diff options
49 files changed, 2355 insertions, 845 deletions
diff --git a/Makefile.objs b/Makefile.objs index 24a4ea08b8..d9cf7ad791 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -70,6 +70,8 @@ common-obj-y += backends/ common-obj-y += chardev/ common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o +qemu-seccomp.o-cflags := $(SECCOMP_CFLAGS) +qemu-seccomp.o-libs := $(SECCOMP_LIBS) common-obj-$(CONFIG_FDT) += device_tree.o diff --git a/configure b/configure index 9ee4559b54..94db2d103e 100755 --- a/configure +++ b/configure @@ -2035,8 +2035,8 @@ if test "$seccomp" != "no" ; then if test "$libseccomp_minver" != "" && $pkg_config --atleast-version=$libseccomp_minver libseccomp ; then - libs_softmmu="$libs_softmmu $($pkg_config --libs libseccomp)" - QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags libseccomp)" + seccomp_cflags="$($pkg_config --cflags libseccomp)" + seccomp_libs="$($pkg_config --libs libseccomp)" seccomp="yes" else if test "$seccomp" = "yes" ; then @@ -5829,6 +5829,8 @@ fi if test "$seccomp" = "yes"; then echo "CONFIG_SECCOMP=y" >> $config_host_mak + echo "SECCOMP_CFLAGS=$seccomp_cflags" >> $config_host_mak + echo "SECCOMP_LIBS=$seccomp_libs" >> $config_host_mak fi # XXX: suppress that diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak index d4d44eb66b..a3972c55fe 100644 --- a/default-configs/ppc-softmmu.mak +++ b/default-configs/ppc-softmmu.mak @@ -18,6 +18,7 @@ CONFIG_PREP_PCI=y CONFIG_I82378=y CONFIG_PC87312=y CONFIG_MACIO=y +CONFIG_SUNGEM=y CONFIG_PCSPK=y CONFIG_CS4231A=y CONFIG_CUDA=y diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs index a2e56ecaae..5ee6f7da5b 100644 --- a/hw/arm/Makefile.objs +++ b/hw/arm/Makefile.objs @@ -13,7 +13,7 @@ obj-y += omap1.o omap2.o strongarm.o obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o -obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o +obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-zcu102.o obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c index abb0ab6d71..769cff872c 100644 --- a/hw/arm/mps2.c +++ b/hw/arm/mps2.c @@ -287,8 +287,8 @@ static void mps2_common_init(MachineState *machine) cmsdk_apb_uart_create(uartbase[i], qdev_get_gpio_in(txrx_orgate_dev, 0), qdev_get_gpio_in(txrx_orgate_dev, 1), - qdev_get_gpio_in(orgate_dev, 0), - qdev_get_gpio_in(orgate_dev, 1), + qdev_get_gpio_in(orgate_dev, i * 2), + qdev_get_gpio_in(orgate_dev, i * 2 + 1), NULL, uartchr, SYSCLK_FRQ); } diff --git a/hw/arm/virt.c b/hw/arm/virt.c index fe96557997..cfd834d0cc 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1057,6 +1057,7 @@ static void create_pcie(const VirtMachineState *vms, qemu_irq *pic) for (i = 0; i < GPEX_NUM_IRQS; i++) { sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]); + gpex_set_irq_num(GPEX_HOST(dev), i, irq + i); } pci = PCI_HOST_BRIDGE(dev); diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c deleted file mode 100644 index c339cd495c..0000000000 --- a/hw/arm/xlnx-ep108.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Xilinx ZynqMP EP108 board - * - * Copyright (C) 2015 Xilinx Inc - * Written by Peter Crosthwaite <peter.crosthwaite@xilinx.com> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "qemu/osdep.h" -#include "qapi/error.h" -#include "qemu-common.h" -#include "cpu.h" -#include "hw/arm/xlnx-zynqmp.h" -#include "hw/boards.h" -#include "qemu/error-report.h" -#include "exec/address-spaces.h" -#include "qemu/log.h" - -typedef struct XlnxEP108 { - XlnxZynqMPState soc; - MemoryRegion ddr_ram; -} XlnxEP108; - -static struct arm_boot_info xlnx_ep108_binfo; - -static void xlnx_ep108_init(MachineState *machine) -{ - XlnxEP108 *s = g_new0(XlnxEP108, 1); - int i; - uint64_t ram_size = machine->ram_size; - - /* Create the memory region to pass to the SoC */ - if (ram_size > XLNX_ZYNQMP_MAX_RAM_SIZE) { - error_report("ERROR: RAM size 0x%" PRIx64 " above max supported of " - "0x%llx", ram_size, - XLNX_ZYNQMP_MAX_RAM_SIZE); - exit(1); - } - - if (ram_size < 0x08000000) { - qemu_log("WARNING: RAM size 0x%" PRIx64 " is small for EP108", - ram_size); - } - - memory_region_allocate_system_memory(&s->ddr_ram, NULL, "ddr-ram", - ram_size); - - object_initialize(&s->soc, sizeof(s->soc), TYPE_XLNX_ZYNQMP); - object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), - &error_abort); - - object_property_set_link(OBJECT(&s->soc), OBJECT(&s->ddr_ram), - "ddr-ram", &error_abort); - - object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_fatal); - - /* Create and plug in the SD cards */ - for (i = 0; i < XLNX_ZYNQMP_NUM_SDHCI; i++) { - BusState *bus; - DriveInfo *di = drive_get_next(IF_SD); - BlockBackend *blk = di ? blk_by_legacy_dinfo(di) : NULL; - DeviceState *carddev; - char *bus_name; - - bus_name = g_strdup_printf("sd-bus%d", i); - bus = qdev_get_child_bus(DEVICE(&s->soc), bus_name); - g_free(bus_name); - if (!bus) { - error_report("No SD bus found for SD card %d", i); - exit(1); - } - carddev = qdev_create(bus, TYPE_SD_CARD); - qdev_prop_set_drive(carddev, "drive", blk, &error_fatal); - object_property_set_bool(OBJECT(carddev), true, "realized", - &error_fatal); - } - - for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) { - SSIBus *spi_bus; - DeviceState *flash_dev; - qemu_irq cs_line; - DriveInfo *dinfo = drive_get_next(IF_MTD); - gchar *bus_name = g_strdup_printf("spi%d", i); - - spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc), bus_name); - g_free(bus_name); - - flash_dev = ssi_create_slave_no_init(spi_bus, "sst25wf080"); - if (dinfo) { - qdev_prop_set_drive(flash_dev, "drive", blk_by_legacy_dinfo(dinfo), - &error_fatal); - } - qdev_init_nofail(flash_dev); - - cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0); - - sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line); - } - - /* TODO create and connect IDE