git.osdn.net Git - qmiga/qemu.git/log

tcg: Split out tcg_out_ext16u

We will need a backend interface for performing 16-bit zero-extend.
Use it in tcg_reg_alloc_op in the meantime.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

tcg: Split out tcg_out_ext16s

We will need a backend interface for performing 16-bit sign-extend.
Use it in tcg_reg_alloc_op in the meantime.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

tcg: Split out tcg_out_ext8u

We will need a backend interface for performing 8-bit zero-extend.
Use it in tcg_reg_alloc_op in the meantime.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

tcg: Split out tcg_out_ext8s

We will need a backend interface for performing 8-bit sign-extend.
Use it in tcg_reg_alloc_op in the meantime.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

tcg: Replace tcg_abort with g_assert_not_reached

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

tcg: Replace if + tcg_abort with tcg_debug_assert

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-hex-20230421' of https://github.com/quic/qemu into staging

Hexagon update

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEENjXHiM5iuR/UxZq0ewJE+xLeRCIFAmRCu/gACgkQewJE+xLe
# RCIlnQgAkdLjTQGC+V+HKIcuD6BWCqk+fRuMAI7Ban/bq/bN5nm4xv8rWIdBAKkj
# xj1MxWgW/yns76A/OupC6tJD/1PvkdvCGUPIdRphK60raP3l1o88ivs2WsJdw9/O
# PAubqwyYNhdnEIhiA9QOVkUoh7rVVKzpri2ldRNdmxBc9tQi9POYvKSVy6rSoiQw
# rhrYfpc0fd50L4oeT1rqpCad9NrbDlCwrRSc/1oA/pUPiuxUYYr6BiIx0ytbTvH2
# aMJUdA2ynkrgxkFn3v42qOrT7M9cs1b7abHz9obWibl6Jqcl4AIoKvF/kAuDmQuV
# FAq8Qhn/cK49M9xCEZOI8olE/xIUjQ==
# =+I8i
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Apr 2023 05:38:16 PM BST
# gpg:                using RSA key 3635C788CE62B91FD4C59AB47B0244FB12DE4422
# gpg: Good signature from "Taylor Simpson (Rock on) <tsimpson@quicinc.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 3635 C788 CE62 B91F D4C5  9AB4 7B02 44FB 12DE 4422

* tag 'pull-hex-20230421' of https://github.com/quic/qemu:
  Hexagon (target/hexagon) Add overrides for cache/sync/barrier instructions
  Hexagon (target/hexagon) Remove unused slot variable in helpers
  Hexagon (tests/tcg/hexagon) Move HVX test infra to header file
  Hexagon (target/hexagon) Updates to USR should use get_result_gpr
  Hexagon (target/hexagon) Add overrides for count trailing zeros/ones
  Hexagon (target/hexagon) Merge arguments to probe_pkt_scalar_hvx_stores
  Hexagon (target/hexagon) Remove redundant/unused macros
  Use black code style for python scripts
  Use f-strings in python scripts
  Hexagon (translate.c): avoid redundant PC updates on COF

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Optional use of Meson wrap for slirp
* Coverity fixes
* Avoid -Werror=maybe-uninitialized
* Mark coroutine QMP command functions as coroutine_fn
* Mark functions that suspend as coroutine_mixed_fn
* target/i386: Fix SGX CPUID leaf
* First batch of qatomic_mb_read() removal
* Small atomic.rst improvement
* NBD cleanup
* Update libvirt-ci submodule

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmRBAzwUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroP64gf+NzLW95tylCfhKuuLq/TjuOTQqHCD
# KVLlA1I3pwJfk4SUuigrnaJtwfa/tBiWxfaivUdPAzPzeXyxcVSOps0neohrmFBh
# 2e3ylBWWz22K0gkLtrFwJT99TVy6w6Xhj9SX8HPRfxl4k8yMPrUJNW78hh6APAwq
# /etZY6+ieHC7cwG4xluhxsHnxnBYBYD+18hUd+b5LchD/yvCSCNNiursutpa0Ar/
# r/HtDwNFKlaApO3sU4R3yYgdS1Fvcas4tDZaumADsQlSG5z+UeJldc98LiRlFrAA
# gnskBSaaly/NgWqY3hVCYaBGyjD4lWPkX/FEChi0XX6Fl1P0umQAv/7z3w==
# =XSAs
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 20 Apr 2023 10:17:48 AM BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (25 commits)
  tests: lcitool: Switch to OpenSUSE Leap 15.4
  tests: libvirt-ci: Update to commit '2fa24dce8bc'
  configure: Honour cross-prefix when finding ObjC compiler
  coverity: unify Fedora dockerfiles
  nbd: a BlockExport always has a BlockBackend
  docs: explain effect of smp_read_barrier_depends() on modern architectures
  qemu-coroutine: remove qatomic_mb_read()
  postcopy-ram: do not use qatomic_mb_read
  block-backend: remove qatomic_mb_read()
  target/i386: Change wrong XFRM value in SGX CPUID leaf
  monitor: mark mixed functions that can suspend
  migration: mark mixed functions that can suspend
  io: mark mixed functions that can suspend
  qapi-gen: mark coroutine QMP command functions as coroutine_fn
  target/mips: tcg: detect out-of-bounds accesses to cpu_gpr and cpu_gpr_hi
  coverity: update COMPONENTS.md
  lasi: fix RTC migration
  target/i386: Avoid unreachable variable declaration in mmu_translate()
  configure: Avoid -Werror=maybe-uninitialized
  tests: bios-tables-test: replace memset with initializer
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-tpm-2023-04-20-1' of https://github.com/stefanberger/qemu-tpm into staging

