Make all the callers of get_phys_addr() pass it the correct
mmu_idx rather than just a simple "is_user" flag. This includes
properly decoding the AT/ATS system instructions; we include the
logic for handling all the opc1/opc2 cases because we'll need
them later for supporting EL2/EL3, even if we don't have the
regdef stanzas yet.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Instead of simply reusing ats_write() as the handler for both AArch32
and AArch64 address translation operations, use a different function
for each with the common code in a third function. This is necessary
because the semantics for selecting the right translation regime are
different; we are only getting away with sharing currently because
we don't support EL2 and only support EL3 in AArch32.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
target-arm doesn't use any of the MMU-mode specific cpu ldst
accessor functions. Suppress their generation by not defining
any of the MMU_MODE*_SUFFIX macros. ("user" and "kernel" are
too simplistic as descriptions of indexes 0 and 1 anyway.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
The MMU index to use for unprivileged loads and stores is more
complicated than we currently implement:
* for A64, it should be "if at EL1, access as if EL0; otherwise
access at current EL"
* for A32/T32, it should be "if EL2, UNPREDICTABLE; otherwise
access as if at EL0".
In both cases, if we want to make the access for Secure EL0
this is not the same mmu_idx as for Non-Secure EL0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
We currently claim that for ARM the mmu_idx should simply be the current
exception level. However this isn't actually correct -- secure EL0 and EL1
should have separate indexes from non-secure EL0 and EL1 since their
VA->PA mappings may differ. We also will want an index for stage 2
translations when we properly support EL2.
Define and document all seven mmu index values that we require, and
pass the mmu index in the TB flags rather than exception level or
priv/user bit.
This change doesn't update the get_phys_addr() code, so our page
table walking still assumes a simplistic "user or priv?" model for
the moment.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
---
This leaves some odd gaps in the TB flags usage. I will circle
back and clean this up later (including moving the other common
flags like the singlestep ones to the top of the flags word),
but I didn't want to bloat this patchseries further.
The LDT/STT (load/store unprivileged) instruction decode was using
the wrong MMU index value. This meant that instead of these insns
being "always access as if user-mode regardless of current privilege"
they were "always access as if kernel-mode regardless of current
privilege". This went unnoticed because AArch64 Linux doesn't use
these instructions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
I'm not counting this as a security issue because I'm assuming
nobody treats TCG guests as a security boundary (certainly I
would not recommend doing so...)
Although M profile doesn't have the same concept of exception level
as A profile, it does have a notion of privileged versus not, which
we currently track in the privmode TB flag. Support returning this
information if arm_current_el() is called on an M profile core, so
that we can identify the correct MMU index to use (and put the MMU
index in the TB flags) without having to special-case M profile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Support guest CPUs which need 7 MMU index values.
Add a comment about what would be required to raise the limit
further (trivial for 8, TCG backend rework for 9 or more).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:
tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.
This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.
To reproduce issue run the following program
int main(void) {
asm volatile (".long 0x07c00c12" :: );
return 0;
}
compiled with
gcc -marm -static badop_arm.c -o badop_arm
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The helper functions for FRECPS and FRSQRTS have special case
handling that includes checks for zero inputs, so squash input
denormals if necessary before those checks. This fixes incorrect
output when the FPCR DZ bit is set to enable squashing of input
denormals.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
While FMULX returns a 2.0f float when two operators are infinity and
zero, those operators should be unpacked from raw inputs first. Inconsistent
cases would occur when operators are denormalized floats in flush-to-zero
mode. A wrong codepath will be entered and 2.0f will not be returned
without this patch.
Fix by checking whether inputs need to be flushed before running into
different codepaths.
Signed-off-by: Xiangyu Hu <libhu.so@gmail.com>
Message-id: 1422459650-12490-1-git-send-email-libhu.so@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422282372-13735-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
some other register, and that other register is the one
responsible for migrating the state
2) register is not actually state at all (for instance the TLB
or cache maintenance operation "registers") and it makes no
sense to attempt to migrate it or otherwise access the raw state
This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)
Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1422282372-13735-2-git-send-email-peter.maydell@linaro.org
[PMM: changed ARM_CP_NO_MIGRATE to ARM_CP_ALIAS on new SP_EL1 and
SP_EL2 reginfo stanzas since there was a (semantic) merge conflict
with the patchset that added those]
Update to arm_cpu_reset() to reset into the highest available exception level
based on the set ARM features.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-4-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Added RVBAR_EL2 and RVBAR_EL3 CP register support. All RVBAR_EL# registers
point to the same location and only the highest EL version exists at any one
time.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-3-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix the RVBAR_EL1 CP register opc2 encoding from 2 to 1
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422029835-4696-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.
Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a0b0fcc778df0340899f488053acc9493679e03.1422077994.git.alistair23@gmail.com
[PMM: removed stale FIXME comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function
Signed-off-by: Alistair Francis <alistair23@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 4836be7e1d708554d6eb0bc639dc2fbf7dac0458.1422077994.git.alistair23@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jason Wang will be co-maintaining the QEMU net subsystem with me. He
has contributed improvements and reviewed patches over the past years as
part of working on virtio-net and virtualized networking.
Jason has already been backing me up with patch reviews. For the time
being I will continue to submit pull requests.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Commit d8d9581460 added explicit object_unparent() calls for
dynamically allocated MemoryRegions. The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table. This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # 2.2
This patch fixes the bug with borrow_in being set incorrectly, but it
also simplifies the logic to be much more plain, improving speed. It
fixes both the 32-bit SLB* and 64-bit SLBG*.
The SLBG* change has been well-tested. I haven't tested the SLB* change
explicitly, but the code was copy-pasted from the tested code.
The error of these functions' current implementations would not likely
be triggered by compiler-generated code, since the only error was in the
state of the carry/borrow flag. Compilers rarely generate an
instruction sequence such as carry-set -> carry-set-and-use ->
carry-use.
(With Paolo's fix and mine, there are still a couple of failures from
GMP's testsuite, but they are almost surely due to incorrect code
generation from gcc 4.9. But since this gcc is running under qemu, it
might be qemu bugs. I intend to investigate this.)
Signed-off-by: Torbjorn Granlund <torbjorng@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This is needed to run the GMP testsuite.
Reported-by: Torbjorn Granlund <torbjorng@google.com>
Tested-by: Torbjorn Granlund <torbjorng@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The variables s390_opformats and s390_num_opformats are unused and
provoke clang warnings:
disas/s390.c:849:33: warning: variable 's390_opformats' is not needed and will not be emitted [-Wunneeded-internal-declaration]
static const struct s390_opcode s390_opformats[] =
^
disas/s390.c:875:18: warning: unused variable 's390_num_opformats' [-Wunused-const-variable]
static const int s390_num_opformats =
^
Delete them, since QEMU doesn't use them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
The function check_privileged() is only used in the softmmu configs;
wrap it in an #ifndef CONFIG_USER_ONLY to avoid clang warnings on the
linux-user builds.
[rth: Remove inline marker too; it was only there to prevent exactly
this warning in GCC.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
The implementation had been incomplete, as we did not store the
machine type. Note that the machine_type member is still unset
during initialization, so this has no effect yet.
Signed-off-by: Richard Henderson <rth@twiddle.net>
in old code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJU0MaQAAoJEN7Pa5PG8C+vS58P/ApghtO/fn1Iev7lzrZe3SkK
+hz/iOS8lKwoztwaD/qEQBXapKdNCZc5U0j+f0SYVB/aeJfhkSNkv61e+0XwxMK3
0LFwXVvHwauUC1m//rRLlGSyhAfFDRyAOSKZPPggJn4ZvsQFUAY6Ap7EThjzlvQk
u4bil9wzeonlPGYaVrmCq7FSBuCXwH0ZMMS4wf+/x6gq8kMvhn0Lvl4dvEfDNRd3
C33V/HiNQHdqr5qr3LIIhxriDR8jDCh7jZgAqStxBqAAq0qeo1OAe6oh+ccTWTCz
rVbQu3UZJt0a+4EarS3te+BpWg8ZzM4tuOGwunhKpkJMuoC0aT2stpPQB8uPzZav
0OASRN5J8aClzlQYCLlixIED3KFY4q4b643r+CGnUczPNhL/C0lj/5ly862RnmoP
HORFxWamCWy1IKiIWiZpr39ubEb853XaaR6MsC6IVozK9q0i4oqifKoiBRyHe02c
FEyXUJjImS8HV9UoYiIOsWMeZigmdp+9Q7gjl/oPNoUXmLH4Z5YFCAo01uhNOdYd
Z/5FosrVedC1bvLCrVMLxB+mk/15K4MAXYW1l4g0W/iN+0RA1tdVlxP7FoaLNMyE
5ZcB3BGIwjiuSNwMMgvkbmcNtkfoR02qHqm8Xotyjn2hJVopZQpaikpi2gkfD7mD
MF3dPHqfM6lg3gj662t6
=gJ0f
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150203' into staging
Some bugfixes and cleanups for s390x, both in the new pci code and
in old code.
