1
A mixed bag, all bug fixes or similar small stuff.
1
Arm queue; bugfixes only.
2
2
3
thanks
3
thanks
4
-- PMM
4
-- PMM
5
5
6
The following changes since commit 48aa8f0ac536db3550a35c295ff7de94e4c33739:
6
7
7
The following changes since commit 19eb2d4e736dc895f31fbd6b520e514f10cc08e0:
8
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-11-16' into staging (2020-11-17 11:07:00 +0000)
8
9
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging (2019-05-07 10:43:32 +0100)
10
9
11
are available in the Git repository at:
10
are available in the Git repository at:
12
11
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190507
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201117
14
13
15
for you to fetch changes up to 63159601fb3e396b28da14cbb71e50ed3f5a0331:
14
for you to fetch changes up to ab135622cf478585bdfcb68b85e4a817d74a0c42:
16
15
17
target/arm: Stop using variable length array in dc_zva (2019-05-07 12:55:04 +0100)
16
tmp105: Correct handling of temperature limit checks (2020-11-17 12:56:33 +0000)
18
17
19
----------------------------------------------------------------
18
----------------------------------------------------------------
20
target-arm queue:
19
target-arm queue:
21
* Stop using variable length array in dc_zva
20
* hw/arm/virt: ARM_VIRT must select ARM_GIC
22
* Implement M-profile XPSR GE bits
21
* exynos: Fix bad printf format specifiers
23
* Don't enable ARMV7M_EXCP_DEBUG from reset
22
* hw/input/ps2.c: Remove remnants of printf debug
24
* armv7m_nvic: NS BFAR and BFSR are RAZ/WI if BFHFNMINS == 0
23
* target/openrisc: Remove dead code attempting to check "is timer disabled"
25
* armv7m_nvic: Check subpriority in nvic_recompute_state_secure()
24
* register: Remove unnecessary NULL check
26
* fix various minor issues to allow building for Windows-on-ARM64
25
* util/cutils: Fix Coverity array overrun in freq_to_str()
27
* aspeed: Set SDRAM size
26
* configure: Make "does libgio work" test pull in some actual functions
28
* Allow system registers for KVM guests to be changed by QEMU code
27
* tmp105: reset the T_low and T_High registers
29
* raspi: Diagnose requests for too much RAM
28
* tmp105: Correct handling of temperature limit checks
30
* virt: Support firmware configuration with -blockdev
31
29
32
----------------------------------------------------------------
30
----------------------------------------------------------------
33
Cao Jiaxi (4):
31
Alex Chen (1):
34
QEMU_PACKED: Remove gcc_struct attribute in Windows non x86 targets
32
exynos: Fix bad printf format specifiers
35
qga: Fix mingw compilation warnings on enum conversion
36
util/cacheinfo: Use uint64_t on LLP64 model to satisfy Windows ARM64
37
osdep: Fix mingw compilation regarding stdio formats
38
33
39
Joel Stanley (1):
34
Alistair Francis (1):
40
arm: aspeed: Set SDRAM size
35
register: Remove unnecessary NULL check
41
36
42
Markus Armbruster (3):
37
Andrew Jones (1):
43
pc: Rearrange pc_system_firmware_init()'s legacy -drive loop
38
hw/arm/virt: ARM_VIRT must select ARM_GIC
44
pflash_cfi01: New pflash_cfi01_legacy_drive()
45
hw/arm/virt: Support firmware configuration with -blockdev
46
39
47
Peter Maydell (7):
40
Peter Maydell (5):
48
hw/arm/raspi: Diagnose requests for too much RAM
41
hw/input/ps2.c: Remove remnants of printf debug
49
arm: Allow system registers for KVM guests to be changed by QEMU code
42
target/openrisc: Remove dead code attempting to check "is timer disabled"
50
hw/arm/armv7m_nvic: Check subpriority in nvic_recompute_state_secure()
43
configure: Make "does libgio work" test pull in some actual functions
51
hw/intc/armv7m_nvic: NS BFAR and BFSR are RAZ/WI if BFHFNMINS == 0
44
hw/misc/tmp105: reset the T_low and T_High registers
52
hw/intc/armv7m_nvic: Don't enable ARMV7M_EXCP_DEBUG from reset
45
tmp105: Correct handling of temperature limit checks
53
target/arm: Implement XPSR GE bits
54
target/arm: Stop using variable length array in dc_zva
55
46
56
contrib/libvhost-user/libvhost-user.h | 2 +-
47
Philippe Mathieu-Daudé (1):
57
include/hw/arm/aspeed.h | 1 +
48
util/cutils: Fix Coverity array overrun in freq_to_str()
58
include/hw/arm/virt.h | 2 +
59
include/hw/block/flash.h | 1 +
60
include/qemu/compiler.h | 2 +-
61
include/qemu/osdep.h | 10 +-
62
scripts/cocci-macro-file.h | 7 +-
63
target/arm/cpu.h | 13 ++-
64
hw/arm/aspeed.c | 8 ++
65
hw/arm/raspi.c | 7 ++
66
hw/arm/virt.c | 202 ++++++++++++++++++++++------------
67
hw/block/pflash_cfi01.c | 28 +++++
68
hw/i386/pc_sysfw.c | 18 +--
69
hw/intc/armv7m_nvic.c | 40 ++++++-
70
qga/commands-win32.c | 2 +-
71
target/arm/helper.c | 47 +++++++-
72
target/arm/kvm.c | 8 ++
73
target/arm/kvm32.c | 20 +---
74
target/arm/kvm64.c | 2 +
75
target/arm/machine.c | 2 +-
76
util/cacheinfo.c | 2 +-
77
21 files changed, 294 insertions(+), 130 deletions(-)
78
49
50
configure | 11 +++++--
51
hw/misc/tmp105.h | 7 +++++
52
hw/core/register.c | 4 ---
53
hw/input/ps2.c | 9 ------
54
hw/misc/tmp105.c | 73 ++++++++++++++++++++++++++++++++++++++------
55
hw/timer/exynos4210_mct.c | 4 +--
56
hw/timer/exynos4210_pwm.c | 8 ++---
57
target/openrisc/sys_helper.c | 3 --
58
util/cutils.c | 3 +-
59
hw/arm/Kconfig | 1 +
60
10 files changed, 89 insertions(+), 34 deletions(-)
61
diff view generated by jsdifflib
Deleted patch
1
From: Markus Armbruster <armbru@redhat.com>
2
1
3
The loop does two things: map legacy -drive to properties, and collect
4
all the backends for use after the loop. The next patch will factor
5
out the former for reuse in hw/arm/virt.c. To make that easier,
6
rearrange the loop so it does the first thing first, and the second
7
thing second.
8
9
Signed-off-by: Markus Armbruster <armbru@redhat.com>
10
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
12
Message-id: 20190416091348.26075-2-armbru@redhat.com
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
hw/i386/pc_sysfw.c | 24 +++++++++++-------------
16
1 file changed, 11 insertions(+), 13 deletions(-)
17
18
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/i386/pc_sysfw.c
21
+++ b/hw/i386/pc_sysfw.c
22
@@ -XXX,XX +XXX,XX @@ void pc_system_firmware_init(PCMachineState *pcms,
23
24
/* Map legacy -drive if=pflash to machine properties */
25
for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) {
26
- pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]);
27
pflash_drv = drive_get(IF_PFLASH, 0, i);
28
- if (!pflash_drv) {
29
- continue;
30
+ if (pflash_drv) {
31
+ loc_push_none(&loc);
32
+ qemu_opts_loc_restore(pflash_drv->opts);
33
+ if (pflash_cfi01_get_blk(pcms->flash[i])) {
34
+ error_report("clashes with -machine");
35
+ exit(1);
36
+ }
37
+ qdev_prop_set_drive(DEVICE(pcms->flash[i]), "drive",
38
+ blk_by_legacy_dinfo(pflash_drv), &error_fatal);
39
+ loc_pop(&loc);
40
}
41
- loc_push_none(&loc);
42
- qemu_opts_loc_restore(pflash_drv->opts);
43
- if (pflash_blk[i]) {
44
- error_report("clashes with -machine");
45
- exit(1);
46
- }
47
- pflash_blk[i] = blk_by_legacy_dinfo(pflash_drv);
48
- qdev_prop_set_drive(DEVICE(pcms->flash[i]),
49
- "drive", pflash_blk[i], &error_fatal);
50
- loc_pop(&loc);
51
+ pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]);
52
}
53
54
/* Reject gaps */
55
--
56
2.20.1
57
58
diff view generated by jsdifflib
1
From: Cao Jiaxi <driver1998@foxmail.com>
1
From: Andrew Jones <drjones@redhat.com>
2
2
3
I encountered the following compilation error on mingw:
3
The removal of the selection of A15MPCORE from ARM_VIRT also
4
removed what A15MPCORE selects, ARM_GIC. We still need ARM_GIC.
4
5
5
/mnt/d/qemu/include/qemu/osdep.h:97:9: error: '__USE_MINGW_ANSI_STDIO' macro redefined [-Werror,-Wmacro-redefined]
6
Fixes: bec3c97e0cf9 ("hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals")
6
#define __USE_MINGW_ANSI_STDIO 1
7
Reported-by: Miroslav Rezanina <mrezanin@redhat.com>
7
^
8
Signed-off-by: Andrew Jones <drjones@redhat.com>
8
/mnt/d/llvm-mingw/aarch64-w64-mingw32/include/_mingw.h:433:9: note: previous definition is here
9
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
9
#define __USE_MINGW_ANSI_STDIO 0 /* was not defined so it should be 0 */
10
11
It turns out that __USE_MINGW_ANSI_STDIO must be set before any
12
system headers are included, not just before stdio.h.
