git.osdn.net Git - qmiga/qemu.git/log

hw/ide/ahci: simplify and document PxCI handling

The AHCI spec states that:
For NCQ, PxCI is cleared on command queued successfully.

For non-NCQ, PxCI is cleared on command completed successfully.
(A non-NCQ command that completes with error does not clear PxCI.)

The current QEMU implementation either clears PxCI in check_cmd(),
or in ahci_cmd_done().

check_cmd() will clear PxCI for a command if handle_cmd() returns 0.
handle_cmd() will return -1 if BUSY or DRQ is set.

The QEMU implementation for NCQ commands will currently not set BUSY
or DRQ, so they will always have PxCI cleared by handle_cmd().
ahci_cmd_done() will never even get called for NCQ commands.

Non-NCQ commands are executed by ide_bus_exec_cmd().
Non-NCQ commands in QEMU are implemented either in a sync or in an async
way.

For non-NCQ commands implemented in a sync way, the command handler will
return true, and when ide_bus_exec_cmd() sees that a command handler
returns true, it will call ide_cmd_done() (which will call
ahci_cmd_done()). For a command implemented in a sync way,
ahci_cmd_done() will do nothing (since busy_slot is not set). Instead,
after ide_bus_exec_cmd() has finished, check_cmd() will clear PxCI for
these commands.

For non-NCQ commands implemented in an async way (using either aiocb or
pio_aiocb), the command handler will return false, ide_bus_exec_cmd()
will not call ide_cmd_done(), instead it is expected that the async
callback function will call ide_cmd_done() once the async command is
done. handle_cmd() will set busy_slot, if and only if BUSY or DRQ is
set, and this is checked _after_ ide_bus_exec_cmd() has returned.
handle_cmd() will return -1, so check_cmd() will not clear PxCI.
When the async callback calls ide_cmd_done() (which will call
ahci_cmd_done()), it will see that busy_slot is set, and
ahci_cmd_done() will clear PxCI.

This seems racy, since busy_slot is set _after_ ide_bus_exec_cmd() has
returned. The callback might come before busy_slot gets set. And it is
quite confusing that ahci_cmd_done() will be called for all non-NCQ
commands when the command is done, but will only clear PxCI in certain
cases, even though it will always write a D2H FIS and raise an IRQ.

Even worse, in the case where ahci_cmd_done() does not clear PxCI, it
still raises an IRQ. Host software might thus read an old PxCI value,
since PxCI is cleared (by check_cmd()) after the IRQ has been raised.

Try to simplify this by always setting busy_slot for non-NCQ commands,
such that ahci_cmd_done() will always be responsible for clearing PxCI
for non-NCQ commands.

For NCQ commands, clear PxCI when we receive the D2H FIS, but before
raising the IRQ, see AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and
RegFIS:ClearCI.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-id: 20230609140844.202795-5-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>

hw/ide/ahci: write D2H FIS when processing NCQ command

The way that BUSY + PxCI is cleared for NCQ (FPDMA QUEUED) commands is
described in SATA 3.5a Gold:

11.15 FPDMA QUEUED command protocol
DFPDMAQ2: ClearInterfaceBsy
"Transmit Register Device to Host FIS with the BSY bit cleared to zero
and the DRQ bit cleared to zero and Interrupt bit cleared to zero to
mark interface ready for the next command."

PxCI is currently cleared by handle_cmd(), but we don't write the D2H
FIS to the FIS Receive Area that actually caused PxCI to be cleared.

Similar to how ahci_pio_transfer() calls ahci_write_fis_pio() with an
additional parameter to write a PIO Setup FIS without raising an IRQ,
add a parameter to ahci_write_fis_d2h() so that ahci_write_fis_d2h()
also can write the FIS to the FIS Receive Area without raising an IRQ.

Change process_ncq_command() to call ahci_write_fis_d2h() without
raising an IRQ (similar to ahci_pio_transfer()), such that the FIS
Receive Area is in sync with the PxTFD shadow register.

E.g. Linux reads status and error fields from the FIS Receive Area
directly, so it is wise to keep the FIS Receive Area and the PxTFD
shadow register in sync.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-id: 20230609140844.202795-4-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>

hw/ide/core: set ERR_STAT in unsupported command completion

Currently, the first time sending an unsupported command
(e.g. READ LOG DMA EXT) will not have ERR_STAT set in the completion.
Sending the unsupported command again, will correctly have ERR_STAT set.

When ide_cmd_permitted() returns false, it calls ide_abort_command().
ide_abort_command() first calls ide_transfer_stop(), which will call
ide_transfer_halt() and ide_cmd_done(), after that ide_abort_command()
sets ERR_STAT in status.

ide_cmd_done() for AHCI will call ahci_write_fis_d2h() which writes the
current status in the FIS, and raises an IRQ. (The status here will not
have ERR_STAT set!).

Thus, we cannot call ide_transfer_stop() before setting ERR_STAT, as
ide_transfer_stop() will result in the FIS being written and an IRQ
being raised.

The reason why it works the second time, is that ERR_STAT will still
be set from the previous command, so when writing the FIS, the
completion will correctly have ERR_STAT set.

