From: Michael Weiser <michael.weiser@gmx.de>

Enable big-endian mode for data accesses on aarch64 for big-endian linux

user mode. Activate it for all exception levels as documented by ARM:

Set the SCTLR EE bit for ELs 1 through 3. Additionally set bit E0E in

EL1 to enable it in EL0 as well.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20171220212308.12614-2-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

linux-user/main.c | 6 ++++++

1 file changed, 6 insertions(+)

diff --git a/linux-user/main.c b/linux-user/main.c

index XXXXXXX..XXXXXXX 100644

--- a/linux-user/main.c

+++ b/linux-user/main.c

@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp)

}

env->pc = regs->pc;

env->xregs[31] = regs->sp;

+#ifdef TARGET_WORDS_BIGENDIAN

+ env->cp15.sctlr_el[1] |= SCTLR_E0E;

+ for (i = 1; i < 4; ++i) {

+ env->cp15.sctlr_el[i] |= SCTLR_EE;

+ }

+#endif

}

#elif defined(TARGET_ARM)

{

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

Make big-endian aarch64 systems identify as aarch64_be as expected by

big-endian userland and toolchains.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Message-id: 20171220212308.12614-3-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

linux-user/aarch64/target_syscall.h | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/linux-user/aarch64/target_syscall.h b/linux-user/aarch64/target_syscall.h

index XXXXXXX..XXXXXXX 100644

--- a/linux-user/aarch64/target_syscall.h

+++ b/linux-user/aarch64/target_syscall.h

@@ -XXX,XX +XXX,XX @@ struct target_pt_regs {

uint64_t pstate;

};

+#if defined(TARGET_WORDS_BIGENDIAN)

+#define UNAME_MACHINE "aarch64_be"

+#else

#define UNAME_MACHINE "aarch64"

+#endif

#define UNAME_MINIMUM_RELEASE "3.8.0"

#define TARGET_CLONE_BACKWARDS

#define TARGET_MINSIGSTKSZ 2048

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

Since for aarch64 the signal trampoline is synthesized directly into the

signal frame we need to make sure the instructions end up little-endian.

Otherwise the wrong endianness will cause a SIGILL upon return from the

signal handler on big-endian targets.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20171220212308.12614-4-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

linux-user/signal.c | 10 +++++++---

1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c

index XXXXXXX..XXXXXXX 100644

--- a/linux-user/signal.c

+++ b/linux-user/signal.c

@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,

if (ka->sa_flags & TARGET_SA_RESTORER) {

return_addr = ka->sa_restorer;

} else {

- /* mov x8,#__NR_rt_sigreturn; svc #0 */

- __put_user(0xd2801168, &frame->tramp[0]);

- __put_user(0xd4000001, &frame->tramp[1]);

+ /*

+ * mov x8,#__NR_rt_sigreturn; svc #0

+ * Since these are instructions they need to be put as little-endian

+ * regardless of target default or current CPU endianness.

+ */

+ __put_user_e(0xd2801168, &frame->tramp[0], le);

+ __put_user_e(0xd4000001, &frame->tramp[1], le);

return_addr = frame_addr + offsetof(struct target_rt_sigframe, tramp);

}

env->xregs[0] = usig;

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

Add target aarch64_be-linux-user. This allows a qemu-aarch64_be binary

to be built that will run big-endian aarch64 binaries.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Message-id: 20171220212308.12614-5-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

configure | 5 +++--

default-configs/aarch64_be-linux-user.mak | 1 +

2 files changed, 4 insertions(+), 2 deletions(-)

create mode 100644 default-configs/aarch64_be-linux-user.mak

diff --git a/configure b/configure

index XXXXXXX..XXXXXXX 100755

--- a/configure

+++ b/configure

@@ -XXX,XX +XXX,XX @@ target_name=$(echo $target | cut -d '-' -f 1)

target_bigendian="no"

case "$target_name" in

- armeb|hppa|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|or1k|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)

+ armeb|aarch64_be|hppa|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|or1k|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)

target_bigendian=yes

;;

esac

@@ -XXX,XX +XXX,XX @@ case "$target_name" in

mttcg="yes"

gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"

;;

- aarch64)

+ aarch64|aarch64_be)