13
14
Signed-off-by: Cao Jiaxi <driver1998@foxmail.com>
15
Reviewed-by: Thomas Huth <thuth@redhat.com>
16
Reviewed-by: Stefan Weil <sw@weilnetz.de>
17
Message-id: 20190503003719.10233-1-driver1998@foxmail.com
18
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
11
Message-id: 20201111143440.112763-1-drjones@redhat.com
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
13
---
21
include/qemu/osdep.h | 10 +++++-----
14
hw/arm/Kconfig | 1 +
22
1 file changed, 5 insertions(+), 5 deletions(-)
15
1 file changed, 1 insertion(+)
23
16
24
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
17
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
25
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
26
--- a/include/qemu/osdep.h
19
--- a/hw/arm/Kconfig
27
+++ b/include/qemu/osdep.h
20
+++ b/hw/arm/Kconfig
28
@@ -XXX,XX +XXX,XX @@ extern int daemon(int, int);
21
@@ -XXX,XX +XXX,XX @@ config ARM_VIRT
29
#endif
22
imply VFIO_PLATFORM
30
#endif
23
imply VFIO_XGMAC
31
24
imply TPM_TIS_SYSBUS
32
+/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */
25
+ select ARM_GIC
33
+#ifdef __MINGW32__
26
select ACPI
34
+#define __USE_MINGW_ANSI_STDIO 1
27
select ARM_SMMUV3
35
+#endif
28
select GPIO_KEY
36
+
37
#include <stdarg.h>
38
#include <stddef.h>
39
#include <stdbool.h>
40
#include <stdint.h>
41
#include <sys/types.h>
42
#include <stdlib.h>
43
-
44
-/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */
45
-#ifdef __MINGW32__
46
-#define __USE_MINGW_ANSI_STDIO 1
47
-#endif
48
#include <stdio.h>
49
50
#include <string.h>
51
--
29
--
52
2.20.1
30
2.20.1
53
31
54
32
diff view generated by jsdifflib
1
From: Markus Armbruster <armbru@redhat.com>
1
From: Alex Chen <alex.chen@huawei.com>
2
2
3
The ARM virt machines put firmware in flash memory. To configure it,
3
We should use printf format specifier "%u" instead of "%d" for
4
you use -drive if=pflash,unit=0,... and optionally -drive
4
argument of type "unsigned int".
5
if=pflash,unit=1,...
6
5
7
Why two -drive? This permits setting up one part of the flash memory
6
Reported-by: Euler Robot <euler.robot@huawei.com>
8
read-only, and the other part read/write. It also makes upgrading
7
Signed-off-by: Alex Chen <alex.chen@huawei.com>
9
firmware on the host easier. Below the hood, we get two separate
8
Message-id: 20201111073651.72804-1-alex.chen@huawei.com
10
flash devices, because we were too lazy to improve our flash device
11
models to support sector protection.
12
13
The problem at hand is to do the same with -blockdev somehow, as one
14
more step towards deprecating -drive.
15
16
We recently solved this problem for x86 PC machines, in commit
17
ebc29e1beab. See the commit message for design rationale.
18
19
This commit solves it for ARM virt basically the same way: new machine
20
properties pflash0, pflash1 forward to the onboard flash devices'
21
properties. Requires creating the onboard devices in the
22
.instance_init() method virt_instance_init(). The existing code to
23
pick up drives defined with -drive if=pflash is replaced by code to
24
desugar into the machine properties.
25
26
There are a few behavioral differences, though:
27
28
* The flash devices are always present (x86: only present if
29
configured)
30
31
* Flash base addresses and sizes are fixed (x86: sizes depend on
32
images, mapped back to back below a fixed address)
33
34
* -bios configures contents of first pflash (x86: -bios configures ROM
35
contents)
36
37
* -bios is rejected when first pflash is also configured with -machine
38
pflash0=... (x86: bios is silently ignored then)
39
40
* -machine pflash1=... does not require -machine pflash0=... (x86: it
41
does).
42
43
The actual code is a bit simpler than for x86 mostly due to the first
44
two differences.
45
46
Before the patch, all the action is in create_flash(), called from the
47
machine's .init() method machvirt_init():
48
49
main()
50
machine_run_board_init()
51
machvirt_init()
52
create_flash()
53
create_one_flash() for flash[0]
54
create
55
configure
56
includes obeying -drive if=pflash,unit=0
57
realize
58
map
59
fall back to -bios
60
create_one_flash() for flash[1]
61
create
62
configure
63
includes obeying -drive if=pflash,unit=1
64
realize
65
map
66
update FDT
67
68
To make the machine properties work, we need to move device creation
69
to its .instance_init() method virt_instance_init().
70
71
Another complication is machvirt_init()'s computation of
72
@firmware_loaded: it predicts what create_flash() will do. Instead of
73
predicting what create_flash()'s replacement virt_firmware_init() will
74
do, I decided to have virt_firmware_init() return what it did.
75
Requires calling it a bit earlier.
76
77
Resulting call tree:
78
79
main()
80
current_machine = object_new()
81
...
82
virt_instance_init()
83
virt_flash_create()
84
virt_flash_create1() for flash[0]
85
create
86
configure: set defaults
87
become child of machine [NEW]
88
add machine prop pflash0 as alias for drive [NEW]
89
virt_flash_create1() for flash[1]
90
create
91
configure: set defaults
92
become child of machine [NEW]
93
add machine prop pflash1 as alias for drive [NEW]
94
for all machine props from the command line: machine_set_property()
95
...
96
property_set_alias() for machine props pflash0, pflash1
97
...
98
set_drive() for cfi.pflash01 prop drive
99
this is how -machine pflash0=... etc set
100
machine_run_board_init(current_machine);
101
virt_firmware_init()
102
pflash_cfi01_legacy_drive()
103
legacy -drive if=pflash,unit=0 and =1 [NEW]
104
virt_flash_map()
105
virt_flash_map1() for flash[0]
106
configure: num-blocks
107
realize
108
map
109
virt_flash_map1() for flash[1]
110
configure: num-blocks
111
realize
112
map
113
fall back to -bios
114
virt_flash_fdt()
115
update FDT
116
117
You have László to thank for making me explain this in detail.
118
119
Signed-off-by: Markus Armbruster <armbru@redhat.com>
120
Acked-by: Laszlo Ersek <lersek@redhat.com>
121
Message-id: 20190416091348.26075-4-armbru@redhat.com
122
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
123
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
124
---
11
---
125
include/hw/arm/virt.h | 2 +
12
hw/timer/exynos4210_mct.c | 4 ++--
126
hw/arm/virt.c | 202 +++++++++++++++++++++++++++---------------
13
hw/timer/exynos4210_pwm.c | 8 ++++----
127
2 files changed, 132 insertions(+), 72 deletions(-)
14
2 files changed, 6 insertions(+), 6 deletions(-)
128
15
129
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
16
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
130
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
131
--- a/include/hw/arm/virt.h
18
--- a/hw/timer/exynos4210_mct.c
132
+++ b/include/hw/arm/virt.h
19
+++ b/hw/timer/exynos4210_mct.c
133
@@ -XXX,XX +XXX,XX @@
20
@@ -XXX,XX +XXX,XX @@ static void exynos4210_gcomp_raise_irq(void *opaque, uint32_t id)
134
#include "qemu/notify.h"
21
/* If CSTAT is pending and IRQ is enabled */
135
#include "hw/boards.h"
22
if ((s->reg.int_cstat & G_INT_CSTAT_COMP(id)) &&
136
#include "hw/arm/arm.h"
23
(s->reg.int_enb & G_INT_ENABLE(id))) {
137
+#include "hw/block/flash.h"
24
- DPRINTF("gcmp timer[%d] IRQ\n", id);
138
#include "sysemu/kvm.h"
25
+ DPRINTF("gcmp timer[%u] IRQ\n", id);
139
#include "hw/intc/arm_gicv3_common.h"
26
qemu_irq_raise(s->irq[id]);
140
141
@@ -XXX,XX +XXX,XX @@ typedef struct {
142
Notifier machine_done;
143
DeviceState *platform_bus_dev;
144
FWCfgState *fw_cfg;
145
+ PFlashCFI01 *flash[2];
146
bool secure;
147
bool highmem;
148
bool highmem_ecam;
149
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
150
index XXXXXXX..XXXXXXX 100644
151
--- a/hw/arm/virt.c
152
+++ b/hw/arm/virt.c
153
@@ -XXX,XX +XXX,XX @@
154
155
#include "qemu/osdep.h"
156
#include "qemu/units.h"
157
+#include "qemu/option.h"
158
#include "qapi/error.h"
159
#include "hw/sysbus.h"
160
#include "hw/arm/arm.h"
161
@@ -XXX,XX +XXX,XX @@ static void create_virtio_devices(const VirtMachineState *vms, qemu_irq *pic)
162
}
27
}
163
}
28
}
164
29
@@ -XXX,XX +XXX,XX @@ static void exynos4210_mct_update_freq(Exynos4210MCTState *s)
165
-static void create_one_flash(const char *name, hwaddr flashbase,
30
MCT_CFG_GET_DIVIDER(s->reg_mct_cfg));
166
- hwaddr flashsize, const char *file,
31
167
- MemoryRegion *sysmem)
32
if (freq != s->freq) {
168
+#define VIRT_FLASH_SECTOR_SIZE (256 * KiB)
33
- DPRINTF("freq=%dHz\n", s->freq);
169
+
34
+ DPRINTF("freq=%uHz\n", s->freq);
170
+static PFlashCFI01 *virt_flash_create1(VirtMachineState *vms,
35
171
+ const char *name,
36
/* global timer */
172
+ const char *alias_prop_name)
37
tx_ptimer_set_freq(s->g_timer.ptimer_frc, s->freq);
173
{
38
diff --git a/hw/timer/exynos4210_pwm.c b/hw/timer/exynos4210_pwm.c
174
- /* Create and map a single flash device. We use the same
39
index XXXXXXX..XXXXXXX 100644
175
- * parameters as the flash devices on the Versatile Express board.
40
--- a/hw/timer/exynos4210_pwm.c
176
+ /*
41
+++ b/hw/timer/exynos4210_pwm.c
177
+ * Create a single flash device. We use the same parameters as
42
@@ -XXX,XX +XXX,XX @@ static void exynos4210_pwm_update_freq(Exynos4210PWMState *s, uint32_t id)
178
+ * the flash devices on the Versatile Express board.
