- 10 1月, 2018 8 次提交
-
-
由 Max Filippov 提交于
Add disas/xtensa.c and use libisa for instruction decoding/opcode name lookup. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
const16 is an opcode that shifts 16 lower bits of an address register to the 16 upper bits and puts its immediate operand into the lower 16 bits. It is not controlled by an Xtensa option and doesn't have a fixed opcode. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
GPIO32 is not in the core ISA, but it was widely used in Diamond Cores. This implementation doesn't do actual I/O and doesn't handle the case of GPIO32 state being a part of coprocessor. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
SALT/SALTU are recent additions to the core Xtensa ISA that do signed/unsigned setcond. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Add two special registers: MMID and DDR: - MMID is write-only and the only side effect of writing to it is output to the trace port, which is not emulated; - DDR is only accessible in debug mode, which is not emulated. Add two debug-mode-only opcodes: - rfdd and rfdo do return from the debug mode, which is not emulated. Add three internal opcodes for full MMU: - hwwdtlba and hwwitlba are the internal opcodes that write a value into autoupdate DTLB or ITLB entry. - ldpte is internal opcode that loads PTE entry that covers the most recent page fault address. None of these three opcodes may appear in a valid instruction. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
It doesn't help much, always-set bit 0 of the LITBASE SR is easy to compensate with decrement of the l32r immediate argument. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
memctl SR is not available on dc232b, as it was introduced in more recent hardware release. Now that this information is available through the libisa the test fails. Fix the test. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Replace manual opcode analysis with libisa-based code. This makes it possible to support variable-encoding instructions of the core ISA, like const16, and will allow to support advanced Xtensa features, like FLIX and TIE. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
- 19 12月, 2017 8 次提交
-
-
由 Max Filippov 提交于
Autogenerated xtensa-modules.c is added by the import_core.sh script. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Autogenerated xtensa-modules.c is added by the import_core.sh script. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Autogenerated xtensa-modules.c is added by the import_core.sh script. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Extract xtensa-modules.c from the overlay, fix up known issues, include it into the core-$NAME.c. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
FPU2000 implements basic single-precision floating point operations and can be replaced with a different implementation, like DFPU or HiFi. Move FPU2000 opcode translators into separate functions and list them in a separate array. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Move implementations of core opcodes into separate translation functions. Introduce data structures for mapping opcode name to translator function. Make an array of core opcode/translator structures. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
The canonical way of dealing with Xtensa instructions decoding and encoding is through the libisa. Libisa is a configuration-independent library with a stable interface plus generated configuration-specific xtensa-modules.c file with implementations of decoding and encoding functions. Libisa is MIT-licensed and originally disributed xtensa-modules.c files are also MIT-licensed and are available as a part of xtensa configuration overlay. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
由 Max Filippov 提交于
Currently 'entry' opcode helper accepts frame size divided by 8, as it is encoded in the opcode. Make it more natural and accept actual frame size instead. Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
-
- 13 12月, 2017 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 12月, 2017 2 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
The refactoring of commit 296e5a0a has a nasty bug: it accidentally dropped the generation of code to raise the UNDEF exception when disas_thumb2_insn() returns nonzero. This means that 32-bit Thumb2 instruction patterns that ought to UNDEF just act like nops instead. This is likely to break any number of things, including the kernel's "disable the FPU and use the UNDEF exception to identify when to turn it back on again" trick. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1513006964-3371-1-git-send-email-peter.maydell@linaro.org Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
-
- 06 12月, 2017 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 05 12月, 2017 5 次提交
-
-
由 Eric Farman 提交于
Commit 5c0919d0 ("virtio-scsi: Add virtqueue_size parameter allowing virtqueue size to be set.") introduced a new parameter to virtio-scsi. Later, commit 92003610 ("vhost-user-scsi: add missing virtqueue_size param") added that parameter to the new vhost-user-scsi interface but neglected the existing vhost-scsi interface it was built on. Apply the same change to vhost-scsi, so that we can boot a guest with a device defined. This also avoids crashing a guest when hotplugging a vhost-scsi device. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com> Message-id: 20171201151538.6844-2-farman@linux.vnet.ibm.com Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