Set ERR_STAT before writing the FIS (calling cmd_done), so that we will
raise an error IRQ correctly when receiving an unsupported command.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-3-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>

Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

UI patch queue

- misc fixes and improvement
- cleanups and refactoring in ui/vc code

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmT1wuYcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5UhmD/wPCVZ/Vipmbexc8eBd
# wbI7i0zR5Hj7szU4D1MV+fvi5Y6Z7PWvPxnQOIoWbmEGuhOm5P73oRz1jlBDXGLP
# Nh1kh2RvuWILF0Vu+QjJHL5FyA0XJcl/Qhsn1tc7pYMbEOBCpPfpmWRiXrEUDc7/
# S1iSPkB2a7YYwuMW6ksPyKlsb4tjGyea/HYz1lTdw8bJxaFVXMFX35lrqz+A5ZGz
# XAk/6OyMtkMbBi8hWcd6IweYyc/DYaK8emqppQLIUenZEz7nKSWlEUIKcXpf9U4n
# 3W+BISACxnw7KbXrrZl2KJf2Bix6LRureoscZTKawnB/D5hV+g7PtEjNMUQsxjg3
# RyV9+zSPsIg5zXunrHIs1rrUtGS5SvdQbIQYqHPNdL86iuWKer+EnwA06vflweLw
# P7FZhuBNvuY3gU2sdCk5Q7My92YT5DRWjoJRHLFGNYTxPA6MYPivIu8RqsBiu+JX
# BvK1FfhG2JsR9XuuOFR968AXLfMc0hOlHfHWvORk3s/9zIpeEWmQbnGxr1sN9El8
# o+rDIkcadELuzcTJcoHCKdCzjFbLdNNKgvbcVQdw3rdp2rvQ6CZalyh+qZEihAy4
# xLVO+hUypxNhRAg/DtZilUW6cPavn0OjoH/3BgY0F0GiwvhFMntyVGN7eBdwnC7c
# sV5s4Xnafmh5xnGf0GS3UyuX9g==
# =JxZP
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Sep 2023 07:43:34 EDT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu: (52 commits)
  ui/gtk: fix leaks found wtih fuzzing
  ui/vdagent: Unregister input handler of mouse during finalization
  ui/vdagent: call vdagent_disconnect() when agent connection is lost
  ui/dbus: implement damage regions for GL
  ui/dbus: Properly dispose touch/mouse dbus objects
  ui/vnc-enc-tight: Avoid dynamic stack allocation
  ui/vnc-enc-hextile: Use static rather than dynamic length stack array
  ui/spice-display: Avoid dynamic stack allocation
  ui/vc: change the argument for QemuTextConsole
  ui/vc: do not parse VC-specific options in Spice and GTK
  ui/vc: move text console invalidate in helper
  ui/console: minor stylistic changes
  ui/vc: skip text console resize when possible
  ui/console: fold text_console_update_cursor_timer
  ui/console: assert(surface) where appropriate
  ui/console: rename vga_ functions with qemu_console_
  ui/console: use QEMU_PIXMAN_COLOR helpers
  ui/console: declare console types in console.h
  ui/vc: use common text console surface creation
  ui/console: remove need for g_width/g_height
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-lu-20230901' of https://gitlab.com/rth7680/qemu into staging

linux-user: Rewrite and improve /proc/pid/maps
linux-user: Fix shmdt and improve shm region tracking
linux-user: Remove ELF_START_MMAP and image_info.start_mmap

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTyTEcdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8aZAf/UVKDv0FwEzxn3wzx
# pT+NbP4adHCew5ovDq94In9OpwG4+PtZj3x+EdPCFxAvVb9KdOs001a9zSRYSwWi
# 0p9ZkOgtq58/Wr34dl6C8oPZP8bnw7hfVcXWYwdsBq9K+dmW9Tu4LgZSc92NWYiE
# SGBATB/cF4keLlDJrm1YBfb6cVKmYHdgQzMHr4g4TitBOO3lic8HQglXN8eKvQyd
# ZKuMxFwfSGjaNXsoBLmzPBEqJCLzj5JNtOb8maIN9oPTkkC66XvkBmD/4UrQ7K3x
# aX2QgZpxZYZsyKfWJd4EkrJl+0JZYvGW4vBX1c+vBdIYQZoBHlWwZQBqsi+AMA6J
# ASc3hQ==
# =QWfr
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 01 Sep 2023 16:40:39 EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-lu-20230901' of https://gitlab.com/rth7680/qemu:
  linux-user: Track shm regions with an interval tree
  linux-user: Fix shmdt
  linux-user: Use WITH_MMAP_LOCK_GUARD in target_{shmat,shmdt}
  linux-user: Move shmat and shmdt implementations to mmap.c
  linux-user: Remove ELF_START_MMAP and image_info.start_mmap
  linux-user: Emulate the Anonymous: keyword in /proc/self/smaps
  linux-user: Show heap address in /proc/pid/maps
  linux-user: Adjust brk for load_bias
  linux-user: Use walk_memory_regions for open_self_maps
  util/selfmap: Use dev_t and ino_t in MapInfo
  linux-user: Emulate /proc/cpuinfo for Alpha
  linux-user: Emulate /proc/cpuinfo on aarch64 and arm
  linux-user: Split out cpu/target_proc.h

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-aspeed-20230901' of https://github.com/legoater/qemu into staging

aspeed queue:

* Fixes for the Aspeed I2C model
* New SDK image for avocado tests
* blockdev support for flash device definition
* SD refactoring preparing ground for eMMC support

