qemu.git
8 months agovvfat: create_long_filename: fix out-of-bounds array access
Michael Tokarev [Sun, 19 Jan 2025 09:35:47 +0000 (12:35 +0300)]
vvfat: create_long_filename: fix out-of-bounds array access

create_long_filename() intentionally uses direntry_t->name[8+3] array
as a larger array.  This works, but makes static code analysis tools
unhappy.  The problem here is that a directory entry holding long file
name is significantly different from regular directory entry, and the
name is split into several parts within the entry, not just in regular
8+3 name field.

Treat the entry as array of bytes instead.  This fixes the OOB access
from the compiler/tools PoV, but does not change the resulting code
in any way.

Keep the existing code style.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 months agonet/dump: Correctly compute Ethernet packet offset
Laurent Vivier [Fri, 17 Jan 2025 11:17:09 +0000 (12:17 +0100)]
net/dump: Correctly compute Ethernet packet offset

When a packet is sent with QEMU_NET_PACKET_FLAG_RAW by QEMU it
never includes virtio-net header even if qemu_get_vnet_hdr_len()
is not 0, and filter-dump is not managing this case.

The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self,
we can show the problem using it and tcpddump:

- QEMU parameters:

  .. -monitor stdio \
     -netdev bridge,id=netdev0,br=virbr0 \
     -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \
     -object filter-dump,netdev=netdev0,file=log.pcap,id=pcap0

- HMP command:

  (qemu) announce_self

- TCP dump:

  $ tcpdump -nxr log.pcap

  without the fix:

    08:00:06:04:00:03 > 2e:2f:80:35:00:01, ethertype Unknown (0x9a2b), length 50:
         0x0000:  2c2d 2e2f 0000 0000 9a2b 2c2d 2e2f 0000
         0x0010:  0000 0000 0000 0000 0000 0000 0000 0000
         0x0020:  0000 0000

  with the fix:

    ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46
         0x0000:  0001 0800 0604 0003 9a2b 2c2d 2e2f 0000
         0x0010:  0000 9a2b 2c2d 2e2f 0000 0000 0000 0000
         0x0020:  0000 0000 0000 0000 0000 0000 0000

Fixes: 481c52320a26 ("net: Strip virtio-net header when dumping")
Cc: akihiko.odaki@daynix.com
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 months agonet: Fix announce_self
Laurent Vivier [Fri, 17 Jan 2025 11:17:08 +0000 (12:17 +0100)]
net: Fix announce_self

b9ad513e1876 ("net: Remove receive_raw()") adds an iovec entry
in qemu_deliver_packet_iov() to add the virtio-net header
in the data when QEMU_NET_PACKET_FLAG_RAW is set but forgets
to increase the number of iovec entries in the array, so
receive_iov() will only send the first entry (the virtio-net
entry, full of 0) and no data. The packet will be discarded.

The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self.

We can see the problem with tcpdump:

- QEMU parameters:

  .. -monitor stdio \
     -netdev bridge,id=netdev0,br=virbr0 \
     -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \

- HMP command:

  (qemu) announce_self

- TCP dump:

  $ sudo tcpdump -nxi virbr0

  without the fix:

    <nothing>

  with the fix:

   ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46
        0x0000:  0001 0800 0604 0003 9a2b 2c2d 2e2f 0000
        0x0010:  0000 9a2b 2c2d 2e2f 0000 0000 0000 0000
        0x0020:  0000 0000 0000 0000 0000 0000 0000

Reported-by: Xiaohui Li <xiaohli@redhat.com>
Bug: https://issues.redhat.com/browse/RHEL-73891
Fixes: b9ad513e1876 ("net: Remove receive_raw()")
Cc: akihiko.odaki@daynix.com
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 months agoMerge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Stefan Hajnoczi [Wed, 29 Jan 2025 14:51:03 +0000 (09:51 -0500)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386: optimize string instructions
* target/i386: new Sierra Forest and Clearwater Forest models
* rust: type-safe vmstate implementation
* rust: use interior mutability for PL011
* rust: clean ups
* memtxattrs: remove usage of bitfields from MEMTXATTRS_UNSPECIFIED
* gitlab-ci: enable Rust backtraces

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmeZ6VYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMjbQgApuooMOp0z/8Ky4/ux8M8/vrlcNCH
# V1Pm6WzrjEzd9TIMLGr6npOyLOkWI31Aa4o/TuW09SeKE3dpCf/7LYA5VDEtkH79
# F57MgnSj56sMNgu+QZ/SiGvkKJXl+3091jIianrrI0dtX8hPonm6bt55woDvQt3z
# p94+4zzv5G0nc+ncITCDho8sn5itdZWVOjf9n6VCOumMjF4nRSoMkJKYIvjNht6n
# GtjMhYA70tzjkIi4bPyYkhFpMNlAqEDIp2TvPzp6klG5QoUErHIzdzoRTAtE4Dpb
# 7240r6jarQX41TBXGOFq0NrxES1cm5zO/6159D24qZGHGm2hG4nDx+t2jw==
# =ZKFy
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Jan 2025 03:39:50 EST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (49 commits)
  gitlab-ci: include full Rust backtraces in test runs
  rust: qemu-api: add sub-subclass to the integration tests
  rust/zeroable: Implement Zeroable with const_zero macro
  rust: qdev: make reset take a shared reference
  rust: pl011: drop use of ControlFlow
  rust: pl011: pull device-specific code out of MemoryRegionOps callbacks
  rust: pl011: remove duplicate definitions
  rust: pl011: wrap registers with BqlRefCell
  rust: pl011: extract PL011Registers
  rust: pl011: pull interrupt updates out of read/write ops
  rust: pl011: extract CharBackend receive logic into a separate function
  rust: pl011: extract conversion to RegisterOffset
  rust: pl011: hide unnecessarily "pub" items from outside pl011::device
  rust: pl011: remove unnecessary "extern crate"
  rust: prefer NonNull::new to assertions
  rust: vmstate: make order of parameters consistent in vmstate_clock
  rust: vmstate: remove translation of C vmstate macros
  rust: pl011: switch vmstate to new-style macros
  rust: qemu_api: add vmstate_struct
  rust: vmstate: add public utility macros to implement VMState
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agoMerge tag 'pull-target-arm-20250128-1' of https://git.linaro.org/people/pmaydell...
Stefan Hajnoczi [Wed, 29 Jan 2025 14:50:39 +0000 (09:50 -0500)]
Merge tag 'pull-target-arm-20250128-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/arm: Remove various uses of first_cpu global
 * hw/char/imx_serial: Fix reset value of UFCR register
 * hw/char/imx_serial: Update all state before restarting ageing timer
 * hw/pci-host/designware: Expose MSI IRQ
 * hw/arm/stellaris: refactoring, cleanup
 * hw/arm/stellaris: map both I2C controllers
 * tests/functional: Add a test for the arm microbit machine
 * target/arm: arm_reset_sve_state() should set FPSR, not FPCR
 * target/arm: refactorings preparatory to FEAT_AFP implementation
 * fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
 * fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
 * hw/usb/canokey: Fix buffer overflow for OUT packet