+ TARGET_ARCH=aarch64

TARGET_BASE_ARCH=arm

bflt="yes"

mttcg="yes"

diff --git a/default-configs/aarch64_be-linux-user.mak b/default-configs/aarch64_be-linux-user.mak

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/default-configs/aarch64_be-linux-user.mak

@@ -0,0 +1 @@

+# Default configuration for aarch64_be-linux-user

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

As we now have a linux-user aarch64_be target, we can add it to the list

of supported targets in qemu-binfmt-conf.sh

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Message-id: 20171220212308.12614-6-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

scripts/qemu-binfmt-conf.sh | 6 +++++-

1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh

index XXXXXXX..XXXXXXX 100755

--- a/scripts/qemu-binfmt-conf.sh

+++ b/scripts/qemu-binfmt-conf.sh

@@ -XXX,XX +XXX,XX @@

qemu_target_list="i386 i486 alpha arm sparc32plus ppc ppc64 ppc64le m68k \

mips mipsel mipsn32 mipsn32el mips64 mips64el \

-sh4 sh4eb s390x aarch64 hppa"

+sh4 sh4eb s390x aarch64 aarch64_be hppa"

i386_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'

i386_mask='\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'

@@ -XXX,XX +XXX,XX @@ aarch64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x

aarch64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'

aarch64_family=arm

+aarch64_be_magic='\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'

+aarch64_be_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

+aarch64_be_family=arm

+

hppa_magic='\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x0f'

hppa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

hppa_family=hppa

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

Give big-endian arm and aarch64 CPUs their own family in

qemu-binfmt-conf.sh to make sure we register qemu-user for binaries of

the opposite endianness on arm and aarch64. Apart from the family

assignments of the magic values, qemu_get_family() needs to be able to

distinguish the two and recognise aarch64{,_be} as well.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Message-id: 20171220212308.12614-7-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

scripts/qemu-binfmt-conf.sh | 9 ++++++---

1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh

index XXXXXXX..XXXXXXX 100755

--- a/scripts/qemu-binfmt-conf.sh

+++ b/scripts/qemu-binfmt-conf.sh

@@ -XXX,XX +XXX,XX @@ arm_family=arm

armeb_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28'

armeb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

-armeb_family=arm

+armeb_family=armeb

sparc_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'

sparc_mask='\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

@@ -XXX,XX +XXX,XX @@ aarch64_family=arm

aarch64_be_magic='\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'

aarch64_be_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

-aarch64_be_family=arm

+aarch64_be_family=armeb

hppa_magic='\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x0f'

hppa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'

@@ -XXX,XX +XXX,XX @@ qemu_get_family() {

ppc64el|ppc64le)

echo "ppcle"

;;

- arm|armel|armhf|arm64|armv[4-9]*)

+ arm|armel|armhf|arm64|armv[4-9]*l|aarch64)

echo "arm"

;;

+ armeb|armv[4-9]*b|aarch64_be)

+ echo "armeb"

+ ;;

sparc*)

echo "sparc"

;;

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

armeb is missing from the target list in qemu-binfmt-conf.sh. Add it so

the handler for those binaries gets registered by the script.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Message-id: 20171220212308.12614-8-michael.weiser@gmx.de

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

scripts/qemu-binfmt-conf.sh | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh

index XXXXXXX..XXXXXXX 100755

--- a/scripts/qemu-binfmt-conf.sh

+++ b/scripts/qemu-binfmt-conf.sh

@@ -XXX,XX +XXX,XX @@

# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390/HPPA

# program execution by the kernel

-qemu_target_list="i386 i486 alpha arm sparc32plus ppc ppc64 ppc64le m68k \

+qemu_target_list="i386 i486 alpha arm armeb sparc32plus ppc ppc64 ppc64le m68k \

mips mipsel mipsn32 mipsn32el mips64 mips64el \

sh4 sh4eb s390x aarch64 aarch64_be hppa"

--

2.7.4

From: Michael Weiser <michael.weiser@gmx.de>

ldxp loads two consecutive doublewords from memory regardless of CPU

endianness. On store, stlxp currently assumes to work with a 128bit

value and consequently switches order in big-endian mode. With this

change it packs the doublewords in reverse order in anticipation of the

128bit big-endian store operation interposing them so they end up in

memory in the right order. This makes it work for both MTTCG and !MTTCG.