43
179
*/
44
if (freq != s->timer[id].freq) {
180
- DriveInfo *dinfo = drive_get_next(IF_PFLASH);
45
ptimer_set_freq(s->timer[id].ptimer, s->timer[id].freq);
181
DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01);
46
- DPRINTF("freq=%dHz\n", s->timer[id].freq);
182
- SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
47
+ DPRINTF("freq=%uHz\n", s->timer[id].freq);
183
- const uint64_t sectorlength = 256 * 1024;
184
185
- if (dinfo) {
186
- qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo),
187
- &error_abort);
188
- }
189
-
190
- qdev_prop_set_uint32(dev, "num-blocks", flashsize / sectorlength);
191
- qdev_prop_set_uint64(dev, "sector-length", sectorlength);
192
+ qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);
193
qdev_prop_set_uint8(dev, "width", 4);
194
qdev_prop_set_uint8(dev, "device-width", 2);
195
qdev_prop_set_bit(dev, "big-endian", false);
196
@@ -XXX,XX +XXX,XX @@ static void create_one_flash(const char *name, hwaddr flashbase,
197
qdev_prop_set_uint16(dev, "id2", 0x00);
198
qdev_prop_set_uint16(dev, "id3", 0x00);
199
qdev_prop_set_string(dev, "name", name);
200
- qdev_init_nofail(dev);
201
-
202
- memory_region_add_subregion(sysmem, flashbase,
203
- sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0));
204
-
205
- if (file) {
206
- char *fn;
207
- int image_size;
208
-
209
- if (drive_get(IF_PFLASH, 0, 0)) {
210
- error_report("The contents of the first flash device may be "
211
- "specified with -bios or with -drive if=pflash... "
212
- "but you cannot use both options at once");
213
- exit(1);
214
- }
215
- fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, file);
216
- if (!fn) {
217
- error_report("Could not find ROM image '%s'", file);
218
- exit(1);
219
- }
220
- image_size = load_image_mr(fn, sysbus_mmio_get_region(sbd, 0));
221
- g_free(fn);
222
- if (image_size < 0) {
223
- error_report("Could not load ROM image '%s'", file);
224
- exit(1);
225
- }
226
- }
227
+ object_property_add_child(OBJECT(vms), name, OBJECT(dev),
228
+ &error_abort);
229
+ object_property_add_alias(OBJECT(vms), alias_prop_name,
230
+ OBJECT(dev), "drive", &error_abort);
231
+ return PFLASH_CFI01(dev);
232
}
233
234
-static void create_flash(const VirtMachineState *vms,
235
- MemoryRegion *sysmem,
236
- MemoryRegion *secure_sysmem)
237
+static void virt_flash_create(VirtMachineState *vms)
238
{
239
- /* Create two flash devices to fill the VIRT_FLASH space in the memmap.
240
- * Any file passed via -bios goes in the first of these.
241
+ vms->flash[0] = virt_flash_create1(vms, "virt.flash0", "pflash0");
242
+ vms->flash[1] = virt_flash_create1(vms, "virt.flash1", "pflash1");
243
+}
244
+
245
+static void virt_flash_map1(PFlashCFI01 *flash,
246
+ hwaddr base, hwaddr size,
247
+ MemoryRegion *sysmem)
248
+{
249
+ DeviceState *dev = DEVICE(flash);
250
+
251
+ assert(size % VIRT_FLASH_SECTOR_SIZE == 0);
252
+ assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
253
+ qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
254
+ qdev_init_nofail(dev);
255
+
256
+ memory_region_add_subregion(sysmem, base,
257
+ sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
258
+ 0));
259
+}
260
+
261
+static void virt_flash_map(VirtMachineState *vms,
262
+ MemoryRegion *sysmem,
263
+ MemoryRegion *secure_sysmem)
264
+{
265
+ /*
266
+ * Map two flash devices to fill the VIRT_FLASH space in the memmap.
267
* sysmem is the system memory space. secure_sysmem is the secure view
268
* of the system, and the first flash device should be made visible only
269
* there. The second flash device is visible to both secure and nonsecure.
270
@@ -XXX,XX +XXX,XX @@ static void create_flash(const VirtMachineState *vms,
271
*/
272
hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2;
273
hwaddr flashbase = vms->memmap[VIRT_FLASH].base;
274
- char *nodename;
275
276
- create_one_flash("virt.flash0", flashbase, flashsize,
277
- bios_name, secure_sysmem);
278
- create_one_flash("virt.flash1", flashbase + flashsize, flashsize,
279
- NULL, sysmem);
280
+ virt_flash_map1(vms->flash[0], flashbase, flashsize,
281
+ secure_sysmem);
282
+ virt_flash_map1(vms->flash[1], flashbase + flashsize, flashsize,
283
+ sysmem);
284
+}
285
+
286
+static void virt_flash_fdt(VirtMachineState *vms,
287
+ MemoryRegion *sysmem,
288
+ MemoryRegion *secure_sysmem)
289
+{
290
+ hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2;
291
+ hwaddr flashbase = vms->memmap[VIRT_FLASH].base;
292
+ char *nodename;
293
294
if (sysmem == secure_sysmem) {
295
/* Report both flash devices as a single node in the DT */
296
@@ -XXX,XX +XXX,XX @@ static void create_flash(const VirtMachineState *vms,
297
qemu_fdt_setprop_cell(vms->fdt, nodename, "bank-width", 4);
298
g_free(nodename);
299
} else {
300
- /* Report the devices as separate nodes so we can mark one as
301
+ /*
302
+ * Report the devices as separate nodes so we can mark one as
303
* only visible to the secure world.
304
*/
305
nodename = g_strdup_printf("/secflash@%" PRIx64, flashbase);
306
@@ -XXX,XX +XXX,XX @@ static void create_flash(const VirtMachineState *vms,
307
}
48
}
308
}
49
}
309
50
310
+static bool virt_firmware_init(VirtMachineState *vms,
51
@@ -XXX,XX +XXX,XX @@ static void exynos4210_pwm_tick(void *opaque)
311
+ MemoryRegion *sysmem,
52
uint32_t id = s->id;
312
+ MemoryRegion *secure_sysmem)
53
bool cmp;
313
+{
54
314
+ int i;
55
- DPRINTF("timer %d tick\n", id);
315
+ BlockBackend *pflash_blk0;
56
+ DPRINTF("timer %u tick\n", id);
316
+
57
317
+ /* Map legacy -drive if=pflash to machine properties */
58
/* set irq status */
318
+ for (i = 0; i < ARRAY_SIZE(vms->flash); i++) {
59
p->reg_tint_cstat |= TINT_CSTAT_STATUS(id);
319
+ pflash_cfi01_legacy_drive(vms->flash[i],
60
320
+ drive_get(IF_PFLASH, 0, i));
61
/* raise IRQ */
321
+ }
62
if (p->reg_tint_cstat & TINT_CSTAT_ENABLE(id)) {
322
+
63
- DPRINTF("timer %d IRQ\n", id);
323
+ virt_flash_map(vms, sysmem, secure_sysmem);
64
+ DPRINTF("timer %u IRQ\n", id);
324
+
65
qemu_irq_raise(p->timer[id].irq);
325
+ pflash_blk0 = pflash_cfi01_get_blk(vms->flash[0]);
326
+
327
+ if (bios_name) {
328
+ char *fname;
329
+ MemoryRegion *mr;
330
+ int image_size;
331
+
332
+ if (pflash_blk0) {
333
+ error_report("The contents of the first flash device may be "
334
+ "specified with -bios or with -drive if=pflash... "
335
+ "but you cannot use both options at once");
336
+ exit(1);
337
+ }
338
+
339
+ /* Fall back to -bios */
340
+
341
+ fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
342
+ if (!fname) {
343
+ error_report("Could not find ROM image '%s'", bios_name);
344
+ exit(1);
345
+ }
346
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(vms->flash[0]), 0);
347
+ image_size = load_image_mr(fname, mr);
348
+ g_free(fname);
349
+ if (image_size < 0) {
350
+ error_report("Could not load ROM image '%s'", bios_name);
351
+ exit(1);
352
+ }
353
+ }
354
+
355
+ return pflash_blk0 || bios_name;
356
+}
357
+
358
static FWCfgState *create_fw_cfg(const VirtMachineState *vms, AddressSpace *as)
359
{
360
hwaddr base = vms->memmap[VIRT_FW_CFG].base;
361
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
362
MemoryRegion *secure_sysmem = NULL;
363
int n, virt_max_cpus;
364
MemoryRegion *ram = g_new(MemoryRegion, 1);
365
- bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
366
+ bool firmware_loaded;
367
bool aarch64 = true;
368
369
/*
370
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
371
exit(1);
372
}
66
}
373
67
374
+ if (vms->secure) {
68
@@ -XXX,XX +XXX,XX @@ static void exynos4210_pwm_tick(void *opaque)
375
+ if (kvm_enabled()) {
376
+ error_report("mach-virt: KVM does not support Security extensions");
377
+ exit(1);
378
+ }
379
+
380
+ /*
381
+ * The Secure view of the world is the same as the NonSecure,
382
+ * but with a few extra devices. Create it as a container region
383
+ * containing the system memory at low priority; any secure-only
384
+ * devices go in at higher priority and take precedence.
385
+ */
386
+ secure_sysmem = g_new(MemoryRegion, 1);
387
+ memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",
388
+ UINT64_MAX);
389
+ memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);
390
+ }
391
+
392
+ firmware_loaded = virt_firmware_init(vms, sysmem,
393
+ secure_sysmem ?: sysmem);
394
+
395
/* If we have an EL3 boot ROM then the assumption is that it will
396
* implement PSCI itself, so disable QEMU's internal implementation
397
* so it doesn't get in the way. Instead of starting secondary
398
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
399
exit(1);
400
}
69
}
401
70
402
- if (vms->secure) {
71
if (cmp) {
403
- if (kvm_enabled()) {
72
- DPRINTF("auto reload timer %d count to %x\n", id,
404
- error_report("mach-virt: KVM does not support Security extensions");
73
+ DPRINTF("auto reload timer %u count to %x\n", id,
405
- exit(1);
74
p->timer[id].reg_tcntb);
406
- }
75
ptimer_set_count(p->timer[id].ptimer, p->timer[id].reg_tcntb);
407
-
76
ptimer_run(p->timer[id].ptimer, 1);
408
- /* The Secure view of the world is the same as the NonSecure,
409
- * but with a few extra devices. Create it as a container region
410
- * containing the system memory at low priority; any secure-only
411
- * devices go in at higher priority and take precedence.