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmeZOi0ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3sUeEACwDhM4ldn/gVZgVN7nf42a
# /CLD/qJx1vqi5bAB5zkY1bSCR9hS2IkhTBoQQH9Ng6ztG1IRpT/tKXDJAemWty70
# XgExdl4yjdwXMQK4JKU9qSfaBTuX7Z8Hz+nA1AnblO/4H+XpVNVJzp8Ee/uWTyEd
# BKPBpwqbIXNwUWEqkzDok074Q05rHlhsJD2DsoJTcmtpROhLHLATwQDZGGFuf56H
# LVcdx6GRP+/mWEGWLtj19mvaR/2cn4rQf+I1MACZ81nRjQCHbCohNAMr2wFsKg1+
# 2jYk9uHdFoambJ5+mFuC55Efk+QJaP4vDR0Gf3jLloFr+rS/5h3HiUuD8dUWOwFd
# mPWXsjwYzqBW2knt1nfq1ByzYWZ8rVQEn5G53dX/eoNXuDGsonZxPnevgmv5kIUc
# /W618Jez1nu9RDtNKccobHEtTGlGInJxJ7YzkU7Q6FO80IAqSdV7t9v7uPLJwcnz
# nQz+wVzb4oOmwMzn3BpKY7N/S7IZOSy3ASNHj8o4yCHMJT8Ki0/N4bl0k0DLxJ0T
# RiNCsV9c7MJfo9a+pbOnu0Lc3SjjropdvHYU+bB7R0mgd8ysN+Tou0dpa+i7tUTu
# DHWqs2/+UApHKBiC+DSynPjjRR2aT/5lYFncGaiEVoEQttPLka3SAzgHPVQZs1zD
# bxZkEAFktAFGIjU70fYNkg==
# =H4p7
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Jan 2025 15:12:29 EST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20250128-1' of https://git.linaro.org/people/pmaydell/qemu-arm: (36 commits)
  hw/usb/canokey: Fix buffer overflow for OUT packet
  target/arm: Use FPST_A64_F16 for halfprec-to-other conversions
  target/arm: Remove redundant advsimd float16 helpers
  fpu: Fix a comment in softfloat-types.h
  fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
  fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
  target/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16
  target/arm: Use FPST_A64_F16 in A64 decoder
  target/arm: Use FPST_A32_F16 in A32 decoder
  target/arm: Use fp_status_f16_a64 in AArch64-only helpers
  target/arm: Use fp_status_f16_a32 in AArch32-only helpers
  target/arm: Define new fp_status_f16_a32 and fp_status_f16_a64
  target/arm: Remove now-unused vfp.fp_status and FPST_FPCR
  target/arm: Use FPST_A64 in A64 decoder
  target/arm: Use FPST_A32 in A32 decoder
  target/arm: Use fp_status_a32 in vfp_cmp helpers
  target/arm: Use fp_status_a32 in vjvct helper
  target/arm: Use fp_status_a64 or fp_status_a32 in is_ebf()
  target/arm: Use vfp.fp_status_a64 in A64-only helper functions
  target/arm: Define new fp_status_a32 and fp_status_a64
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agogitlab-ci: include full Rust backtraces in test runs
Paolo Bonzini [Tue, 28 Jan 2025 16:06:11 +0000 (17:06 +0100)]
gitlab-ci: include full Rust backtraces in test runs

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agohw/usb/canokey: Fix buffer overflow for OUT packet
Hongren Zheng [Mon, 13 Jan 2025 09:38:56 +0000 (17:38 +0800)]
hw/usb/canokey: Fix buffer overflow for OUT packet

When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.

It could be fixed by limiting the size of usb_packet_copy
to be at most buffer size. Further optimization gets rid
of the ep_out_buffer and directly uses ep_out as the target
buffer.

This is reported by a security researcher who artificially
constructed an OUT packet of size 2047. The report has gone
through the QEMU security process, and as this device is for
testing purpose and no deployment of it in virtualization
environment is observed, it is triaged not to be a security bug.

Cc: qemu-stable@nongnu.org
Fixes: d7d34918551dc48 ("hw/usb: Add CanoKey Implementation")
Reported-by: Juan Jose Lopez Jaimez <thatjiaozi@gmail.com>
Signed-off-by: Hongren Zheng <i@zenithal.me>
Message-id: Z4TfMOrZz6IQYl_h@Sun
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agotarget/arm: Use FPST_A64_F16 for halfprec-to-other conversions
Peter Maydell [Fri, 24 Jan 2025 16:27:46 +0000 (16:27 +0000)]
target/arm: Use FPST_A64_F16 for halfprec-to-other conversions

We should be using the F16-specific float_status for conversions from
half-precision, because halfprec inputs never set Input Denormal.

Without FEAT_AHP, using the wrong fpst here had no effect, because
the only difference between the A64_F16 and A64 fpst is its handling
of flush-to-zero on input and output, and the helper functions
vfp_fcvt_f16_to_* and vfp_fcvt_*_to_f16 all explicitly squash the
relevant flushing flags, and flush_inputs_to_zero was the only way
that IDC could be set.

With FEAT_AHP, the FPCR.AH=1 behaviour sets IDC for
input_denormal_used, which we will only ignore in
vfp_get_fpsr_from_host() for the A64_F16 fpst; so it matters that we
use that one for f16 inputs (and the normal one for single/double to
f16 conversions).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-27-peter.maydell@linaro.org

8 months agotarget/arm: Remove redundant advsimd float16 helpers
Peter Maydell [Fri, 24 Jan 2025 16:27:45 +0000 (16:27 +0000)]
target/arm: Remove redundant advsimd float16 helpers

The advsimd_addh etc helpers defined in helper-a64.c are identical to
the vfp_addh etc helpers defined in helper-vfp.c: both take two
float16 inputs (in a uint32_t type) plus a float_status* and are
simple wrappers around the softfloat float16_* functions.

(The duplication seems to be a historical accident: we added the
advsimd helpers in 2018 as part of the A64 implementation, and at
that time there was no f16 emulation in A32.  Then later we added the
A32 f16 handling by extending the existing VFP helper macros to
generate f16 versions as well as f32 and f64, and didn't realise we
could clean things up.)

Remove the now-unnecessary advsimd helpers and make the places that
generated calls to them use the vfp helpers instead. Many of the
helper functions were already unused.

(The remaining advsimd_ helpers are those which don't have vfp
versions.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-26-peter.maydell@linaro.org

8 months agofpu: Fix a comment in softfloat-types.h
Peter Maydell [Fri, 24 Jan 2025 16:27:41 +0000 (16:27 +0000)]
fpu: Fix a comment in softfloat-types.h

In softfloat-types.h a comment documents that if the float_status
field flush_to_zero is set then we flush denormalised results to 0
and set the inexact flag.  This isn't correct: the status flag that
we set when flush_to_zero causes us to flush an output to zero is
float_flag_output_denormal_flushed.

Correct the comment.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-22-peter.maydell@linaro.org

8 months agofpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
Peter Maydell [Fri, 24 Jan 2025 16:27:40 +0000 (16:27 +0000)]
fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed

Our float_flag_output_denormal exception flag is set when
the fpu code flushes an output denormal to zero. Rename
it to float_flag_output_denormal_flushed:
 * this keeps it parallel with the flag for flushing
   input denormals, which we just renamed
 * it makes it clearer that it doesn't mean "set when
   the output is a denormal"

Commit created with
 for f in `git grep -l float_flag_output_denormal`; do sed -i -e 's/float_flag_output_denormal/float_flag_output_denormal_flushed/' $f; done

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-21-peter.maydell@linaro.org

8 months agofpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
Peter Maydell [Fri, 24 Jan 2025 16:27:39 +0000 (16:27 +0000)]
fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed

Our float_flag_input_denormal exception flag is set when the fpu code
flushes an input denormal to zero.  This is what many guest
architectures (eg classic Arm behaviour) require, but it is not the
only donarmal-related reason we might want to set an exception flag.
The x86 behaviour (which we do not currently model correctly) wants
to see an exception flag when a denormal input is *not* flushed to
zero and is actually used in an arithmetic operation. Arm's FEAT_AFP
also wants these semantics.

Rename float_flag_input_denormal to float_flag_input_denormal_flushed
to make it clearer when it is set and to allow us to add a new
float_flag_input_denormal_used next to it for the x86/FEAT_AFP
semantics.