devices for ide_drive_get() */ - - xlnx_ep108_binfo.ram_size = ram_size; - xlnx_ep108_binfo.kernel_filename = machine->kernel_filename; - xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline; - xlnx_ep108_binfo.initrd_filename = machine->initrd_filename; - xlnx_ep108_binfo.loader_start = 0; - arm_load_kernel(s->soc.boot_cpu_ptr, &xlnx_ep108_binfo); -} - -static void xlnx_ep108_machine_init(MachineClass *mc) -{ - mc->desc = "Xilinx ZynqMP EP108 board"; - mc->init = xlnx_ep108_init; - mc->block_default_type = IF_IDE; - mc->units_per_default_bus = 1; - mc->ignore_memory_transaction_failures = true; -} - -DEFINE_MACHINE("xlnx-ep108", xlnx_ep108_machine_init) - -static void xlnx_zcu102_machine_init(MachineClass *mc) -{ - mc->desc = "Xilinx ZynqMP ZCU102 board"; - mc->init = xlnx_ep108_init; - mc->block_default_type = IF_IDE; - mc->units_per_default_bus = 1; - mc->ignore_memory_transaction_failures = true; -} - -DEFINE_MACHINE("xlnx-zcu102", xlnx_zcu102_machine_init) diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c new file mode 100644 index 0000000000..519a16ed98 --- /dev/null +++ b/hw/arm/xlnx-zcu102.c @@ -0,0 +1,259 @@ +/* + * Xilinx ZynqMP ZCU102 board + * + * Copyright (C) 2015 Xilinx Inc + * Written by Peter Crosthwaite <peter.crosthwaite@xilinx.com> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "cpu.h" +#include "hw/arm/xlnx-zynqmp.h" +#include "hw/boards.h" +#include "qemu/error-report.h" +#include "exec/address-spaces.h" +#include "qemu/log.h" + +typedef struct XlnxZCU102 { + MachineState parent_obj; + + XlnxZynqMPState soc; + MemoryRegion ddr_ram; + + bool secure; + bool virt; +} XlnxZCU102; + +#define TYPE_ZCU102_MACHINE MACHINE_TYPE_NAME("xlnx-zcu102") +#define ZCU102_MACHINE(obj) \ + OBJECT_CHECK(XlnxZCU102, (obj), TYPE_ZCU102_MACHINE) + +#define TYPE_EP108_MACHINE MACHINE_TYPE_NAME("xlnx-ep108") +#define EP108_MACHINE(obj) \ + OBJECT_CHECK(XlnxZCU102, (obj), TYPE_EP108_MACHINE) + +static struct arm_boot_info xlnx_zcu102_binfo; + +static bool zcu102_get_secure(Object *obj, Error **errp) +{ + XlnxZCU102 *s = ZCU102_MACHINE(obj); + + return s->secure; +} + +static void zcu102_set_secure(Object *obj, bool value, Error **errp) +{ + XlnxZCU102 *s = ZCU102_MACHINE(obj); + + s->secure = value; +} + +static bool zcu102_get_virt(Object *obj, Error **errp) +{ + XlnxZCU102 *s = ZCU102_MACHINE(obj); + + return s->virt; +} + +static void zcu102_set_virt(Object *obj, bool value, Error **errp) +{ + XlnxZCU102 *s = ZCU102_MACHINE(obj); + + s->virt = value; +} + +static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState *machine) +{ + int i; + uint64_t ram_size = machine->ram_size; + + /* Create the memory region to pass to the SoC */ + if (ram_size > XLNX_ZYNQMP_MAX_RAM_SIZE) { + error_report("ERROR: RAM size 0x%" PRIx64 " above max supported of " + "0x%llx", ram_size, + XLNX_ZYNQMP_MAX_RAM_SIZE); + exit(1); + } + + if (ram_size < 0x08000000) { + qemu_log("WARNING: RAM size 0x%" PRIx64 " is small for ZCU102", + ram_size); + } + + memory_region_allocate_system_memory(&s->ddr_ram, NULL, "ddr-ram", + ram_size); + + object_initialize(&s->soc, sizeof(s->soc), TYPE_XLNX_ZYNQMP); + object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), + &error_abort); + + object_property_set_link(OBJECT(&s->soc), OBJECT(&s->ddr_ram), + "ddr-ram", &error_abort); + object_property_set_bool(OBJECT(&s->soc), s->secure, "secure", + &error_fatal); + object_property_set_bool(OBJECT(&s->soc), s->virt, "virtualization", + &error_fatal); + + object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_fatal); + + /* Create and plug in the SD cards */ + for (i = 0; i < XLNX_ZYNQMP_NUM_SDHCI; i++) { + BusState *bus; + DriveInfo *di = drive_get_next(IF_SD); + BlockBackend *blk = di ? blk_by_legacy_dinfo(di) : NULL; + DeviceState *carddev; + char *bus_name; + + bus_name = g_strdup_printf("sd-bus%d", i); + bus = qdev_get_child_bus(DEVICE(&s->soc), bus_name); + g_free(bus_name); + if (!bus) { + error_report("No SD bus found for SD card %d", i); + exit(1); + } + carddev = qdev_create(bus, TYPE_SD_CARD); + qdev_prop_set_drive(carddev, "drive", blk, &error_fatal); + object_property_set_bool(OBJECT(carddev), true, "realized", + &error_fatal); + } + + for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) { + SSIBus *spi_bus; + DeviceState *flash_dev; + qemu_irq cs_line; + DriveInfo *dinfo = drive_get_next(IF_MTD); + gchar *bus_name = g_strdup_printf("spi%d", i); + + spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc), bus_name); + g_free(bus_name); + + flash_dev = ssi_create_slave_no_init(spi_bus, "sst25wf080"); + if (dinfo) { + qdev_prop_set_drive(flash_dev, "drive", blk_by_legacy_dinfo(dinfo), + &error_fatal); + } + qdev_init_nofail(flash_dev); + + cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0); + + sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line); + } + + /* TODO create and connect IDE devices for ide_drive_get() */ + + xlnx_zcu102_binfo.ram_size = ram_size; + xlnx_zcu102_binfo.kernel_filename = machine->kernel_filename; + xlnx_zcu102_binfo.kernel_cmdline = machine->kernel_cmdline; + xlnx_zcu102_binfo.initrd_filename = machine->initrd_filename; + xlnx_zcu102_binfo.loader_start = 0; + arm_load_kernel(s->soc.boot_cpu_ptr, &xlnx_zcu102_binfo); +} + +static void xlnx_ep108_init(MachineState *machine) +{ + XlnxZCU102 *s = EP108_MACHINE(machine); + + xlnx_zynqmp_init(s, machine); +} + +static void xlnx_ep108_machine_instance_init(Object *obj) +{ + XlnxZCU102 *s = EP108_MACHINE(obj); + + /* EP108, we don't support setting secure or virt */ + s->secure = false; + s->virt = false; +} + +static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + + mc->desc = "Xilinx ZynqMP EP108 board (Deprecated, please use xlnx-zcu102)"; + mc->init = xlnx_ep108_init; + mc->block_default_type = IF_IDE; + mc->units_per_default_bus = 1; + mc->ignore_memory_transaction_failures = true; +} + +static const TypeInfo xlnx_ep108_machine_init_typeinfo = { + .name = MACHINE_TYPE_NAME("xlnx-ep108"), + .parent = TYPE_MACHINE, + .class_init = xlnx_ep108_machine_class_init, + .instance_init = xlnx_ep108_machine_instance_init, + .instance_size = sizeof(XlnxZCU102), +}; + +static void xlnx_ep108_machine_init_register_types(void) +{ + type_register_static(&xlnx_ep108_machine_init_typeinfo); +} + +static void xlnx_zcu102_init(MachineState *machine) +{ + XlnxZCU102 *s = ZCU102_MACHINE(machine); + + xlnx_zynqmp_init(s, machine); +} + +static void xlnx_zcu102_machine_instance_init(Object *obj) +{ + XlnxZCU102 *s = ZCU102_MACHINE(obj); + + /* Default to secure mode being disabled */ + s->secure = false; + object_property_add_bool(obj, "secure", zcu102_get_secure, + zcu102_set_secure, NULL); + object_property_set_description(obj, "secure", + "Set on/off to enable/disable the ARM " + "Security Extensions (TrustZone)", + NULL); + + /* Default to virt (EL2) being disabled */ + s->virt = false; + object_property_add_bool(obj, "virtualization", zcu102_get_virt, + zcu102_set_virt, NULL); + object_property_set_description(obj, "virtualization", + "Set on/off to enable/disable emulating a " + "guest CPU which implements the ARM " + "Virtualization Extensions", + NULL); +} + +static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + + mc->desc = "Xilinx ZynqMP ZCU102 board"; + mc->init = xlnx_zcu102_init; + mc->block_default_type = IF_IDE; + mc->units_per_default_bus = 1; + mc->ignore_memory_transaction_failures = true; +} + +static const TypeInfo xlnx_zcu102_machine_init_typeinfo = { + .name = MACHINE_TYPE_NAME("xlnx-zcu102"), + .parent = TYPE_MACHINE, + .class_init = xlnx_zcu102_machine_class_init, + .instance_init = xlnx_zcu102_machine_instance_init, + .instance_size = sizeof(XlnxZCU102), +}; + +static void xlnx_zcu102_machine_init_register_types(void) +{ + type_register_static(&xlnx_zcu102_machine_init_typeinfo); +} + +type_init(xlnx_zcu102_machine_init_register_types) +type_init(xlnx_ep108_machine_init_register_types) diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c index 22c2a33719..2b27daf51d 100644 --- a/hw/arm/xlnx-zynqmp.c +++ b/hw/arm/xlnx-zynqmp.c @@ -255,7 +255,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) object_property_set_bool(OBJECT(&s->apu_cpu[i]), s->secure, "has_el3", NULL); object_property_set_bool(OBJECT(&s->apu_cpu[i]), - false, "has_el2", NULL); + s->virt, "has_el2", NULL); object_property_set_int(OBJECT(&s->apu_cpu[i]), GIC_BASE_ADDR, "reset-cbar", &error_abort); object_property_set_bool(OBJECT(&s->apu_cpu[i]), true, "realized", @@ -427,6 +427,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) static Property xlnx_zynqmp_props[] = { DEFINE_PROP_STRING("boot-cpu", XlnxZynqMPState, boot_cpu), DEFINE_PROP_BOOL("secure", XlnxZynqMPState, secure, false), + DEFINE_PROP_BOOL("virtualization", XlnxZynqMPState, virt, false), DEFINE_PROP_BOOL("has_rpu", XlnxZynqMPState, has_rpu, false), DEFINE_PROP_LINK("ddr-ram", XlnxZynqMPState, ddr_ram, TYPE_MEMORY_REGION, MemoryRegion *), diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 1fecfd6377..d3e20561c7 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -152,8 +152,12 @@ static void nvic_recompute_state(NVICState *s) } } + if (active_prio > 0) { + active_prio &= nvic_gprio_mask(s); + } + s->vectpending = pend_irq; - s->exception_prio = active_prio & nvic_gprio_mask(s); + s->exception_prio = active_prio; trace_nvic_recompute_state(s->vectpending, s->exception_prio); } @@ -329,7 +333,10 @@ void armv7m_nvic_acknowledge_irq(void *opaque) assert(vec->enabled); assert(vec->pending); - pendgroupprio = vec->prio & nvic_gprio_mask(s); + pendgroupprio = vec->prio; + if (pendgroupprio > 0) { + pendgroupprio &= nvic_gprio_mask(s); + } assert(pendgroupprio < running); trace_nvic_acknowledge_irq(pending, vec->prio); diff --git a/hw/intc/xics.c b/hw/intc/xics.c index a84ba51ad8..80c33be02e 100644 --- a/hw/intc/xics.c +++ b/hw/intc/xics.c @@ -306,8 +306,8 @@ static void icp_realize(DeviceState *dev, Error **errp) obj = object_property_get_link(OBJECT(dev), ICP_PROP_XICS, &err); if (!obj) { - error_setg(errp, "%s: required link '" ICP_PROP_XICS "' not found: %s", - __func__, error_get_pretty(err)); + error_propagate(errp, err); + error_prepend(errp, "required link '" ICP_PROP_XICS "' not found: "); return; } @@ -315,8 +315,8 @@ static void icp_realize(DeviceState *dev, Error **errp) obj = object_property_get_link(OBJECT(dev), ICP_PROP_CPU, &err); if (!obj) { - error_setg(errp, "%s: required link '" ICP_PROP_CPU "' not found: %s", - __func__, error_get_pretty(err)); + error_propagate(errp, err); + error_prepend(errp, "required link '" ICP_PROP_CPU "' not found: "); return; } @@ -641,8 +641,8 @@ static void ics_base_realize(DeviceState *dev, Error **errp) obj = object_property_get_link(OBJECT(dev), ICS_PROP_XICS, &err); if (!obj) { - error_setg(errp, "%s: required link '" ICS_PROP_XICS "' not found: %s", - __func__, error_get_pretty(err)); + error_propagate(errp, err); + error_prepend(errp, "required link '" ICS_PROP_XICS "' not found: "); return; } ics->xics = XICS_FABRIC(obj); diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs index 5ddaffe63a..7e87d0176b 100644 --- a/hw/net/Makefile.objs +++ b/hw/net/Makefile.objs @@ -27,6 +27,7 @@ common-obj-$(CONFIG_CADENCE) += cadence_gem.o common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o common-obj-$(CONFIG_LANCE) += lance.o common-obj-$(CONFIG_FTGMAC100) += ftgmac100.o +common-obj-$(CONFIG_SUNGEM) += sungem.o obj-$(CONFIG_ETRAXFS) += etraxfs_eth.o obj-$(CONFIG_COLDFIRE) += mcf_fec.o diff --git a/hw/net/sungem.c b/hw/net/sungem.c new file mode 100644 index 