++) {

object_initialize(&s->apu_cpu[i], sizeof(s->apu_cpu[i]),

"cortex-a53-" TYPE_ARM_CPU);

object_property_add_child(obj, "apu-cpu[*]", OBJECT(&s->apu_cpu[i]),

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)

MemoryRegion *system_memory = get_system_memory();

uint8_t i;

uint64_t ram_size;

+ int num_apus = MIN(smp_cpus, XLNX_ZYNQMP_NUM_APU_CPUS);

const char *boot_cpu = s->boot_cpu ? s->boot_cpu : "apu-cpu[0]";

ram_addr_t ddr_low_size, ddr_high_size;

qemu_irq gic_spi[GIC_NUM_SPI_INTR];

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)

qdev_prop_set_uint32(DEVICE(&s->gic), "num-irq", GIC_NUM_SPI_INTR + 32);

qdev_prop_set_uint32(DEVICE(&s->gic), "revision", 2);

- qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", XLNX_ZYNQMP_NUM_APU_CPUS);

+ qdev_prop_set_uint32(DEVICE(&s->gic), "num-cpu", num_apus);

/* Realize APUs before realizing the GIC. KVM requires this. */

- for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) {

+ for (i = 0; i < num_apus; i++) {

char *name;

object_property_set_int(OBJECT(&s->apu_cpu[i]), QEMU_PSCI_CONDUIT_SMC,

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)

}

}

- for (i = 0; i < XLNX_ZYNQMP_NUM_APU_CPUS; i++) {

+ for (i = 0; i < num_apus; i++) {

qemu_irq irq;

sysbus_connect_irq(SYS_BUS_DEVICE(&s->gic), i,

@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)

}

if (s->has_rpu) {

- xlnx_zynqmp_create_rpu(s, boot_cpu, &err);

- if (err) {

- error_propagate(errp, err);

- return;

- }

+ info_report("The 'has_rpu' property is no longer required, to use the "

+ "RPUs just use -smp 6.");

+ }

+

+ xlnx_zynqmp_create_rpu(s, boot_cpu, &err);

+ if (err) {

+ error_propagate(errp, err);

+ return;

}

if (!s->boot_cpu_ptr) {

--

2.7.4

From: Alistair Francis <alistair.francis@xilinx.com>

The EP108 was an early access development board that is no longer used.

Add an info message to convert any users to the ZCU102 instead. On QEMU

they are both identical.

This patch also updated the qemu-doc.texi file to indicate that the

EP108 has been deprecated.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>

Reviewed-by: Emilio G. Cota <cota@braap.org>

Message-id: 1510343626-25861-4-git-send-email-cota@braap.org

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/xlnx-zcu102.c | 3 +++

qemu-doc.texi | 7 +++++++

2 files changed, 10 insertions(+)

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/xlnx-zcu102.c

+++ b/hw/arm/xlnx-zcu102.c

@@ -XXX,XX +XXX,XX @@ static void xlnx_ep108_init(MachineState *machine)

{

XlnxZCU102 *s = EP108_MACHINE(machine);

+ info_report("The Xilinx EP108 machine is deprecated, please use the "

+ "ZCU102 machine instead. It has the same features supported.");

+

xlnx_zynqmp_init(s, machine);

}

diff --git a/qemu-doc.texi b/qemu-doc.texi

index XXXXXXX..XXXXXXX 100644

--- a/qemu-doc.texi

+++ b/qemu-doc.texi

@@ -XXX,XX +XXX,XX @@ or ``ivshmem-doorbell`` device types.

The ``spapr-pci-vfio-host-bridge'' device type is replaced by

the ``spapr-pci-host-bridge'' device type.

+@section System emulator machines

+

+@subsection Xilinx EP108 (since 2.11.0)

+

+The ``xlnx-ep108'' machine has been replaced by the ``xlnx-zcu102'' machine.

+The ``xlnx-zcu102'' machine has the same features and capabilites in QEMU.