Commit created with
 for f in `git grep -l float_flag_input_denormal`; do sed -i -e 's/float_flag_input_denormal/float_flag_input_denormal_flushed/' $f; done

and manual editing of softfloat-types.h and softfloat.c to clean
up the indentation afterwards and to fix a comment which wasn't
using the full name of the flag.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-20-peter.maydell@linaro.org

8 months agotarget/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16
Peter Maydell [Fri, 24 Jan 2025 16:27:38 +0000 (16:27 +0000)]
target/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16

Now we have moved all the uses of vfp.fp_status_f16 and FPST_FPCR_F16
to the new A32 or A64 fields, we can remove these.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-19-peter.maydell@linaro.org

8 months agotarget/arm: Use FPST_A64_F16 in A64 decoder
Peter Maydell [Fri, 24 Jan 2025 16:27:37 +0000 (16:27 +0000)]
target/arm: Use FPST_A64_F16 in A64 decoder

In the A32 decoder, use FPST_A64_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.

Patch created with
  perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A64_F16/g' target/arm/tcg/translate-{a64,sve,sme}.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-18-peter.maydell@linaro.org

8 months agotarget/arm: Use FPST_A32_F16 in A32 decoder
Peter Maydell [Fri, 24 Jan 2025 16:27:36 +0000 (16:27 +0000)]
target/arm: Use FPST_A32_F16 in A32 decoder

In the A32 decoder, use FPST_A32_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.

Patch created with
  perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A32_F16/g' target/arm/tcg/translate-vfp.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-17-peter.maydell@linaro.org

8 months agotarget/arm: Use fp_status_f16_a64 in AArch64-only helpers
Peter Maydell [Fri, 24 Jan 2025 16:27:35 +0000 (16:27 +0000)]
target/arm: Use fp_status_f16_a64 in AArch64-only helpers

We directly use fp_status_f16 in a handful of helpers that are
AArch64-specific; switch to fp_status_f16_a64 for these.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-16-peter.maydell@linaro.org

8 months agotarget/arm: Use fp_status_f16_a32 in AArch32-only helpers
Peter Maydell [Fri, 24 Jan 2025 16:27:34 +0000 (16:27 +0000)]
target/arm: Use fp_status_f16_a32 in AArch32-only helpers

We directly use fp_status_f16 in a handful of helpers that
are AArch32-specific; switch to fp_status_f16_a32 for these.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-15-peter.maydell@linaro.org

8 months agotarget/arm: Define new fp_status_f16_a32 and fp_status_f16_a64
Peter Maydell [Fri, 24 Jan 2025 16:27:33 +0000 (16:27 +0000)]
target/arm: Define new fp_status_f16_a32 and fp_status_f16_a64

As the first part of splitting the existing fp_status_f16
into separate float_status fields for AArch32 and AArch64
(so that we can make FEAT_AFP control bits apply only
for AArch64), define the two new fp_status_f16_a32 and
fp_status_f16_a64 fields, but don't use them yet.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-14-peter.maydell@linaro.org

8 months agotarget/arm: Remove now-unused vfp.fp_status and FPST_FPCR
Peter Maydell [Fri, 24 Jan 2025 16:27:32 +0000 (16:27 +0000)]
target/arm: Remove now-unused vfp.fp_status and FPST_FPCR

Now we have moved all the uses of vfp.fp_status and FPST_FPCR
to either the A32 or A64 fields, we can remove these.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-13-peter.maydell@linaro.org

8 months agotarget/arm: Use FPST_A64 in A64 decoder
Peter Maydell [Fri, 24 Jan 2025 16:27:31 +0000 (16:27 +0000)]
target/arm: Use FPST_A64 in A64 decoder

In the A64 decoder, use FPST_A64 rather than FPST_FPCR.  By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.

Patch created with

  perl -p -i -e 's/FPST_FPCR(?!_)/FPST_A64/g' target/arm/tcg/translate-{a64,sve,sme}.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-12-peter.maydell@linaro.org

8 months agotarget/arm: Use FPST_A32 in A32 decoder
Peter Maydell [Fri, 24 Jan 2025 16:27:30 +0000 (16:27 +0000)]
target/arm: Use FPST_A32 in A32 decoder

In the A32 decoder, use FPST_A32 rather than FPST_FPCR.  By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.

Patch created with
  perl -p -i -e 's/FPST_FPCR(?!_)/FPST_A32/g' target/arm/tcg/translate-vfp.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-11-peter.maydell@linaro.org

8 months agotarget/arm: Use fp_status_a32 in vfp_cmp helpers
Peter Maydell [Fri, 24 Jan 2025 16:27:29 +0000 (16:27 +0000)]
target/arm: Use fp_status_a32 in vfp_cmp helpers

The helpers vfp_cmps, vfp_cmpes, vfp_cmpd, vfp_cmped are used only from
the A32 decoder; the A64 decoder uses separate vfp_cmps_a64 etc helpers
(because for A64 we update the main NZCV flags and for A32 we update
the FPSCR NZCV flags). So we can make these helpers use the fp_status_a32
field instead of fp_status.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-10-peter.maydell@linaro.org

8 months agotarget/arm: Use fp_status_a32 in vjvct helper
Peter Maydell [Fri, 24 Jan 2025 16:27:28 +0000 (16:27 +0000)]
target/arm: Use fp_status_a32 in vjvct helper

Use fp_status_a32 in the vjcvt helper function; this is called only
from the A32/T32 decoder and is not used inside a
set_rmode/restore_rmode sequence.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-9-peter.maydell@linaro.org

8 months agotarget/arm: Use fp_status_a64 or fp_status_a32 in is_ebf()
Peter Maydell [Tue, 28 Jan 2025 11:40:13 +0000 (11:40 +0000)]
target/arm: Use fp_status_a64 or fp_status_a32 in is_ebf()

In is_ebf(), we might be called for A64 or A32, but we have
the CPUARMState* so we can select fp_status_a64 or
fp_status_a32 accordingly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8 months agotarget/arm: Use vfp.fp_status_a64 in A64-only helper functions
Peter Maydell [Fri, 24 Jan 2025 16:27:27 +0000 (16:27 +0000)]
target/arm: Use vfp.fp_status_a64 in A64-only helper functions

Switch from vfp.fp_status to vfp.fp_status_a64 for helpers which:
 * directly reference an fp_status field
 * are called only from the A64 decoder
 * are not called inside a set_rmode/restore_rmode sequence

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250124162836.2332150-8-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8 months agotarget/arm: Define new fp_status_a32 and fp_status_a64
Peter Maydell [Fri, 24 Jan 2025 16:27:26 +0000 (16:27 +0000)]
target/arm: Define new fp_status_a32 and fp_status_a64

We want to split the existing fp_status in the Arm CPUState into
separate float_status fields for AArch32 and AArch64.  (This is
because new control bits defined by FEAT_AFP only have an effect for
AArch64, not AArch32.) To make this split we will:
 * define new fp_status_a32 and fp_status_a64 which have
   identical behaviour to the existing fp_status
 * move existing uses of fp_status to fp_status_a32 or
   fp_status_a64 as appropriate
 * delete the old fp_status when it has no uses left

In this patch we add the new float_status fields.

We will also need to split fp_status_f16, but we will do that
as a separate series of patches.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-7-peter.maydell@linaro.org

8 months agotarget/arm: Use uint32_t in vfp_exceptbits_from_host()
Peter Maydell [Fri, 24 Jan 2025 16:27:25 +0000 (16:27 +0000)]
target/arm: Use uint32_t in vfp_exceptbits_from_host()

In vfp_exceptbits_from_host(), we accumulate the FPSR flags in
an "int", and our return type is also "int". However, the only
callsite returns the same information as a uint32_t, and
more generally we handle FPSR values in the code as uint32_t,
not int. Bring this function in to line with that convention.

