Branch: refs/heads/master Home: https://github.com/qemu/qemu Commit: a75a52d62418dafe462be4fe30485501d1010bb9 https://github.com/qemu/qemu/commit/a75a52d62418dafe462be4fe30485501d1010bb9 Author: Victor Kamensky <kamen...@cisco.com> Date: 2018-03-23 (Fri, 23 Mar 2018)
Changed paths: M target/arm/translate-a64.c Log Message: ----------- arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT In OE project 4.15 linux kernel boot hang was observed under single cpu aarch64 qemu. Kernel code was in a loop waiting for vtimer arrival, spinning in TC generated blocks, while interrupt was pending unprocessed. This happened because when qemu tried to handle vtimer interrupt target had interrupts disabled, as result flag indicating TCG exit, cpu->icount_decr.u16.high, was cleared but arm_cpu_exec_interrupt function did not call arm_cpu_do_interrupt to process interrupt. Later when target reenabled interrupts, it happened without exit into main loop, so following code that waited for result of interrupt execution run in infinite loop. To solve the problem instructions that operate on CPU sys state (i.e enable/disable interrupt), and marked as DISAS_UPDATE, should be considered as DISAS_EXIT variant, and should be forced to exit back to main loop so qemu will have a chance processing pending CPU state updates, including pending interrupts. This change brings consistency with how DISAS_UPDATE is treated in aarch32 case. CC: Peter Maydell <peter.mayd...@linaro.org> CC: Alex Bennée <alex.ben...@linaro.org> CC: qemu-sta...@nongnu.org Suggested-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Victor Kamensky <kamen...@cisco.com> Reviewed-by: Richard Henderson <richard.hender...@linaro.org> Message-id: 1521526368-1996-1-git-send-email-kamen...@cisco.com Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Commit: 544156efcf4d807507d223075c26702a1254880e https://github.com/qemu/qemu/commit/544156efcf4d807507d223075c26702a1254880e Author: Paolo Bonzini <pbonz...@redhat.com> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M hw/sd/sdhci.c Log Message: ----------- sdhci: fix incorrect use of Error * Detected by Coverity (CID 1386072, 1386073, 1386076, 1386077). local_err was unused, and this made the static analyzer unhappy. Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Message-id: 20180320151355.25854-1-pbonz...@redhat.com Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Commit: a2e2d7fc46fd8be875035d9bb5c64788389f65c2 https://github.com/qemu/qemu/commit/a2e2d7fc46fd8be875035d9bb5c64788389f65c2 Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M hw/intc/arm_gicv3_cpuif.c Log Message: ----------- hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses If the GIC has the security extension support enabled, then a non-secure access to ICC_PMR must take account of the non-secure view of interrupt priorities, where real priorities 0x00..0x7f are secure-only and not visible to the non-secure guest, and priorities 0x80..0xff are shown to the guest as if they were 0x00..0xff. We had the logic here wrong: * on reads, the priority is in the secure range if bit 7 is clear, not if it is set * on writes, we want to set bit 7, not mask everything else Our ICC_RPR read code had the same error as ICC_PMR. (Compare the GICv3 spec pseudocode functions ICC_RPR_EL1 and ICC_PMR_EL1.) Fixes: https://bugs.launchpad.net/qemu/+bug/1748434 Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Andrew Jones <drjo...@redhat.com> Message-id: 20180315133441.24149-1-peter.mayd...@linaro.org Commit: 2b0b93210a06d8a6d99f8015b79ee3aabed8f29a https://github.com/qemu/qemu/commit/2b0b93210a06d8a6d99f8015b79ee3aabed8f29a Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M hw/arm/bcm2836.c M hw/arm/raspi.c Log Message: ----------- hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 The BCM2836 uses a Cortex-A7, not a Cortex-A15. Update the device to use the correct CPU. https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not available, so the very similar Cortex-A15 was used. Since dcf578ed8ce we can model the correct core. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Alistair Francis <alist...@alistair23.me> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org> Message-id: 20180319110215.16755-1-peter.mayd...@linaro.org Commit: 478a573a7d079a463273db7f9e7b0d460120c2dd https://github.com/qemu/qemu/commit/478a573a7d079a463273db7f9e7b0d460120c2dd Author: Trent Piepho <tpie...@impinj.com> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M hw/char/imx_serial.c M include/hw/char/imx_serial.h Log Message: ----------- i.MX: Support serial RS-232 break properly Linux does not detect a break from this IMX serial driver as a magic sysrq. Nor does it note a break in the port error counts. The former is because the Linux driver uses the BRCD bit in the USR2 register to trigger the RS-232 break handler in the kernel, which is where sysrq hooks in. The emulated UART was not setting this status bit. The latter is because the Linux driver expects, in addition to the BRK bit, that the ERR bit is set when a break is read in the FIFO. A break should also count as a frame error, so add that bit too. Cc: Andrey Smirnov <andrew.smir...@gmail.com> Signed-off-by: Trent Piepho <tpie...@impinj.com> Message-id: 20180320013657.25038-1-tpie...@impinj.com Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Commit: dfadc3bfb458efefb72e13a57b62f138c464a577 https://github.com/qemu/qemu/commit/dfadc3bfb458efefb72e13a57b62f138c464a577 Author: Wei Huang <w...@redhat.com> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M hw/arm/virt.c M include/hw/arm/virt.h Log Message: ----------- mach-virt: Set VM's SMBIOS system version to mc->name Instead of using "1.0" as the system version of SMBIOS, we should use mc->name for mach-virt machine type to be consistent other architectures. With this patch, "dmidecode -t 1" (e.g., "-M virt-2.12,accel=kvm") will show: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: virt-2.12 Serial Number: Not Specified ... instead of: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: 1.0 Serial Number: Not Specified ... For backward compatibility, we allow older machine types to keep "1.0" as the default system version. Signed-off-by: Wei Huang <w...@redhat.com> Reviewed-by: Andrew Jones <drjo...@redhat.com> Message-id: 20180322212318.7182-1-...