Merge tpm 2023/04/20 v1

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmRBLgoACgkQda1lgCoL
# QhEPyQf/WfEg8k2hDLExobsSgup1IsnT+mHHTBOZVJvq2efg2YXUTHA56fmD9X6d
# crqTq68L5oaMES5iYEZhA7EAgfk3RvxDQGrlXBByPzrc6SSwEHHMR4Zzi5zrbCoW
# t6TmaKQrlQqYwkhhsbyqnG46bj0ugCDagkBLfJdVl96fjkYgTspcDxaNwqwy/DPn
# GTmQlvdRY09D1nylIdtcLBIfsM+sIkRslyngbUEIy+Bx8EWRy2a8Qw0BdY9g1XoE
# e0CaRaFMpju1KOIjq0YSIzt0LSQDFfPc1IlUAC0ZALhNmp+PPNtr4E7+4kFfO2ym
# 1sT2w25ho8dYDdm/m8tIauCdGoHw4A==
# =ML27
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 20 Apr 2023 01:20:26 PM BST
# gpg:                using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE  C66B 75AD 6580 2A0B 4211

* tag 'pull-tpm-2023-04-20-1' of https://github.com/stefanberger/qemu-tpm:
  qtest: Add a test case for TPM TIS I2C connected to Aspeed I2C controller
  qtest: Move tpm_util_tis_transmit() into tpm-tis-utils.c and rename it
  qtest: Add functions for accessing devices on Aspeed I2C controller
  tests/avocado/aspeed: Add TPM TIS I2C test
  tpm: Add support for TPM device over I2C bus
  tpm: Extend common APIs to support TPM TIS I2C
  docs: Add support for TPM devices over I2C bus

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Hexagon (target/hexagon) Add overrides for cache/sync/barrier instructions

Most of these are not modelled in QEMU, so save the overhead of
calling a helper.

The only exception is dczeroa. It assigns to hex_dczero_addr, which
is handled during packet commit.

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230410202402.2856852-1-tsimpson@quicinc.com>

Hexagon (target/hexagon) Remove unused slot variable in helpers

The slot variable in helpers was only passed to log_reg_write function
where the argument is unused.
- Remove declaration from generated helper functions
- Remove slot argument from log_reg_write

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230407204521.357244-1-tsimpson@quicinc.com>

Hexagon (tests/tcg/hexagon) Move HVX test infra to header file

This will facilitate adding additional tests in separate .c files

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230406174241.853296-1-tsimpson@quicinc.com>

Hexagon (target/hexagon) Updates to USR should use get_result_gpr

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20230405164211.30015-3-tsimpson@quicinc.com>

Hexagon (target/hexagon) Add overrides for count trailing zeros/ones

The following instructions are overriden
    S2_ct0            Count trailing zeros
    S2_ct1            Count trailing ones
    S2_ct0p           Count trailing zeros (register pair)
    S2_ct1p           Count trailing ones (register pair)

These instructions are not handled by idef-parser because the
imported semantics uses bit-reverse.  However, they are
straightforward to implement in TCG with tcg_gen_ctzi_*

Test cases added to tests/tcg/hexagon/misc.c

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230405164211.30015-1-tsimpson@quicinc.com>

Hexagon (target/hexagon) Merge arguments to probe_pkt_scalar_hvx_stores

Reducing the number of arguments reduces the overhead of the helper
call

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230405164211.30015-2-tsimpson@quicinc.com>

Hexagon (target/hexagon) Remove redundant/unused macros

Remove the following macros (remnants of the old generator design)
    READ_REG
    READ_PREG
    WRITE_RREG
    WRITE_PREG
Modify macros that rely on the above

The following are unused
    READ_IREG
    fGET_FIELD
    fSET_FIELD
    fREAD_P3
    fREAD_NPC
    fWRITE_LC0
    fWRITE_LC1

Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230405183048.147767-1-tsimpson@quicinc.com>

Use black code style for python scripts

Signed-off-by: Marco Liebel <quic_mliebel@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Acked-by: Taylor Simpson <tsimpson@quicinc.com>
Tested-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <20230320092533.2859433-3-quic_mliebel@quicinc.com>

Use f-strings in python scripts

Replace python 2 format string with f-strings

Signed-off-by: Marco Liebel <quic_mliebel@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Tested-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <20230320092533.2859433-2-quic_mliebel@quicinc.com>

Hexagon (translate.c): avoid redundant PC updates on COF

When there is a conditional change of flow or an endloop instruction, we
preload HEX_REG_PC with ctx->next_PC at gen_start_packet(). Nonetheless,
we still generate TCG code to do this update again at gen_goto_tb() when
the condition for the COF is not met, thus producing redundant
instructions. This can be seen with the following packet:

0x004002e4:  0x5c20d000 {       if (!P0) jump:t PC+0 }

Which generates this TCG code:

   ---- 004002e4
-> mov_i32 pc,$0x4002e8
   and_i32 loc9,p0,$0x1
   mov_i32 branch_taken,loc9
   add_i32 pkt_cnt,pkt_cnt,$0x2
   add_i32 insn_cnt,insn_cnt,$0x2
   brcond_i32 branch_taken,$0x0,ne,$L1
   goto_tb $0x0
   mov_i32 pc,$0x4002e4
   exit_tb $0x7fb0c36e5200
   set_label $L1
   goto_tb $0x1
-> mov_i32 pc,$0x4002e8
   exit_tb $0x7fb0c36e5201
   set_label $L0
   exit_tb $0x7fb0c36e5203

Note that even after optimizations, the redundant PC update is still
present:

   ---- 004002e4
-> mov_i32 pc,$0x4002e8                     sync: 0  dead: 0 1  pref=0xffff
   mov_i32 branch_taken,$0x1                sync: 0  dead: 0 1  pref=0xffff
   add_i32 pkt_cnt,pkt_cnt,$0x2             sync: 0  dead: 0 1  pref=0xffff
   add_i32 insn_cnt,insn_cnt,$0x2           sync: 0  dead: 0 1 2  pref=0xffff
   goto_tb $0x1
-> mov_i32 pc,$0x4002e8                     sync: 0  dead: 0 1  pref=0xffff
   exit_tb $0x7fb0c36e5201
   set_label $L0
   exit_tb $0x7fb0c36e5203

With this patch, the second redundant update is properly discarded.

Note that we need the additional "move_to_pc" flag instead of just
avoiding the update whenever `dest == ctx->next_PC`, as that could
potentially skip updates from a COF with met condition, whose
ctx->branch_dest just happens to be equal to ctx->next_PC.

Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <fc059153c3f0526d97b7f13450c02b276b0908e1.1679519341.git.quic_mathbern@quicinc.com>

Merge tag 'pull-request-2023-04-20' of https://gitlab.com/thuth/qemu into staging

* Compat machines for version 8.1
* Allow setting a chardev input file on the command line
* Fix .travis.yml to work with non-public Travis instances, too
* Move a lot of code from specifc_ss into softmmu_ss
* Add a test case for TPM TIS I2C connected to Aspeed I2C controller
* Update tests/vm/freebsd to version 13
* Some more misc minor fixes here and there

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmRBDtMRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXfjw//UYytlyZsDOLAMfFNGQViMmVf29KbrDRe
# doDh4Nl1oZLNKm9C5XlQExhsRbLm6Hi9nyQvSCJs4CvZ1jBY6U7GfgMNIaozXWb3
# 4gQyJb9ACe/z8bQmPUVF2sdW1QZ9zpf8LWpCOTGUZiI2Tevzkz7b/F5ZxiQiseG6
# dXe8UIwdZhG4jz2+6viqjHiGlKoBkegGYoJthcwnR07aRz2woiNr7rKRiJEiv2G7
# UfMVB96uLkpEhaDoohz440/rjviazO1nt6HDvgEajXT1X5P/8phT9IvT7olAZXZH
# R2Qm6YyYcSWavoPms3AryAWG8FjomcyBjuebfAVW5/x+fl/401sn9quBMoZrYPEX
# dfzF64vVokdXNQEH6+qc95PdB6/+d0CZPY8ilMRtAttf2sMw7IgqhG3zDLbj9t6R
# dns2/DY9zu2pp07IEAXn/iVbW4rl2HADUQncr6B/cPy++lYiFvv7LX8OE+YWOsk0
# gvxzYx6rRhr5j7xT1sP30pLwsG3mX7qRDfba1Bt19CzSbu7UGN+w+S1xclgZDoqE
# 0AZIeVUuqqNTEoBLoa2xHUDGs9NjeI2+qIh0R5csS/bqDscLXj0cOluvJO48n4Rt
# +SGQSCSmU/lxn6EbBz4tw3orlp0clBH9fEaSg9lYxuUTYvQOpdYS7u4d63VQFvzp
# dwQ9LRDFNsA=
# =8ZFL
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 20 Apr 2023 11:07:15 AM BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-04-20' of https://gitlab.com/thuth/qemu: (23 commits)
  tests/vm/freebsd: Update to FreeBSD 13.2
  qtest: Add a test case for TPM TIS I2C connected to Aspeed I2C controller
  qtest: Move tpm_util_tis_transmit() into tpm-tis-utils.c and rename it
  qtest: Add functions for accessing devices on Aspeed I2C controller
  MAINTAINERS: Add Juan Quintela to developer guides review
  cpu: Remove parameter of list_cpus()
  hw/core: Move numa.c into the target independent source set
  softmmu: Move dirtylimit.c into the target independent source set
  hw/display: Compile vga.c as target-independent code
  softmmu: Make qtest.c target independent
  include/exec: Provide the tswap() functions for target independent code, too
  softmmu/qtest: Move the target-specific pseries RTAS code out of qtest.c
  hw/char: Move two more files from specific_ss to softmmu_ss
  target/i386: Set family/model/stepping of the "max" CPU according to LM bit
  tests/migration: Only run auto_converge in slow mode
  travis.yml: Add missing 'flex', 'bison' packages to 'GCC (user)' job
  travis.yml: Add missing clang-10 package to the 'Clang (disable-tcg)' job
  chardev: Allow setting file chardev input file on the command line
  qtest: Don't assert on "-qtest chardev:myid"
  test: Fix test-crypto-secret when compiling without keyring support
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20230420' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/arm: Fix some typos in comments (most found by codespell)
* exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf
* Orangepi-PC, Cubieboard: add Allwinner WDT watchdog emulation
* tests/avocado: Add reboot tests to Cubieboard
* hw/timer/imx_epit: Fix bugs in timer limit checking
* target/arm: Remove KVM AArch32 CPU definitions
* hw/arm/virt: Restrict Cortex-A7 check to TCG
* target/arm: Initialize debug capabilities only once
* target/arm: Implement FEAT_PAN3
* docs/devel/kconfig.rst: Fix incorrect markup
* target/arm: Report pauth information to gdb as 'pauth_v2'
* mcimxd7-sabre, mcimx6ul-evk: Correctly model the way the PHY
   on the second ethernet device must be configured via the
   first one