412
- */
413
- secure_sysmem = g_new(MemoryRegion, 1);
414
- memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",
415
- UINT64_MAX);
416
- memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);
417
- }
418
-
419
create_fdt(vms);
420
421
possible_cpus = mc->possible_cpu_arch_ids(machine);
422
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
423
&machine->device_memory->mr);
424
}
425
426
- create_flash(vms, sysmem, secure_sysmem ? secure_sysmem : sysmem);
427
+ virt_flash_fdt(vms, sysmem, secure_sysmem);
428
429
create_gic(vms, pic);
430
431
@@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj)
432
NULL);
433
434
vms->irqmap = a15irqmap;
435
+
436
+ virt_flash_create(vms);
437
}
438
439
static const TypeInfo virt_machine_info = {
440
--
77
--
441
2.20.1
78
2.20.1
442
79
443
80
diff view generated by jsdifflib
1
Currently the dc_zva helper function uses a variable length
1
In commit 5edab03d4040 we added tracepoints to the ps2 keyboard
2
array. In fact we know (as the comment above remarks) that
2
and mouse emulation. However we didn't remove all the debug-by-printf
3
the length of this array is bounded because the architecture
3
support. In fact there is only one printf() remaining, and it is
4
limits the block size and QEMU limits the target page size.
4
redundant with the trace_ps2_write_mouse() event next to it.
5
Use a fixed array size and assert that we don't run off it.
5
Remove the printf() and the now-unused DEBUG* macros.
6
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
10
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
11
Message-id: 20190503120448.13385-1-peter.maydell@linaro.org
10
Message-id: 20201101133258.4240-1-peter.maydell@linaro.org
12
---
11
---
13
target/arm/helper.c | 8 ++++++--
12
hw/input/ps2.c | 9 ---------
14
1 file changed, 6 insertions(+), 2 deletions(-)
13
1 file changed, 9 deletions(-)
15
14
16
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
17
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/helper.c
17
--- a/hw/input/ps2.c
19
+++ b/target/arm/helper.c
18
+++ b/hw/input/ps2.c
20
@@ -XXX,XX +XXX,XX @@
19
@@ -XXX,XX +XXX,XX @@
21
#include "qemu/osdep.h"
20
22
+#include "qemu/units.h"
23
#include "target/arm/idau.h"
24
#include "trace.h"
21
#include "trace.h"
25
#include "cpu.h"
22
26
@@ -XXX,XX +XXX,XX @@ void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in)
23
-/* debug PC keyboard */
27
* We know that in fact for any v8 CPU the page size is at least 4K
24
-//#define DEBUG_KBD
28
* and the block size must be 2K or less, but TARGET_PAGE_SIZE is only
25
-
29
* 1K as an artefact of legacy v5 subpage support being present in the
26
-/* debug PC keyboard : only mouse */
30
- * same QEMU executable.
27
-//#define DEBUG_MOUSE
31
+ * same QEMU executable. So in practice the hostaddr[] array has
28
-
32
+ * two entries, given the current setting of TARGET_PAGE_BITS_MIN.
29
/* Keyboard Commands */
33
*/
30
#define KBD_CMD_SET_LEDS    0xED    /* Set keyboard leds */
34
int maxidx = DIV_ROUND_UP(blocklen, TARGET_PAGE_SIZE);
31
#define KBD_CMD_ECHO     0xEE
35
- void *hostaddr[maxidx];
32
@@ -XXX,XX +XXX,XX @@ void ps2_write_mouse(void *opaque, int val)
36
+ void *hostaddr[DIV_ROUND_UP(2 * KiB, 1 << TARGET_PAGE_BITS_MIN)];
33
PS2MouseState *s = (PS2MouseState *)opaque;
37
int try, i;
34
38
unsigned mmu_idx = cpu_mmu_index(env, false);
35
trace_ps2_write_mouse(opaque, val);
39
TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
36
-#ifdef DEBUG_MOUSE
40
37
- printf("kbd: write mouse 0x%02x\n", val);
41
+ assert(maxidx <= ARRAY_SIZE(hostaddr));
38
-#endif
42
+
39
switch(s->common.write_cmd) {
43
for (try = 0; try < 2; try++) {
40
default:
44
41
case -1:
45
for (i = 0; i < maxidx; i++) {
46
--
42
--
47
2.20.1
43
2.20.1
48
44
49
45
diff view generated by jsdifflib
1
In the M-profile architecture, if the CPU implements the DSP extension
1
In the mtspr helper we attempt to check for "is the timer disabled"
2
then the XPSR has GE bits, in the same way as the A-profile CPSR. When
2
with "if (env->ttmr & TIMER_NONE)". This is wrong because TIMER_NONE
3
we added DSP extension support we forgot to add support for reading
3
is zero and the condition is always false (Coverity complains about
4
and writing the GE bits, which are stored in env->GE. We did put in
4
the dead code.)
5
the code to add XPSR_GE to the mask of bits to update in the v7m_msr
6
helper, but forgot it in v7m_mrs. We also must not allow the XPSR we
7
pull off the stack on exception return to set the nonexistent GE bits.
8
Correct these errors:
9
* read and write env->GE in xpsr_read() and xpsr_write()
10
* only set GE bits on exception return if DSP present
11
* read GE bits for MRS if DSP present
12
5
6
The correct check would be to test whether the TTMR_M field in the
7
register is equal to TIMER_NONE instead. However, the
8
cpu_openrisc_timer_update() function checks whether the timer is
9
enabled (it looks at cpu->env.is_counting, which is set to 0 via
10
cpu_openrisc_count_stop() when the TTMR_M field is set to
11
TIMER_NONE), so there's no need to check for "timer disabled" in the
12
target/openrisc code. Instead, simply remove the dead code.
13
14
Fixes: Coverity CID 1005812
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Acked-by: Stafford Horne <shorne@gmail.com>
15
Message-id: 20190430131439.25251-5-peter.maydell@linaro.org
17
Message-id: 20201103114654.18540-1-peter.maydell@linaro.org
16
---
18
---
17
target/arm/cpu.h | 4 ++++
19
target/openrisc/sys_helper.c | 3 ---
18
target/arm/helper.c | 12 ++++++++++--
20
1 file changed, 3 deletions(-)
19
2 files changed, 14 insertions(+), 2 deletions(-)
20
21
21
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
22
diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
22
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
23
--- a/target/arm/cpu.h
24
--- a/target/openrisc/sys_helper.c
24
+++ b/target/arm/cpu.h
25
+++ b/target/openrisc/sys_helper.c
25
@@ -XXX,XX +XXX,XX @@ static inline uint32_t xpsr_read(CPUARMState *env)
26
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
26
| (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27)
27
27
| (env->thumb << 24) | ((env->condexec_bits & 3) << 25)
28
case TO_SPR(10, 1): /* TTCR */
28
| ((env->condexec_bits & 0xfc) << 8)
29
cpu_openrisc_count_set(cpu, rb);
29
+ | (env->GE << 16)
30
- if (env->ttmr & TIMER_NONE) {
30
| env->v7m.exception;
31
- return;
31
}
32
- }
32
33
cpu_openrisc_timer_update(cpu);
33
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
34
break;
34
if (mask & XPSR_Q) {
35
#endif
35
env->QF = ((val & XPSR_Q) != 0);
36
}
37
+ if (mask & XPSR_GE) {
38
+ env->GE = (val & XPSR_GE) >> 16;
39
+ }
40
if (mask & XPSR_T) {
41
env->thumb = ((val & XPSR_T) != 0);
42
}
43
diff --git a/target/arm/helper.c b/target/arm/helper.c
44
index XXXXXXX..XXXXXXX 100644
45
--- a/target/arm/helper.c
46
+++ b/target/arm/helper.c
47
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
48
{
49
CPUARMState *env = &cpu->env;
50
uint32_t excret;
51
- uint32_t xpsr;
52
+ uint32_t xpsr, xpsr_mask;
53
bool ufault = false;
54
bool sfault = false;
55
bool return_to_sp_process;
56
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
57
}
58
*frame_sp_p = frameptr;
59
}
60
+
61
+ xpsr_mask = ~(XPSR_SPREALIGN | XPSR_SFPA);
62
+ if (!arm_feature(env, ARM_FEATURE_THUMB_DSP)) {
63
+ xpsr_mask &= ~XPSR_GE;
64
+ }
65
/* This xpsr_write() will invalidate frame_sp_p as it may switch stack */
66
- xpsr_write(env, xpsr, ~(XPSR_SPREALIGN | XPSR_SFPA));
67
+ xpsr_write(env, xpsr, xpsr_mask);
68
69
if (env->v7m.secure) {
70
bool sfpa = xpsr & XPSR_SFPA;
71
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
72
}
73
if (!(reg & 4)) {
74
mask |= XPSR_NZCV | XPSR_Q; /* APSR */
75
+ if (arm_feature(env, ARM_FEATURE_THUMB_DSP)) {
76
+ mask |= XPSR_GE;
77
+ }
78
}
79
/* EPSR reads as zero */
80
return xpsr_read(env) & mask;
81
--
36
--
82
2.20.1
37
2.20.1
83
38
84
39
diff view generated by jsdifflib
1
From: Joel Stanley <joel@jms.id.au>
1
From: Alistair Francis <alistair.francis@wdc.com>
2
2
3
We currently use Qemu's default of 128MB. As we know how much ram each
3
This patch fixes CID 1432800 by removing an unnecessary check.
4
machine ships with, make it easier on users by setting a default.
5
4
6
It can still be overridden with -m on the command line.