There is no behaviour change because none of the FPSR bits
we set in this function are bit 31. The input argument to
the function remains 'int' because that is the return type
of the softfloat get_float_exception_flags().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-6-peter.maydell@linaro.org

8 months agotarget/arm: Use FPSR_ constants in vfp_exceptbits_from_host()
Peter Maydell [Fri, 24 Jan 2025 16:27:24 +0000 (16:27 +0000)]
target/arm: Use FPSR_ constants in vfp_exceptbits_from_host()

Use the FPSR_ named constants in vfp_exceptbits_from_host(),
rather than hardcoded magic numbers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-5-peter.maydell@linaro.org

8 months agotarget/arm: arm_reset_sve_state() should set FPSR, not FPCR
Peter Maydell [Fri, 24 Jan 2025 16:27:23 +0000 (16:27 +0000)]
target/arm: arm_reset_sve_state() should set FPSR, not FPCR

The pseudocode ResetSVEState() does:
    FPSR = ZeroExtend(0x0800009f<31:0>, 64);
but QEMU's arm_reset_sve_state() called vfp_set_fpcr() by accident.

Before the advent of FEAT_AFP, this was only setting a collection of
RES0 bits, which vfp_set_fpsr() would then ignore, so the only effect
was that we didn't actually set the FPSR the way we are supposed to
do.  Once FEAT_AFP is implemented, setting the bottom bits of FPSR
will change the floating point behaviour.

Call vfp_set_fpsr(), as we ought to.

(Note for stable backports: commit 7f2a01e7368f9 moved this function
from sme_helper.c to helper.c, but it had the same bug before the
move too.)

Cc: qemu-stable@nongnu.org
Fixes: f84734b87461 ("target/arm: Implement SMSTART, SMSTOP")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-4-peter.maydell@linaro.org

8 months agotests/functional: Add a test for the arm microbit machine
Thomas Huth [Fri, 24 Jan 2025 10:17:09 +0000 (11:17 +0100)]
tests/functional: Add a test for the arm microbit machine

We don't have any functional tests for this machine yet, thus let's
add a test with a MicroPython binary that is available online
(thanks to Joel Stanley for providing it, see:
 https://www.mail-archive.com/qemu-devel@nongnu.org/msg606064.html ).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250124101709.1591761-1-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agorust: qemu-api: add sub-subclass to the integration tests
Zhao Liu [Fri, 17 Jan 2025 10:59:55 +0000 (11:59 +0100)]
rust: qemu-api: add sub-subclass to the integration tests

Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust/zeroable: Implement Zeroable with const_zero macro
Zhao Liu [Thu, 23 Jan 2025 18:07:28 +0000 (19:07 +0100)]
rust/zeroable: Implement Zeroable with const_zero macro

The `const_zero` crate provides a nice macro to zero type-specific
constants, which doesn't need to enumerates the fields one by one.

Introduce the `const_zero` macro to QEMU (along with its documentation), and
use it to simplify the implementation of `Zeroable` trait.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250123163143.679841-1-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: qdev: make reset take a shared reference
Paolo Bonzini [Mon, 2 Dec 2024 11:40:18 +0000 (12:40 +0100)]
rust: qdev: make reset take a shared reference

Because register reset is within a borrow_mut() call, reset
does not need anymore a mut reference to the PL011State.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: drop use of ControlFlow
Paolo Bonzini [Fri, 17 Jan 2025 17:13:30 +0000 (18:13 +0100)]
rust: pl011: drop use of ControlFlow

It is a poor match for what the code is doing, anyway.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: pull device-specific code out of MemoryRegionOps callbacks
Paolo Bonzini [Fri, 17 Jan 2025 16:56:00 +0000 (17:56 +0100)]
rust: pl011: pull device-specific code out of MemoryRegionOps callbacks

read() can now return a simple u64.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: remove duplicate definitions
Paolo Bonzini [Mon, 2 Dec 2024 16:28:26 +0000 (17:28 +0100)]
rust: pl011: remove duplicate definitions

Unify the "Interrupt" enum and the "INT_*" constants with a struct
that contains the bits.  The "int_level" and "int_enabled" fields
could use a crate such as "bitflags".

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: wrap registers with BqlRefCell
Paolo Bonzini [Fri, 24 Jan 2025 23:28:09 +0000 (00:28 +0100)]
rust: pl011: wrap registers with BqlRefCell

This is a step towards making memory ops use a shared reference to the
device type; it's not yet possible due to the calls to character device
functions.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: extract PL011Registers
Paolo Bonzini [Fri, 24 Jan 2025 23:26:56 +0000 (00:26 +0100)]
rust: pl011: extract PL011Registers

Pull all the mutable fields of PL011State into a separate struct.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: pull interrupt updates out of read/write ops
Paolo Bonzini [Fri, 24 Jan 2025 23:26:04 +0000 (00:26 +0100)]
rust: pl011: pull interrupt updates out of read/write ops

qemu_irqs are not part of the vmstate, therefore they will remain in
PL011State.  Update them if needed after regs_read()/regs_write().

Apply #[must_use] to functions that return whether the interrupt state
could have changed, so that it's harder to forget the call to update().

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: extract CharBackend receive logic into a separate function
Paolo Bonzini [Fri, 6 Dec 2024 18:00:21 +0000 (19:00 +0100)]
rust: pl011: extract CharBackend receive logic into a separate function

Prepare for moving all references to the registers and the FIFO into a
separate struct.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agorust: pl011: extract conversion to RegisterOffset
Paolo Bonzini [Tue, 10 Dec 2024 12:09:08 +0000 (13:09 +0100)]
rust: pl011: extract conversion to RegisterOffset

As an added bonus, this also makes the new function return u32 instead
of u64, thus factoring some casts into a single place.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agoMerge tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu into staging
Stefan Hajnoczi [Mon, 27 Jan 2025 16:20:35 +0000 (11:20 -0500)]
Merge tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu into staging

aspeed queue:

* Fixed serial definitions on the command line
* Fixed sdhci write protected pin on AST2600 EVB machine
* Added timer support on AST2700 SoC
* Updated buildroot and SDK images of functional tests
* Removed sd devices creation when -nodefaults is used
* Added software reset mode support on AST2600 SoC

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmeXSIwACgkQUaNDx8/7
# 7KH5Ew/+Ne9Z0lksOEUw5BJ6Qm3U2oLS90hcjo3MBHpmMHX0MXY2qYOKV2aS7spO
# kvWpTUiPaT682X4IrBuxdCdi2F80dhJSmky81vMn7a3+DZgSsUoPEgw2Ophm5Q37
# 788qVEKk55F8m4r4ZCpAd3+Mc+3rVw6YQW/Rvu2+fVbfaLu6dE4fnQdXmDYc2EzF
# pCYAcYlRp19dP0YnBJnv4/JK6Eybced1VG1cKGNy8VSyMY3vWM7ZOdP4Ybz+d88R
# 0DNEIGRQJQZZFNxvkEJX/tPsK+m2M9G/t5YOuJP22EoF3L8v+rnt7yg+NWE4pbtI
# dqzg8ikICidcP6NMYjTe6C2m9PBcKBhbPumRZOW1lWRoZOShy6cHO7KajJZ3oj8K
# GUOEEh7i5tKbPGdg46ifc0waGMKh97S3dy/8V/N2XqPfL99TXfRAyiq0sG0mS1je
# xGV9vN7LPJ9OYMri6U5SLewrWO93q7Vv4SBv7iDVupZ8Ww6wcJaCWgvUWjxbK7SH
# qE003RvQYmK6gkCH4cYnI2LZBlJyp7wKdO7nG4K2vI+05GVpALTkZPcCQ84WhF5L
# 8wO5wrQPalQrOwkvankqgEJOifWmBAi3Gs/3y/tRg+u4VHoPKcaXLujBqq8pZl6F
# meYAzqqksFj8PJwiCVJVNcHpqvhmyBzvvPAf6NEgbRsDyUiFZAo=
# =gOq1
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Jan 2025 03:49:16 EST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu:
  docs/system/arm/aspeed: Remove tacoma-bmc from the documentation
  aspeed/wdt: Support software reset mode for AST2600
  aspeed/wdt: Fix coding style
  aspeed: Create sd devices only when defaults are enabled
  test/functional: Update buildroot images to 2024.11
  test/functional: Update the Aspeed aarch64 test
  aspeed/soc: Support Timer for AST2700
  hw/timer/aspeed: Add AST2700 Support
  hw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations
  hw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB
  hw/sd/sdhci: Introduce a new Write Protected pin inverted property
  hw/arm/aspeed: fix connect_serial_hds_to_uarts