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmTxsaQACgkQUaNDx8/7
# 7KGXmg//XJNisscl/VWSBaGmH5MbQUAg/QCRalXx1V/lJ8rhE/JqwnWKuoPFd4EN
# iDlh3ufpzxPhHFc9boechuM5ytlrJxpLJoCIJ4sw/4qnO3Dy3Q6BCy1t8Ma62D1u
# oE7cAMHsriJ1uTJNHUTFo72VapTaH2XwFN9lFDuQW45d+WWAXtVJsqvRgFETNmw6
# YYnTTpH2gLTZZFEgOixhWpGLh4Ibc/l8U1VzL0ctQmC11xng0bqk3PAqU9NGzcM5
# MJmEGAxg43CnFu9NJI1nMqC/coi/8PFtrM7HprSwE3H8Jkwncs4ePVT+kZQC+VNQ
# 7EaVkksfEGHlN8XP5+eQDrQ5yT6ve+fbHTLQhwULfeyt0GlQ8h1yewvHCDWo/zw3
# XI1ZyOcNZ2yiaenSUrTPzu0LiqZEJQnzRjPCpgTi1fU08ryEMEaPtr176YDLCguQ
# cpRj4QSZHCrGl/Eo9NlkFP/2rQDKTvCcedKPkYLQtsurSiH/36Oj9YvZycNtZ574
# ortKAtru4YV/rglNX4L8JDhdI+nqvy1liifpJsiS/2KBZDpVFaP8PzGIV40HNy3G
# 8/LVTnaggZaScF3ftHhkg84uQumELS9l2dhsNCL9HqdlrNXLQrVAIR6iuQlpOKBa
# 5S/6h7ZXGOb1qNVQjYp4HCrB7X1KIJYksZ3GdUREf8ot5Ds1FhE=
# =ymmX
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 01 Sep 2023 05:40:52 EDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [unknown]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20230901' of https://github.com/legoater/qemu: (26 commits)
  hw/sd: Introduce a "sd-card" SPI variant model
  hw/sd: Add sd_cmd_SET_BLOCK_COUNT() handler
  hw/sd: Add sd_cmd_SEND_TUNING_BLOCK() handler
  hw/sd: Add sd_cmd_SEND_RELATIVE_ADDR() handler
  hw/sd: Add sd_cmd_ALL_SEND_CID() handler
  hw/sd: Add sd_cmd_SEND_OP_CMD() handler
  hw/sd: Add sd_cmd_GO_IDLE_STATE() handler
  hw/sd: Add sd_cmd_unimplemented() handler
  hw/sd: Add sd_cmd_illegal() handler
  hw/sd: Introduce sd_cmd_handler type
  hw/sd: Move proto_name to SDProto structure
  hw/sd: When card is in wrong state, log which spec version is used
  hw/sd: When card is in wrong state, log which state it is
  hw/sd/sdcard: Return ILLEGAL for CMD19/CMD23 prior SD spec v3.01
  aspeed: Get the BlockBackend of FMC0 from the flash device
  m25p80: Introduce an helper to retrieve the BlockBackend of a device
  aspeed: Create flash devices only when defaults are enabled
  hw/ssi: Check for duplicate CS indexes
  aspeed/smc: Wire CS lines at reset
  hw/ssi: Introduce a ssi_get_cs() helper
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-request-2023-08-31' of https://gitlab.com/thuth/qemu into staging

* Use precise selfmodifying code mode on s390x TCG
* Check for availablility of more devices in qtests before using them
* Some other minor qtest fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmTw5v4RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbX2DRAAo7NPNPQ2nsYDdYfKAGt8OSg1BHqh1RYH
# jvLiU5xrWQ3whmSJYw4rcSyBk4yC+lIjoXT6oBn6O40Q1r7OmrWgtrn9g//3SLHb
# Wfob5bZkmRiETDZNFFpYcpRPzElF3ZqIfwOhJ3zfmAQxqeTxpTnAuq2vI38pk3Hz
# 4pQR/j2IKZFmFt6cdYUaKi32odDK6ySKAFCKy9I8sz2hJgOXQRYBkjorDx+g+hoF
# o7DTGkA3uH2xXlLQKhbEGm5xQMlcBgTMb2XeguvRbb7g/Uc046homwm0r6rejDy5
# EgW9Kx3Y34QYZt51onqmA57MNNQboubHkSz9W2b57OX+IWA3VRncdBAxdGmubRTY
# Jb6LsBZSMdKQBXxgIP3DZjvH6MxYjA9Iy3YI7Mk+hJnDACkFVJOCPxS9acnmjYE5
# Nn935GmbYMazfci0c3zc/899hAGDNglD9Tf6ourBjl1WLQstefXhlpzkbGWqSFjF
# Tovpal+Rm6KLDFSfs6TsRp6+FF8a6C1k251Ai67adkiCYM/jKwVoiHrsUJeG0vyc
# 791x5+lixxkLUHu1qNYfEdxvaOE8guhXRt3zJIjmphio3v+RFBLbzC6lTzeZbTTv
# DpnnoFJ/tCzdLew7A1QuzuW361ywyKVE4Qp8HQfaJCOJT9aGgMdyoHlpgz0ojgJm
# fD8Vfl9GZFQ=
# =tZWg
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Aug 2023 15:16:14 EDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-08-31' of https://gitlab.com/thuth/qemu:
  meson: test for CONFIG_TCG in config_all
  subprojects/berkeley-testfloat-3: Update to fix a problem with compiler warnings
  tests/qtest/bios-tables-test: Check for virtio-iommu device before using it
  tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
  tests/qtest/usb-hcd-xhci-test: Check availability of devices before using them
  tests/tcg/s390x: Test precise self-modifying code handling
  target/s390x: Define TARGET_HAS_PRECISE_SMC