5
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
7
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Joel Stanley <joel@jms.id.au>
9
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20190503022958.1394-1-joel@jms.id.au
12
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
8
---
15
include/hw/arm/aspeed.h | 1 +
9
hw/core/register.c | 4 ----
16
hw/arm/aspeed.c | 8 ++++++++
10
1 file changed, 4 deletions(-)
17
2 files changed, 9 insertions(+)
18
11
19
diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
12
diff --git a/hw/core/register.c b/hw/core/register.c
20
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
21
--- a/include/hw/arm/aspeed.h
14
--- a/hw/core/register.c
22
+++ b/include/hw/arm/aspeed.h
15
+++ b/hw/core/register.c
23
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedBoardConfig {
16
@@ -XXX,XX +XXX,XX @@ static RegisterInfoArray *register_init_block(DeviceState *owner,
24
const char *spi_model;
17
int index = rae[i].addr / data_size;
25
uint32_t num_cs;
18
RegisterInfo *r = &ri[index];
26
void (*i2c_init)(AspeedBoardState *bmc);
19
27
+ uint32_t ram;
20
- if (data + data_size * index == 0 || !&rae[i]) {
28
} AspeedBoardConfig;
21
- continue;
29
22
- }
30
#define TYPE_ASPEED_MACHINE MACHINE_TYPE_NAME("aspeed")
23
-
31
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
24
/* Init the register, this will zero it. */
32
index XXXXXXX..XXXXXXX 100644
25
object_initialize((void *)r, sizeof(*r), TYPE_REGISTER);
33
--- a/hw/arm/aspeed.c
34
+++ b/hw/arm/aspeed.c
35
@@ -XXX,XX +XXX,XX @@
36
#include "sysemu/block-backend.h"
37
#include "hw/loader.h"
38
#include "qemu/error-report.h"
39
+#include "qemu/units.h"
40
41
static struct arm_boot_info aspeed_board_binfo = {
42
.board_id = -1, /* device-tree-only board */
43
@@ -XXX,XX +XXX,XX @@ static void aspeed_machine_class_init(ObjectClass *oc, void *data)
44
mc->no_floppy = 1;
45
mc->no_cdrom = 1;
46
mc->no_parallel = 1;
47
+ if (board->ram) {
48
+ mc->default_ram_size = board->ram;
49
+ }
50
amc->board = board;
51
}
52
53
@@ -XXX,XX +XXX,XX @@ static const AspeedBoardConfig aspeed_boards[] = {
54
.spi_model = "mx25l25635e",
55
.num_cs = 1,
56
.i2c_init = palmetto_bmc_i2c_init,
57
+ .ram = 256 * MiB,
58
}, {
59
.name = MACHINE_TYPE_NAME("ast2500-evb"),
60
.desc = "Aspeed AST2500 EVB (ARM1176)",
61
@@ -XXX,XX +XXX,XX @@ static const AspeedBoardConfig aspeed_boards[] = {
62
.spi_model = "mx25l25635e",
63
.num_cs = 1,
64
.i2c_init = ast2500_evb_i2c_init,
65
+ .ram = 512 * MiB,
66
}, {
67
.name = MACHINE_TYPE_NAME("romulus-bmc"),
68
.desc = "OpenPOWER Romulus BMC (ARM1176)",
69
@@ -XXX,XX +XXX,XX @@ static const AspeedBoardConfig aspeed_boards[] = {
70
.spi_model = "mx66l1g45g",
71
.num_cs = 2,
72
.i2c_init = romulus_bmc_i2c_init,
73
+ .ram = 512 * MiB,
74
}, {
75
.name = MACHINE_TYPE_NAME("witherspoon-bmc"),
76
.desc = "OpenPOWER Witherspoon BMC (ARM1176)",
77
@@ -XXX,XX +XXX,XX @@ static const AspeedBoardConfig aspeed_boards[] = {
78
.spi_model = "mx66l1g45g",
79
.num_cs = 2,
80
.i2c_init = witherspoon_bmc_i2c_init,
81
+ .ram = 512 * MiB,
82
},
83
};
84
26
85
--
27
--
86
2.20.1
28
2.20.1
87
29
88
30
diff view generated by jsdifflib
1
From: Cao Jiaxi <driver1998@foxmail.com>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
Windows ARM64 uses LLP64 model, which breaks current assumptions.
3
Fix Coverity CID 1435957: Memory - illegal accesses (OVERRUN):
4
4
5
Signed-off-by: Cao Jiaxi <driver1998@foxmail.com>
5
>>> Overrunning array "suffixes" of 7 8-byte elements at element
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
index 7 (byte offset 63) using index "idx" (which evaluates to 7).
7
Reviewed-by: Thomas Huth <thuth@redhat.com>
7
8
Message-id: 20190503003707.10185-1-driver1998@foxmail.com
8
Note, the biggest input value freq_to_str() can accept is UINT64_MAX,
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
which is ~18.446 EHz, less than 1000 EHz.
10
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
10
11
Reported-by: Eduardo Habkost <ehabkost@redhat.com>
12
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
15
Reviewed-by: Luc Michel <luc@lmichel.fr>
16
Message-id: 20201101215755.2021421-1-f4bug@amsat.org
17
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
20
---
13
util/cacheinfo.c | 2 +-
21
util/cutils.c | 3 ++-
14
1 file changed, 1 insertion(+), 1 deletion(-)
22
1 file changed, 2 insertions(+), 1 deletion(-)
15
23
16
diff --git a/util/cacheinfo.c b/util/cacheinfo.c
24
diff --git a/util/cutils.c b/util/cutils.c
17
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
18
--- a/util/cacheinfo.c
26
--- a/util/cutils.c
19
+++ b/util/cacheinfo.c
27
+++ b/util/cutils.c
20
@@ -XXX,XX +XXX,XX @@ static void sys_cache_info(int *isize, int *dsize)
28
@@ -XXX,XX +XXX,XX @@ char *freq_to_str(uint64_t freq_hz)
21
static void arch_cache_info(int *isize, int *dsize)
29
double freq = freq_hz;
22
{
30
size_t idx = 0;
23
if (*isize == 0 || *dsize == 0) {
31
24
- unsigned long ctr;
32
- while (freq >= 1000.0 && idx < ARRAY_SIZE(suffixes)) {
25
+ uint64_t ctr;
33
+ while (freq >= 1000.0) {
26
34
freq /= 1000.0;
27
/* The real cache geometry is in CCSIDR_EL1/CLIDR_EL1/CSSELR_EL1,
35
idx++;
28
but (at least under Linux) these are marked protected by the
36
}
37
+ assert(idx < ARRAY_SIZE(suffixes));
38
39
return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
40
}
29
--
41
--
30
2.20.1
42
2.20.1
31
43
32
44
diff view generated by jsdifflib
1
The M-profile architecture specifies that the DebugMonitor exception
1
In commit 76346b6264a9b01979 we tried to add a configure check that
2
should be initially disabled, not enabled. It should be controlled
2
the libgio pkg-config data was correct, which builds an executable
3
by the DEMCR register's MON_EN bit, but we don't implement that
3
linked against it. Unfortunately this doesn't catch the problem
4
register yet (like most of the debug architecture for M-profile).
4
(missing static library dependency info), because a "do nothing" test
5
source file doesn't have any symbol references that cause the linker
6
to pull in .o files from libgio.a, and so we don't see the "missing
7
symbols from libmount" error that a full QEMU link triggers.
5
8
6
Note that BKPT instructions will still work, because they
9
(The ineffective test went unnoticed because of a typo that
7
will be escalated to HardFault.
10
effectively disabled libgio unconditionally, but after commit
11
3569a5dfc11f2 fixed that, a static link of the system emulator on
12
Ubuntu stopped working again.)
13
14
Improve the gio test by having the test source fragment reference a
15
g_dbus function (which is what is indirectly causing us to end up
16
wanting functions from libmount).
8
17
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
11
Message-id: 20190430131439.25251-4-peter.maydell@linaro.org
20
Message-id: 20201116104617.18333-1-peter.maydell@linaro.org
12
---
21
---
13
hw/intc/armv7m_nvic.c | 4 +++-
22
configure | 11 +++++++++--
14
1 file changed, 3 insertions(+), 1 deletion(-)
23
1 file changed, 9 insertions(+), 2 deletions(-)
15
24
16
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
25
diff --git a/configure b/configure
17
index XXXXXXX..XXXXXXX 100644
26
index XXXXXXX..XXXXXXX 100755
18
--- a/hw/intc/armv7m_nvic.c
27
--- a/configure
19
+++ b/hw/intc/armv7m_nvic.c
28
+++ b/configure
20
@@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_reset(DeviceState *dev)
29
@@ -XXX,XX +XXX,XX @@ if $pkg_config --atleast-version=$glib_req_ver gio-2.0; then
21
* the System Handler Control register
30
# Check that the libraries actually work -- Ubuntu 18.04 ships
22
*/
31
# with pkg-config --static --libs data for gio-2.0 that is missing
23
s->vectors[ARMV7M_EXCP_SVC].enabled = 1;
32
# -lblkid and will give a link error.
24
- s->vectors[ARMV7M_EXCP_DEBUG].enabled = 1;
33
- write_c_skeleton
25
s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
34
- if compile_prog "" "$gio_libs" ; then
26
s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
35
+ cat > $TMPC <<EOF
27
36
+#include <gio/gio.h>
28
+ /* DebugMonitor is enabled via DEMCR.MON_EN */
37
+int main(void)
29
+ s->vectors[ARMV7M_EXCP_DEBUG].enabled = 0;
38
+{
30
+
39
+ g_dbus_proxy_new_sync(0, 0, 0, 0, 0, 0, 0, 0);
31
resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
40
+ return 0;
32
s->vectors[ARMV7M_EXCP_RESET].prio = resetprio;
41
+}
33
s->vectors[ARMV7M_EXCP_NMI].prio = -2;
42
+EOF
43
+ if compile_prog "$gio_cflags" "$gio_libs" ; then
44
gio=yes
45
else
46
gio=no
34
--
47
--
35
2.20.1
48
2.20.1
36
49
37
50
diff view generated by jsdifflib
1
At the moment the Arm implementations of kvm_arch_{get,put}_registers()
1
The TMP105 datasheet (https://www.ti.com/lit/gpn/tmp105) says that the
2
don't support having QEMU change the values of system registers
2
power-up reset values for the T_low and T_high registers are 80 degrees C
3
(aka coprocessor registers for AArch32). This is because although
3
and 75 degrees C, which are 0x500 and 0x4B0 hex according to table 5. These
4
kvm_arch_get_registers() calls write_list_to_cpustate() to
4
values are then shifted right by four bits to give the register reset
5
update the CPU state struct fields (so QEMU code can read the
5
values, since both registers store the 12 bits of temperature data in bits
6
values in the usual way), kvm_arch_put_registers() does not
6
[15..4] of a 16 bit register.