It effectively implements the ARM ARM STLXP operation pseudo-code:

data = if BigEndian() then el1:el2 else el2:el1;

With this change an aarch64_be Linux 4.14.4 kernel succeeds to boot up

in system emulation mode.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

target/arm/helper-a64.c | 7 +++++--

1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/helper-a64.c

+++ b/target/arm/helper-a64.c

@@ -XXX,XX +XXX,XX @@ static uint64_t do_paired_cmpxchg64_be(CPUARMState *env, uint64_t addr,

Int128 oldv, cmpv, newv;

bool success;

- cmpv = int128_make128(env->exclusive_val, env->exclusive_high);

- newv = int128_make128(new_lo, new_hi);

+ /* high and low need to be switched here because this is not actually a

+ * 128bit store but two doublewords stored consecutively

+ */

+ cmpv = int128_make128(env->exclusive_high, env->exclusive_val);

+ newv = int128_make128(new_hi, new_lo);

if (parallel) {

#ifndef CONFIG_ATOMIC128

--

2.7.4

From: Zhaoshenglong <zhaoshenglong@huawei.com>

acpi_data_push uses g_array_set_size to resize the memory size. If there

is no enough contiguous memory, the address will be changed. If we use

the old value, it will assert.

qemu-kvm: hw/acpi/bios-linker-loader.c:214: bios_linker_loader_add_checksum:

Assertion `start_offset < file->blob->len' failed.`

This issue only happens in building SRAT table now but here we unify the

pattern for other tables as well to avoid possible issues in the future.

Signed-off-by: Zhaoshenglong <zhaoshenglong@huawei.com>

Reviewed-by: Andrew Jones <drjones@redhat.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/virt-acpi-build.c | 18 +++++++++++-------

1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/virt-acpi-build.c

+++ b/hw/arm/virt-acpi-build.c

@@ -XXX,XX +XXX,XX @@ build_spcr(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

AcpiSerialPortConsoleRedirection *spcr;

const MemMapEntry *uart_memmap = &vms->memmap[VIRT_UART];

int irq = vms->irqmap[VIRT_UART] + ARM_SPI_BASE;

+ int spcr_start = table_data->len;

spcr = acpi_data_push(table_data, sizeof(*spcr));

@@ -XXX,XX +XXX,XX @@ build_spcr(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

spcr->pci_device_id = 0xffff; /* PCI Device ID: not a PCI device */

spcr->pci_vendor_id = 0xffff; /* PCI Vendor ID: not a PCI device */

- build_header(linker, table_data, (void *)spcr, "SPCR", sizeof(*spcr), 2,

- NULL, NULL);

+ build_header(linker, table_data, (void *)(table_data->data + spcr_start),

+ "SPCR", table_data->len - spcr_start, 2, NULL, NULL);

}

static void

@@ -XXX,XX +XXX,XX @@ build_srat(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

mem_base += numa_info[i].node_mem;

}

- build_header(linker, table_data, (void *)srat, "SRAT",

- table_data->len - srat_start, 3, NULL, NULL);

+ build_header(linker, table_data, (void *)(table_data->data + srat_start),

+ "SRAT", table_data->len - srat_start, 3, NULL, NULL);

}

static void

@@ -XXX,XX +XXX,XX @@ build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

AcpiTableMcfg *mcfg;

const MemMapEntry *memmap = vms->memmap;

int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);

+ int mcfg_start = table_data->len;

mcfg = acpi_data_push(table_data, len);

mcfg->allocation[0].address = cpu_to_le64(memmap[VIRT_PCIE_ECAM].base);

@@ -XXX,XX +XXX,XX @@ build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

mcfg->allocation[0].end_bus_number = (memmap[VIRT_PCIE_ECAM].size

/ PCIE_MMCFG_SIZE_MIN) - 1;

- build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);

+ build_header(linker, table_data, (void *)(table_data->data + mcfg_start),

+ "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);

}

/* GTDT */

@@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

static void build_fadt(GArray *table_data, BIOSLinker *linker,

VirtMachineState *vms, unsigned dsdt_tbl_offset)

{

+ int fadt_start = table_data->len;