+

@node License

@appendix License

--

2.7.4

From: "Emilio G. Cota" <cota@braap.org>

Just like the zcu102, the ep108 can instantiate several CPUs.

Signed-off-by: Emilio G. Cota <cota@braap.org>

Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>

Message-id: 1510343626-25861-5-git-send-email-cota@braap.org

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/xlnx-zcu102.c | 1 +

1 file changed, 1 insertion(+)

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/xlnx-zcu102.c

+++ b/hw/arm/xlnx-zcu102.c

@@ -XXX,XX +XXX,XX @@ static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data)

mc->block_default_type = IF_IDE;

mc->units_per_default_bus = 1;

mc->ignore_memory_transaction_failures = true;

+ mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS;

}

static const TypeInfo xlnx_ep108_machine_init_typeinfo = {

--

2.7.4

From: "Emilio G. Cota" <cota@braap.org>

max_cpus needs to be an upper bound on the number of vCPUs

initialized; otherwise TCG region initialization breaks.

Some boards initialize a hard-coded number of vCPUs, which is not

captured by the global max_cpus and therefore breaks TCG initialization.

Fix it by adding the .min_cpus field to machine_class.

This commit also changes some user-facing behaviour: we now die if

-smp is below this hard-coded vCPU minimum instead of silently

ignoring the passed -smp value (sometimes announcing this by printing

a warning). However, the introduction of .default_cpus lessens the

likelihood that users will notice this: if -smp isn't set, we now

assign the value in .default_cpus to both smp_cpus and max_cpus. IOW,

if a user does not set -smp, they always get a correct number of vCPUs.

This change fixes 3468b59 ("tcg: enable multiple TCG contexts in

softmmu", 2017-10-24), which broke TCG initialization for some

ARM boards.

Fixes: 3468b59e18b179bc63c7ce934de912dfa9596122

Reported-by: Thomas Huth <thuth@redhat.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>

Signed-off-by: Emilio G. Cota <cota@braap.org>

Message-id: 1510343626-25861-6-git-send-email-cota@braap.org

Suggested-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Emilio G. Cota <cota@braap.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/boards.h | 5 +++++

hw/arm/exynos4_boards.c | 12 ++++--------

hw/arm/raspi.c | 2 ++

hw/arm/xlnx-zcu102.c | 2 ++

vl.c | 21 ++++++++++++++++++---

5 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/boards.h

+++ b/include/hw/boards.h

@@ -XXX,XX +XXX,XX @@ typedef struct {

/**

* MachineClass:

+ * @max_cpus: maximum number of CPUs supported. Default: 1

+ * @min_cpus: minimum number of CPUs supported. Default: 1

+ * @default_cpus: number of CPUs instantiated if none are specified. Default: 1

* @get_hotplug_handler: this function is called during bus-less

* device hotplug. If defined it returns pointer to an instance

* of HotplugHandler object, which handles hotplug operation

@@ -XXX,XX +XXX,XX @@ struct MachineClass {

BlockInterfaceType block_default_type;

int units_per_default_bus;

int max_cpus;

+ int min_cpus;

+ int default_cpus;

unsigned int no_serial:1,

no_parallel:1,

use_virtcon:1,

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/exynos4_boards.c

+++ b/hw/arm/exynos4_boards.c

@@ -XXX,XX +XXX,XX @@

#include "qemu-common.h"

#include "cpu.h"

#include "sysemu/sysemu.h"

-#include "sysemu/qtest.h"

#include "hw/sysbus.h"

#include "net/net.h"

#include "hw/arm/arm.h"

@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,

Exynos4BoardType board_type)

{

Exynos4BoardState *s = g_new(Exynos4BoardState, 1);

- MachineClass *mc = MACHINE_GET_CLASS(machine);

-

- if (smp_cpus != EXYNOS4210_NCPUS && !qtest_enabled()) {

- error_report("%s board supports only %d CPU cores, ignoring smp_cpus"

- " value",

- mc->name, EXYNOS4210_NCPUS);