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmRBDfkZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3rtLD/93hJ+CEUnATXx7Ic7g0EvN
# eXIMsgd80pd1gn4PKzP9lol6I40VDuozs9mb9jP6+Hc0tEoOua4KlIvyMlYy4wSx
# eJBqt/gx/N/V+jwVG8seY+ifLIzECMLMOQIRQqQoVk+scENuiJIXcJRH5A1eUWNb
# iV0QfJa1gQrKyyIG9vNfZ+cS+xy0bl0E9FlZ0ty3zeh0xBaMhUqnpraTVLISWelP
# OEovcIBEzvD/ngj+7F/xKBGgtSTZ1FuN5p/oOFDCH2Fihe2+wuw7B3Rc1SbHLG7n
# Wr4JZozdPbnudhrZgn+1A9SCFhH+B8k/QlKY2Qc+w+GrnC0JpJAmqtaF2aIaepPo
# kfbTUshDstIZ7MnCeAa+SWn2Exgrsn0Gv9nWdOrPgrvo0bqK6ceAhchi5nFmkkaJ
# MOy+Xx5GIAE91418wR8C2TlrTl58A81s15AYY1D7nZ0GeuZV5io7wPIAOWa14rOQ
# RdvQ/0rcZ+IkOFXz5Zj/L/Y/W4BpDyfuUVzLAah56zYkuV4im2cLt3YAOMFYZjjO
# 6W1sdbAcuA5QFmO4v5VmcTU8t/B423QzcnssE6sbM0nazMh/i6kjzvJUhdJTQmi+
# lKjIe+MHutTgrbjrwemjiafk3dOpFpKtso/4C/dhP2UfDIcKuGXNpSYxCvoknO2j
# TWvxRvir/PC7gzUzA4CrwQ==
# =YUUL
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 20 Apr 2023 11:03:37 AM BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20230420' of https://git.linaro.org/people/pmaydell/qemu-arm: (21 commits)
  arm/mcimx7d-sabre: Set fec2-phy-connected property to false
  fsl-imx7: Add fec[12]-phy-connected properties
  arm/mcimx6ul-evk: Set fec1-phy-connected property to false
  fsl-imx6ul: Add fec[12]-phy-connected properties
  hw/net/imx_fec: Support two Ethernet interfaces connected to single MDIO bus
  target/arm: Report pauth information to gdb as 'pauth_v2'
  docs/devel/kconfig.rst: Fix incorrect markup
  target/arm: Implement FEAT_PAN3
  target/arm: Don't set ISV when reporting stage 1 faults in ESR_EL2
  target/arm: Pass ARMMMUFaultInfo to merge_syn_data_abort()
  target/arm: Initialize debug capabilities only once
  hw/arm/virt: Restrict Cortex-A7 check to TCG
  target/arm: Remove KVM AArch32 CPU definitions
  hw/timer/imx_epit: fix limit check
  hw/timer/imx_epit: don't shadow variable
  tests/avocado: Add reboot tests to Cubieboard
  hw/arm: Add WDT to Allwinner-H3 and Orangepi-PC
  hw/arm: Add WDT to Allwinner-A10 and Cubieboard
  hw/watchdog: Allwinner WDT emulation for system reset
  exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

qtest: Add a test case for TPM TIS I2C connected to Aspeed I2C controller

Add a test case for the TPM TIS I2C device exercising most of its
functionality, including localities.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Ninad Palsule<ninad@linux.ibm.com>
Message-id: 20230331173051.3857801-4-stefanb@linux.ibm.com

qtest: Move tpm_util_tis_transmit() into tpm-tis-utils.c and rename it

To be able to remove tpm_tis_base_addr from test cases that do not really
need it move the tpm_util_tis_transmit() function into tpm-tis-utils.c and
rename it to tpm_tis_transmit().

Fix a locality parameter in a test case on the way.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20230331173051.3857801-3-stefanb@linux.ibm.com

qtest: Add functions for accessing devices on Aspeed I2C controller

Add read and write functions for accessing registers of I2C devices
connected to the Aspeed I2C controller.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Ninad Palsule <ninad@linux.ibm.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-id: 20230331173051.3857801-2-stefanb@linux.ibm.com

tests/avocado/aspeed: Add TPM TIS I2C test

Add a new buildroot image based test that attaches a TPM emulator to the
I2C bus and checks for a known PCR0 value for the image that was booted.

Note that this does not tear down swtpm process when qemu execution fails.
The swtpm process will exit when qemu exits if a connection has been
made, but if the test errors before connection then the swtpm process
will still be around.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Ninad Palsule <ninad@linux.ibm.com>
Message-id: 20230328120844.190914-1-joel@jms.id.au

tpm: Add support for TPM device over I2C bus

Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices. I2C model only supports
TPM2 protocol.

This commit includes changes for the common code.
- Added I2C emulation model. Logic was added in the model to temporarily
  cache the data as I2C interface works per byte basis.
- New tpm type "tpm-tis-i2c" added for I2C support. The user has to
  provide this string on command line.

Testing:
  TPM I2C device module is tested using SWTPM (software based TPM
  package). Qemu uses the rainier machine and is connected to swtpm over
  the socket interface.

  The command to start swtpm is as follows:
  $ swtpm socket --tpmstate dir=/tmp/mytpm1    \
                 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock  \
                 --tpm2 --log level=100

  The command to start qemu is as follows:
  $ qemu-system-arm -M rainier-bmc -nographic \
            -kernel ${IMAGEPATH}/fitImage-linux.bin \
            -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
            -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
            -drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2 \
            -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443 \
            -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
            -tpmdev emulator,id=tpm0,chardev=chrtpm \
            -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e

Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Tested-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230414220754.1191476-4-ninadpalsule@us.ibm.com

tpm: Extend common APIs to support TPM TIS I2C

Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices.

This commit includes changes for the common code.
- Added support for the new checksum registers which are required for
  the I2C support. The checksum calculation is handled in the qemu
  common code.
- Added wrapper function for read and write data so that I2C code can
  call it without MMIO interface.

The TPM TIS I2C spec describes in the table in section "Interface Locality
Usage per Register" that the TPM_INT_ENABLE and TPM_INT_STATUS registers
must be writable for any locality even if the locality is not the active
locality. Therefore, remove the checks whether the writing locality is the
active locality for these registers.

Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Tested-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230414220754.1191476-3-ninadpalsule@us.ibm.com

docs: Add support for TPM devices over I2C bus

This is a documentation change for I2C TPM device support.

Qemu already supports devices attached to ISA and sysbus.
This drop adds support for the I2C bus attached TPM devices.

Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230414220754.1191476-2-ninadpalsule@us.ibm.com

arm/mcimx7d-sabre: Set fec2-phy-connected property to false

On mcimx7d-sabre, the MDIO bus is connected to the first Ethernet
interface. Set fec2-phy-connected to false to reflect this.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230315145248.1639364-6-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

fsl-imx7: Add fec[12]-phy-connected properties

Add fec[12]-phy-connected properties and use it to set phy-connected
and phy-consumer properties for imx_fec.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230315145248.1639364-5-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm/mcimx6ul-evk: Set fec1-phy-connected property to false

On mcimx6ul-evk, the MDIO bus is connected to the second Ethernet
interface. Set fec1-phy-connected to false to reflect this.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230315145248.1639364-4-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

fsl-imx6ul: Add fec[12]-phy-connected properties

Add fec[12]-phy-connected properties and use it to set phy-connected
and phy-consumer properties for imx_fec.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230315145248.1639364-3-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/vm/freebsd: Update to FreeBSD 13.2

According to QEMU's support policy, we stop supporting the previous
major release two years after the the new major release has been
published. So we can stop testing FreeBSD 12 now and should switch
our FreeBSD VM to version 13 instead.