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agoMerge tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa...
Stefan Hajnoczi [Mon, 27 Jan 2025 16:20:21 +0000 (11:20 -0500)]
Merge tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa into staging

hppa updates

* Fixes booting a Linux kernel which is provided on the command line.
* Allow more than 4GB RAM on 64-bit boxes

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZ5PvvgAKCRD3ErUQojoP
# X7JQAQCn2MR4k4lfClDZHNmAFUNw51j56SB5HC/FCUKfOx4dCQD/Tf2OV/gstMOz
# nfpvIH6ouXZ2/p5npzTyOt+A8fwUpw0=
# =qrs7
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 14:53:34 EST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa:
  hw/hppa: Fix booting Linux kernel with initrd
  hw/hppa: Support up to 256 GiB RAM on 64-bit machines

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agohw/arm/stellaris: Map both I2C controllers
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:02:01 +0000 (17:02 +0100)]
hw/arm/stellaris: Map both I2C controllers

There are 2 I2C controllers, map them both, removing
the unimplemented one. Keep the OLED controller on the
first I2C bus.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-7-philmd@linaro.org
[PMM: tweak to appease maybe-use-uninitialized warning]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Use DEVCAP macro to access DeviceCapability registers
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:02:00 +0000 (17:02 +0100)]
hw/arm/stellaris: Use DEVCAP macro to access DeviceCapability registers

Add definitions (DCx_periph) for the DeviceCapability bits,
replace direct bitmask checks with the DEV_CAP() macro,
which use the extract/deposit API.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-6-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Replace magic numbers by definitions
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:01:59 +0000 (17:01 +0100)]
hw/arm/stellaris: Replace magic numbers by definitions

Add definitions for the number of controllers.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-5-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Remove incorrect unimplemented i2c-0 at 0x40002000
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:01:58 +0000 (17:01 +0100)]
hw/arm/stellaris: Remove incorrect unimplemented i2c-0 at 0x40002000

There is nothing mapped at 0x40002000.

I2C#0 is already mapped at 0x40021000.

Remove the invalid mapping added in commits aecfbbc97a2 & 394c8bbfb7a.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Constify read-only arrays
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:01:57 +0000 (17:01 +0100)]
hw/arm/stellaris: Constify read-only arrays

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Link each board schematic
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 16:01:56 +0000 (17:01 +0100)]
hw/arm/stellaris: Link each board schematic

Board schematic is useful to corroborate GPIOs/IRQs wiring.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-2-philmd@linaro.org
[PMM: Use https:// URLs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/pci-host/designware: Expose MSI IRQ
Bernhard Beschow [Sat, 11 Jan 2025 18:37:02 +0000 (19:37 +0100)]
hw/pci-host/designware: Expose MSI IRQ

Fixes INTD and MSI interrupts poking the same IRQ line without keeping track of
each other's IRQ level. Furthermore, SoCs such as the i.MX 8M Plus don't share
the MSI IRQ with the INTx lines, so expose it as a dedicated pin.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/char/imx_serial: Update all state before restarting ageing timer
Bernhard Beschow [Sat, 11 Jan 2025 18:37:01 +0000 (19:37 +0100)]
hw/char/imx_serial: Update all state before restarting ageing timer

Fixes characters to be "echoed" after each keystroke rather than after every
other since imx_serial_rx_fifo_ageing_timer_restart() would see ~UTS1_RXEMPTY
only after every other keystroke.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/char/imx_serial: Fix reset value of UFCR register
Bernhard Beschow [Sat, 11 Jan 2025 18:37:00 +0000 (19:37 +0100)]
hw/char/imx_serial: Fix reset value of UFCR register

The value of the UCFR register is respected when echoing characters to the
terminal, but its reset value is reserved. Fix the reset value to the one
documented in the datasheet.

While at it move the related attribute out of the section of unimplemented
registers since its value is actually respected.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/v7m: Remove use of &first_cpu in machine_init()
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 22:56:14 +0000 (23:56 +0100)]
hw/arm/v7m: Remove use of &first_cpu in machine_init()

When instanciating the machine model, the machine_init()
implementations usually create the CPUs, so have access
to its first CPU. Use that rather then the &first_cpu
global.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Samuel Tardieu <sam@rfc1149.net>
Message-id: 20250112225614.33723-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/stellaris: Add 'armv7m' local variable
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 22:56:13 +0000 (23:56 +0100)]
hw/arm/stellaris: Add 'armv7m' local variable

While the TYPE_ARMV7M object forward its NVIC interrupt lines,
it is somehow misleading to name it 'nvic'. Add the 'armv7m'
local variable for clarity, but also keep the 'nvic' variable
behaving like before when used for wiring IRQ lines.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20250112225614.33723-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/nrf51: Rename ARMv7MState 'cpu' -> 'armv7m'
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 22:56:12 +0000 (23:56 +0100)]
hw/arm/nrf51: Rename ARMv7MState 'cpu' -> 'armv7m'

The ARMv7MState object is not simply a CPU, it also
contains the NVIC, SysTick timer, and various MemoryRegions.

Rename the field as 'armv7m', like other Cortex-M boards.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20250112225614.33723-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agodocs/system/arm/aspeed: Remove tacoma-bmc from the documentation
Thomas Huth [Fri, 24 Jan 2025 17:45:07 +0000 (18:45 +0100)]
docs/system/arm/aspeed: Remove tacoma-bmc from the documentation

The tacoma-bmc machine has recently been removed, so let's remove
it from the documentation now, too.

Fixes: 2b1b66e01f ("arm: Remove tacoma-bmc machine")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124174507.27348-1-thuth@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/wdt: Support software reset mode for AST2600
Jamin Lin [Fri, 24 Jan 2025 03:02:49 +0000 (11:02 +0800)]
aspeed/wdt: Support software reset mode for AST2600

On the AST2400 and AST2500 platforms, the system can only be reset by enabling
the WDT (Watchdog Timer) and waiting for the WDT timeout. However, starting
from the AST2600 platform, the reset event can be triggered directly and
intentionally by software, without relying on the WDT timeout.

This mechanism, referred to as "software restart", is implemented in hardware.
When using the software restart mechanism, the WDT counter is not enabled.

To trigger a reset generation in software mode, write 0xAEEDF123 to register
0x24 and software mode reset only support SOC reset mode.

A new function, "aspeed_wdt_is_soc_reset_mode", is introduced to determine
whether the SoC reset mode is active.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124030249.1706996-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/wdt: Fix coding style
Jamin Lin [Fri, 24 Jan 2025 03:02:48 +0000 (11:02 +0800)]
aspeed/wdt: Fix coding style

Fix coding style issues from checkpatch.pl.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124030249.1706996-2-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed: Create sd devices only when defaults are enabled
Cédric Le Goater [Wed, 22 Jan 2025 07:09:09 +0000 (08:09 +0100)]
aspeed: Create sd devices only when defaults are enabled

When the -nodefaults option is set, sd devices should not be
automatically created by the machine. Instead they should be defined
on the command line.