AcpiFadtDescriptorRev5_1 *fadt = acpi_data_push(table_data, sizeof(*fadt));

unsigned xdsdt_entry_offset = (char *)&fadt->x_dsdt - table_data->data;

uint16_t bootflags;

@@ -XXX,XX +XXX,XX @@ static void build_fadt(GArray *table_data, BIOSLinker *linker,

ACPI_BUILD_TABLE_FILE, xdsdt_entry_offset, sizeof(fadt->x_dsdt),

ACPI_BUILD_TABLE_FILE, dsdt_tbl_offset);

- build_header(linker, table_data,

- (void *)fadt, "FACP", sizeof(*fadt), 5, NULL, NULL);

+ build_header(linker, table_data, (void *)(table_data->data + fadt_start),

+ "FACP", table_data->len - fadt_start, 5, NULL, NULL);

}

/* DSDT */

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Binding to a particular netdev doesn't seem to belong to this layer

and should probably be done as a part of board or SoC specific code.

Convert all of the users of this IP block to use

qdev_set_nic_properties() instead.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/fsl-imx6.c | 1 +

hw/net/imx_fec.c | 2 --

2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/fsl-imx6.c

+++ b/hw/arm/fsl-imx6.c

@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)

spi_table[i].irq));

}

+ qdev_set_nic_properties(DEVICE(&s->eth), &nd_table[0]);

object_property_set_bool(OBJECT(&s->eth), true, "realized", &err);

if (err) {

error_propagate(errp, err);

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static void imx_eth_realize(DeviceState *dev, Error **errp)

qemu_macaddr_default_if_unset(&s->conf.macaddr);

- s->conf.peers.ncs[0] = nd_table[0].netdev;

-

s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf,

object_get_typename(OBJECT(dev)),

DEVICE(dev)->id, s);

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Refactor imx_eth_enable_rx() to have more meaningfull variable name

than 'tmp' and to reduce number of logical negations done.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/net/imx_fec.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static void imx_eth_do_tx(IMXFECState *s)

static void imx_eth_enable_rx(IMXFECState *s)

{

IMXFECBufDesc bd;

- bool tmp;

+ bool rx_ring_full;

imx_fec_read_bd(&bd, s->rx_descriptor);

- tmp = ((bd.flags & ENET_BD_E) != 0);

+ rx_ring_full = !(bd.flags & ENET_BD_E);

- if (!tmp) {

+ if (rx_ring_full) {

FEC_PRINTF("RX buffer full\n");

} else if (!s->regs[ENET_RDAR]) {

qemu_flush_queued_packets(qemu_get_queue(s->nic));

}

- s->regs[ENET_RDAR] = tmp ? ENET_RDAR_RDAR : 0;

+ s->regs[ENET_RDAR] = rx_ring_full ? 0 : ENET_RDAR_RDAR;

}

static void imx_eth_reset(DeviceState *d)

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

In current implementation, packet queue flushing logic seem to suffer

from a deadlock like scenario if a packet is received by the interface

before before Rx ring is initialized by Guest's driver. Consider the

following sequence of events:

    1. A QEMU instance is started against a TAP device on Linux

     host, running Linux guest, e. g., something to the effect

     of:

     qemu-system-arm \

     -net nic,model=imx.fec,netdev=lan0 \

     netdev tap,id=lan0,ifname=tap0,script=no,downscript=no \

     ... rest of the arguments ...

    2. Once QEMU starts, but before guest reaches the point where

     FEC deriver is done initializing the HW, Guest, via TAP

     interface, receives a number of multicast MDNS packets from

     Host (not necessarily true for every OS, but it happens at

     least on Fedora 25)

    3. Recieving a packet in such a state results in

     imx_eth_can_receive() returning '0', which in turn causes

     tap_send() to disable corresponding event (tap.c:203)

    4. Once Guest's driver reaches the point where it is ready to

     recieve packets it prepares Rx ring descriptors and writes

     ENET_RDAR_RDAR to ENET_RDAR register to indicate to HW that

     more descriptors are ready. And at this points emulation

     layer does this:

          s->regs[index] = ENET_RDAR_RDAR;

imx_eth_enable_rx(s);

     which, combined with:

          if (!s->regs[ENET_RDAR]) {

         qemu_flush_queued_packets(qemu_get_queue(s->nic));

         }

     results in Rx queue never being flushed and corresponding

     I/O event beign disabled.