Some changes are needed for this update: The downloadable .ISO images
do not use the serial port as console by default anymore, so they
are not usable in the same way as with FreeBSD 12. Fortunately, the
FreeBSD project now also offers some pre-installed CI images that
have the serial console enabled, so we can use those now, with the
benefit that we can skip almost all parts of the previous installation
process.

Message-Id: <20230419144553.719749-1-thuth@redhat.com>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

hw/net/imx_fec: Support two Ethernet interfaces connected to single MDIO bus

The SOC on i.MX6UL and i.MX7 has 2 Ethernet interfaces. The PHY on each may
be connected to separate MDIO busses, or both may be connected on the same
MDIO bus using different PHY addresses. Commit 461c51ad4275 ("Add a phy-num
property to the i.MX FEC emulator") added support for specifying PHY
addresses, but it did not provide support for linking the second PHY on
a given MDIO bus to the other Ethernet interface.

To be able to support two PHY instances on a single MDIO bus, two properties
are needed: First, there needs to be a flag indicating if the MDIO bus on
a given Ethernet interface is connected. If not, attempts to read from this
bus must always return 0xffff. Implement this property as phy-connected.
Second, if the MDIO bus on an interface is active, it needs a link to the
consumer interface to be able to provide PHY access for it. Implement this
property as phy-consumer.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230315145248.1639364-2-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qtest: Add a test case for TPM TIS I2C connected to Aspeed I2C controller

Add a test case for the TPM TIS I2C device exercising most of its
functionality, including localities.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Ninad Palsule<ninad@linux.ibm.com>
Message-Id: <20230331173051.3857801-4-stefanb@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

qtest: Move tpm_util_tis_transmit() into tpm-tis-utils.c and rename it

To be able to remove tpm_tis_base_addr from test cases that do not really
need it move the tpm_util_tis_transmit() function into tpm-tis-utils.c and
rename it to tpm_tis_transmit().

Fix a locality parameter in a test case on the way.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230331173051.3857801-3-stefanb@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

qtest: Add functions for accessing devices on Aspeed I2C controller

Add read and write functions for accessing registers of I2C devices
connected to the Aspeed I2C controller.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Ninad Palsule <ninad@linux.ibm.com>
Message-Id: <20230331173051.3857801-2-stefanb@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

MAINTAINERS: Add Juan Quintela to developer guides review

Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230419163457.17175-1-quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

cpu: Remove parameter of list_cpus()

The "optarg" parameter is completely unused, so let's drop it.

Message-Id: <20230419124831.678079-1-thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

hw/core: Move numa.c into the target independent source set

There is nothing that depends on target specific macros in this
file, so we can move it to the common source set to avoid that
we have to compile this file multiple times (one time for each
target).

Message-Id: <20230413182636.139356-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

softmmu: Move dirtylimit.c into the target independent source set

dirtylimit.c just uses one TARGET_PAGE_SIZE macro - change it to
qemu_target_page_size() so we can move thefile into the target
independent source set. Then we only have to compile this file
once during the build instead of multiple times (one time for
each target).

Message-Id: <20230413054509.54421-1-thuth@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>

hw/display: Compile vga.c as target-independent code

The target checks here are only during the initialization, so they
are not performance critical. We can switch these to runtime checks
to avoid that we have to compile this file multiple times during
the build, and make the code ready for an universal build one day.

Message-Id: <20230412163501.36770-1-thuth@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>

softmmu: Make qtest.c target independent

The code in this file is not performance critical, so we can use
the target independent endianess functions to only compile this
file once for all targets.

Message-Id: <20230411183418.1640500-4-thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

include/exec: Provide the tswap() functions for target independent code, too

In some cases of target independent code, it would be useful to have access
to the functions that swap endianess in case it differs between guest and
host. Thus re-implement the tswapXX() functions in a new header that can be
included separately. The check whether the swapping is needed continues to
be done at compile-time for target specific code, while it is done at
run-time in target-independent code.

Message-Id: <20230411183418.1640500-3-thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

softmmu/qtest: Move the target-specific pseries RTAS code out of qtest.c

Ideally, qtest.c should be independent from target specific code, so
we only have to compile it once for all targets. Thus start improving
the situation by moving the pseries related code to hw/ppc/spapr_rtas.c
instead and allow target code to register a callback handler for such
target specific commands.

Message-Id: <20230411183418.1640500-2-thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

hw/char: Move two more files from specific_ss to softmmu_ss

The code for these two devices seems to be independent from any
target specific macros. "riscv_htif.c" is used for both, riscv32 and
riscv64, so by moving this to the common code source set, we can
avoid to compile it twice every time.
"goldfish_tty.c" is only used for one target at the moment, but
since it is a paravirtualized device, it could get useful for other
targets one day, so let's move it now, too.

Message-Id: <20230411173206.1511621-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

target/i386: Set family/model/stepping of the "max" CPU according to LM bit

We want to get rid of the "#ifdef TARGET_X86_64" compile-time switch
in the long run, so we can drop the separate compilation of the
"qemu-system-i386" binary one day - but we then still need a way to
run a guest with max. CPU settings in 32-bit mode. So the "max" CPU
should determine its family/model/stepping settings according to the
"large mode" (LM) CPU feature bit during runtime, so that it is
possible to run "qemu-system-x86_64 -cpu max,lm=off" and still get
a sane family/model/stepping setting for the guest CPU.

To be able to check the LM bit, we have to move the code that sets
up these properties to a "realize" function, since the LM setting is
not available yet when the "instance_init" function is being called.