- }

exynos4_board_binfo.ram_size = exynos4_board_ram_size[board_type];

exynos4_board_binfo.board_id = exynos4_board_id[board_type];

@@ -XXX,XX +XXX,XX @@ static void nuri_class_init(ObjectClass *oc, void *data)

mc->desc = "Samsung NURI board (Exynos4210)";

mc->init = nuri_init;

mc->max_cpus = EXYNOS4210_NCPUS;

+ mc->min_cpus = EXYNOS4210_NCPUS;

+ mc->default_cpus = EXYNOS4210_NCPUS;

mc->ignore_memory_transaction_failures = true;

}

@@ -XXX,XX +XXX,XX @@ static void smdkc210_class_init(ObjectClass *oc, void *data)

mc->desc = "Samsung SMDKC210 board (Exynos4210)";

mc->init = smdkc210_init;

mc->max_cpus = EXYNOS4210_NCPUS;

+ mc->min_cpus = EXYNOS4210_NCPUS;

+ mc->default_cpus = EXYNOS4210_NCPUS;

mc->ignore_memory_transaction_failures = true;

}

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/raspi.c

+++ b/hw/arm/raspi.c

@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)

mc->no_floppy = 1;

mc->no_cdrom = 1;

mc->max_cpus = BCM2836_NCPUS;

+ mc->min_cpus = BCM2836_NCPUS;

+ mc->default_cpus = BCM2836_NCPUS;

mc->default_ram_size = 1024 * 1024 * 1024;

mc->ignore_memory_transaction_failures = true;

};

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/xlnx-zcu102.c

+++ b/hw/arm/xlnx-zcu102.c

@@ -XXX,XX +XXX,XX @@ static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data)

mc->units_per_default_bus = 1;

mc->ignore_memory_transaction_failures = true;

mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS;

+ mc->default_cpus = XLNX_ZYNQMP_NUM_APU_CPUS;

}

static const TypeInfo xlnx_ep108_machine_init_typeinfo = {

@@ -XXX,XX +XXX,XX @@ static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data)

mc->units_per_default_bus = 1;

mc->ignore_memory_transaction_failures = true;

mc->max_cpus = XLNX_ZYNQMP_NUM_APU_CPUS + XLNX_ZYNQMP_NUM_RPU_CPUS;

+ mc->default_cpus = XLNX_ZYNQMP_NUM_APU_CPUS;

}

static const TypeInfo xlnx_zcu102_machine_init_typeinfo = {

diff --git a/vl.c b/vl.c

index XXXXXXX..XXXXXXX 100644

--- a/vl.c

+++ b/vl.c

@@ -XXX,XX +XXX,XX @@ Chardev *virtcon_hds[MAX_VIRTIO_CONSOLES];

Chardev *sclp_hds[MAX_SCLP_CONSOLES];

int win2k_install_hack = 0;

int singlestep = 0;

-int smp_cpus = 1;

-unsigned int max_cpus = 1;

+int smp_cpus;

+unsigned int max_cpus;

int smp_cores = 1;

int smp_threads = 1;

int acpi_enabled = 1;

@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp)

exit(0);

}

+ /* machine_class: default to UP */

+ machine_class->max_cpus = machine_class->max_cpus ?: 1;

+ machine_class->min_cpus = machine_class->min_cpus ?: 1;

+ machine_class->default_cpus = machine_class->default_cpus ?: 1;

+

+ /* default to machine_class->default_cpus */

+ smp_cpus = machine_class->default_cpus;

+ max_cpus = machine_class->default_cpus;

+

smp_parse(qemu_opts_find(qemu_find_opts("smp-opts"), NULL));

- machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */

+ /* sanity-check smp_cpus and max_cpus against machine_class */

+ if (smp_cpus < machine_class->min_cpus) {

+ error_report("Invalid SMP CPUs %d. The min CPUs "

+ "supported by machine '%s' is %d", smp_cpus,

+ machine_class->name, machine_class->min_cpus);

+ exit(1);

+ }

if (max_cpus > machine_class->max_cpus) {

error_report("Invalid SMP CPUs %d. The max CPUs "

"supported by machine '%s' is %d", max_cpus,

--

2.7.4

From: Alex Bennée <alex.bennee@linaro.org>

We are still seeing signals during translation time when we walk over

a page protection boundary. This expands the check to ensure the host

PC is inside the code generation buffer. The original suggestion was

to check versus tcg_ctx.code_gen_ptr but as we now segment the

translation buffer we have to settle for just a general check for

being inside.