To prevent the problem, change the code to always flush packet queue

when ENET_RDAR transitions 0 -> ENET_RDAR_RDAR.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/net/imx_fec.c | 12 ++++++------

1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static void imx_eth_do_tx(IMXFECState *s)

}

}

-static void imx_eth_enable_rx(IMXFECState *s)

+static void imx_eth_enable_rx(IMXFECState *s, bool flush)

{

IMXFECBufDesc bd;

bool rx_ring_full;

@@ -XXX,XX +XXX,XX @@ static void imx_eth_enable_rx(IMXFECState *s)

if (rx_ring_full) {

FEC_PRINTF("RX buffer full\n");

- } else if (!s->regs[ENET_RDAR]) {

+ } else if (flush) {

qemu_flush_queued_packets(qemu_get_queue(s->nic));

}

@@ -XXX,XX +XXX,XX @@ static void imx_eth_write(void *opaque, hwaddr offset, uint64_t value,

if (s->regs[ENET_ECR] & ENET_ECR_ETHEREN) {

if (!s->regs[index]) {

s->regs[index] = ENET_RDAR_RDAR;

- imx_eth_enable_rx(s);

+ imx_eth_enable_rx(s, true);

}

} else {

s->regs[index] = 0;

@@ -XXX,XX +XXX,XX @@ static int imx_eth_can_receive(NetClientState *nc)

FEC_PRINTF("\n");

- return s->regs[ENET_RDAR] ? 1 : 0;

+ return !!s->regs[ENET_RDAR];

}

static ssize_t imx_fec_receive(NetClientState *nc, const uint8_t *buf,

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_fec_receive(NetClientState *nc, const uint8_t *buf,

}

}

s->rx_descriptor = addr;

- imx_eth_enable_rx(s);

+ imx_eth_enable_rx(s, false);

imx_eth_update(s);

return len;

}

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

}

}

s->rx_descriptor = addr;

- imx_eth_enable_rx(s);

+ imx_eth_enable_rx(s, false);

imx_eth_update(s);

return len;

}

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Make Tx frame assembly buffer to be a paort of IMXFECState structure

to avoid a concern about having large data buffer on the stack.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/net/imx_fec.h | 3 +++

hw/net/imx_fec.c | 22 +++++++++++-----------

2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/net/imx_fec.h

+++ b/include/hw/net/imx_fec.h

@@ -XXX,XX +XXX,XX @@ typedef struct IMXFECState {

uint32_t phy_int_mask;

bool is_fec;

+

+ /* Buffer used to assemble a Tx frame */

+ uint8_t frame[ENET_MAX_FRAME_SIZE];

} IMXFECState;

#endif

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static void imx_eth_update(IMXFECState *s)

static void imx_fec_do_tx(IMXFECState *s)

{

int frame_size = 0, descnt = 0;

- uint8_t frame[ENET_MAX_FRAME_SIZE];

- uint8_t *ptr = frame;

+ uint8_t *ptr = s->frame;

uint32_t addr = s->tx_descriptor;

while (descnt++ < IMX_MAX_DESC) {

@@ -XXX,XX +XXX,XX @@ static void imx_fec_do_tx(IMXFECState *s)

frame_size += len;

if (bd.flags & ENET_BD_L) {

/* Last buffer in frame. */

- qemu_send_packet(qemu_get_queue(s->nic), frame, frame_size);

- ptr = frame;

+ qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size);

+ ptr = s->frame;

frame_size = 0;

s->regs[ENET_EIR] |= ENET_INT_TXF;

}

@@ -XXX,XX +XXX,XX @@ static void imx_fec_do_tx(IMXFECState *s)

static void imx_enet_do_tx(IMXFECState *s)

{

int frame_size = 0, descnt = 0;

- uint8_t frame[ENET_MAX_FRAME_SIZE];

- uint8_t *ptr = frame;

+ uint8_t *ptr = s->frame;

uint32_t addr = s->tx_descriptor;

while (descnt++ < IMX_MAX_DESC) {

@@ -XXX,XX +XXX,XX @@ static void imx_enet_do_tx(IMXFECState *s)

frame_size += len;

if (bd.flags & ENET_BD_L) {

if (bd.option & ENET_BD_PINS) {

- struct ip_header *ip_hd = PKT_GET_IP_HDR(frame);