Note that it is not currently possible to define which bus an
"sd-card" device is attached to:

  -blockdev node-name=drive0,driver=file,filename=/path/to/file.img \
  -device sd-card,drive=drive0,id=sd0

and the first bus named "sd-bus" will be used.

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-10-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agotest/functional: Update buildroot images to 2024.11
Cédric Le Goater [Wed, 22 Jan 2025 07:09:08 +0000 (08:09 +0100)]
test/functional: Update buildroot images to 2024.11

The main changes compared to upstream 2024.11 buildroot are

- bumped Linux to version 6.11.11 with a custom config
- changed U-Boot to OpenBMC branch for more support
- included extra target packages

See branch [1] for more details.

There is a slight output change when powering off the machine,
the console now contains :

    reboot: Power off not available: System halted

Adjust accordingly the expect string in
do_test_arm_aspeed_buildroot_poweroff().

[1] https://github.com/legoater/buildroot/commits/aspeed-2024.11

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-9-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agotest/functional: Update the Aspeed aarch64 test
Cédric Le Goater [Wed, 22 Jan 2025 07:09:07 +0000 (08:09 +0100)]
test/functional: Update the Aspeed aarch64 test

Bumped SDK version to v09.03. v09.04 is available but not yet
supported in QEMU.

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-8-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/soc: Support Timer for AST2700
Jamin Lin [Mon, 13 Jan 2025 06:44:55 +0000 (14:44 +0800)]
aspeed/soc: Support Timer for AST2700

Add Timer model for AST2700 Timer support. The Timer controller include 8 sets
of 32-bit decrement counters.

The base address of TIMER0 to TIMER7 as following.
Base Address of Timer 0 = 0x12C1_0000
Base Address of Timer 1 = 0x12C1_0040
Base Address of Timer 2 = 0x12C1_0080
Base Address of Timer 3 = 0x12C1_00C0
Base Address of Timer 4 = 0x12C1_0100
Base Address of Timer 5 = 0x12C1_0140
Base Address of Timer 6 = 0x12C1_0180
Base Address of Timer 7 = 0x12C1_01C0

The interrupt of TIMER0 to TIMER7 as following.
GICINT16 = TIMER 0 interrupt
GICINT17 = TIMER 1 interrupt
GICINT18 = TIMER 2 interrupt
GICINT19 = TIMER 3 interrupt
GICINT20 = TIMER 4 interrupt
GICINT21 = TIMER 5 interrupt
GICINT22 = TIMER 6 interrupt
GICINT23 = TIMER 7 interrupt

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-4-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/timer/aspeed: Add AST2700 Support
Jamin Lin [Mon, 13 Jan 2025 06:44:54 +0000 (14:44 +0800)]
hw/timer/aspeed: Add AST2700 Support

The timer controller include 8 sets of 32-bit decrement counters, based on
either PCLK or 1MHZ clock and the design of timer controller between AST2600
and AST2700 are almost the same.

TIMER0 – TIMER7 has their own individual control and interrupt status register.
In other words, users are able to set timer control in register TMC10 with
different TIMER base address and clear timer control and interrupt status in
register TMC14 with different TIMER base address.

Introduce new "aspeed_2700_timer_read" and "aspeed_2700_timer_write" callback
functions and a new ast2700 class to support AST2700.

The base address of TIMER0 to TIMER7 as following.
Base Address of Timer 0 = 0x12C1_0000
Base Address of Timer 1 = 0x12C1_0040
Base Address of Timer 2 = 0x12C1_0080
Base Address of Timer 3 = 0x12C1_00C0
Base Address of Timer 4 = 0x12C1_0100
Base Address of Timer 5 = 0x12C1_0140
Base Address of Timer 6 = 0x12C1_0180
Base Address of Timer 7 = 0x12C1_01C0

The register address space of each TIMER is "0x40" , and uses the following
formula to get the index and register of each TIMER.

timer_index = offset >> 6;
timer_offset = offset & 0x3f;

The TMC010 is a counter control set and interrupt status register. Write "1" to
TMC10[3:0] will set the specific bits to "1". Introduce a new
"aspeed_2700_timer_set_ctrl" function to handle this register behavior.

The TMC014 is a counter control clear and interrupt status register, to clear
the specific bits to "0", it should write "1" to  TMC14[3:0] on the same bit
position. Introduce a new "aspeed_2700_timer_clear_ctrl" function to handle
this register behavior. TMC014 does not support read operation.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations
Jamin Lin [Mon, 13 Jan 2025 06:44:53 +0000 (14:44 +0800)]
hw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations

The register set have a significant change in AST2700. The TMC00-TMC3C
are used for TIMER0 and TMC40-TMC7C are used for TIMER1. In additional,
TMC20-TMC3C and TMC60-TMC7C are reserved registers for TIMER0 and TIMER1,
respectively.

Besides, each TIMER has their own control and interrupt status register.
In other words, users are able to set control and interrupt status for TIMER0
in one register. Both aspeed_timer_read and aspeed_timer_write callback
functions are not compatible AST2700.

Introduce common read and write functions for ASPEED timers.
Modify the aspeed_timer_read and aspeed_timer_write functions to delegate to
SoC-specific callbacks first.
Update the AST2400, AST2500, AST2600 and AST1030 specific read and write
functions to call the common implementations for common register accesses.

This refactoring improves the organization of call delegation and prepares the
codebase for future SoC-specific specializations, such as the AST2700.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-2-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB
Jamin Lin [Thu, 14 Nov 2024 09:48:39 +0000 (17:48 +0800)]
hw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24).

According to the design of AST2600 EVB, the Write Protected pin is active
high by default. To support it, introduces a new "sdhci_wp_inverted"
property in ASPEED MACHINE State and set it true for AST2600 EVB
and set "wp_inverted" property true of sdhci-generic model.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241114094839.4128404-4-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/sd/sdhci: Introduce a new Write Protected pin inverted property
Jamin Lin [Thu, 14 Nov 2024 09:48:38 +0000 (17:48 +0800)]
hw/sd/sdhci: Introduce a new Write Protected pin inverted property

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24). However, some boards are
design Write Protected pin active high. In other words, write enable the bit 19
should be 0 and write protected the bit 19 should be 1 at the
Present State Register (0x24). To support it, introduces a new "wp-inverted"
property and set it false by default.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Cédric Le Goater <clg@redhat.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241114094839.4128404-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/arm/aspeed: fix connect_serial_hds_to_uarts
Kenneth Jia [Thu, 12 Dec 2024 12:42:04 +0000 (20:42 +0800)]
hw/arm/aspeed: fix connect_serial_hds_to_uarts

In the loop, we need ignore the index increase when uart == uart_chosen
We should increase the index only after we allocate a serial.

Signed-off-by: Kenneth Jia <kenneth_jia@asus.com>
Fixes: d2b3eaefb4d7 ("aspeed: Refactor UART init for multi-SoC machines")
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/5f9b0c53f1644922ba85522046e92f4c@asus.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
9 months agohw/hppa: Fix booting Linux kernel with initrd
Helge Deller [Wed, 22 Jan 2025 16:15:00 +0000 (17:15 +0100)]
hw/hppa: Fix booting Linux kernel with initrd

Commit 20f7b890173b ("hw/hppa: Reset vCPUs calling resettable_reset()")
broke booting the Linux kernel with initrd which may have been provided
on the command line. The problem is, that the mentioned commit zeroes
out initial registers which were preset with addresses for the Linux
kernel and initrd.

Fix it by adding proper variables which are set shortly before starting
the firmware.