I've also fixed up the declaration to make it clear it can deal with

invalid addresses. A later patch will fix up the call sites.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Reported-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20171108153245.20740-2-alex.bennee@linaro.org

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>

Cc: Richard Henderson <rth@twiddle.net>

Tested-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/exec/exec-all.h | 11 ++++++++++

accel/tcg/translate-all.c | 52 ++++++++++++++++++++++++++---------------------

2 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h

index XXXXXXX..XXXXXXX 100644

--- a/include/exec/exec-all.h

+++ b/include/exec/exec-all.h

@@ -XXX,XX +XXX,XX @@ void restore_state_to_opc(CPUArchState *env, struct TranslationBlock *tb,

target_ulong *data);

void cpu_gen_init(void);

+

+/**

+ * cpu_restore_state:

+ * @cpu: the vCPU state is to be restore to

+ * @searched_pc: the host PC the fault occurred at

+ * @return: true if state was restored, false otherwise

+ *

+ * Attempt to restore the state for a fault occurring in translated

+ * code. If the searched_pc is not in translated code no state is

+ * restored and the function returns false.

+ */

bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc);

void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c

index XXXXXXX..XXXXXXX 100644

--- a/accel/tcg/translate-all.c

+++ b/accel/tcg/translate-all.c

@@ -XXX,XX +XXX,XX @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,

return 0;

}

-bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)

+bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc)

{

TranslationBlock *tb;

bool r = false;

+ uintptr_t check_offset;

- /* A retaddr of zero is invalid so we really shouldn't have ended

- * up here. The target code has likely forgotten to check retaddr

- * != 0 before attempting to restore state. We return early to

- * avoid blowing up on a recursive tb_lock(). The target must have

- * previously survived a failed cpu_restore_state because

- * tb_find_pc(0) would have failed anyway. It still should be

- * fixed though.

+ /* The host_pc has to be in the region of current code buffer. If

+ * it is not we will not be able to resolve it here. The two cases

+ * where host_pc will not be correct are:

+ *

+ * - fault during translation (instruction fetch)

+ * - fault from helper (not using GETPC() macro)

+ *

+ * Either way we need return early to avoid blowing up on a

+ * recursive tb_lock() as we can't resolve it here.

+ *

+ * We are using unsigned arithmetic so if host_pc <

+ * tcg_init_ctx.code_gen_buffer check_offset will wrap to way

+ * above the code_gen_buffer_size

*/

-

- if (!retaddr) {

- return r;

- }

-

- tb_lock();

- tb = tb_find_pc(retaddr);

- if (tb) {

- cpu_restore_state_from_tb(cpu, tb, retaddr);

- if (tb->cflags & CF_NOCACHE) {

- /* one-shot translation, invalidate it immediately */

- tb_phys_invalidate(tb, -1);

- tb_remove(tb);

+ check_offset = host_pc - (uintptr_t) tcg_init_ctx.code_gen_buffer;

+

+ if (check_offset < tcg_init_ctx.code_gen_buffer_size) {

+ tb_lock();

+ tb = tb_find_pc(host_pc);

+ if (tb) {

+ cpu_restore_state_from_tb(cpu, tb, host_pc);

+ if (tb->cflags & CF_NOCACHE) {

+ /* one-shot translation, invalidate it immediately */

+ tb_phys_invalidate(tb, -1);

+ tb_remove(tb);

+ }

+ r = true;

}

- r = true;

+ tb_unlock();

}

- tb_unlock();

return r;

}

--

2.7.4