+ struct ip_header *ip_hd = PKT_GET_IP_HDR(s->frame);

if (IP_HEADER_VERSION(ip_hd) == 4) {

- net_checksum_calculate(frame, frame_size);

+ net_checksum_calculate(s->frame, frame_size);

}

}

if (bd.option & ENET_BD_IINS) {

- struct ip_header *ip_hd = PKT_GET_IP_HDR(frame);

+ struct ip_header *ip_hd = PKT_GET_IP_HDR(s->frame);

/* We compute checksum only for IPv4 frames */

if (IP_HEADER_VERSION(ip_hd) == 4) {

uint16_t csum;

@@ -XXX,XX +XXX,XX @@ static void imx_enet_do_tx(IMXFECState *s)

}

}

/* Last buffer in frame. */

- qemu_send_packet(qemu_get_queue(s->nic), frame, len);

- ptr = frame;

+

+ qemu_send_packet(qemu_get_queue(s->nic), s->frame, len);

+ ptr = s->frame;

+

frame_size = 0;

if (bd.option & ENET_BD_TX_INT) {

s->regs[ENET_EIR] |= ENET_INT_TXF;

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Frame truncation length, TRUNC_FL, is determined by the contents of

ENET_FTRL register, so convert the code to use it instead of a

hardcoded constant.

To avoid the case where TRUNC_FL is greater that ENET_MAX_FRAME_SIZE,

increase the value of the latter to its theoretical maximum of 16K.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/net/imx_fec.h | 3 ++-

hw/net/imx_fec.c | 4 ++--

2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/net/imx_fec.h

+++ b/include/hw/net/imx_fec.h

@@ -XXX,XX +XXX,XX @@

#define ENET_TCCR3 393

#define ENET_MAX 400

-#define ENET_MAX_FRAME_SIZE 2032

/* EIR and EIMR */

#define ENET_INT_HB (1 << 31)

@@ -XXX,XX +XXX,XX @@

#define ENET_RCR_NLC (1 << 30)

#define ENET_RCR_GRS (1 << 31)

+#define ENET_MAX_FRAME_SIZE (1 << ENET_RCR_MAX_FL_LENGTH)

+

/* TCR */

#define ENET_TCR_GTS (1 << 0)

#define ENET_TCR_FDEN (1 << 2)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

crc_ptr = (uint8_t *) &crc;

/* Huge frames are truncted. */

- if (size > ENET_MAX_FRAME_SIZE) {

- size = ENET_MAX_FRAME_SIZE;

+ if (size > s->regs[ENET_FTRL]) {

+ size = s->regs[ENET_FTRL];

flags |= ENET_BD_TR | ENET_BD_LG;

}

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/net/imx_fec.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

TYPE_IMX_FEC, __func__);

break;

}

- buf_len = (size <= s->regs[ENET_MRBR]) ? size : s->regs[ENET_MRBR];

+ buf_len = MIN(size, s->regs[ENET_MRBR]);

bd.length = buf_len;

size -= buf_len;

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

Needed to support latest Linux kernel driver which relies on that

functionality.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/net/imx_fec.h | 2 ++

hw/net/imx_fec.c | 23 +++++++++++++++++++++++

2 files changed, 25 insertions(+)

diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/net/imx_fec.h

+++ b/include/hw/net/imx_fec.h

@@ -XXX,XX +XXX,XX @@

#define ENET_TWFR_TFWR_LENGTH (6)

#define ENET_TWFR_STRFWD (1 << 8)

+#define ENET_RACC_SHIFT16 BIT(7)

+

/* Buffer Descriptor. */

typedef struct {

uint16_t length;

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

uint8_t *crc_ptr;

unsigned int buf_len;

size_t size = len;

+ bool shift16 = s->regs[ENET_RACC] & ENET_RACC_SHIFT16;

FEC_PRINTF("len %d\n", (int)size);

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

crc = cpu_to_be32(crc32(~0, buf, size));

crc_ptr = (uint8_t *) &crc;

+ if (shift16) {

+ size += 2;

+ }

+

/* Huge frames are truncted. */

if (size > s->regs[ENET_FTRL]) {

size = s->regs[ENET_FTRL];

@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,

buf_len += size - 4;

}

buf_addr = bd.data;

+

+ if (shift16) {

+ /*

+ * If SHIFT16 bit of ENETx_RACC register is set we need to

+ * align the payload to 4-byte boundary.