ppc patch queue 2017-12-05 Alas, this is yet another fix for ppc that I think it's worth squeezing into 2.11. It's a really ugly fix for some pretty ugly code, but it does seem to address a real problem. It's also a problem that's appeared relatively recently, since it was either created by, or made much easier to trigger by, by the merge of MTTCG. # gpg: Signature made Tue 05 Dec 2017 05:24:04 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.11-20171205: target/ppc: Fix system lockups caused by interrupt_request state corruption Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Richard Purdie 提交于
Occasionally in Linux guests on x86_64 we're seeing logs like: ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000004 when they should read: ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000002 The "00000004" is CPU_INTERRUPT_EXITTB yet the code calls cpu_interrupt(cs, CPU_INTERRUPT_HARD) ("00000002") in this function just before the log message. Something is causing the HARD bit setting to get lost. The knock on effect of losing that bit is the decrementer timer interrupts don't get delivered which causes the guest to sit idle in its idle handler and 'hang'. The issue occurs due to races from code which sets CPU_INTERRUPT_EXITTB. Rather than poking directly into cs->interrupt_request, that code needs to: a) hold BQL b) use the cpu_interrupt() helper This patch fixes the call sites to do this, fixing the hang. The calls are made from a variety of contexts so a helper function is added to handle the necessary locking. This can likely be improved and optimised in the future but it ensures the code is correct and doesn't lockup as it stands today. Signed-off-by: NRichard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Peter Maydell 提交于
Block layer patches for 2.11.0-rc4 # gpg: Signature made Mon 04 Dec 2017 16:46:07 GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: blockjob: Make block_job_pause_all() keep a reference to the jobs Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Alberto Garcia 提交于
Starting from commit 40840e41 we are pausing all block jobs during bdrv_reopen_multiple() to prevent any of them from finishing and removing nodes from the graph while they are being reopened. It turns out that pausing a block job doesn't necessarily prevent it from finishing: a paused block job can still run its exit function from the main loop and call block_job_completed(). The mirror block job in particular always goes to the main loop while it is paused (by virtue of the bdrv_drained_begin() call in mirror_run()). Destroying a paused block job during bdrv_reopen_multiple() has two consequences: 1) The references to the nodes involved in the job are released, possibly destroying some of them. If those nodes were in the reopen queue this would trigger the problem originally described in commit 40840e41, crashing QEMU. 2) At the end of bdrv_reopen_multiple(), bdrv_drain_all_end() would not be doing all necessary bdrv_parent_drained_end() calls. I can reproduce problem 1) easily with iotest 030 by increasing STREAM_BUFFER_SIZE from 512KB to 8MB in block/stream.c, or by tweaking the iotest like in this example: https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00934.html This patch keeps an additional reference to all block jobs between block_job_pause_all() and block_job_resume_all(), guaranteeing that they are kept alive. Signed-off-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 04 12月, 2017 3 次提交
-
-
由 Peter Maydell 提交于
pc, pci, virtio: fixes for rc3 A bunch of fixes all over the place. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> # gpg: Signature made Fri 01 Dec 2017 17:06:33 GMT # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: pc: fix crash on attempted cpu unplug virtio: check VirtQueue Vring object is set vhost: fix error check in vhost_verify_ring_mappings() dump-guest-memory.py: fix No symbol "vmcoreinfo_find" vhost: restore avail index from vring used index on disconnection virtio: Add queue interface to restore avail index from vring used index i386/msi: Correct mask of destination ID in MSI address Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
ppc patch queue 2017-12-04 We are, alas, not yet to the bottom of ppc bugs. This pull request fixes several more. I believe they're important enough to include in 2.11. despite the late date. # gpg: Signature made Mon 04 Dec 2017 03:40:56 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.11-20171204: spapr: Include "pre-plugged" DIMMS in ram size calculation at reset target-ppc: Don't invalidate non-supported msr bits pseries: fix TCG migration Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 David Gibson 提交于
At guest reset time, we allocate a hash page table (HPT) for the guest based on the guest's RAM size. If dynamic HPT resizing is not available we use the maximum RAM size, if it is we use the current RAM size. But the "current RAM size" calculation is incorrect - we just use the "base" ram_size from the machine structure. This doesn't include any pluggable DIMMs that are already plugged at reset time. This means that if you try to start a 'pseries' machine with a DIMM specified on the command line that's much larger than the "base" RAM size, then the guest will get a woefully inadequate HPT. This can lead to a guest freeze during boot as it runs out of HPT space during initial MMU setup. Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NGreg Kurz <groug@kaod.org> Tested-by: NGreg Kurz <groug@kaod.org>
-
- 02 12月, 2017 7 次提交
-
-
由 Igor Mammedov 提交于
when qemu is started with '-no-acpi' CLI option, an attempt to unplug a CPU using device_del results in null pointer dereference at: #0 object_get_class #1 pc_machine_device_unplug_request_cb #2 qmp_marshal_device_del which is caused by pcms->acpi_dev == NULL due to ACPI support being disabled. Considering that ACPI support is necessary for unplug to work, check that it's enabled and fail unplug request gracefully if no acpi device were found. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Prasad J Pandit 提交于