# gpg: Signature made Tue 03 Feb 2015 13:01:04 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150203:
pc-bios/s390-ccw: update binary
pc-bios/s390-ccw: fix sparse warnings
s390x/ipl: Improved code indentation in s390_ipl_init()
s390x/kvm: unknown DIAGNOSE code should give a specification exception
s390x/kvm: Fix diag-308 register decoding
s390x/pci: fix dma notifications in rpcit instruction
s390x/pci: check for invalid function handle
s390x/pci: avoid sign extension in stpcifc
s390: Plug memory leak on s390_pci_generate_event() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix some sparse warnings in the s390-ccw bios.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The indentation of the code in s390_ipl_init() can be simplified
a little bit by removing superfluous else-statements.
Suggested-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
As described in CP programming services an unimplemented DIAGNOSE
function should return a specification exception. Today we give the
guest an operation exception.
As both exception types are suppressing and Linux as a guest does not
care about the type of program check in its exception table handler
as long as both types have the same kind of error handling (nullifying,
terminating, suppressing etc.) this was unnoticed.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Fix the decoding of the r1 register number in the diagnose 308 handler.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The virtual I/O address range passed to rpcit instruction might not
map to consecutive physical guest pages. For this we have to translate
and create mapping notifications for each vioa page separately.
Signed-off-by: Yi Min Zhao <zyimin@cn.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This patch avoids sign extension and fixes a data conversion
bug in stpcifc. Both issues where found by Coverity.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
v1->v2 changes are the new qemu-thread patch to fix Mac OS X,
and cleaning up warnings.
v2->v3 removed the patch to enable modules by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUz8/DAAoJEL/70l94x66DY68IAJHOKtBunMsX8fnMuqAXI6rO
rN61r580tq5T3SQpAcVxjIRct1ujVLA9mzBhXSdyZj++ikR5aWXsSywU3hbNPyqk
D6fDi5yOsR7eOCp+WFchd0usd1ZgYVgIcPvlI8iErOew63ImuzeExiDAgPmwIeki
D687uHG75qE3l65i2/mUv2+NXuKbuVnqPRu0B4eOj7SaaGJ3g+8bpA8AbgHR8/xW
Z6pI5sViciQRCRAXh8j6YvAQm7lfel/azjX2qxtkLV74QugcbbKWwPx5NZGlgaNc
xJ1EVmy3F0R5MrrICL1+KrZnpbZqeWX4K/97oBN5tgA59FdOeFe2xTGfciWqSZw=
=yzvB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
The important bits here are the first part of RCU.
v1->v2 changes are the new qemu-thread patch to fix Mac OS X,
and cleaning up warnings.
v2->v3 removed the patch to enable modules by default.
# gpg: Signature made Mon 02 Feb 2015 19:28:03 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
scsi: Fix scsi_req_cancel_async for no aiocb req
cpu-exec: simplify init_delay_params
cpu-exec: simplify align_clocks
memory: avoid ref/unref in memory_region_find
memory: protect current_map by RCU
memory: remove assertion on memory_region_destroy
rcu: add call_rcu
rcu: allow nesting of rcu_read_lock/rcu_read_unlock
rcu: add rcutorture
rcu: add rcu library
qemu-thread: fix qemu_event without futexes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
scsi_req_cancel_complete is responsible for releasing the request, so we
shouldn't skip it in any case. This doesn't affect the only existing
caller, virtio-scsi, but is useful for other devices once they use it.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With the introduction of QEMU_CLOCK_VIRTUAL_RT, the computation of
sc->diff_clk can be simplified nicely:
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
cpu_get_clock_offset()
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - cpu_get_clock_offset())
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + timers_state.cpu_clock_offset)
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL_RT)
Cc: Sebastian Tanase <sebastian.tanase@openwide.fr>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
sc->diff_clk is already equal to sleep_delay (split in a second and a
nanosecond part). If you subtract sleep_delay - rem_delay, the result
is exactly rem_delay.
Cc: Sebastian Tanase <sebastian.tanase@openwide.fr>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