Message-Id: <20230306154311.476458-1-thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

tests/migration: Only run auto_converge in slow mode

Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230412142001.16501-3-quintela@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

travis.yml: Add missing 'flex', 'bison' packages to 'GCC (user)' job

Since commit fd8171fe52b5e("target/hexagon: import lexer for idef-parser") the
hexagon target uses 'flex', 'bison' to generate idef-parser. However default
travis builder image for 'focal' may not have these pre-installed, consequently
following error is seen with travis when trying to execute the 'GCC (user)' job
that also tries to build hexagon user binary:

<snip>
export CONFIG="--disable-containers --disable-system"
<snip>
Program flex found: NO

../target/hexagon/meson.build:179:4: ERROR: Program 'flex' not found or not
executable
<snip>

Fix this by explicitly add 'flex' and 'bison' to the list of addon apt-packages
for the 'GCC (user)' job.

Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Message-Id: <20230417162354.186678-1-vaibhav@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

target/arm: Report pauth information to gdb as 'pauth_v2'

So that we can avoid the "older gdb crashes" problem described in
commit 5787d17a42f7af4 and which caused us to disable reporting pauth
information via the gdbstub, newer gdb is going to implement support
for recognizing the pauth information via a new feature name:
org.gnu.gdb.aarch64.pauth_v2

Older gdb won't recognize this feature name, so we can re-enable the
pauth support under the new name without risking them crashing.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230406150827.3322670-1-peter.maydell@linaro.org

docs/devel/kconfig.rst: Fix incorrect markup

In rST markup syntax, the inline markup (*italics*, **bold** and
``monospaced``) must be separated from the surrending text by
non-word characters, otherwise it is not interpreted as markup.
To force interpretation as markup in the middle of a word,
you need to use a backslash-escaped space (which will not
appear as a space in the output).

Fix a missing backslash-space in this file, which meant that the ``
after "select" was output literally and the monospacing was
incorrectly extended all the way to the end of the next monospaced
word.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230411105424.3994585-1-peter.maydell@linaro.org

target/arm: Implement FEAT_PAN3

FEAT_PAN3 adds an EPAN bit to SCTLR_EL1 and SCTLR_EL2, which allows
the PAN bit to make memory non-privileged-read/write if it is
user-executable as well as if it is user-read/write.

Implement this feature and enable it in the AArch64 'max' CPU.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230331145045.2584941-4-peter.maydell@linaro.org

target/arm: Don't set ISV when reporting stage 1 faults in ESR_EL2

The syndrome value reported to ESR_EL2 should only contain the
detailed instruction syndrome information when the fault has been
caused by a stage 2 abort, not when the fault was a stage 1 abort
(i.e. caused by execution at EL2). We were getting this wrong and
reporting the detailed ISV information all the time.

Fix the bug by checking fi->stage2. Add a TODO comment noting the
cases where we'll have to come back and revisit this when we
implement FEAT_LS64 and friends.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230331145045.2584941-3-peter.maydell@linaro.org

target/arm: Pass ARMMMUFaultInfo to merge_syn_data_abort()

We already pass merge_syn_data_abort() two fields from the
ARMMMUFaultInfo struct, and we're about to want to use a third field.
Refactor to just pass a pointer to the fault info.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230331145045.2584941-2-peter.maydell@linaro.org

target/arm: Initialize debug capabilities only once

kvm_arm_init_debug() used to be called several times on a SMP system as
kvm_arch_init_vcpu() calls it. Move the call to kvm_arch_init() to make
sure it will be called only once; otherwise it will overwrite pointers
to memory allocated with the previous call and leak it.

Fixes: e4482ab7e3 ("target-arm: kvm - add support for HW assisted debug")
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230405153644.25300-1-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/virt: Restrict Cortex-A7 check to TCG

The Cortex-A7 core is only available when TCG is enabled (see
commit 80485d88f9 "target/arm: Restrict v7A TCG cpus to TCG accel").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230405100848.76145-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm: Remove KVM AArch32 CPU definitions

Missed in commit 80485d88f9 ("target/arm: Restrict
v7A TCG cpus to TCG accel").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230405100848.76145-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/timer/imx_epit: fix limit check

Fix the limit check. If the limit is less than the compare value,
the timer can never reach this value, thus it will never fire.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1491
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
Message-id: 168070611775.20412.2883242077302841473-2@git.sr.ht
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/timer/imx_epit: don't shadow variable

Fix issue reported by Coverity.

Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
Message-id: 168070611775.20412.2883242077302841473-1@git.sr.ht
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/avocado: Add reboot tests to Cubieboard

Cubieboard tests end with comment "reboot not functioning; omit test".
Fix this so reboot is done at the end of each test.

Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20230326202256.22980-5-strahinja.p.jankovic@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm: Add WDT to Allwinner-H3 and Orangepi-PC

This patch adds WDT to Allwinner-H3 and Orangepi-PC.
WDT is added as an overlay to the Timer module memory area.

Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20230326202256.22980-4-strahinja.p.jankovic@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm: Add WDT to Allwinner-A10 and Cubieboard

This patch adds WDT to Allwinner-A10 and Cubieboard.
WDT is added as an overlay to the Timer module memory map.

Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20230326202256.22980-3-strahinja.p.jankovic@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/watchdog: Allwinner WDT emulation for system reset

This patch adds basic support for Allwinner WDT.
Both sun4i and sun6i variants are supported.
However, interrupt generation is not supported, so WDT can be used only to trigger system reset.

Signed-off-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20230326202256.22980-2-strahinja.p.jankovic@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf

One of the debug printfs in exynos4210_gcomp_find() will
access outside the 's->g_timer.reg.comp[]' array if there
was no active comparator and 'res' is -1. Add a conditional
to avoid this.

This doesn't happen in normal use because the debug printfs
are by default not compiled in.

Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Message-id: 20230404074506.112615-1-jiangfeng@kylinos.cn
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Adjusted commit message to clarify that the overrun
only happens if you've enabled debug printfs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm: Fix some typos in comments (most found by codespell)

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230409200526.1156456-1-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests: lcitool: Switch to OpenSUSE Leap 15.4

Since OpenSUSE Leap 15 counts as a single major release of an LTS distribution,
lcitool has changed the target name to remove the minor version. Adjust the
mappings and refresh script.