0000000000..dffa0c90f3 --- /dev/null +++ b/hw/net/sungem.c @@ -0,0 +1,1447 @@ +/* + * QEMU model of SUN GEM ethernet controller + * + * As found in Apple ASICs among others + * + * Copyright 2016 Ben Herrenschmidt + * Copyright 2017 Mark Cave-Ayland + */ + +#include "qemu/osdep.h" +#include "hw/pci/pci.h" +#include "qemu/log.h" +#include "net/net.h" +#include "net/checksum.h" +#include "hw/net/mii.h" +#include "sysemu/sysemu.h" +#include "trace.h" +/* For crc32 */ +#include <zlib.h> + +#define TYPE_SUNGEM "sungem" + +#define SUNGEM(obj) OBJECT_CHECK(SunGEMState, (obj), TYPE_SUNGEM) + +#define MAX_PACKET_SIZE 9016 + +#define SUNGEM_MMIO_SIZE 0x200000 + +/* Global registers */ +#define SUNGEM_MMIO_GREG_SIZE 0x2000 + +#define GREG_SEBSTATE 0x0000UL /* SEB State Register */ + +#define GREG_STAT 0x000CUL /* Status Register */ +#define GREG_STAT_TXINTME 0x00000001 /* TX INTME frame transferred */ +#define GREG_STAT_TXALL 0x00000002 /* All TX frames transferred */ +#define GREG_STAT_TXDONE 0x00000004 /* One TX frame transferred */ +#define GREG_STAT_RXDONE 0x00000010 /* One RX frame arrived */ +#define GREG_STAT_RXNOBUF 0x00000020 /* No free RX buffers available */ +#define GREG_STAT_RXTAGERR 0x00000040 /* RX tag framing is corrupt */ +#define GREG_STAT_TXMAC 0x00004000 /* TX MAC signalled interrupt */ +#define GREG_STAT_RXMAC 0x00008000 /* RX MAC signalled interrupt */ +#define GREG_STAT_MAC 0x00010000 /* MAC Control signalled irq */ +#define GREG_STAT_TXNR 0xfff80000 /* == TXDMA_TXDONE reg val */ +#define GREG_STAT_TXNR_SHIFT 19 + +/* These interrupts are edge latches in the status register, + * reading it (or writing the corresponding bit in IACK) will + * clear them + */ +#define GREG_STAT_LATCH (GREG_STAT_TXALL | GREG_STAT_TXINTME | \ + GREG_STAT_RXDONE | GREG_STAT_RXDONE | \ + GREG_STAT_RXNOBUF | GREG_STAT_RXTAGERR) + +#define GREG_IMASK 0x0010UL /* Interrupt Mask Register */ +#define GREG_IACK 0x0014UL /* Interrupt ACK Register */ +#define GREG_STAT2 0x001CUL /* Alias of GREG_STAT */ +#define GREG_PCIESTAT 0x1000UL /* PCI Error Status Register */ +#define GREG_PCIEMASK 0x1004UL /* PCI Error Mask Register */ + +#define GREG_SWRST 0x1010UL /* Software Reset Register */ +#define GREG_SWRST_TXRST 0x00000001 /* TX Software Reset */ +#define GREG_SWRST_RXRST 0x00000002 /* RX Software Reset */ +#define GREG_SWRST_RSTOUT 0x00000004 /* Force RST# pin active */ + +/* TX DMA Registers */ +#define SUNGEM_MMIO_TXDMA_SIZE 0x1000 + +#define TXDMA_KICK 0x0000UL /* TX Kick Register */ + +#define TXDMA_CFG 0x0004UL /* TX Configuration Register */ +#define TXDMA_CFG_ENABLE 0x00000001 /* Enable TX DMA channel */ +#define TXDMA_CFG_RINGSZ 0x0000001e /* TX descriptor ring size */ + +#define TXDMA_DBLOW 0x0008UL /* TX Desc. Base Low */ +#define TXDMA_DBHI 0x000CUL /* TX Desc. Base High */ +#define TXDMA_PCNT 0x0024UL /* TX FIFO Packet Counter */ +#define TXDMA_SMACHINE 0x0028UL /* TX State Machine Register */ +#define TXDMA_DPLOW 0x0030UL /* TX Data Pointer Low */ +#define TXDMA_DPHI 0x0034UL /* TX Data Pointer High */ +#define TXDMA_TXDONE 0x0100UL /* TX Completion Register */ +#define TXDMA_FTAG 0x0108UL /* TX FIFO Tag */ +#define TXDMA_FSZ 0x0118UL /* TX FIFO Size */ + +/* Receive DMA Registers */ +#define SUNGEM_MMIO_RXDMA_SIZE 0x2000 + +#define RXDMA_CFG 0x0000UL /* RX Configuration Register */ +#define RXDMA_CFG_ENABLE 0x00000001 /* Enable RX DMA channel */ +#define RXDMA_CFG_RINGSZ 0x0000001e /* RX descriptor ring size */ +#define RXDMA_CFG_FBOFF 0x00001c00 /* Offset of first data byte */ +#define RXDMA_CFG_CSUMOFF 0x000fe000 /* Skip bytes before csum calc */ + +#define RXDMA_DBLOW 0x0004UL /* RX Descriptor Base Low */ +#define RXDMA_DBHI 0x0008UL /* RX Descriptor Base High */ +#define RXDMA_PCNT 0x0018UL /* RX FIFO Packet Counter */ +#define RXDMA_SMACHINE 0x001CUL /* RX State Machine Register */ +#define RXDMA_PTHRESH 0x0020UL /* Pause Thresholds */ +#define RXDMA_DPLOW 0x0024UL /* RX Data Pointer Low */ +#define RXDMA_DPHI 0x0028UL /* RX Data Pointer High */ +#define RXDMA_KICK 0x0100UL /* RX Kick Register */ +#define RXDMA_DONE 0x0104UL /* RX Completion Register */ +#define RXDMA_BLANK 0x0108UL /* RX Blanking Register */ +#define RXDMA_FTAG 0x0110UL /* RX FIFO Tag */ +#define RXDMA_FSZ 0x0120UL /* RX FIFO Size */ + +/* MAC Registers */ +#define SUNGEM_MMIO_MAC_SIZE 0x200 + +#define MAC_TXRST 0x0000UL /* TX MAC Software Reset Command */ +#define MAC_RXRST 0x0004UL /* RX MAC Software Reset Command */ +#define MAC_TXSTAT 0x0010UL /* TX MAC Status Register */ +#define MAC_RXSTAT 0x0014UL /* RX MAC Status Register */ + +#define MAC_CSTAT 0x0018UL /* MAC Control Status Register */ +#define MAC_CSTAT_PTR 0xffff0000 /* Pause Time Received */ + +#define MAC_TXMASK 0x0020UL /* TX MAC Mask Register */ +#define MAC_RXMASK 0x0024UL /* RX MAC Mask Register */ +#define MAC_MCMASK 0x0028UL /* MAC Control Mask Register */ + +#define MAC_TXCFG 0x0030UL /* TX MAC Configuration Register */ +#define MAC_TXCFG_ENAB 0x00000001 /* TX MAC Enable */ + +#define MAC_RXCFG 0x0034UL /* RX MAC Configuration Register */ +#define MAC_RXCFG_ENAB 0x00000001 /* RX MAC Enable */ +#define MAC_RXCFG_SFCS 0x00000004 /* Strip FCS */ +#define MAC_RXCFG_PROM 0x00000008 /* Promiscuous Mode */ +#define MAC_RXCFG_PGRP 0x00000010 /* Promiscuous Group */ +#define MAC_RXCFG_HFE 0x00000020 /* Hash Filter Enable */ + +#define MAC_XIFCFG 0x003CUL /* XIF Configuration Register */ +#define MAC_XIFCFG_LBCK 0x00000002 /* Loopback TX to RX */ + +#define MAC_MINFSZ 0x0050UL /* MinFrameSize Register */ +#define MAC_MAXFSZ 0x0054UL /* MaxFrameSize Register */ +#define MAC_ADDR0 0x0080UL /* MAC Address 0 Register */ +#define MAC_ADDR1 0x0084UL /* MAC Address 1 Register */ +#define MAC_ADDR2 0x0088UL /* MAC Address 2 Register */ +#define MAC_ADDR3 