Signed-off-by: Helge Deller <deller@gmx.de>
Fixes: 20f7b890173b ("hw/hppa: Reset vCPUs calling resettable_reset()")
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9 months agohw/hppa: Support up to 256 GiB RAM on 64-bit machines
Helge Deller [Wed, 22 Jan 2025 14:00:53 +0000 (15:00 +0100)]
hw/hppa: Support up to 256 GiB RAM on 64-bit machines

Allow up to 256 GB RAM, which is the maximum a rp8440 machine (the very
last 64-bit PA-RISC machine) physically supports.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9 months agoMerge tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu...
Stefan Hajnoczi [Fri, 24 Jan 2025 19:43:07 +0000 (14:43 -0500)]
Merge tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu-hppa into staging

linux-user: Add support for various missing netlink sockopt entries

Add missing sockopt calls and thus fix building the debian gupnp package in a chroot.

This fixes debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1044651

Signed-off-by: Helge Deller <deller@gmx.de>
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZ5OPdwAKCRD3ErUQojoP
# X9EWAP0ZvoDehmNzgWMlUpWT+d4O06kMsrDsi+tRddUUSJgp4wEAuuycr4go4b9b
# 6xLDLr81C7MFEGsztGcRVhPwVdDJxAU=
# =Lw8U
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 08:02:47 EST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu-hppa:
  linux-user: netlink: Add missing QEMU_IFLA entries
  linux-user: netlink: add netlink neighbour emulation
  linux-user: netlink: Add emulation of IP_MULTICAST_IF
  linux-user: netlink: Add IP_PKTINFO cmsg parsing
  linux-user: Use unique error messages for cmsg parsing
  linux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoMerge tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu into staging
Stefan Hajnoczi [Fri, 24 Jan 2025 15:02:01 +0000 (10:02 -0500)]
Merge tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu into staging

loongarch queue

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCZ5M4AwAKCRAfewwSUazn
# 0aJAAP45/9qfbGSYiMCrBXpRFlyvtRN+GEXHEsERfk9Q1V+tQgEA/mMiUEcyc/xc
# Z1Z27cDoqUFRhPmxbd6/KyTGHzo2+As=
# =Zanw
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 01:49:39 EST
# gpg:                using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7  13C4 8E86 8FB7 A176 9D4C
#      Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3  D1A4 1F7B 0C12 51AC E7D1

* tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu:
  target/loongarch: Dump all generic CSR registers
  target/loongarch: Set unused flag with CSR registers
  target/loongarch: Add common source file for CSR register
  target/loongarch: Add common header file for CSR registers
  target/loongarch: Add generic csr function type
  target/loongarch: Remove static CSR function setting
  target/loongarch: Add dynamic function access with CSR register

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agolinux-user: netlink: Add missing QEMU_IFLA entries
Helge Deller [Fri, 29 Nov 2024 09:11:52 +0000 (10:11 +0100)]
linux-user: netlink: Add missing QEMU_IFLA entries

This fixes the following qemu warnings when building debian gupnp package:
 Unknown host QEMU_IFLA type: 61
 Unknown host QEMU_IFLA type: 58
 Unknown host QEMU_IFLA type: 59
 Unknown host QEMU_IFLA type: 60
 Unknown host QEMU_IFLA type: 32820

QEMU_IFLA type 32820 is actually NLA_NESTED | QEMU_IFLA_PROP_LIST (a nested
entry), which is why rta_type needs to be masked with NLA_TYPE_MASK.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: add netlink neighbour emulation
Helge Deller [Mon, 20 Jan 2025 21:22:31 +0000 (22:22 +0100)]
linux-user: netlink: add netlink neighbour emulation

Fixes various warnings in the testsuite while building gupnp:
 gssdp-net-DEBUG: Failed to send netlink message: Operation not supported
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (192.168.1.2, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host IP (fe80::01, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%1]? in URI
 gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%eth0]? in URI
 gupnp-context-DEBUG: Failed to parse HOST header from request: Could not parse port ?:1? in URI
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add emulation of IP_MULTICAST_IF
Helge Deller [Sun, 19 Jan 2025 04:26:10 +0000 (05:26 +0100)]
linux-user: netlink: Add emulation of IP_MULTICAST_IF

Add IP_MULTICAST_IF and share the code with IP_ADD_MEMBERSHIP / IP_DROP_MEMBERSHIP.
Sharing the code makes sense, because the manpage of ip(7) says:

IP_MULTICAST_IF (since Linux 1.2)
      Set the local device for a multicast socket.  The argument
      for setsockopt(2) is an ip_mreqn or (since Linux 3.5)
      ip_mreq structure similar to IP_ADD_MEMBERSHIP, or an
      in_addr structure.  (The kernel determines which structure
      is being passed based on the size passed in optlen.)  For
      getsockopt(2), the argument is an in_addr structure.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add IP_PKTINFO cmsg parsing
Helge Deller [Sun, 19 Jan 2025 02:20:03 +0000 (03:20 +0100)]
linux-user: netlink: Add IP_PKTINFO cmsg parsing

Fixes those warnings:
 Unsupported host ancillary data: 0/8

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: Use unique error messages for cmsg parsing
Helge Deller [Fri, 29 Nov 2024 08:53:23 +0000 (09:53 +0100)]
linux-user: Use unique error messages for cmsg parsing

Avoid using the same error message for two different code paths
as it complicates determining the one which actually triggered.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()
Helge Deller [Mon, 20 Jan 2025 21:20:41 +0000 (22:20 +0100)]
linux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()

Fix this warning:
 Unknown host IFA type: 11

While adding IFA_PROTO, convert all IFA_XXX values over to QEMU_IFA_XXX values
to avoid a build failure on Ubuntu 22.04 (kernel v5.18 which does not know
IFA_PROTO yet).

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agotarget/loongarch: Dump all generic CSR registers
Bibo Mao [Thu, 16 Jan 2025 11:21:31 +0000 (19:21 +0800)]
target/loongarch: Dump all generic CSR registers

CSR registers is import system control registers, it had better
dump all CSR registers when VM is running in system mode.

Here is dump output example of CSR registers:
 CSR000: CRMD   b4               PRMD   4                EUEN   0                MISC   0
 CSR004: ECFG   71c1c            ESTAT  0                ERA    9000000002c31300 BADV   12022c0e0
 CSR008: BADI   2b0000
 CSR012: EENTRY 90000000046b0000
 CSR016: TLBIDX ffffffff8e000228 TLBEHI 120228000        TLBELO0 400000016f19001f TLBELO1 400000016f1a401f
 CSR024: ASID   a0004            PGDL   90000001016f0000 PGDH   9000000004680000 PGD    0
 CSR028: PWCL   5e56e            PWCH   2e4              STLBPS e                RVACFG 0
 CSR032: CPUID  0                PRCFG1 72f8             PRCFG2 3ffff000         PRCFG3 8073f2
 CSR048: SAVE0  0                SAVE1  af9c             SAVE2  12010d6a8        SAVE3  8300000
 CSR052: SAVE4  0                SAVE5  0                SAVE6  0                SAVE7  0
 CSR064: TID    0                TCFG   8f0ca15          TVAL   4cefd8b          CNTC   fffffffffe688aaa
 CSR068: TICLR  0
 CSR096: LLBCTL 1
 CSR136: TLBRENTRY 46ba000       TLBRBADV ffff8000130d81e2 TLBRERA 9000000003585cb8 TLBRSAVE ffff8000130d81e0
 CSR140: TLBRELO0 1fe00043       TLBRELO1 40             TLBREHI ffff8000130d800e TLBRPRMD 0
 CSR384: DMW0   8000000000000001 DMW1   9000000000000011 DMW2   0                DMW3   0

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Set unused flag with CSR registers
Bibo Mao [Thu, 16 Jan 2025 11:09:25 +0000 (19:09 +0800)]
target/loongarch: Set unused flag with CSR registers

On LA464, some CSR registers are not used such as CSR_SAVE8 -
CSR_SAVE15, also CSR registers relative with MCE is not used now.