7
call write_cpustate_to_list(), meaning that any changes to
8
the CPU state struct fields will not be passed back to KVM.
9
7
10
The rationale for this design is documented in a comment in the
8
We were resetting these registers to zero, which is problematic for Linux
11
AArch32 kvm_arch_put_registers() -- writing the values in the
9
guests which enable the alert interrupt and then immediately take an
12
cpregs list into the CPU state struct is "lossy" because the
10
unexpected overtemperature alert because the current temperature is above
13
write of a register might not succeed, and so if we blindly
11
freezing...
14
copy the CPU state values back again we will incorrectly
15
change register values for the guest. The assumption was that
16
no QEMU code would need to write to the registers.
17
18
However, when we implemented debug support for KVM guests, we
19
broke that assumption: the code to handle "set the guest up
20
to take a breakpoint exception" does so by updating various
21
guest registers including ESR_EL1.
22
23
Support this by making kvm_arch_put_registers() synchronize
24
CPU state back into the list. We sync only those registers
25
where the initial write succeeds, which should be sufficient.
26
27
This commit is the same as commit 823e1b3818f9b10b824ddc which we
28
had to revert in commit 942f99c825fc94c8b1a4, except that the bug
29
which was preventing EDK2 guest firmware running has been fixed:
30
kvm_arm_reset_vcpu() now calls write_list_to_cpustate().
31
12
32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
33
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Reviewed-by: Cédric Le Goater <clg@kaod.org>
34
Tested-by: Eric Auger <eric.auger@redhat.com>
15
Message-id: 20201110150023.25533-2-peter.maydell@linaro.org
35
---
16
---
36
target/arm/cpu.h | 9 ++++++++-
17
hw/misc/tmp105.c | 3 +++
37
target/arm/helper.c | 27 +++++++++++++++++++++++++--
18
1 file changed, 3 insertions(+)
38
target/arm/kvm.c | 8 ++++++++
39
target/arm/kvm32.c | 20 ++------------------
40
target/arm/kvm64.c | 2 ++
41
target/arm/machine.c | 2 +-
42
6 files changed, 46 insertions(+), 22 deletions(-)
43
19
44
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
20
diff --git a/hw/misc/tmp105.c b/hw/misc/tmp105.c
45
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
46
--- a/target/arm/cpu.h
22
--- a/hw/misc/tmp105.c
47
+++ b/target/arm/cpu.h
23
+++ b/hw/misc/tmp105.c
48
@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu);
24
@@ -XXX,XX +XXX,XX @@ static void tmp105_reset(I2CSlave *i2c)
49
/**
25
s->faults = tmp105_faultq[(s->config >> 3) & 3];
50
* write_cpustate_to_list:
26
s->alarm = 0;
51
* @cpu: ARMCPU
27
52
+ * @kvm_sync: true if this is for syncing back to KVM
28
+ s->limit[0] = 0x4b00; /* T_LOW, 75 degrees C */
53
*
29
+ s->limit[1] = 0x5000; /* T_HIGH, 80 degrees C */
54
* For each register listed in the ARMCPU cpreg_indexes list, write
30
+
55
* its value from the ARMCPUState structure into the cpreg_values list.
31
tmp105_interrupt_update(s);
56
* This is used to copy info from TCG's working data structures into
57
* KVM or for outbound migration.
58
*
59
+ * @kvm_sync is true if we are doing this in order to sync the
60
+ * register state back to KVM. In this case we will only update
61
+ * values in the list if the previous list->cpustate sync actually
62
+ * successfully wrote the CPU state. Otherwise we will keep the value
63
+ * that is in the list.
64
+ *
65
* Returns: true if all register values were read correctly,
66
* false if some register was unknown or could not be read.
67
* Note that we do not stop early on failure -- we will attempt
68
* reading all registers in the list.
69
*/
70
-bool write_cpustate_to_list(ARMCPU *cpu);
71
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
72
73
#define ARM_CPUID_TI915T 0x54029152
74
#define ARM_CPUID_TI925T 0x54029252
75
diff --git a/target/arm/helper.c b/target/arm/helper.c
76
index XXXXXXX..XXXXXXX 100644
77
--- a/target/arm/helper.c
78
+++ b/target/arm/helper.c
79
@@ -XXX,XX +XXX,XX @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
80
return true;
81
}
32
}
82
33
83
-bool write_cpustate_to_list(ARMCPU *cpu)
84
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
85
{
86
/* Write the coprocessor state from cpu->env to the (index,value) list. */
87
int i;
88
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
89
for (i = 0; i < cpu->cpreg_array_len; i++) {
90
uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
91
const ARMCPRegInfo *ri;
92
+ uint64_t newval;
93
94
ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
95
if (!ri) {
96
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
97
if (ri->type & ARM_CP_NO_RAW) {
98
continue;
99
}
100
- cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri);
101
+
102
+ newval = read_raw_cp_reg(&cpu->env, ri);
103
+ if (kvm_sync) {
104
+ /*
105
+ * Only sync if the previous list->cpustate sync succeeded.
106
+ * Rather than tracking the success/failure state for every
107
+ * item in the list, we just recheck "does the raw write we must
108
+ * have made in write_list_to_cpustate() read back OK" here.
109
+ */
110
+ uint64_t oldval = cpu->cpreg_values[i];
111
+
112
+ if (oldval == newval) {
113
+ continue;
114
+ }
115
+
116
+ write_raw_cp_reg(&cpu->env, ri, oldval);
117
+ if (read_raw_cp_reg(&cpu->env, ri) != oldval) {
118
+ continue;
119
+ }
120
+
121
+ write_raw_cp_reg(&cpu->env, ri, newval);
122
+ }
123
+ cpu->cpreg_values[i] = newval;
124
}
125
return ok;
126
}
127
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
128
index XXXXXXX..XXXXXXX 100644
129
--- a/target/arm/kvm.c
130
+++ b/target/arm/kvm.c
131
@@ -XXX,XX +XXX,XX @@ void kvm_arm_reset_vcpu(ARMCPU *cpu)
132
fprintf(stderr, "write_kvmstate_to_list failed\n");
133
abort();
134
}
135
+ /*
136
+ * Sync the reset values also into the CPUState. This is necessary
137
+ * because the next thing we do will be a kvm_arch_put_registers()
138
+ * which will update the list values from the CPUState before copying
139
+ * the list values back to KVM. It's OK to ignore failure returns here
140
+ * for the same reason we do so in kvm_arch_get_registers().
141
+ */
142
+ write_list_to_cpustate(cpu);
143
}
144
145
/*
146
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
147
index XXXXXXX..XXXXXXX 100644
148
--- a/target/arm/kvm32.c
149
+++ b/target/arm/kvm32.c
150
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
151
return ret;
152
}
153
154
- /* Note that we do not call write_cpustate_to_list()
155
- * here, so we are only writing the tuple list back to
156
- * KVM. This is safe because nothing can change the
157
- * CPUARMState cp15 fields (in particular gdb accesses cannot)
158
- * and so there are no changes to sync. In fact syncing would
159
- * be wrong at this point: for a constant register where TCG and
160
- * KVM disagree about its value, the preceding write_list_to_cpustate()
161
- * would not have had any effect on the CPUARMState value (since the
162
- * register is read-only), and a write_cpustate_to_list() here would
163
- * then try to write the TCG value back into KVM -- this would either
164
- * fail or incorrectly change the value the guest sees.
165
- *
166
- * If we ever want to allow the user to modify cp15 registers via
167
- * the gdb stub, we would need to be more clever here (for instance
168
- * tracking the set of registers kvm_arch_get_registers() successfully
169
- * managed to update the CPUARMState with, and only allowing those
170
- * to be written back up into the kernel).
171
- */
172
+ write_cpustate_to_list(cpu, true);
173
+
174
if (!write_list_to_kvmstate(cpu, level)) {
175
return EINVAL;
176
}
177
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
178
index XXXXXXX..XXXXXXX 100644
179
--- a/target/arm/kvm64.c
180
+++ b/target/arm/kvm64.c
181
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
182
return ret;
183
}
184
185
+ write_cpustate_to_list(cpu, true);
186
+
187
if (!write_list_to_kvmstate(cpu, level)) {
188
return EINVAL;
189
}
190
diff --git a/target/arm/machine.c b/target/arm/machine.c
191
index XXXXXXX..XXXXXXX 100644
192
--- a/target/arm/machine.c
193
+++ b/target/arm/machine.c
194
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
195
abort();
196
}
197
} else {
198
- if (!write_cpustate_to_list(cpu)) {
199
+ if (!write_cpustate_to_list(cpu, false)) {
200
/* This should never fail. */
201
abort();
202
}
203
--
34
--
204
2.20.1
35
2.20.1
205
36
206
37
diff view generated by jsdifflib
1
From: Markus Armbruster <armbru@redhat.com>
1
The TMP105 datasheet says that in Interrupt Mode (when TM==1) the device
2
signals an alert when the temperature equals or exceeds the T_high value and
3
then remains high until a device register is read or the device responds to
4
the SMBUS Alert Response address, or the device is put into Shutdown Mode.
5
Thereafter the Alert pin will only be re-signalled when temperature falls
6
below T_low; alert can then be cleared in the same set of ways, and the
7
device returns to its initial "alert when temperature goes above T_high"
8
mode. (If this textual description is confusing, see figure 3 in the
9
TI datasheet at https://www.ti.com/lit/gpn/tmp105 .)
2
10
3
Factored out of pc_system_firmware_init() so the next commit can reuse
11
We were misimplementing this as a simple "always alert if temperature is
4
it in hw/arm/virt.c.
12
above T_high or below T_low" condition, which gives a spurious alert on
13
startup if using the "T_high = 80 degrees C, T_low = 75 degrees C" reset
14
limit values.