0x008CUL /* MAC Address 3 Register */ +#define MAC_ADDR4 0x0090UL /* MAC Address 4 Register */ +#define MAC_ADDR5 0x0094UL /* MAC Address 5 Register */ +#define MAC_HASH0 0x00C0UL /* Hash Table 0 Register */ +#define MAC_PATMPS 0x0114UL /* Peak Attempts Register */ +#define MAC_SMACHINE 0x0134UL /* State Machine Register */ + +/* MIF Registers */ +#define SUNGEM_MMIO_MIF_SIZE 0x20 + +#define MIF_FRAME 0x000CUL /* MIF Frame/Output Register */ +#define MIF_FRAME_OP 0x30000000 /* OPcode */ +#define MIF_FRAME_PHYAD 0x0f800000 /* PHY ADdress */ +#define MIF_FRAME_REGAD 0x007c0000 /* REGister ADdress */ +#define MIF_FRAME_TALSB 0x00010000 /* Turn Around LSB */ +#define MIF_FRAME_DATA 0x0000ffff /* Instruction Payload */ + +#define MIF_CFG 0x0010UL /* MIF Configuration Register */ +#define MIF_CFG_MDI0 0x00000100 /* MDIO_0 present or read-bit */ +#define MIF_CFG_MDI1 0x00000200 /* MDIO_1 present or read-bit */ + +#define MIF_STATUS 0x0018UL /* MIF Status Register */ +#define MIF_SMACHINE 0x001CUL /* MIF State Machine Register */ + +/* PCS/Serialink Registers */ +#define SUNGEM_MMIO_PCS_SIZE 0x60 +#define PCS_MIISTAT 0x0004UL /* PCS MII Status Register */ +#define PCS_ISTAT 0x0018UL /* PCS Interrupt Status Reg */ +#define PCS_SSTATE 0x005CUL /* Serialink State Register */ + +/* Descriptors */ +struct gem_txd { + uint64_t control_word; + uint64_t buffer; +}; + +#define TXDCTRL_BUFSZ 0x0000000000007fffULL /* Buffer Size */ +#define TXDCTRL_CSTART 0x00000000001f8000ULL /* CSUM Start Offset */ +#define TXDCTRL_COFF 0x000000001fe00000ULL /* CSUM Stuff Offset */ +#define TXDCTRL_CENAB 0x0000000020000000ULL /* CSUM Enable */ +#define TXDCTRL_EOF 0x0000000040000000ULL /* End of Frame */ +#define TXDCTRL_SOF 0x0000000080000000ULL /* Start of Frame */ +#define TXDCTRL_INTME 0x0000000100000000ULL /* "Interrupt Me" */ + +struct gem_rxd { + uint64_t status_word; + uint64_t buffer; +}; + +#define RXDCTRL_HPASS 0x1000000000000000ULL /* Passed Hash Filter */ +#define RXDCTRL_ALTMAC 0x2000000000000000ULL /* Matched ALT MAC */ + + +typedef struct { + PCIDevice pdev; + + MemoryRegion sungem; + MemoryRegion greg; + MemoryRegion txdma; + MemoryRegion rxdma; + MemoryRegion mac; + MemoryRegion mif; + MemoryRegion pcs; + NICState *nic; + NICConf conf; + uint32_t phy_addr; + + uint32_t gregs[SUNGEM_MMIO_GREG_SIZE >> 2]; + uint32_t txdmaregs[SUNGEM_MMIO_TXDMA_SIZE >> 2]; + uint32_t rxdmaregs[SUNGEM_MMIO_RXDMA_SIZE >> 2]; + uint32_t macregs[SUNGEM_MMIO_MAC_SIZE >> 2]; + uint32_t mifregs[SUNGEM_MMIO_MIF_SIZE >> 2]; + uint32_t pcsregs[SUNGEM_MMIO_PCS_SIZE >> 2]; + + /* Cache some useful things */ + uint32_t rx_mask; + uint32_t tx_mask; + + /* Current tx packet */ + uint8_t tx_data[MAX_PACKET_SIZE]; + uint32_t tx_size; + uint64_t tx_first_ctl; +} SunGEMState; + + +static void sungem_eval_irq(SunGEMState *s) +{ + uint32_t stat, mask; + + mask = s->gregs[GREG_IMASK >> 2]; + stat = s->gregs[GREG_STAT >> 2] & ~GREG_STAT_TXNR; + if (stat & ~mask) { + pci_set_irq(PCI_DEVICE(s), 1); + } else { + pci_set_irq(PCI_DEVICE(s), 0); + } +} + +static void sungem_update_status(SunGEMState *s, uint32_t bits, bool val) +{ + uint32_t stat; + + stat = s->gregs[GREG_STAT >> 2]; + if (val) { + stat |= bits; + } else { + stat &= ~bits; + } + s->gregs[GREG_STAT >> 2] = stat; + sungem_eval_irq(s); +} + +static void sungem_eval_cascade_irq(SunGEMState *s) +{ + uint32_t stat, mask; + + mask = s->macregs[MAC_TXSTAT >> 2]; + stat = s->macregs[MAC_TXMASK >> 2]; + if (stat & ~mask) { + sungem_update_status(s, GREG_STAT_TXMAC, true); + } else { + sungem_update_status(s, GREG_STAT_TXMAC, false); + } + + mask = s->macregs[MAC_RXSTAT >> 2]; + stat = s->macregs[MAC_RXMASK >> 2]; + if (stat & ~mask) { + sungem_update_status(s, GREG_STAT_RXMAC, true); + } else { + sungem_update_status(s, GREG_STAT_RXMAC, false); + } + + mask = s->macregs[MAC_CSTAT >> 2]; + stat = s->macregs[MAC_MCMASK >> 2] & ~MAC_CSTAT_PTR; + if (stat & ~mask) { + sungem_update_status(s, GREG_STAT_MAC, true); + } else { + sungem_update_status(s, GREG_STAT_MAC, false); + } +} + +static void sungem_do_tx_csum(SunGEMState *s) +{ + uint16_t start, off; + uint32_t csum; + + start = (s->tx_first_ctl & TXDCTRL_CSTART) >> 15; + off = (s->tx_first_ctl & TXDCTRL_COFF) >> 21; + + trace_sungem_tx_checksum(start, off); + + if (start > (s->tx_size - 2) || off > (s->tx_size - 2)) { + trace_sungem_tx_checksum_oob(); + return; + } + + csum = net_raw_checksum(s->tx_data + start, s->tx_size - start); + stw_be_p(s->tx_data + off, csum); +} + +static void sungem_send_packet(SunGEMState *s, const uint8_t *buf, + int size) +{ + NetClientState *nc = qemu_get_queue(s->nic); + + if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) { + nc->info->receive(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } +} + +static void sungem_process_tx_desc(SunGEMState *s, struct gem_txd *desc) +{ + PCIDevice *d = PCI_DEVICE(s); + uint32_t len; + + /* If it's a start of frame, discard anything we had in the + * buffer and start again. This should be an error condition + * if we had something ... for now we ignore it + */ + if (desc->control_word & TXDCTRL_SOF) { + if (s->tx_first_ctl) { + trace_sungem_tx_unfinished(); + } + s->tx_size = 0; + s->tx_first_ctl = desc->control_word; + } + + /* Grab data size */ + len = desc->control_word & TXDCTRL_BUFSZ; + + /* Clamp it to our max size */ + if ((s->tx_size + len) > MAX_PACKET_SIZE) { + trace_sungem_tx_overflow(); + len = MAX_PACKET_SIZE - s->tx_size; + } + + /* Read the data */ + pci_dma_read(d, desc->buffer, &s->tx_data[s->tx_size], len); + s->tx_size += len; + + /* If end of frame, send packet */ + if (desc->control_word & TXDCTRL_EOF) { + trace_sungem_tx_finished(s->tx_size); + + /* Handle csum */ + if (s->tx_first_ctl & TXDCTRL_CENAB) { + sungem_do_tx_csum(s); + } + + /* Send it */ + sungem_send_packet(s, s->tx_data, s->tx_size); + + /* No more pending packet */ + s->tx_size = 0; + s->tx_first_ctl = 0; + } +} + +static void sungem_tx_kick(SunGEMState *s) +{ + PCIDevice *d = PCI_DEVICE(s); + uint32_t comp, kick; + uint32_t txdma_cfg, txmac_cfg, ints; + uint64_t dbase; + + trace_sungem_tx_kick(); + + /* Check that both TX MAC and TX DMA are enabled. We don't + * handle DMA-less direct FIFO operations (we don't emulate + * the FIFO at all). + * + * A write to TXDMA_KICK while DMA isn't enabled can happen + * when the driver is resetting the pointer. + */ + txdma_cfg = s->txdmaregs[TXDMA_CFG >> 2]; + txmac_cfg = s->macregs[MAC_TXCFG >> 2]; + if (!