+ */

+ const uint8_t zeros[2] = { 0 };

+

+ dma_memory_write(&address_space_memory, buf_addr,

+ zeros, sizeof(zeros));

+

+ buf_addr += sizeof(zeros);

+ buf_len -= sizeof(zeros);

+

+ /* We only do this once per Ethernet frame */

+ shift16 = false;

+ }

+

dma_memory_write(&address_space_memory, buf_addr, buf, buf_len);

buf += buf_len;

if (size < 4) {

--

2.7.4

From: Andrey Smirnov <andrew.smirnov@gmail.com>

More recent version of the IP block support more than one Tx DMA ring,

so add the code implementing that feature.

Cc: Peter Maydell <peter.maydell@linaro.org>

Cc: Jason Wang <jasowang@redhat.com>

Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>

Cc: qemu-devel@nongnu.org

Cc: qemu-arm@nongnu.org

Cc: yurovsky@gmail.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/net/imx_fec.h | 18 ++++++-

hw/net/imx_fec.c | 133 ++++++++++++++++++++++++++++++++++++++++-------

2 files changed, 130 insertions(+), 21 deletions(-)

diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/net/imx_fec.h

+++ b/include/hw/net/imx_fec.h

@@ -XXX,XX +XXX,XX @@

#define ENET_TFWR 81

#define ENET_FRBR 83

#define ENET_FRSR 84

+#define ENET_TDSR1 89

+#define ENET_TDSR2 92

#define ENET_RDSR 96

#define ENET_TDSR 97

#define ENET_MRBR 98

@@ -XXX,XX +XXX,XX @@

#define ENET_FTRL 108

#define ENET_TACC 112

#define ENET_RACC 113

+#define ENET_TDAR1 121

+#define ENET_TDAR2 123

#define ENET_MIIGSK_CFGR 192

#define ENET_MIIGSK_ENR 194

#define ENET_ATCR 256

@@ -XXX,XX +XXX,XX @@

#define ENET_INT_WAKEUP (1 << 17)

#define ENET_INT_TS_AVAIL (1 << 16)

#define ENET_INT_TS_TIMER (1 << 15)

+#define ENET_INT_TXF2 (1 << 7)

+#define ENET_INT_TXB2 (1 << 6)

+#define ENET_INT_TXF1 (1 << 3)

+#define ENET_INT_TXB1 (1 << 2)

#define ENET_INT_MAC (ENET_INT_HB | ENET_INT_BABR | ENET_INT_BABT | \

ENET_INT_GRA | ENET_INT_TXF | ENET_INT_TXB | \

ENET_INT_RXF | ENET_INT_RXB | ENET_INT_MII | \

ENET_INT_EBERR | ENET_INT_LC | ENET_INT_RL | \

ENET_INT_UN | ENET_INT_PLR | ENET_INT_WAKEUP | \

- ENET_INT_TS_AVAIL)

+ ENET_INT_TS_AVAIL | ENET_INT_TXF1 | \

+ ENET_INT_TXB1 | ENET_INT_TXF2 | ENET_INT_TXB2)

/* RDAR */

#define ENET_RDAR_RDAR (1 << 24)

@@ -XXX,XX +XXX,XX @@ typedef struct {

#define ENET_BD_BDU (1 << 31)

+#define ENET_TX_RING_NUM 3

+

+

typedef struct IMXFECState {

/*< private >*/

SysBusDevice parent_obj;

@@ -XXX,XX +XXX,XX @@ typedef struct IMXFECState {

uint32_t regs[ENET_MAX];

uint32_t rx_descriptor;

- uint32_t tx_descriptor;

+

+ uint32_t tx_descriptor[ENET_TX_RING_NUM];

+ uint32_t tx_ring_num;

uint32_t phy_status;

uint32_t phy_control;

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/imx_fec.c

+++ b/hw/net/imx_fec.c

@@ -XXX,XX +XXX,XX @@ static const char *imx_eth_reg_name(IMXFECState *s, uint32_t index)

}

}

+/*

+ * Versions of this device with more than one TX descriptor save the

+ * 2nd and 3rd descriptors in a subsection, to maintain migration

+ * compatibility with previous versions of the device that only

+ * supported a single descriptor.