A guest could attempt to use an uninitialised VirtQueue object or unset Vring.align leading to a arithmetic exception. Add check to avoid it. Reported-by: NZhangboxian <zhangboxian@huawei.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NCornelia Huck <cohuck@redhat.com>
-
由 Greg Kurz 提交于
Since commit f1f9e6c5 "vhost: adapt vhost_verify_ring_mappings() to virtio 1 ring layout", we check the mapping of each part (descriptor table, available ring and used ring) of each virtqueue separately. The checking of a part is done by the vhost_verify_ring_part_mapping() function: it returns either 0 on success or a negative errno if the part cannot be mapped at the same place. Unfortunately, the vhost_verify_ring_mappings() function checks its return value the other way round. It means that we either: - only verify the descriptor table of the first virtqueue, and if it is valid we ignore all the other mappings - or ignore all broken mappings until we reach a valid one ie, we only raise an error if all mappings are broken, and we consider all mappings are valid otherwise (false success), which is obviously wrong. This patch ensures that vhost_verify_ring_mappings() only returns success if ALL mappings are okay. Reported-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Marc-André Lureau 提交于
When qemu is compiled without debug, the dump gdb python script can fail with: Error occurred in Python command: No symbol "vmcoreinfo_find" in current context. Because vmcoreinfo_find() is inlined and not exported. Use the underlying object_resolve_path_type() to get the instance instead. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Maxime Coquelin 提交于
vhost_virtqueue_stop() gets avail index value from the backend, except if the backend is not responding. It happens when the backend crashes, and in this case, internal state of the virtio queue is inconsistent, making packets to corrupt the vring state. With a Linux guest, it results in following error message on backend reconnection: [ 22.444905] virtio_net virtio0: output.0:id 0 is not a head! [ 22.446746] net enp0s3: Unexpected TXQ (0) queue failure: -5 [ 22.476360] net enp0s3: Unexpected TXQ (0) queue failure: -5 Fixes: 283e2c2a ("net: virtio-net discards TX data after link down") Cc: qemu-stable@nongnu.org Signed-off-by: NMaxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Maxime Coquelin 提交于
In case of backend crash, it is not possible to restore internal avail index from the backend value as vhost_get_vring_base callback fails. This patch provides a new interface to restore internal avail index from the vring used index, as done by some vhost-user backend on reconnection. Signed-off-by: NMaxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Chao Gao 提交于
According to SDM 10.11.1, only [19:12] bits of MSI address are Destination ID, change the mask to avoid ambiguity for VT-d spec has used the bit 4 to indicate a remappable interrupt request. Signed-off-by: NChao Gao <chao.gao@intel.com> Signed-off-by: NLan Tianyu <tianyu.lan@intel.com> Reviewed-by: NAnthony PERARD <anthony.perard@citrix.com> Reviewed-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 30 11月, 2017 4 次提交
-
-
由 Kurban Mallachiev 提交于
The msr invalidation code (commits 993eb and 2360b) inverts all bits except MSR_TGPR and MSR_HVB. On non PowerPC 601 processors this leads to incorrect change of excp_prefix in hreg_store_msr() function. The problem is that new msr value get multiplied by msr_mask and inverted msr does not, thus values of MSR_EP bit in new msr value and inverted msr are distinct, so that excp_prefix changes but should not. Signed-off-by: NKurban Mallachiev <mallachiev@ispras.ru> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Laurent Vivier 提交于
Migration of pseries is broken with TCG because QEMU tries to restore KVM MMU state unconditionally. The result is a SIGSEGV in kvm_vm_ioctl(): #0 kvm_vm_ioctl (s=0x0, type=-2146390353) at qemu/accel/kvm/kvm-all.c:2032 #1 0x00000001003e3e2c in kvmppc_configure_v3_mmu (cpu=<optimized out>, radix=<optimized out>, gtse=<optimized out>, proc_tbl=<optimized out>) at qemu/target/ppc/kvm.c:396 #2 0x00000001002f8b88 in spapr_post_load (opaque=0x1019103c0, version_id=<optimized out>) at qemu/hw/ppc/spapr.c:1578 #3 0x000000010059e4cc in vmstate_load_state (f=0x106230000, vmsd=0x1009479e0 <vmstate_spapr>, opaque=0x1019103c0, version_id=<optimized out>) at qemu/migration/vmstate.c:165 #4 0x00000001005987e0 in vmstate_load (f=<optimized out>, se=<optimized out>) at qemu/migration/savevm.c:748 This patch fixes the problem by not calling the KVM function with the TCG mode. Fixes: d39c90f5 ("spapr: Fix migration of Radix guests") Signed-off-by: NLaurent Vivier <lvivier@redhat.com> Reviewed-by: NSuraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Block layer patches for 2.11.0-rc3 # gpg: Signature made Wed 29 Nov 2017 15:25:13 GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: block/nfs: fix nfs_client_open for filesize greater than 1TB blockjob: reimplement block_job_sleep_ns to allow cancellation blockjob: introduce block_job_do_yield blockjob: remove clock argument from block_job_sleep_ns block: Expect graph changes in bdrv_parent_drained_begin/end blockjob: Remove the job from the list earlier in block_job_unref() QAPI & interop: Clarify events emitted by 'block-job-cancel' qemu-options: Mention locking option of file driver docs: Add image locking subsection iotests: fix 075 and 078 Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 29 11月, 2017 1 次提交
-
-
由 Kevin Wolf 提交于
One block patch for 2.11.0-rc3 # gpg: Signature made Wed Nov 29 15:28:38 2017 CET # gpg: using RSA key F407DB0061D5CF40 # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * mreitz/tags/pull-block-2017-11-29: block/nfs: fix nfs_client_open for filesize greater than 1TB Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-