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'misc-20230831' of https://github.com/philmd/qemu into staging

Misc patches queue

Build fixes:
- Only define OS_OBJECT_USE_OBJC with gcc

Overall cleanups:
- Do not declare function prototypes using 'extern' keyword
- Remove unmaintained HAX accelerator
- Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE instead of boolean
- Avoid modifying QOM class internals from instance in pmbus_device
- Avoid variable-length array in xhci_get_port_bandwidth
- Remove unuseful kvmclock_create() stub
- Style: permit inline loop variables
- Various header cleanups
- Various spelling fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTw0oUACgkQ4+MsLN6t
# wN7nZQ/+Jyrw1TnHiKV8nS5NKtQIszMTcAbrcuV8YCk0XgwprmrLzxOsOcVOU+MN
# C9SHOhGGcu8NKho73CDrsKqye/IKm8rumMm0hcZrtqGS+3MX9RQzDBUgRgihgD9b
# 78Pmiz/91mrsV4zjXBkWLILipjDUwAL0oXh+MLfkmkTdzJMVfllF5KfF+hdOipwq
# +ECOzwEAFUtCWQk51aLGfrg9SarKC2jtRBEvd1RhwfvXAMCdGP9+pfXJQqkT7ZTK
# Hf4TuOHkzZjHumHGGcJn+P1WHM6W3ILdocG7AAl+/0Jwkx4vhR+6MENJGLxqg4pa
# VTnOpJiL/HsY8319mTswTmlxqmotEDakGjdaRm4ClWPxPksF7zQkdTspBx0/Qayu
# SPr7U5gFLPXMhCpMnrznvjCS+C/dqLYrJAczs9Ecv6KawOIwMiPRzc0SyimCV4DI
# kcpL88Vn4unoBCF7AdiDluPoY2Q41TZ6gRa7B1/nI/4j9Y+Gs/gWQxYHjMlDso+O
# sNgMJ+sqIPW9n1vhl9s6AQweBYnMRW34A5iok9MV0HyFTxNKMoCoR8Ssfk9YzT+L
# mK5a9AfgT8FrhtQXQz6ojIPFM8Q4zGcAQOMudpPiDICDAJaPuUpzL3XVwStT6Rfc
# YL0+Nb+Ja5hPh0fAhgX3BH0EsqruW+DA8rEZfIgAIXDbOC5QFIo=
# =SVsZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Aug 2023 13:48:53 EDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'misc-20230831' of https://github.com/philmd/qemu: (39 commits)
  build: Only define OS_OBJECT_USE_OBJC with gcc
  tests/tcg/aarch64: Rename bti-crt.inc.c -> bti-crt.c.inc
  ui: spelling fixes
  util: spelling fixes
  util/fifo8: Fix typo in fifo8_push_all() description
  hw/i386: Rename 'hw/kvm/clock.h' -> 'hw/i386/kvm/clock.h'
  hw/i386: Remove unuseful kvmclock_create() stub
  hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()
  hw/usb: spelling fixes
  hw/sd: spelling fixes
  hw/mips: spelling fixes
  hw/display: spelling fixes
  hw/ide: spelling fixes
  hw/i2c: spelling fixes
  hw/i2c/pmbus_device: Fix modifying QOM class internals from instance
  hw/char/pl011: Replace magic values by register field definitions
  hw/char/pl011: Remove duplicated PL011_INT_[RT]X definitions
  hw/char/pl011: Display register name in trace events
  hw/char/pl011: Restrict MemoryRegionOps implementation access sizes
  hw/char: Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

ui/gtk: fix leaks found wtih fuzzing

It is true, that there is no problem during runtime
from the first sight, because the memory is lost just
before qemu exits. Nevertheless, this change is necessary,
because AddressSanitizer is not able to recognize this
situation and produces crash-report (which is
false-positive in fact). Lots of False-Positive warnings
are davaluing problems, found with fuzzing, and thus the
whole methodology of dynamic analysis.
This patch eliminates such False-Positive reports,
and makes every problem, found with fuzzing, more valuable.

Fixes: 060ab76356 ("gtk: don't exit early in case gtk init fails")

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <20230825115818.1091936-1-frolov@swemel.ru>

ui/vdagent: Unregister input handler of mouse during finalization

Input handler resource should be released when
VDAgentChardev object finalize

Signed-off-by: Guoyi Tu <tugy@chinatelecom.cn>
Signed-off-by: dengpengcheng <dengpc12@chinatelecom.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <e7f5e172abf797d454e00a4bbe53af83e4aa4497.1692281173.git.tugy@chinatelecom.cn>

ui/vdagent: call vdagent_disconnect() when agent connection is lost

when the agent connection is lost, the input handler of the mouse
doesn't deactivate, which results in unresponsive mouse events in
VNC windows.

To fix this issue, call vdagent_disconnect() to reset the state
each time the frontend disconncect

Signed-off-by: Guoyi Tu <tugy@chinatelecom.cn>
Signed-off-by: dengpengcheng <dengpc12@chinatelecom.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <71fd5a58fd09f10cdb35f167b2edb5669300116e.1692281173.git.tugy@chinatelecom.cn>

ui/dbus: implement damage regions for GL

Currently, when using `-display dbus,gl=on` all updates to the client
become "full scanout" updates, meaning there is no way for the client to
limit damage regions to the display server.