(txdma_cfg & TXDMA_CFG_ENABLE) || + !(txmac_cfg & MAC_TXCFG_ENAB)) { + trace_sungem_tx_disabled(); + return; + } + + /* XXX Test min frame size register ? */ + /* XXX Test max frame size register ? */ + + dbase = s->txdmaregs[TXDMA_DBHI >> 2]; + dbase = (dbase << 32) | s->txdmaregs[TXDMA_DBLOW >> 2]; + + comp = s->txdmaregs[TXDMA_TXDONE >> 2] & s->tx_mask; + kick = s->txdmaregs[TXDMA_KICK >> 2] & s->tx_mask; + + trace_sungem_tx_process(comp, kick, s->tx_mask + 1); + + /* This is rather primitive for now, we just send everything we + * can in one go, like e1000. Ideally we should do the sending + * from some kind of background task + */ + while (comp != kick) { + struct gem_txd desc; + + /* Read the next descriptor */ + pci_dma_read(d, dbase + comp * sizeof(desc), &desc, sizeof(desc)); + + /* Byteswap descriptor */ + desc.control_word = le64_to_cpu(desc.control_word); + desc.buffer = le64_to_cpu(desc.buffer); + trace_sungem_tx_desc(comp, desc.control_word, desc.buffer); + + /* Send it for processing */ + sungem_process_tx_desc(s, &desc); + + /* Interrupt */ + ints = GREG_STAT_TXDONE; + if (desc.control_word & TXDCTRL_INTME) { + ints |= GREG_STAT_TXINTME; + } + sungem_update_status(s, ints, true); + + /* Next ! */ + comp = (comp + 1) & s->tx_mask; + s->txdmaregs[TXDMA_TXDONE >> 2] = comp; + } + + /* We sent everything, set status/irq bit */ + sungem_update_status(s, GREG_STAT_TXALL, true); +} + +static bool sungem_rx_full(SunGEMState *s, uint32_t kick, uint32_t done) +{ + return kick == ((done + 1) & s->rx_mask); +} + +static int sungem_can_receive(NetClientState *nc) +{ + SunGEMState *s = qemu_get_nic_opaque(nc); + uint32_t kick, done, rxdma_cfg, rxmac_cfg; + bool full; + + rxmac_cfg = s->macregs[MAC_RXCFG >> 2]; + rxdma_cfg = s->rxdmaregs[RXDMA_CFG >> 2]; + + /* If MAC disabled, can't receive */ + if ((rxmac_cfg & MAC_RXCFG_ENAB) == 0) { + trace_sungem_rx_mac_disabled(); + return 0; + } + if ((rxdma_cfg & RXDMA_CFG_ENABLE) == 0) { + trace_sungem_rx_txdma_disabled(); + return 0; + } + + /* Check RX availability */ + kick = s->rxdmaregs[RXDMA_KICK >> 2]; + done = s->rxdmaregs[RXDMA_DONE >> 2]; + full = sungem_rx_full(s, kick, done); + + trace_sungem_rx_check(!full, kick, done); + + return !full; +} + +enum { + rx_no_match, + rx_match_promisc, + rx_match_bcast, + rx_match_allmcast, + rx_match_mcast, + rx_match_mac, + rx_match_altmac, +}; + +static int sungem_check_rx_mac(SunGEMState *s, const uint8_t *mac, uint32_t crc) +{ + uint32_t rxcfg = s->macregs[MAC_RXCFG >> 2]; + uint32_t mac0, mac1, mac2; + + /* Promisc enabled ? */ + if (rxcfg & MAC_RXCFG_PROM) { + return rx_match_promisc; + } + + /* Format MAC address into dwords */ + mac0 = (mac[4] << 8) | mac[5]; + mac1 = (mac[2] << 8) | mac[3]; + mac2 = (mac[0] << 8) | mac[1]; + + trace_sungem_rx_mac_check(mac0, mac1, mac2); + + /* Is this a broadcast frame ? */ + if (mac0 == 0xffff && mac1 == 0xffff && mac2 == 0xffff) { + return rx_match_bcast; + } + + /* TODO: Implement address filter registers (or we don't care ?) */ + + /* Is this a multicast frame ? */ + if (mac[0] & 1) { + trace_sungem_rx_mac_multicast(); + + /* Promisc group enabled ? */ + if (rxcfg & MAC_RXCFG_PGRP) { + return rx_match_allmcast; + } + + /* TODO: Check MAC control frames (or we don't care) ? */ + + /* Check hash filter (somebody check that's correct ?) */ + if (rxcfg & MAC_RXCFG_HFE) { + uint32_t hash, idx; + + crc >>= 24; + idx = (crc >> 2) & 0x3c; + hash = s->macregs[(MAC_HASH0 + idx) >> 2]; + if (hash & (1 << (15 - (crc & 0xf)))) { + return rx_match_mcast; + } + } + return rx_no_match; + } + + /* Main MAC check */ + trace_sungem_rx_mac_compare(s->macregs[MAC_ADDR0 >> 2], + s->macregs[MAC_ADDR1 >> 2], + s->macregs[MAC_ADDR2 >> 2]); + + if (mac0 == s->macregs[MAC_ADDR0 >> 2] && + mac1 == s->macregs[MAC_ADDR1 >> 2] && + mac2 == s->macregs[MAC_ADDR2 >> 2]) { + return rx_match_mac; + } + + /* Alt MAC check */ + if (mac0 == s->macregs[MAC_ADDR3 >> 2] && + mac1 == s->macregs[MAC_ADDR4 >> 2] && + mac2 == s->macregs[MAC_ADDR5 >> 2]) { + return rx_match_altmac; + } + + return rx_no_match; +} + +static ssize_t sungem_receive(NetClientState *nc, const uint8_t *buf, + size_t size) +{ + SunGEMState *s = qemu_get_nic_opaque(nc); + PCIDevice *d = PCI_DEVICE(s); + uint32_t mac_crc, done, kick, max_fsize; + uint32_t fcs_size, ints, rxdma_cfg, rxmac_cfg, csum, coff; + uint8_t smallbuf[60]; + struct gem_rxd desc; + uint64_t dbase, baddr; + unsigned int rx_cond; + + trace_sungem_rx_packet(size); + + rxmac_cfg = s->macregs[MAC_RXCFG >> 2]; + rxdma_cfg = s->rxdmaregs[RXDMA_CFG >> 2]; + max_fsize = s->macregs[MAC_MAXFSZ >> 2] & 0x7fff; + + /* If MAC or DMA disabled, can't receive */ + if (!(rxdma_cfg & RXDMA_CFG_ENABLE) || + !