Flag CSRFL_UNUSED is added for these registers, so that it will
not dumped. In order to keep compatiblity, these CSR registers are
not removed since it is used in vmstate already.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add common source file for CSR register
Bibo Mao [Thu, 16 Jan 2025 06:22:19 +0000 (14:22 +0800)]
target/loongarch: Add common source file for CSR register

Common source file csr.c is added here, it can be used by both
TCG mode and kvm mode. The common code is removed from file
tcg/insn_trans/trans_privileged.c.inc to csrc.c

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add common header file for CSR registers
Bibo Mao [Wed, 22 Jan 2025 07:21:01 +0000 (15:21 +0800)]
target/loongarch: Add common header file for CSR registers

Common header file csr.h is added here, it can be used by both
TCG mode and kvm mode.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add generic csr function type
Bibo Mao [Wed, 22 Jan 2025 07:13:41 +0000 (15:13 +0800)]
target/loongarch: Add generic csr function type

Parameter type TCGv and TCGv_ptr for function GenCSRRead and GenCSRWrite
is not used in non-TCG mode. Generic csr function type is added here
with parameter void type, so that it passes to compile with non-TCG mode.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Remove static CSR function setting
Bibo Mao [Mon, 13 Jan 2025 03:43:44 +0000 (11:43 +0800)]
target/loongarch: Remove static CSR function setting

Since CSR function setting is done dynamically in TCG mode, remove
static CSR function setting here.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add dynamic function access with CSR register
Bibo Mao [Mon, 13 Jan 2025 03:28:18 +0000 (11:28 +0800)]
target/loongarch: Add dynamic function access with CSR register

With CSR register, dynamic function access is used for CSR register
access in TCG mode, so that csr info can be used by other modules.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agorust: pl011: hide unnecessarily "pub" items from outside pl011::device
Paolo Bonzini [Thu, 14 Nov 2024 16:46:43 +0000 (17:46 +0100)]
rust: pl011: hide unnecessarily "pub" items from outside pl011::device

The only public interfaces for pl011 are TYPE_PL011 and pl011_create.
Remove pub from everything else.

Note: the "allow(dead_code)" is removed later.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: pl011: remove unnecessary "extern crate"
Paolo Bonzini [Tue, 12 Nov 2024 20:00:08 +0000 (21:00 +0100)]
rust: pl011: remove unnecessary "extern crate"

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: prefer NonNull::new to assertions
Paolo Bonzini [Thu, 23 Jan 2025 10:25:22 +0000 (11:25 +0100)]
rust: prefer NonNull::new to assertions

Do not use new_unchecked; the effect is the same, but the
code is easier to read and unsafe regions become smaller.
Likewise, NonNull::new can be used instead of assertion and
followed by as_ref() or as_mut() instead of dereferencing the
pointer.

Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: make order of parameters consistent in vmstate_clock
Paolo Bonzini [Tue, 7 Jan 2025 09:30:41 +0000 (10:30 +0100)]
rust: vmstate: make order of parameters consistent in vmstate_clock

Place struct_name before field_name, similar to offset_of.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: remove translation of C vmstate macros
Paolo Bonzini [Tue, 7 Jan 2025 09:29:27 +0000 (10:29 +0100)]
rust: vmstate: remove translation of C vmstate macros

Keep vmstate_clock!; because it uses a field of type VMStateDescription,
it cannot be converted to the VMState trait without access to the
const_refs_static feature.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: pl011: switch vmstate to new-style macros
Paolo Bonzini [Sun, 8 Dec 2024 11:19:05 +0000 (12:19 +0100)]
rust: pl011: switch vmstate to new-style macros

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: qemu_api: add vmstate_struct
Paolo Bonzini [Sat, 21 Dec 2024 15:28:29 +0000 (16:28 +0100)]
rust: qemu_api: add vmstate_struct

It is not type safe, but it's the best that can be done without
const_refs_static.  It can also be used with BqlCell and BqlRefCell.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: add public utility macros to implement VMState
Paolo Bonzini [Sat, 21 Dec 2024 12:42:41 +0000 (13:42 +0100)]
rust: vmstate: add public utility macros to implement VMState

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: implement VMState for scalar types
Paolo Bonzini [Sun, 29 Dec 2024 10:59:34 +0000 (11:59 +0100)]
rust: vmstate: implement VMState for scalar types

Scalar types are those that have their own VMStateInfo.  This poses
a problem in that references to VMStateInfo can only be included in
associated consts starting with Rust 1.83.0, when the const_refs_static
was stabilized.  Removing the requirement is done by placing a limited
list of VMStateInfos in an enum, and going from enum to &VMStateInfo
only when building the VMStateField.

The same thing cannot be done with VMS_STRUCT because the set of
VMStateDescriptions extends to structs defined by the devices.
Therefore, structs and cells cannot yet use vmstate_of!.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: implement Zeroable for VMStateField
Paolo Bonzini [Sun, 29 Dec 2024 11:15:36 +0000 (12:15 +0100)]
rust: vmstate: implement Zeroable for VMStateField

This shortens a bit the constants.  Do not bother using it
in the vmstate macros since most of them will go away soon.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: add varray support to vmstate_of!
Paolo Bonzini [Thu, 19 Dec 2024 17:05:23 +0000 (18:05 +0100)]
rust: vmstate: add varray support to vmstate_of!

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: implement VMState for non-leaf types
Paolo Bonzini [Sun, 29 Dec 2024 11:29:45 +0000 (12:29 +0100)]
rust: vmstate: implement VMState for non-leaf types

Arrays, pointers and cells use a VMStateField that is based on that
for the inner type.  The implementation therefore delegates to the
VMState implementation of the inner type.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust: vmstate: add new type safe implementation
Paolo Bonzini [Sun, 8 Dec 2024 11:16:56 +0000 (12:16 +0100)]
rust: vmstate: add new type safe implementation

The existing translation of the C macros for vmstate does not make
any attempt to type-check vmstate declarations against the struct, so
introduce a new system that computes VMStateField based on the actual
struct declaration.

Macros do not have full access to the type system, therefore a full
implementation of this scheme requires a helper trait to analyze the
type and produce a VMStateField from it; a macro "vmstate_of!" accepts
arguments similar to "offset_of!" and tricks the compiler into looking
up the trait for the right type.

The patch introduces not just vmstate_of!, but also the slightly too
clever enabling macro call_func_with_field!.  The particular trick used
here was proposed on the users.rust-lang.org forum, so I take no merit
and all the blame.

Introduce the trait and some functions to access it; the actual
implementation comes later.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agomemattrs: Check the size of MemTxAttrs
Zhao Liu [Tue, 21 Jan 2025 15:13:22 +0000 (23:13 +0800)]
memattrs: Check the size of MemTxAttrs

Make sure MemTxAttrs is packed into 8 bytes and does not exceed 8 bytes.

Suggested-by: Philippe Mathieu-Daudà <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250121151322.171832-3-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agomemattrs: Convert unspecified member to bool
Zhao Liu [Tue, 21 Jan 2025 15:13:21 +0000 (23:13 +0800)]
memattrs: Convert unspecified member to bool

Convert `unspecified` member of MemTxAttrs from bit field to bool, so
that bindgen could generate more ergonomic Rust binding with bool type.

As a result, MemTxAttrs needs to be expanded from 4 bytes to 8 bytes.

Therefore, move `unspecified` to after the bit fields and add reserved
members to ensure that the whole structure is packed into 8 bytes.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250121151322.171832-2-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 months agorust/pl011: Avoid bindings::*
Zhao Liu [Tue, 21 Jan 2025 14:04:57 +0000 (22:04 +0800)]
rust/pl011: Avoid bindings::*

List all the necessary bindings to better identify gaps in rust/qapi.
And include the bindings wrapped by rust/qapi instead mapping the raw
bindings directly.

Inspired-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250121140457.84631-3-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>