Instead of using an "update count", this patch tracks the damage region
and propagates it to the client.

This was less of an issue when clients were using GtkGLArea for
rendering,
as you'd be doing full-surface redraw. To be efficient, the client needs
both a DMA-BUF and the damage region to be updated.

Co-authored-by: Christian Hergert <chergert@redhat.com>
Signed-off-by: Bilal Elmoussaoui <belmouss@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230814125802.102160-1-belmouss@redhat.com>

ui/dbus: Properly dispose touch/mouse dbus objects

Fixes: 142ca628a7 ("ui: add a D-Bus display backend")
Fixes: de9f844ce2 ("ui/dbus: Expose a touch device interface")

Signed-off-by: Bilal Elmoussaoui <belmouss@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230901124507.94087-1-belmouss@redhat.com>

ui/vnc-enc-tight: Avoid dynamic stack allocation

Use autofree heap allocation instead of variable-length
array on the stack.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[PMM: expanded commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230818151057.1541189-4-peter.maydell@linaro.org>

ui/vnc-enc-hextile: Use static rather than dynamic length stack array

In the send_hextile_tile_* function we create a variable length array
data[].  In fact we know that the client_pf.bytes_per_pixel is at
most 4 (enforced by set_pixel_format()), so we can make the array a
compile-time fixed length of 1536 bytes.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[ Marc-André - rename BPP to MAX_BYTES_PER_PIXEL ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230818151057.1541189-3-peter.maydell@linaro.org>

ui/spice-display: Avoid dynamic stack allocation

Use an autofree heap allocation instead of a variable-length
array on the stack in qemu_spice_create_update().

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230818151057.1541189-2-peter.maydell@linaro.org>

ui/vc: change the argument for QemuTextConsole

Those functions are specifc to text/vc console, make that explicit from
the argument type.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-45-marcandre.lureau@redhat.com>

ui/vc: do not parse VC-specific options in Spice and GTK

In commit 6f974c843c ("gtk: overwrite the console.c char driver"), I
shared the VC console parse handler with GTK. And later on in commit
d8aec9d9 ("display: add -display spice-app launching a Spice client"),
I also used it to handle spice-app VC.

This is not necessary, the VC console options (width/height/cols/rows)
are specific, and unused by tty-level GTK/Spice VC.

This is not a breaking change, as those options are still being parsed
by QAPI ChardevVC. Adjust the documentation about it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-44-marcandre.lureau@redhat.com>

ui/vc: move text console invalidate in helper

This will allow to split the VC code in a separate unit more easily.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-43-marcandre.lureau@redhat.com>

ui/console: minor stylistic changes

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-42-marcandre.lureau@redhat.com>

ui/vc: skip text console resize when possible

This function is called on invalidate, on each cursor blink.

Avoid the extra copy when the console size didn't change.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-41-marcandre.lureau@redhat.com>

ui/console: fold text_console_update_cursor_timer

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230830093843.3531473-40-marcandre.lureau@redhat.com>

ui/console: assert(surface) where appropriate

The QemuTextConsole code paths assume a surface is being used as
scanout, let's make this more explicit.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-39-marcandre.lureau@redhat.com>

ui/console: rename vga_ functions with qemu_console_

They are not specific to VGA. Let's use the object type name as prefix
instead, to avoid confusion.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230830093843.3531473-38-marcandre.lureau@redhat.com>

ui/console: use QEMU_PIXMAN_COLOR helpers

QEMU_RGB macro is actually defining a pixman color. Make this explicit
in the macro name. Move it to qemu-pixman.h so it can be used elsewhere,
as done in the following patch. Finally, define
QEMU_PIXMAN_COLOR_{BLACK,GRAY}, to avoid need to look up the VGA color
table from the QemuConsole placeholder surface rendering.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230830093843.3531473-37-marcandre.lureau@redhat.com>

ui/console: declare console types in console.h

We are going to split the console.c unit next, and implement
separately. But we need to check the underlying type in various places.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-36-marcandre.lureau@redhat.com>

ui/vc: use common text console surface creation

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-35-marcandre.lureau@redhat.com>

ui/console: remove need for g_width/g_height

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-34-marcandre.lureau@redhat.com>

ui/console: simplify getting active_console size

We can get the active console dimension regardless of its kind, by
simply giving NULL as argument. It will fallback with the given value
when the dimensions aren't known.

This will also allow to move the code in a separate unit more easily.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-33-marcandre.lureau@redhat.com>

ui/vc: move some text console initialization to qom handlers

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-32-marcandre.lureau@redhat.com>

ui/vc: fold text_console_do_init() in vc_chr_open()

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230830093843.3531473-31-marcandre.lureau@redhat.com>

ui/console: move graphic fields to QemuGraphicConsole

Move fields specific to graphic console to the console subclass.

qemu_console_get_head() is adapated to accomodate QemuTextConsole, and
always returns 0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-30-marcandre.lureau@redhat.com>

ui/vc: move text fields to QemuTextConsole

Now we can instantiate the specific console with its own fields. Pass
the most appropriate type to the various functions, and cast up to
QEMU_CONSOLE as necessary.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-29-marcandre.lureau@redhat.com>

ui/console: free more QemuConsole resources

This code path is probably not executed at this point, since console
aren't being released.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-28-marcandre.lureau@redhat.com>

ui/vc: move cursor_timer initialization to QemuTextConsole class

The timer is only relevant when a text console exists.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-27-marcandre.lureau@redhat.com>

ui/console: allocate ui_timer in QemuConsole

Although at this point only QemuGraphicConsole have hw_ops that
implements ui_info() callback, it makes sense to keep the code in the
base QemuConsole, to simplify conditions for the caller.