5
15
6
Signed-off-by: Markus Armbruster <armbru@redhat.com>
16
Implement the correct (hysteresis) behaviour by tracking whether we
7
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
17
are currently looking for the temperature to rise over T_high or
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
18
for it to fall below T_low. Our implementation of the comparator
9
Message-id: 20190416091348.26075-3-armbru@redhat.com
19
mode (TM==0) wasn't wrong, but rephrase it to match the way that
20
interrupt mode is now handled for clarity.
21
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Reviewed-by: Cédric Le Goater <clg@kaod.org>
24
Message-id: 20201110150023.25533-3-peter.maydell@linaro.org
11
---
25
---
12
include/hw/block/flash.h | 1 +
26
hw/misc/tmp105.h | 7 +++++
13
hw/block/pflash_cfi01.c | 28 ++++++++++++++++++++++++++++
27
hw/misc/tmp105.c | 70 +++++++++++++++++++++++++++++++++++++++++-------
14
hw/i386/pc_sysfw.c | 16 ++--------------
28
2 files changed, 68 insertions(+), 9 deletions(-)
15
3 files changed, 31 insertions(+), 14 deletions(-)
16
29
17
diff --git a/include/hw/block/flash.h b/include/hw/block/flash.h
30
diff --git a/hw/misc/tmp105.h b/hw/misc/tmp105.h
18
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
19
--- a/include/hw/block/flash.h
32
--- a/hw/misc/tmp105.h
20
+++ b/include/hw/block/flash.h
33
+++ b/hw/misc/tmp105.h
21
@@ -XXX,XX +XXX,XX @@ PFlashCFI01 *pflash_cfi01_register(hwaddr base,
34
@@ -XXX,XX +XXX,XX @@ struct TMP105State {
22
int be);
35
int16_t limit[2];
23
BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl);
36
int faults;
24
MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl);
37
uint8_t alarm;
25
+void pflash_cfi01_legacy_drive(PFlashCFI01 *dev, DriveInfo *dinfo);
38
+ /*
26
39
+ * The TMP105 initially looks for a temperature rising above T_high;
27
/* pflash_cfi02.c */
40
+ * once this is detected, the condition it looks for next is the
28
41
+ * temperature falling below T_low. This flag is false when initially
29
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
42
+ * looking for T_high, true when looking for T_low.
43
+ */
44
+ bool detect_falling;
45
};
46
47
#endif
48
diff --git a/hw/misc/tmp105.c b/hw/misc/tmp105.c
30
index XXXXXXX..XXXXXXX 100644
49
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/block/pflash_cfi01.c
50
--- a/hw/misc/tmp105.c
32
+++ b/hw/block/pflash_cfi01.c
51
+++ b/hw/misc/tmp105.c
33
@@ -XXX,XX +XXX,XX @@
52
@@ -XXX,XX +XXX,XX @@ static void tmp105_alarm_update(TMP105State *s)
34
#include "qapi/error.h"
53
return;
35
#include "qemu/timer.h"
54
}
36
#include "qemu/bitops.h"
55
37
+#include "qemu/error-report.h"
56
- if ((s->config >> 1) & 1) {                    /* TM */
38
#include "qemu/host-utils.h"
57
- if (s->temperature >= s->limit[1])
39
#include "qemu/log.h"
58
- s->alarm = 1;
40
+#include "qemu/option.h"
59
- else if (s->temperature < s->limit[0])
41
#include "hw/sysbus.h"
60
- s->alarm = 1;
42
+#include "sysemu/blockdev.h"
61
+ if (s->config >> 1 & 1) {
43
#include "sysemu/sysemu.h"
62
+ /*
44
#include "trace.h"
63
+ * TM == 1 : Interrupt mode. We signal Alert when the
45
64
+ * temperature rises above T_high, and expect the guest to clear
46
@@ -XXX,XX +XXX,XX @@ MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl)
65
+ * it (eg by reading a device register).
47
return &fl->mem;
66
+ */
67
+ if (s->detect_falling) {
68
+ if (s->temperature < s->limit[0]) {
69
+ s->alarm = 1;
70
+ s->detect_falling = false;
71
+ }
72
+ } else {
73
+ if (s->temperature >= s->limit[1]) {
74
+ s->alarm = 1;
75
+ s->detect_falling = true;
76
+ }
77
+ }
78
} else {
79
- if (s->temperature >= s->limit[1])
80
- s->alarm = 1;
81
- else if (s->temperature < s->limit[0])
82
- s->alarm = 0;
83
+ /*
84
+ * TM == 0 : Comparator mode. We signal Alert when the temperature
85
+ * rises above T_high, and stop signalling it when the temperature
86
+ * falls below T_low.
87
+ */
88
+ if (s->detect_falling) {
89
+ if (s->temperature < s->limit[0]) {
90
+ s->alarm = 0;
91
+ s->detect_falling = false;
92
+ }
93
+ } else {
94
+ if (s->temperature >= s->limit[1]) {
95
+ s->alarm = 1;
96
+ s->detect_falling = true;
97
+ }
98
+ }
99
}
100
101
tmp105_interrupt_update(s);
102
@@ -XXX,XX +XXX,XX @@ static int tmp105_post_load(void *opaque, int version_id)
103
return 0;
48
}
104
}
49
105
50
+/*
106
+static bool detect_falling_needed(void *opaque)
51
+ * Handle -drive if=pflash for machines that use properties.
52
+ * If @dinfo is null, do nothing.
53
+ * Else if @fl's property "drive" is already set, fatal error.
54
+ * Else set it to the BlockBackend with @dinfo.
55
+ */
56
+void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo)
57
+{
107
+{
58
+ Location loc;
108
+ TMP105State *s = opaque;
59
+
109
+
60
+ if (!dinfo) {
110
+ /*
61
+ return;
111
+ * We only need to migrate the detect_falling bool if it's set;
62
+ }
112
+ * for migration from older machines we assume that it is false
63
+
113
+ * (ie temperature is not out of range).
64
+ loc_push_none(&loc);
114
+ */
65
+ qemu_opts_loc_restore(dinfo->opts);
115
+ return s->detect_falling;
66
+ if (fl->blk) {
67
+ error_report("clashes with -machine");
68
+ exit(1);
69
+ }
70
+ qdev_prop_set_drive(DEVICE(fl), "drive",
71
+ blk_by_legacy_dinfo(dinfo), &error_fatal);
72
+ loc_pop(&loc);
73
+}
116
+}
74
+
117
+
75
static void postload_update_cb(void *opaque, int running, RunState state)
118
+static const VMStateDescription vmstate_tmp105_detect_falling = {
76
{
119
+ .name = "TMP105/detect-falling",
77
PFlashCFI01 *pfl = opaque;
120
+ .version_id = 1,
78
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
121
+ .minimum_version_id = 1,
79
index XXXXXXX..XXXXXXX 100644
122
+ .needed = detect_falling_needed,
80
--- a/hw/i386/pc_sysfw.c
123
+ .fields = (VMStateField[]) {
81
+++ b/hw/i386/pc_sysfw.c
124
+ VMSTATE_BOOL(detect_falling, TMP105State),
82
@@ -XXX,XX +XXX,XX @@ void pc_system_firmware_init(PCMachineState *pcms,
125
+ VMSTATE_END_OF_LIST()
83
{
126
+ }
84
PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms);
127
+};
85
int i;
128
+
86
- DriveInfo *pflash_drv;
129
static const VMStateDescription vmstate_tmp105 = {
87
BlockBackend *pflash_blk[ARRAY_SIZE(pcms->flash)];
130
.name = "TMP105",
88
- Location loc;
131
.version_id = 0,
89
132
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_tmp105 = {
90
if (!pcmc->pci_enabled) {
133
VMSTATE_UINT8(alarm, TMP105State),
91
old_pc_system_rom_init(rom_memory, true);
134
VMSTATE_I2C_SLAVE(i2c, TMP105State),
92
@@ -XXX,XX +XXX,XX @@ void pc_system_firmware_init(PCMachineState *pcms,
135
VMSTATE_END_OF_LIST()
93
136
+ },
94
/* Map legacy -drive if=pflash to machine properties */
137
+ .subsections = (const VMStateDescription*[]) {
95
for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) {
138
+ &vmstate_tmp105_detect_falling,
96
- pflash_drv = drive_get(IF_PFLASH, 0, i);
139
+ NULL
97
- if (pflash_drv) {
98
- loc_push_none(&loc);
99
- qemu_opts_loc_restore(pflash_drv->opts);
100
- if (pflash_cfi01_get_blk(pcms->flash[i])) {
101
- error_report("clashes with -machine");
102
- exit(1);
103
- }
104
- qdev_prop_set_drive(DEVICE(pcms->flash[i]), "drive",
105
- blk_by_legacy_dinfo(pflash_drv), &error_fatal);
106
- loc_pop(&loc);
107
- }
108
+ pflash_cfi01_legacy_drive(pcms->flash[i],
109
+ drive_get(IF_PFLASH, 0, i));
110
pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]);
111
}
140
}
112
141
};
142
143
@@ -XXX,XX +XXX,XX @@ static void tmp105_reset(I2CSlave *i2c)
144
s->config = 0;
145
s->faults = tmp105_faultq[(s->config >> 3) & 3];
146
s->alarm = 0;
147
+ s->detect_falling = false;
148
149
s->limit[0] = 0x4b00; /* T_LOW, 75 degrees C */
150
s->limit[1] = 0x5000; /* T_HIGH, 80 degrees C */
113
--
151
--
114
2.20.1
152
2.20.1
115
153
116
154
diff view generated by jsdifflib
Deleted patch
1
The Raspberry Pi boards have a physical memory map which does
2
not allow for more than 1GB of RAM. Currently if the user tries
3
to ask for more then we fail in a confusing way:
4
1
5
$ qemu-system-aarch64 --machine raspi3 -m 8G
6
Unexpected error in visit_type_uintN() at qapi/qapi-visit-core.c:164:
7
qemu-system-aarch64: Parameter 'vcram-base' expects uint32_t
8
Aborted (core dumped)
9
10
Catch this earlier and diagnose it with a more friendly message:
11
$ qemu-system-aarch64 --machine raspi3 -m 8G
12
qemu-system-aarch64: Requested ram size is too large for this machine: maximum is 1GB
13
14
Fixes: https://bugs.launchpad.net/qemu/+bug/1794187
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
19
---
20
hw/arm/raspi.c | 7 +++++++
21
1 file changed, 7 insertions(+)
22
23
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/hw/arm/raspi.c
26
+++ b/hw/arm/raspi.c
27
@@ -XXX,XX +XXX,XX @@
28
*/
29
30
#include "qemu/osdep.h"
31
+#include "qemu/units.h"
32
#include "qapi/error.h"
33
#include "qemu-common.h"
34
#include "cpu.h"
35
@@ -XXX,XX +XXX,XX @@ static void raspi_init(MachineState *machine, int version)
36
BusState *bus;
37
DeviceState *carddev;
38
39
+ if (machine->ram_size > 1 * GiB) {
40
+ error_report("Requested ram size is too large for this machine: "
41
+ "maximum is 1GB");
42
+ exit(1);
43
+ }
44
+
45
object_initialize(&s->soc, sizeof(s->soc),
46
version == 3 ? TYPE_BCM2837 : TYPE_BCM2836);
47
object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
48
--
49
2.20.1
50
51
diff view generated by jsdifflib
Deleted patch
1
From: Cao Jiaxi <driver1998@foxmail.com>
2
1
3
gcc_struct is for x86 only, and it generates an warning on ARM64 Clang/MinGW targets.