This also updates the dockerfile to 15.4, since the 15.3 version is EOL now:

https://get.opensuse.org/leap/15.3

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <a408b7f241ac59e5944db6ae2360a792305c36e0.1681735482.git.pkrempa@redhat.com>
[Adjust for target name change and reword commit message. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

tests: libvirt-ci: Update to commit '2fa24dce8bc'

Update to commit which has fixes needed for OpenSUSE 15.4 and
re-generate output files.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Message-Id: <bd11b5954d3dd1e989699370af2b9e2e0c77194a.1681735482.git.pkrempa@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

configure: Honour cross-prefix when finding ObjC compiler

Currently when configure picks an ObjectiveC compiler it doesn't pay
attention to the cross-prefix. This isn't a big deal in practice,
because we only use ObjC on macos and you can't cross-compile to
macos. But it's a bit inconsistent.

Rearrange the handling of objcc in configure so that we do the
same thing that we do with cc and cxx. This means that the logic
for picking the ObjC compiler goes from:
if --objcc is specified, use that
otherwise if clang is available, use that
otherwise use $cc
to:
if --objcc is specified, use that
otherwise if --cross-prefix is specified, use ${cross_prefix}clang
otherwise if clang is available, use that
otherwise use $cc

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1185
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230418161554.744834-1-peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

coverity: unify Fedora dockerfiles

The Fedora CI and coverity runs are using a slightly different set of
packages. Copy most of the content over from tests/docker while
keeping the commands at the end that unpack the tools.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230331174844.376300-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

nbd: a BlockExport always has a BlockBackend

exp->common.blk cannot be NULL, nbd_export_delete() is only called (through
a bottom half) from blk_exp_unref() and in turn that can only happen
after blk_exp_add() has asserted exp->blk != NULL.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

docs: explain effect of smp_read_barrier_depends() on modern architectures

The documentation for smp_read_barrier_depends() does not mention the architectures
for which it is an optimization, for example ARM and PPC. As a result, it is not
clear to the reader why one would use it. Relegate Alpha to a footnote together
with other architectures where it is equivalent to smp_rmb().

Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

qemu-coroutine: remove qatomic_mb_read()

Replace with an explicit barrier and a comment.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

postcopy-ram: do not use qatomic_mb_read

It does not even pair with a qatomic_mb_set(), so it is clearer to use
load-acquire in this case; they are synonyms.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

block-backend: remove qatomic_mb_read()

There is already a barrier in AIO_WAIT_WHILE_INTERNAL(), thus the
qatomic_mb_read() is not adding anything.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: Change wrong XFRM value in SGX CPUID leaf

The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
SGX enclaves only supported SSE and x87 feature (xfrm=0x3).

Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com>
Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

monitor: mark mixed functions that can suspend

There should be no paths from a coroutine_fn to aio_poll, however in
practice coroutine_mixed_fn will call aio_poll in the !qemu_in_coroutine()
path. By marking mixed functions, we can track accurately the call paths
that execute entirely in coroutine context, and find more missing
coroutine_fn markers. This results in more accurate checks that
coroutine code does not end up blocking.

If the marking were extended transitively to all functions that call
these ones, static analysis could be done much more efficiently.
However, this is a start and makes it possible to use vrc's path-based
searches to find potential bugs where coroutine_fns call blocking functions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

migration: mark mixed functions that can suspend

There should be no paths from a coroutine_fn to aio_poll, however in
practice coroutine_mixed_fn will call aio_poll in the !qemu_in_coroutine()
path. By marking mixed functions, we can track accurately the call paths
that execute entirely in coroutine context, and find more missing
coroutine_fn markers. This results in more accurate checks that
coroutine code does not end up blocking.

If the marking were extended transitively to all functions that call
these ones, static analysis could be done much more efficiently.
However, this is a start and makes it possible to use vrc's path-based
searches to find potential bugs where coroutine_fns call blocking functions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

io: mark mixed functions that can suspend

There should be no paths from a coroutine_fn to aio_poll, however in
practice coroutine_mixed_fn will call aio_poll in the !qemu_in_coroutine()
path. By marking mixed functions, we can track accurately the call paths
that execute entirely in coroutine context, and find more missing
coroutine_fn markers. This results in more accurate checks that
coroutine code does not end up blocking.

If the marking were extended transitively to all functions that call
these ones, static analysis could be done much more efficiently.
However, this is a start and makes it possible to use vrc's path-based
searches to find potential bugs where coroutine_fns call blocking functions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

qapi-gen: mark coroutine QMP command functions as coroutine_fn

Coroutine commands have to be declared as coroutine_fn, but the
marker does not show up in the qapi-comands-* headers; likewise, the
marshaling function calls the command and therefore must be coroutine_fn.
Static analysis would want coroutine_fn to match between prototype and
declaration, because in principle coroutines might be compiled to a
completely different calling convention. So we would like to add the
marker to the header.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/mips: tcg: detect out-of-bounds accesses to cpu_gpr and cpu_gpr_hi

In some cases (for example gen_compute_branch_nm in
nanomips_translate.c.inc) registers can be unused
on some paths and a negative value is passed in that case:

gen_compute_branch_nm(ctx, OPC_BPOSGE32, 4, -1, -2,
imm << 1);

To avoid an out of bounds access in those cases, introduce
assertions.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

coverity: update COMPONENTS.md

Hexagon is split into two components because it has hundreds of false positives
in the generated files.

capstone and slirp have been removed.

hw/nvme is added to block.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

lasi: fix RTC migration

Migrate rtc_ref (which only needs to be 32-bit because it is summed to
a 32-bit register), which requires bumping the migration version.
The HPPA machine does not have versioned machine types so it is okay
to block migration to old versions of QEMU.