As of now, the code didn't reach a NULL timer because dpy_set_ui_info()
checks if dpy_ui_info_supported() (hw_ops->ui_info != NULL), which is
false for text_console_ops. This is a bit fragile, let simply allocate
and free the timer in the base class.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-26-marcandre.lureau@redhat.com>

ui/console: update the head from unused QemuConsole

When recycling unused QemuConsole, we should still set the associated
head number for correct information and lookups.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-25-marcandre.lureau@redhat.com>

ui/console: specialize console_lookup_unused()

graphics_console_init() is expected to return a graphic console.

The function doesn't need to be exported.

We are going to specialize further QemuGraphicConsole & QemuTextConsole.
The two will not be interchangeable anymore.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-24-marcandre.lureau@redhat.com>

ui/console: remove new_console()

The constructor helper isn't of much used now.

"head" is only specified for graphic console (and default to 0), and we
are going to move it to QemuGraphicConsole next.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-23-marcandre.lureau@redhat.com>

ui/console: register the console from qemu_console_init()

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-22-marcandre.lureau@redhat.com>

ui/console: instantiate a specific console type

This will allow to move code/data to the specific console types.

Replace console_type_t with object type check.

QemuConsole can be abstract.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-21-marcandre.lureau@redhat.com>

ui/console: introduce different console objects

Boilerplate code to introduce different object types for the different
console types.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-20-marcandre.lureau@redhat.com>

ui/console: change new_console() to use object initialization

Object construction should be done in respective object instance and
class handlers.

Introduce qemu_console_register() to split out the registration logic.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-19-marcandre.lureau@redhat.com>

ui/console: use OBJECT_DEFINE_TYPE for QemuConsole

The following patch will move some object initialization to the
corresponding handlers.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-18-marcandre.lureau@redhat.com>

ui/vc: move VCCharDev specific fields out of QemuConsole

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-17-marcandre.lureau@redhat.com>

ui/vc: pass VCCharDev to VC-specific functions

Even though they actually use more of QemuConsole at this point, it
makes it clearer those functions are only used from the chardev
implementation.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-16-marcandre.lureau@redhat.com>

ui/vc: fold text_update_xy()

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-15-marcandre.lureau@redhat.com>

ui/vc: replace variable with static text attributes default

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-14-marcandre.lureau@redhat.com>

ui/vc: move VCChardev declaration at the top

To allow easier refactoring in following patches.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-13-marcandre.lureau@redhat.com>

ui/vc: VC always has a DisplayState now

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-12-marcandre.lureau@redhat.com>

ui/console: new_console() cannot fail

There is no code path that could allow a NULL return there.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-11-marcandre.lureau@redhat.com>

ui/console: get the DisplayState from new_console()

There is no obvious reason to defer text console initialization. We can
simply take the global display state in new_console().

This simplify somewhat the code to allow moving the VC to a separate unit.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-10-marcandre.lureau@redhat.com>

linux-user: Track shm regions with an interval tree

Remove the fixed size shm_regions[] array.
Remove references when other mappings completely remove
or replace a region.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Fix shmdt

If the shm region is not mapped at shmaddr, EINVAL.
Do not unmap the region until the syscall succeeds.
Use mmap_reserve_or_unmap to preserve reserved_va semantics.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Use WITH_MMAP_LOCK_GUARD in target_{shmat,shmdt}

Move the CF_PARALLEL setting outside of the mmap lock.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Move shmat and shmdt implementations to mmap.c

Rename from do_* to target_*. Fix some minor checkpatch errors.

Tested-by: Helge Deller <deller@gmx.de>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Remove ELF_START_MMAP and image_info.start_mmap

The start_mmap value is write-only.
Remove the field and the defines that populated it.
Logically, this has been replaced by task_unmapped_base.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Emulate the Anonymous: keyword in /proc/self/smaps

Core dumps produced by gdb's gcore when connected to qemu's gdbstub
lack stack. The reason is that gdb includes only anonymous memory in
core dumps, which is distinguished by a non-0 Anonymous: value.

Consider the mappings with PAGE_ANON fully anonymous, and the mappings
without it fully non-anonymous.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
[rth: Update for open_self_maps_* rewrite]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Show heap address in /proc/pid/maps

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Adjust brk for load_bias

PIE executables are usually linked at offset 0 and are
relocated somewhere during load. The hiaddr needs to
be adjusted to keep the brk next to the executable.

Cc: qemu-stable@nongnu.org
Fixes: 1f356e8c013 ("linux-user: Adjust initial brk when interpreter is close to executable")
Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Use walk_memory_regions for open_self_maps

Replace the by-hand method of region identification with
the official user-exec interface. Cross-check the region
provided to the callback with the interval tree from
read_self_maps().