(rxmac_cfg & MAC_RXCFG_ENAB)) { + trace_sungem_rx_disabled(); + return 0; + } + + /* Size adjustment for FCS */ + if (rxmac_cfg & MAC_RXCFG_SFCS) { + fcs_size = 0; + } else { + fcs_size = 4; + } + + /* Discard frame smaller than a MAC or larger than max frame size + * (when accounting for FCS) + */ + if (size < 6 || (size + 4) > max_fsize) { + trace_sungem_rx_bad_frame_size(size); + /* XXX Increment error statistics ? */ + return size; + } + + /* We don't drop too small frames since we get them in qemu, we pad + * them instead. We should probably use the min frame size register + * but I don't want to use a variable size staging buffer and I + * know both MacOS and Linux use the default 64 anyway. We use 60 + * here to account for the non-existent FCS. + */ + if (size < 60) { + memcpy(smallbuf, buf, size); + memset(&smallbuf[size], 0, 60 - size); + buf = smallbuf; + size = 60; + } + + /* Get MAC crc */ + mac_crc = crc32(~0, buf, 6); + + /* Packet isn't for me ? */ + rx_cond = sungem_check_rx_mac(s, buf, mac_crc); + if (rx_cond == rx_no_match) { + /* Just drop it */ + trace_sungem_rx_unmatched(); + return size; + } + + /* Get ring pointers */ + kick = s->rxdmaregs[RXDMA_KICK >> 2] & s->rx_mask; + done = s->rxdmaregs[RXDMA_DONE >> 2] & s->rx_mask; + + trace_sungem_rx_process(done, kick, s->rx_mask + 1); + + /* Ring full ? Can't receive */ + if (sungem_rx_full(s, kick, done)) { + trace_sungem_rx_ringfull(); + return 0; + } + + /* Note: The real GEM will fetch descriptors in blocks of 4, + * for now we handle them one at a time, I think the driver will + * cope + */ + + dbase = s->rxdmaregs[RXDMA_DBHI >> 2]; + dbase = (dbase << 32) | s->rxdmaregs[RXDMA_DBLOW >> 2]; + + /* Read the next descriptor */ + pci_dma_read(d, dbase + done * sizeof(desc), &desc, sizeof(desc)); + + trace_sungem_rx_desc(le64_to_cpu(desc.status_word), + le64_to_cpu(desc.buffer)); + + /* Effective buffer address */ + baddr = le64_to_cpu(desc.buffer) & ~7ull; + baddr |= (rxdma_cfg & RXDMA_CFG_FBOFF) >> 10; + + /* Write buffer out */ + pci_dma_write(d, baddr, buf, size); + + if (fcs_size) { + /* Should we add an FCS ? Linux doesn't ask us to strip it, + * however I believe nothing checks it... For now we just + * do nothing. It's faster this way. + */ + } + + /* Calculate the checksum */ + coff = (rxdma_cfg & RXDMA_CFG_CSUMOFF) >> 13; + csum = net_raw_checksum((uint8_t *)buf + coff, size - coff); + + /* Build the updated descriptor */ + desc.status_word = (size + fcs_size) << 16; + desc.status_word |= ((uint64_t)(mac_crc >> 16)) << 44; + desc.status_word |= csum; + if (rx_cond == rx_match_mcast) { + desc.status_word |= RXDCTRL_HPASS; + } + if (rx_cond == rx_match_altmac) { + desc.status_word |= RXDCTRL_ALTMAC; + } + desc.status_word = cpu_to_le64(desc.status_word); + + pci_dma_write(d, dbase + done * sizeof(desc), &desc, sizeof(desc)); + + done = (done + 1) & s->rx_mask; + s->rxdmaregs[RXDMA_DONE >> 2] = done; + + /* XXX Unconditionally set RX interrupt for now. The interrupt + * mitigation timer might well end up adding more overhead than + * helping here... + */ + ints = GREG_STAT_RXDONE; + if (sungem_rx_full(s, kick, done)) { + ints |= GREG_STAT_RXNOBUF; + } + sungem_update_status(s, ints, true); + + return size; +} + +static void sungem_set_link_status(NetClientState *nc) +{ + /* We don't do anything for now as I believe none of the OSes + * drivers use the MIF autopoll feature nor the PHY interrupt + */ +} + +static void sungem_update_masks(SunGEMState *s) +{ + uint32_t sz; + + sz = 1 << (((s->rxdmaregs[RXDMA_CFG >> 2] & RXDMA_CFG_RINGSZ) >> 1) + 5); + s->rx_mask = sz - 1; + + sz = 1 << (((s->txdmaregs[TXDMA_CFG >> 2] & TXDMA_CFG_RINGSZ) >> 1) + 5); + s->tx_mask = sz - 1; +} + +static void sungem_reset_rx(SunGEMState *s) +{ + trace_sungem_rx_reset(); + + /* XXX Do RXCFG */ + /* XXX Check value */ + s->rxdmaregs[RXDMA_FSZ >> 2] = 0x140; + s->rxdmaregs[RXDMA_DONE >> 2] = 0; + s->rxdmaregs[RXDMA_KICK >> 2] = 0; + s->rxdmaregs[RXDMA_CFG >> 2] = 0x1000010; + s->rxdmaregs[RXDMA_PTHRESH >> 2] = 0xf8; + s->rxdmaregs[RXDMA_BLANK >> 2] = 0; + + sungem_update_masks(s); +} + +static void sungem_reset_tx(SunGEMState *s) +{ + trace_sungem_tx_reset(); + + /* XXX Do TXCFG */ + /* XXX Check value */ + s->txdmaregs[TXDMA_FSZ >> 2] = 0x90; + s->txdmaregs[TXDMA_TXDONE >> 2] = 0; + s->txdmaregs[TXDMA_KICK >> 2] = 0; + s->txdmaregs[TXDMA_CFG >> 2] = 0x118010; + + sungem_update_masks(s); + + s->tx_size = 0; + s->tx_first_ctl = 0; +} + +static void sungem_reset_all(SunGEMState *s, bool pci_reset) +{ + trace_sungem_reset(pci_reset); + + sungem_reset_rx(s); + sungem_reset_tx(s); + + s->gregs[GREG_IMASK >> 2] = 0xFFFFFFF; + s->gregs[GREG_STAT >> 2] = 0; + if (pci_reset) { + uint8_t *ma = s->conf.macaddr.a; + + s->gregs[GREG_SWRST >> 2] = 0; + s->macregs[MAC_ADDR0 >> 2] = (ma[4] << 8) | ma[5]; + s->macregs[MAC_ADDR1 >> 2] = (ma[2] << 8) | ma[3]; + s->macregs[MAC_ADDR2 >> 2] = (ma[0] << 8) | ma[1]; + } else { + s->gregs[GREG_SWRST >> 2] &= GREG_SWRST_RSTOUT; + } + s->mifregs[MIF_CFG >> 2] = MIF_CFG_MDI0; +} + +static void sungem_mii_write(SunGEMState *s, uint8_t phy_addr, + uint8_t reg_addr, uint16_t val) +{ + trace_sungem_mii_write(phy_addr, reg_addr, val); + + /* XXX TODO */ +} + +static uint16_t __sungem_mii_read(SunGEMState *s, uint8_t phy_addr, + uint8_t reg_addr) +{ + if (phy_addr != s->phy_addr) { + return 0xffff; + } + /* Primitive emulation of a BCM5201 to please the driver, + * ID is 0x00406210. TODO: Do a gigabit PHY like BCM5400 + */ + switch (reg_addr) { + case MII_BMCR: + return 0; + case MII_PHYID1: + return 0x0040; + case MII_PHYID2: + return 0x6210; + case MII_BMSR: + if (qemu_get_queue(s->nic)->link_down) { + return MII_BMSR_100TX_FD | MII_BMSR_AUTONEG; + } else { + return MII_BMSR_100TX_FD | MII_BMSR_AN_COMP | + MII_BMSR_AUTONEG | MII_BMSR_LINK_ST; + } + case MII_ANLPAR: + case MII_ANAR: + return MII_ANLPAR_TXFD; + case 0x18: /* 5201 AUX status */ + return 3; /* 100FD */ + default: + return 0; + }; +} +static uint16_t sungem_mii_read(SunGEMState *s, uint8_t phy_addr, + uint8_t reg_addr) +{ + uint16_t val; + + val = __sungem_mii_read(s, phy_addr, reg_addr); + + trace_sungem_mii_read(phy_addr, reg_addr, val); + + return val; +} + +static uint32_t sungem_mii_op(SunGEMState *s, uint32_t val) +{ + uint8_t phy_addr, reg_addr, op; + + /* Ignore not start of frame */ + if ((val >> 30) != 1) { + trace_sungem_mii_invalid_sof(val >> 30); + return 0xffff; + } + phy_addr = (val & MIF_FRAME_PHYAD) >> 23; + reg_addr = (val & MIF_FRAME_REGAD) >> 18; + op = (val & MIF_FRAME_OP) >> 28; + switch (op) { + case 1: + sungem_mii_write(s, phy_addr, reg_addr, val & MIF_FRAME_DATA); + return val | MIF_FRAME_TALSB; + case 2: + return sungem_mii_read(s, phy_addr, reg_addr) | MIF_FRAME_TALSB; + default: + trace_sungem_mii_invalid_op(op); + } + return 0xffff | MIF_FRAME_TALSB; +} + +static void sungem_mmio_greg_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr < 0x20) && !