@redhat.com Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Commit: c900a2e62dd6dde11c8f5249b638caad05bb15be https://github.com/qemu/qemu/commit/c900a2e62dd6dde11c8f5249b638caad05bb15be Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M target/arm/helper.h M target/arm/op_helper.c M target/arm/translate-a64.c M target/arm/translate.c Log Message: ----------- target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK The MDCR_EL2.TDE bit allows the exception level targeted by debug exceptions to be set to EL2 for code executing at EL0. We handle this in the arm_debug_target_el() function, but this is only used for hardware breakpoint and watchpoint exceptions, not for the exception generated when the guest executes an AArch32 BKPT or AArch64 BRK instruction. We don't have enough information for a translate-time equivalent of arm_debug_target_el(), so instead make BKPT and BRK call a special purpose helper which can do the routing, rather than the generic exception_with_syndrome helper. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org> Message-id: 20180320134114.30418-2-peter.mayd...@linaro.org Commit: 81621d9ab8a0f07956e67850b15eebf6d6992eec https://github.com/qemu/qemu/commit/81621d9ab8a0f07956e67850b15eebf6d6992eec Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M target/arm/internals.h M target/arm/op_helper.c Log Message: ----------- target/arm: Factor out code to calculate FSR for debug exceptions When a debug exception is taken to AArch32, it appears as a Prefetch Abort, and the Instruction Fault Status Register (IFSR) must be set. The IFSR has two possible formats, depending on whether LPAE is in use. Factor out the code in arm_debug_excp_handler() which picks an FSR value into its own utility function, update it to use arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants, and use the correct condition to select long or short format. In particular this fixes a bug where we could select the short format because we're at EL0 and the EL1 translation regime is not using LPAE, but then route the debug exception to EL2 because of MDCR_EL2.TDE and hand EL2 the wrong format FSR. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org> Message-id: 20180320134114.30418-3-peter.mayd...@linaro.org Commit: 62b94f31d0df75187bb00684fc29e8639eacc0c5 https://github.com/qemu/qemu/commit/62b94f31d0df75187bb00684fc29e8639eacc0c5 Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M target/arm/helper.c M target/arm/op_helper.c Log Message: ----------- target/arm: Set FSR for BKPT, BRK when raising exception Now that we have a helper function specifically for the BRK and BKPT instructions, we can set the exception.fsr there rather than in arm_cpu_do_interrupt_aarch32(). This allows us to use our new arm_debug_exception_fsr() helper. In particular this fixes a bug where we were hardcoding the short-form IFSR value, which is wrong if the target exception level has LPAE enabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1756927 Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org> Message-id: 20180320134114.30418-4-peter.mayd...@linaro.org Commit: 548f514cf89dd9ab39c0cb4c063097bccf141fdd https://github.com/qemu/qemu/commit/548f514cf89dd9ab39c0cb4c063097bccf141fdd Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-23 (Fri, 23 Mar 2018) Changed paths: M target/arm/op_helper.c Log Message: ----------- target/arm: Always set FAR to a known unknown value for debug exceptions For debug exceptions due to breakpoints or the BKPT instruction which are taken to AArch32, the Fault Address Register is architecturally UNKNOWN. We were using that as license to simply not set env->exception.vaddress, but this isn't correct, because it will expose to the guest whatever old value was in that field when arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old value might be a FAR for a previous guest EL2 or secure exception, in which case we shouldn't show it to an EL1 or non-secure exception handler. It might also be a non-deterministic value, which is bad for record-and-replay. Clear env->exception.vaddress before taking breakpoint debug exceptions, to avoid this minor information leak. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org> Message-id: 20180320134114.30418-5-peter.mayd...@linaro.org Commit: 7b1db0908d88f0c9cfac24e214ff72a860692e23 https://github.com/qemu/qemu/commit/7b1db0908d88f0c9cfac24e214ff72a860692e23 Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-25 (Sun, 25 Mar 2018) Changed paths: M hw/arm/bcm2836.c M hw/arm/raspi.c M hw/arm/virt.c M hw/char/imx_serial.c M hw/intc/arm_gicv3_cpuif.c M hw/sd/sdhci.c M include/hw/arm/virt.h M include/hw/char/imx_serial.h M target/arm/helper.c M target/arm/helper.h M target/arm/internals.h M target/arm/op_helper.c M target/arm/translate-a64.c M target/arm/translate.c Log Message: ----------- Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180323' into staging target-arm queue: * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF * sdhci: fix incorrect use of Error * * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 * i.MX: Support serial RS-232 break properly * mach-virt: Set VM's SMBIOS system version to mc->name * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK * target/arm: Factor out code to calculate FSR for debug exceptions * target/arm: Set FSR for BKPT, BRK when raising exception * target/arm: Always set FAR to a known unknown value for debug exceptions # gpg: Signature made Fri 23 Mar 2018 18:48:57 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.mayd...@linaro.org>" # gpg: aka "Peter Maydell <pmayd...@gmail.com>" # gpg: aka "Peter Maydell <pmayd...@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180323: target/arm: Always set FAR to a known unknown value for debug exceptions target/arm: Set FSR for BKPT, BRK when raising exception target/arm: Factor out code to calculate FSR for debug exceptions target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK mach-virt: Set VM's SMBIOS system version to mc->name i.MX: Support serial RS-232 break properly hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses sdhci: fix incorrect use of Error * arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Compare: https://github.com/qemu/qemu/compare/77fea92dbb28...7b1db0908d88