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

util/selfmap: Use dev_t and ino_t in MapInfo

Use dev_t instead of a string, and ino_t instead of uint64_t.
The latter is likely to be identical on modern systems but is
more type-correct for usage.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Emulate /proc/cpuinfo for Alpha

Add emulation for /proc/cpuinfo for the alpha architecture.

alpha output example:

(alpha-chroot)root@p100:/# cat /proc/cpuinfo
cpu                     : Alpha
cpu model               : ev67
cpu variation           : 0
cpu revision            : 0
cpu serial number       : JA00000000
system type             : QEMU
system variation        : QEMU_v8.0.92
system revision         : 0
system serial number    : AY00000000
cycle frequency [Hz]    : 250000000
timer frequency [Hz]    : 250.00
page size [bytes]       : 8192
phys. address bits      : 44
max. addr. space #      : 255
BogoMIPS                : 2500.00
platform string         : AlphaServer QEMU user-mode VM
cpus detected           : 8
cpus active             : 4
cpu active mask         : 0000000000000095
L1 Icache               : n/a
L1 Dcache               : n/a
L2 cache                : n/a
L3 cache                : n/a

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230803214450.647040-4-deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Emulate /proc/cpuinfo on aarch64 and arm

Add emulation for /proc/cpuinfo for arm architecture.
The output below mimics output as seen on debian porterboxes.

aarch64 output example:

processor       : 0
model name      : ARMv8 Processor rev 0 (v8l)
BogoMIPS        : 100.00
Features        : swp half thumb fast_mult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae aes pmull sha1 sha2 crc32
CPU implementer : 0x41
CPU architecture: 8
CPU variant     : 0x1
CPU part        : 0xd07
CPU revision    : 0

arm 32-bit output example:

processor : 0
model name : ARMv7 Processor rev 5 (armv7l)
BogoMIPS : 100.00
Features : swp half thumb fast_mult vfp edsp thumbee neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0f
CPU part : 0xc07
CPU revision : 5

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230803214450.647040-3-deller@gmx.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Split out cpu/target_proc.h

Move the various open_cpuinfo functions into new files.
Move the m68k open_hardware function as well.
All other guest architectures get a boilerplate empty file.

Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

ui/console: drop have_gfx

All usages have been removed.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-9-marcandre.lureau@redhat.com>

ui/console: call dpy_gfx_update() regardless of have_gfx

The function will handle the case when no listeners are gfx, without
extra meaningful cost.

This allows to get rid of DisplayState dependency in VC implementation.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-8-marcandre.lureau@redhat.com>

ui/console: console_select() regardless of have_gfx

Even if we don't have a gfx listener, we should call
displaychangelistener_display_console() which handle that case correctly.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-7-marcandre.lureau@redhat.com>

ui/vc: drop have_text

If there are no "text" listener, the callback will simply be ignored.
The rest of text handling can be done cheaply.

This allows to remove some dependency on DisplayState from VC
implementation.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-6-marcandre.lureau@redhat.com>

ui/vc: replace vc_chr_write() with generic qemu_chr_write()

We shouldn't call the callback directly, but use the chardev API, unless
there is a clear reason.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230830093843.3531473-5-marcandre.lureau@redhat.com>

ui/qmp: move screendump to ui-qmp-cmds.c

console.c unit is over-crowded. This code is specific to the handling of
the QMP screendump command, so move it in ui-qmp-cmds.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-4-marcandre.lureau@redhat.com>

ui: remove qemu_pixman_linebuf_copy()

Since commit 43c7d8bd449 ("console: add qemu_pixman_linebuf_copy"), it
seems it was never used.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230830093843.3531473-3-marcandre.lureau@redhat.com>

ui: remove qemu_pixman_color() helper

Usage removed in commit e27bd65a72d ("console: switch color_table_rgb to pixman_color_t")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230830093843.3531473-2-marcandre.lureau@redhat.com>

hw/sd: Introduce a "sd-card" SPI variant model

and replace the SDState::spi attribute with a test checking the
SDProto array of commands.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_SET_BLOCK_COUNT() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_SEND_TUNING_BLOCK() handler

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_SEND_RELATIVE_ADDR() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-11-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_ALL_SEND_CID() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-10-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_SEND_OP_CMD() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[ clg: Update cmd_abbrev ]
Message-Id: <20210624142209.1193073-9-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_GO_IDLE_STATE() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-8-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_unimplemented() handler

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[ clg: Fix redundant assignment of .cmd ]
Message-Id: <20210624142209.1193073-7-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Add sd_cmd_illegal() handler

Log illegal commands as GUEST_ERROR.

Note: we are logging back the SDIO commands (CMD5, CMD52-54).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-6-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Introduce sd_cmd_handler type

Add 2 command handler arrays in SDProto, for CMD and ACMD.
Have sd_normal_command() / sd_app_command() use these arrays:
if an command handler is registered, call it, otherwise fall
back to current code base.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-5-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: Move proto_name to SDProto structure

Introduce a new structure to hold the bus protocol specific
fields: SDProto. The first field is the protocol name.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-4-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: When card is in wrong state, log which spec version is used

Add the sd_version_str() helper.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd: When card is in wrong state, log which state it is

We report the card is in an inconsistent state, but don't precise
in which state it is. Add this information, as it is useful when
debugging problems.