While at it, drop the write-only field rtc from LasiState.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: Avoid unreachable variable declaration in mmu_translate()

Coverity complains (CID 1507880) that the declaration "int error_code;"
in mmu_translate() is unreachable code. Since this is only a declaration,
this isn't actually a bug, but:
* it's a bear-trap for future changes, because if it was changed to
   include an initialization 'int error_code = foo;' then the
   initialization wouldn't actually happen (being dead code)
* it's against our coding style, which wants declarations to be
   at the start of blocks
* it means that anybody reading the code has to go and look up
   exactly what the C rules are for skipping over variable declarations
   using a goto

Move the declaration to the top of the function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230406155946.3362077-1-peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

configure: Avoid -Werror=maybe-uninitialized

The configure script used to compile some code which dereferences memory
with ubsan to verify the compiler can link with ubsan library which
detects dereferencing of uninitialized memory. However, as the
dereferenced memory was allocated in the same code, GCC can statically
detect the unitialized memory dereference and emit maybe-uninitialized
warning. If -Werror is set, this becomes an error, and the configure
script incorrectly thinks the error indicates the compiler cannot use
ubsan.

Fix this error by replacing the code with another function which adds
1 to a signed integer argument. This brings in ubsan to detect if it
causes signed integer overflow. As the value of the argument cannot be
statically determined, the new function is also immune to compiler
warnings.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230405070030.23148-1-akihiko.odaki@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

tests: bios-tables-test: replace memset with initializer

Coverity complains that memset() writes over a const field. Use
an initializer instead, so that the const field is left to zero.
Tests that have to write the const field already use an initializer
for the whole struct, here I am choosing the smallest possible
patch (which is not that small already).

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

vnc: avoid underflow when accessing user-provided address

If hostlen is zero, there is a possibility that addrstr[hostlen - 1]
underflows and, if a closing bracked is there, hostlen - 2 is passed
to g_strndup() on the next line. If websocket==false then
addrstr[0] would be a colon, but if websocket==true this could in
principle happen.

Fix it by checking hostlen.

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

nvme: remove constant argument to tracepoint

The last argument to -pci_nvme_err_startfail_virt_state is always "OFFLINE"
due to the enclosing "if" condition requiring !sctrl->scs. Reported by
Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

build-sys: add slirp.wrap

This allows to build with --enable-slirp / -D slirp=enabled, even when
libslirp is not installed on the system. "meson subprojects download"
will pull it from git in that case.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230302131848.1527460-4-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

build-sys: prevent meson from downloading wrapped subprojects

The following patches are going to introduce meson wrap dependencies,
which is a solution to download and build missing dependencies.

The QEMU build-system will do network access with no way to avoid the
fallback. As a start, hardcode "--wrap-mode=nodownload" in configure, so
that wraps would be used only after a conscious decision of the user to
use "meson subprojects download" (before running configure).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230302131848.1527460-3-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

mtest2make.py: teach suite name that are just "PROJECT"

A subproject test may be simply in the "PROJECT" suite (such as
"qemu-common" with the following patches)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230302131848.1527460-2-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Open 8.1 development tree

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

travis.yml: Add missing clang-10 package to the 'Clang (disable-tcg)' job

Since commit 74a1b256d775("configure: Bump minimum Clang version to 10.0") qemu
needs Clang version 10.0 as the minimum version to build qemu with
Clang. However 'focal' ships by default with Clang version 7.0.0 which causes an
error while executing the 'Clang (disable-tcg)' travis job of the form below:

<snip>
$clang --version

clang version 7.0.0 (tags/RELEASE_700/final)

<snip>
ERROR: You need at least GCC v7.4 or Clang v10.0 (or XCode Clang v12.0)

# QEMU configure log Fri 14 Apr 2023 03:48:22 PM UTC

# Configured with: '../configure' '--disable-docs' '--disable-tools'
'--disable-containers' '--disable-tcg' '--enable-kvm' '--disable-tools'
'--enable-fdt=system' '--host-cc=clang' '--cxx=clang++'

Fix this by adding 'clang-10' to the 'apt_packages' section of the "[s390x]
Clang (disable-tcg)" job and updating the compiler to 'clang-10'.

Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Message-Id: <20230414210645.820204-1-vaibhav@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

chardev: Allow setting file chardev input file on the command line

Our 'file' chardev backend supports both "output from this chardev
is written to a file" and "input from this chardev should be read
from a file" (except on Windows). However, you can only set up
the input file if you're using the QMP interface -- there is no
command line syntax to do it.

Add command line syntax to allow specifying an input file
as well as an output file, using a new 'input-path' suboption.

The specific use case I have is that I'd like to be able to
feed fuzzer reproducer input into qtest without having to use
'-qtest stdio' and put the input onto stdin. Being able to
use a file chardev like this:
-chardev file,id=repro,path=/dev/null,input-path=repro.txt -qtest chardev:repro
means that stdio is free for use by gdb.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230413150724.404304-3-peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[thuth: Replace "input-file=" typo with "input-path="]
Signed-off-by: Thomas Huth <thuth@redhat.com>

qtest: Don't assert on "-qtest chardev:myid"

If the -qtest command line argument is passed a string that says
"use this chardev for I/O", then it will assert:

$ ./build/clang/qemu-system-i386 -chardev file,path=/dev/null,id=myid -qtest chardev:myid
Unexpected error in qtest_set_chardev() at ../../softmmu/qtest.c:1011:
qemu-system-i386: Cannot find character device 'qtest'
Aborted (core dumped)

This is because in qtest_server_init() we assume that when we create
the chardev with qemu_chr_new() it will always have the name "qtest".
This is true if qemu_chr_new() had to create a new chardev, but not
true if one already existed and is being referred to with
"chardev:myid".

Use the name of the chardev we get back from qemu_chr_new() as the
string to set the qtest 'chardev' property to, instead of hardcoding
it to "qtest".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230413150724.404304-2-peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

test: Fix test-crypto-secret when compiling without keyring support

Linux keyring support is protected by CONFIG_KEYUTILS.
We also need CONFIG_SECRET_KEYRING.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230414114252.1136-1-quintela@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

docs/cxl: Fix sentence

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-Id: <20230409201828.1159568-1-sw@weilnetz.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

docs: Fix typo (wphx => whpx)

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1529
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-Id: <20230409201007.1157671-1-sw@weilnetz.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

hw: Add compat machines for 8.1

Add 8.1 machine types for arm/i440fx/m68k/q35/s390x/spapr.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20230314173009.152667-1-cohuck@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

Update version for v8.0.0 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Update version for v8.0.0-rc4 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>