4
5
Signed-off-by: Cao Jiaxi <driver1998@foxmail.com>
6
Reviewed-by: Thomas Huth <thuth@redhat.com>
7
Message-id: 20190503003618.10089-1-driver1998@foxmail.com
8
[PMM: dropped the slirp change as slirp is now a submodule]
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
contrib/libvhost-user/libvhost-user.h | 2 +-
12
include/qemu/compiler.h | 2 +-
13
scripts/cocci-macro-file.h | 7 ++++++-
14
3 files changed, 8 insertions(+), 3 deletions(-)
15
16
diff --git a/contrib/libvhost-user/libvhost-user.h b/contrib/libvhost-user/libvhost-user.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/contrib/libvhost-user/libvhost-user.h
19
+++ b/contrib/libvhost-user/libvhost-user.h
20
@@ -XXX,XX +XXX,XX @@ typedef struct VhostUserInflight {
21
uint16_t queue_size;
22
} VhostUserInflight;
23
24
-#if defined(_WIN32)
25
+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))
26
# define VU_PACKED __attribute__((gcc_struct, packed))
27
#else
28
# define VU_PACKED __attribute__((packed))
29
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
30
index XXXXXXX..XXXXXXX 100644
31
--- a/include/qemu/compiler.h
32
+++ b/include/qemu/compiler.h
33
@@ -XXX,XX +XXX,XX @@
34
35
#define QEMU_SENTINEL __attribute__((sentinel))
36
37
-#if defined(_WIN32)
38
+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))
39
# define QEMU_PACKED __attribute__((gcc_struct, packed))
40
#else
41
# define QEMU_PACKED __attribute__((packed))
42
diff --git a/scripts/cocci-macro-file.h b/scripts/cocci-macro-file.h
43
index XXXXXXX..XXXXXXX 100644
44
--- a/scripts/cocci-macro-file.h
45
+++ b/scripts/cocci-macro-file.h
46
@@ -XXX,XX +XXX,XX @@
47
#define QEMU_NORETURN __attribute__ ((__noreturn__))
48
#define QEMU_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
49
#define QEMU_SENTINEL __attribute__((sentinel))
50
-#define QEMU_PACKED __attribute__((gcc_struct, packed))
51
+
52
+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))
53
+# define QEMU_PACKED __attribute__((gcc_struct, packed))
54
+#else
55
+# define QEMU_PACKED __attribute__((packed))
56
+#endif
57
58
#define cat(x,y) x ## y
59
#define cat2(x,y) cat(x,y)
60
--
61
2.20.1
62
63
diff view generated by jsdifflib
Deleted patch
1
From: Cao Jiaxi <driver1998@foxmail.com>
2
1
3
The win2qemu[] is supposed to be the conversion table to convert between
4
STORAGE_BUS_TYPE in Windows SDK and GuestDiskBusType in qga.
5
6
But it was incorrectly written that it forces to set a GuestDiskBusType
7
value to STORAGE_BUS_TYPE, which generates an enum conversion warning in clang.
8
9
Suggested-by: Eric Blake <eblake@redhat.com>
10
Signed-off-by: Cao Jiaxi <driver1998@foxmail.com>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Reviewed-by: Thomas Huth <thuth@redhat.com>
13
Message-id: 20190503003650.10137-1-driver1998@foxmail.com
14
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
18
qga/commands-win32.c | 2 +-
19
1 file changed, 1 insertion(+), 1 deletion(-)
20
21
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/qga/commands-win32.c
24
+++ b/qga/commands-win32.c
25
@@ -XXX,XX +XXX,XX @@ void qmp_guest_file_flush(int64_t handle, Error **errp)
26
27
#ifdef CONFIG_QGA_NTDDSCSI
28
29
-static STORAGE_BUS_TYPE win2qemu[] = {
30
+static GuestDiskBusType win2qemu[] = {
31
[BusTypeUnknown] = GUEST_DISK_BUS_TYPE_UNKNOWN,
32
[BusTypeScsi] = GUEST_DISK_BUS_TYPE_SCSI,
33
[BusTypeAtapi] = GUEST_DISK_BUS_TYPE_IDE,
34
--
35
2.20.1
36
37
diff view generated by jsdifflib
Deleted patch
1
Rule R_CQRV says that if two pending interrupts have the same
2
group priority then ties are broken by looking at the subpriority.
3
We had a comment describing this but had forgotten to actually
4
implement the subpriority comparison. Correct the omission.
5
1
6
(The further tie break rules of "lowest exception number" and
7
"secure before non-secure" are handled implicitly by the order
8
in which we iterate through the exceptions in the loops.)
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20190430131439.25251-2-peter.maydell@linaro.org
13
---
14
hw/intc/armv7m_nvic.c | 9 +++++++--
15
1 file changed, 7 insertions(+), 2 deletions(-)
16
17
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/intc/armv7m_nvic.c
20
+++ b/hw/intc/armv7m_nvic.c
21
@@ -XXX,XX +XXX,XX @@ static void nvic_recompute_state_secure(NVICState *s)
22
int active_prio = NVIC_NOEXC_PRIO;
23
int pend_irq = 0;
24
bool pending_is_s_banked = false;
25
+ int pend_subprio = 0;
26
27
/* R_CQRV: precedence is by:
28
* - lowest group priority; if both the same then
29
@@ -XXX,XX +XXX,XX @@ static void nvic_recompute_state_secure(NVICState *s)
30
for (i = 1; i < s->num_irq; i++) {
31
for (bank = M_REG_S; bank >= M_REG_NS; bank--) {
32
VecInfo *vec;
33
- int prio;
34
+ int prio, subprio;
35
bool targets_secure;
36
37
if (bank == M_REG_S) {
38
@@ -XXX,XX +XXX,XX @@ static void nvic_recompute_state_secure(NVICState *s)
39
}
40
41
prio = exc_group_prio(s, vec->prio, targets_secure);
42
- if (vec->enabled && vec->pending && prio < pend_prio) {
43
+ subprio = vec->prio & ~nvic_gprio_mask(s, targets_secure);
44
+ if (vec->enabled && vec->pending &&
45
+ ((prio < pend_prio) ||
46
+ (prio == pend_prio && prio >= 0 && subprio < pend_subprio))) {
47
pend_prio = prio;
48
+ pend_subprio = subprio;
49
pend_irq = i;
50
pending_is_s_banked = (bank == M_REG_S);
51
}
52
--
53
2.20.1
54
55
diff view generated by jsdifflib
Deleted patch
1
The non-secure versions of the BFAR and BFSR registers are
2
supposed to be RAZ/WI if AICR.BFHFNMINS == 0; we were
3
incorrectly allowing NS code to access the real values.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20190430131439.25251-3-peter.maydell@linaro.org
8
---
9
hw/intc/armv7m_nvic.c | 27 ++++++++++++++++++++++++---
10
1 file changed, 24 insertions(+), 3 deletions(-)
11
12
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/intc/armv7m_nvic.c
15
+++ b/hw/intc/armv7m_nvic.c
16
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
17
if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) {
18
goto bad_offset;
19
}
20
+ if (!attrs.secure &&
21
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
22
+ return 0;
23
+ }
24
return cpu->env.v7m.bfar;
25
case 0xd3c: /* Aux Fault Status. */
26
/* TODO: Implement fault status registers. */
27
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
28
if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) {
29
goto bad_offset;
30
}
31
+ if (!attrs.secure &&
32
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
33
+ return;
34
+ }
35
cpu->env.v7m.bfar = value;
36
return;
37
case 0xd3c: /* Aux Fault Status. */
38
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
39
val = 0;
40
break;
41
};
42
- /* The BFSR bits [15:8] are shared between security states
43
- * and we store them in the NS copy
44
+ /*
45
+ * The BFSR bits [15:8] are shared between security states
46
+ * and we store them in the NS copy. They are RAZ/WI for
47
+ * NS code if AIRCR.BFHFNMINS is 0.
48
*/
49
val = s->cpu->env.v7m.cfsr[attrs.secure];
50
- val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
51
+ if (!attrs.secure &&
52
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
53
+ val &= ~R_V7M_CFSR_BFSR_MASK;
54
+ } else {
55
+ val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
56
+ }
57
val = extract32(val, (offset - 0xd28) * 8, size * 8);
58
break;
59
case 0xfe0 ... 0xfff: /* ID. */
60
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
61
*/
62
value <<= ((offset - 0xd28) * 8);
63
64
+ if (!attrs.secure &&
65
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
66
+ /* BFSR bits are RAZ/WI for NS if BFHFNMINS is set */
67
+ value &= ~R_V7M_CFSR_BFSR_MASK;
68
+ }
69
+
70
s->cpu->env.v7m.cfsr[attrs.secure] &= ~value;
71
if (attrs.secure) {
72
/* The BFSR bits [15:8] are shared between security states
73
--
74
2.20.1
75
76
diff view generated by jsdifflib