Since we will reuse this code, extract as sd_invalid_state_for_cmd()
helper.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210624142209.1193073-2-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/sd/sdcard: Return ILLEGAL for CMD19/CMD23 prior SD spec v3.01

CMD19 (SEND_TUNING_BLOCK) and CMD23 (SET_BLOCK_COUNT) were
added in the Physical Layer Simplified Specification v3.01.
When earlier spec version is requested, we should return ILLEGAL.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220509141320.98374-1-philippe.mathieu.daude@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

aspeed: Get the BlockBackend of FMC0 from the flash device

and get rid of an unnecessary drive_get(IF_MTD) call.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

m25p80: Introduce an helper to retrieve the BlockBackend of a device

It will help in getting rid of some drive_get(IF_MTD) calls by
retrieving the BlockBackend directly from the m25p80 device.

Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

aspeed: Create flash devices only when defaults are enabled

When the -nodefaults option is set, flash devices should be created
with :

-blockdev node-name=fmc0,driver=file,filename=./flash.img \
-device mx66u51235f,cs=0x0,bus=ssi.0,drive=fmc0 \

To be noted that in this case, the ROM will not be installed and the
initial boot sequence (U-Boot loading) will fetch instructions using
SPI transactions which is significantly slower. That's exactly how HW
operates though.

Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ssi: Check for duplicate CS indexes

This to avoid indexes conflicts on the same SSI bus. Adapt machines
using multiple devices on the same bus to avoid breakage.

Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

aspeed/smc: Wire CS lines at reset

Currently, a set of default flash devices is created at machine init
and drives defined on the QEMU command line are associated to the FMC
and SPI controllers in sequence :

   -drive file<file>,format=raw,if=mtd
   -drive file<file1>,format=raw,if=mtd

The CS lines are wired in the same creation loop. This makes a strong
assumption on the ordering and is not very flexible since only a
limited set of flash devices can be defined : 1 FMC + 1 or 2 SPI,
which is less than what the SoC really supports.

A better alternative would be to define the flash devices on the
command line using a blockdev attached to a CS line of a SSI bus :

    -blockdev node-name=fmc0,driver=file,filename=./flash.img
    -device mx66u51235f,cs=0x0,bus=ssi.0,drive=fmc0

However, user created flash devices are not correctly wired to their
SPI controller and consequently can not be used by the machine. Fix
that and wire the CS lines of all available devices when the SSI bus
is reset.

Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ssi: Introduce a ssi_get_cs() helper

Simple routine to retrieve a DeviceState object on a SPI bus using its
CS index. It will be useful for the board to wire the CS lines.

Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/ssi: Add a "cs" property to SSIPeripheral

Boards will use this new property to identify the device CS line and
wire the SPI controllers accordingly.

Cc: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

tests/avocado/machine_aspeed.py: Update SDK images

Switch to the latest v8.06 release which introduces interesting
changes for the AST2600 I2C and I3C models. Also take the AST2600 A2
images instead of the default since QEMU tries to model The AST2600 A3
SoC.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/i2c/aspeed: Add support for buffer organization

Added support for the buffer organization option in pool buffer control
register.when set to 1,The buffer is split into two parts: Lower 16 bytes
for Tx and higher 16 bytes for Rx.

Signed-off-by: Hang Yu <francis_yuu@stu.pku.edu.cn>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[ clg: checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/i2c/aspeed: Fix TXBUF transmission start position error

According to the ast2600 datasheet and the linux aspeed i2c driver,
the TXBUF transmission start position should be TXBUF[0] instead
of TXBUF[1],so the arg pool_start is useless,and the address is not
included in TXBUF.So even if Tx Count equals zero,there is at least
1 byte data needs to be transmitted,and M_TX_CMD should not be cleared
at this condition.The driver url is:
https://github.com/AspeedTech-BMC/linux/blob/aspeed-master-v5.15/drivers/i2c/busses/i2c-ast2600.c

Signed-off-by: Hang Yu <francis_yuu@stu.pku.edu.cn>
Fixes: 6054fc73e8f4 ("aspeed/i2c: Add support for pool buffer transfers")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

hw/i2c/aspeed: Fix Tx count and Rx size error in buffer pool mode

Fixed inconsistency between the regisiter bit field definition header file
and the ast2600 datasheet. The reg name is I2CD1C:Pool Buffer Control
Register in old register mode and I2CC0C: Master/Slave Pool Buffer Control
Register in new register mode. They share bit field
[12:8]:Transmit Data Byte Count and bit field
[29:24]:Actual Received Pool Buffer Size according to the datasheet.
According to the ast2600 datasheet,the actual Tx count is
Transmit Data Byte Count plus 1, and the max Rx size is
Receive Pool Buffer Size plus 1, both in Pool Buffer Control Register.
The version before forgot to plus 1, and mistake Rx count for Rx size.

Signed-off-by: Hang Yu <francis_yuu@stu.pku.edu.cn>
Fixes: 3be3d6ccf2ad ("aspeed: i2c: Migrate to registerfields API")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

aspeed: Introduce helper for 32-bit hosts limitation

On 32-bit hosts, RAM has a 2047 MB limit. Use a macro to define the
default ram size of machines (AST2600 SoC) that can have 2 GB.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>

build: Only define OS_OBJECT_USE_OBJC with gcc

Recent versions of macOS use clang instead of gcc. The OS_OBJECT_USE_OBJC
define is only necessary when building with gcc. Let's not define it when
building with clang.

With this patch, I can successfully include GCD headers in QEMU when
building with clang.

Signed-off-by: Alexander Graf <graf@amazon.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20230830161425.91946-2-graf@amazon.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>