+ */

+static bool imx_eth_is_multi_tx_ring(void *opaque)

+{

+ IMXFECState *s = IMX_FEC(opaque);

+

+ return s->tx_ring_num > 1;

+}

+

+static const VMStateDescription vmstate_imx_eth_txdescs = {

+ .name = "imx.fec/txdescs",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .needed = imx_eth_is_multi_tx_ring,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32(tx_descriptor[1], IMXFECState),

+ VMSTATE_UINT32(tx_descriptor[2], IMXFECState),

+ VMSTATE_END_OF_LIST()

+ }

+};

+

static const VMStateDescription vmstate_imx_eth = {

.name = TYPE_IMX_FEC,

.version_id = 2,

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_imx_eth = {

.fields = (VMStateField[]) {

VMSTATE_UINT32_ARRAY(regs, IMXFECState, ENET_MAX),

VMSTATE_UINT32(rx_descriptor, IMXFECState),

- VMSTATE_UINT32(tx_descriptor, IMXFECState),

-

+ VMSTATE_UINT32(tx_descriptor[0], IMXFECState),

VMSTATE_UINT32(phy_status, IMXFECState),

VMSTATE_UINT32(phy_control, IMXFECState),

VMSTATE_UINT32(phy_advertise, IMXFECState),

VMSTATE_UINT32(phy_int, IMXFECState),

VMSTATE_UINT32(phy_int_mask, IMXFECState),

VMSTATE_END_OF_LIST()

- }

+ },

+ .subsections = (const VMStateDescription * []) {

+ &vmstate_imx_eth_txdescs,

+ NULL

+ },

};

#define PHY_INT_ENERGYON (1 << 7)

@@ -XXX,XX +XXX,XX @@ static void imx_fec_do_tx(IMXFECState *s)

{

int frame_size = 0, descnt = 0;

uint8_t *ptr = s->frame;

- uint32_t addr = s->tx_descriptor;

+ uint32_t addr = s->tx_descriptor[0];

while (descnt++ < IMX_MAX_DESC) {

IMXFECBufDesc bd;

@@ -XXX,XX +XXX,XX @@ static void imx_fec_do_tx(IMXFECState *s)

}

}

- s->tx_descriptor = addr;

+ s->tx_descriptor[0] = addr;

imx_eth_update(s);

}

-static void imx_enet_do_tx(IMXFECState *s)

+static void imx_enet_do_tx(IMXFECState *s, uint32_t index)

{

int frame_size = 0, descnt = 0;

+

uint8_t *ptr = s->frame;

- uint32_t addr = s->tx_descriptor;

+ uint32_t addr, int_txb, int_txf, tdsr;

+ size_t ring;

+

+ switch (index) {

+ case ENET_TDAR:

+ ring = 0;

+ int_txb = ENET_INT_TXB;

+ int_txf = ENET_INT_TXF;

+ tdsr = ENET_TDSR;

+ break;

+ case ENET_TDAR1:

+ ring = 1;

+ int_txb = ENET_INT_TXB1;

+ int_txf = ENET_INT_TXF1;

+ tdsr = ENET_TDSR1;

+ break;

+ case ENET_TDAR2:

+ ring = 2;

+ int_txb = ENET_INT_TXB2;

+ int_txf = ENET_INT_TXF2;

+ tdsr = ENET_TDSR2;

+ break;

+ default:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "%s: bogus value for index %x\n",

+ __func__, index);

+ abort();

+ break;

+ }

+

+ addr = s->tx_descriptor[ring];

while (descnt++ < IMX_MAX_DESC) {

IMXENETBufDesc bd;

@@ -XXX,XX +XXX,XX @@ static void imx_enet_do_tx(IMXFECState *s)

frame_size = 0;

if (bd.option & ENET_BD_TX_INT) {

- s->regs[ENET_EIR] |= ENET_INT_TXF;

+ s->regs[ENET_EIR] |= int_txf;

}

}

if (bd.option & ENET_BD_TX_INT) {