(addr >= 0x1000 && addr <= 0x1010)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown GREG register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_greg_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case GREG_SEBSTATE: + case GREG_STAT: + case GREG_STAT2: + case GREG_PCIESTAT: + return; /* No actual write */ + case GREG_IACK: + val &= GREG_STAT_LATCH; + s->gregs[GREG_STAT >> 2] &= ~val; + sungem_eval_irq(s); + return; /* No actual write */ + case GREG_PCIEMASK: + val &= 0x7; + break; + } + + s->gregs[addr >> 2] = val; + + /* Post write action */ + switch (addr) { + case GREG_IMASK: + /* Re-evaluate interrupt */ + sungem_eval_irq(s); + break; + case GREG_SWRST: + switch (val & (GREG_SWRST_TXRST | GREG_SWRST_RXRST)) { + case GREG_SWRST_RXRST: + sungem_reset_rx(s); + break; + case GREG_SWRST_TXRST: + sungem_reset_tx(s); + break; + case GREG_SWRST_RXRST | GREG_SWRST_TXRST: + sungem_reset_all(s, false); + } + break; + } +} + +static uint64_t sungem_mmio_greg_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr < 0x20) && !(addr >= 0x1000 && addr <= 0x1010)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown GREG register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->gregs[addr >> 2]; + + trace_sungem_mmio_greg_read(addr, val); + + switch (addr) { + case GREG_STAT: + /* Side effect, clear bottom 7 bits */ + s->gregs[GREG_STAT >> 2] &= ~GREG_STAT_LATCH; + sungem_eval_irq(s); + + /* Inject TX completion in returned value */ + val = (val & ~GREG_STAT_TXNR) | + (s->txdmaregs[TXDMA_TXDONE >> 2] << GREG_STAT_TXNR_SHIFT); + break; + case GREG_STAT2: + /* Return the status reg without side effect + * (and inject TX completion in returned value) + */ + val = (s->gregs[GREG_STAT >> 2] & ~GREG_STAT_TXNR) | + (s->txdmaregs[TXDMA_TXDONE >> 2] << GREG_STAT_TXNR_SHIFT); + break; + } + + return val; +} + +static const MemoryRegionOps sungem_mmio_greg_ops = { + .read = sungem_mmio_greg_read, + .write = sungem_mmio_greg_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_mmio_txdma_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr < 0x38) && !(addr >= 0x100 && addr <= 0x118)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown TXDMA register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_txdma_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case TXDMA_TXDONE: + case TXDMA_PCNT: + case TXDMA_SMACHINE: + case TXDMA_DPLOW: + case TXDMA_DPHI: + case TXDMA_FSZ: + case TXDMA_FTAG: + return; /* No actual write */ + } + + s->txdmaregs[addr >> 2] = val; + + /* Post write action */ + switch (addr) { + case TXDMA_KICK: + sungem_tx_kick(s); + break; + case TXDMA_CFG: + sungem_update_masks(s); + break; + } +} + +static uint64_t sungem_mmio_txdma_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr < 0x38) && !(addr >= 0x100 && addr <= 0x118)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown TXDMA register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->txdmaregs[addr >> 2]; + + trace_sungem_mmio_txdma_read(addr, val); + + return val; +} + +static const MemoryRegionOps sungem_mmio_txdma_ops = { + .read = sungem_mmio_txdma_read, + .write = sungem_mmio_txdma_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_mmio_rxdma_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr <= 0x28) && !(addr >= 0x100 && addr <= 0x120)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown RXDMA register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_rxdma_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case RXDMA_DONE: + case RXDMA_PCNT: + case RXDMA_SMACHINE: + case RXDMA_DPLOW: + case RXDMA_DPHI: + case RXDMA_FSZ: + case RXDMA_FTAG: + return; /* No actual write */ + } + + s->rxdmaregs[addr >> 2] = val; + + /* Post write action */ + switch (addr) { + case RXDMA_KICK: + trace_sungem_rx_kick(val); + break; + case RXDMA_CFG: + sungem_update_masks(s); + if ((s->macregs[MAC_RXCFG >> 2] & MAC_RXCFG_ENAB) != 0 && + (s->rxdmaregs[RXDMA_CFG >> 2] & RXDMA_CFG_ENABLE) != 0) { + qemu_flush_queued_packets(qemu_get_queue(s->nic)); + } + break; + } +} + +static uint64_t sungem_mmio_rxdma_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr <= 0x28) && !(addr >= 0x100 && addr <= 0x120)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown RXDMA register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->rxdmaregs[addr >> 2]; + + trace_sungem_mmio_rxdma_read(addr, val); + + return val; +} + +static const MemoryRegionOps sungem_mmio_rxdma_ops = { + .read = sungem_mmio_rxdma_read, + .write = sungem_mmio_rxdma_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_mmio_mac_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr <= 0x134)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown MAC register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_mac_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case MAC_TXRST: /* Not technically read-only but will do for now */ + case MAC_RXRST: /* Not technically read-only but will do for now */ + case MAC_TXSTAT: + case MAC_RXSTAT: + case MAC_CSTAT: + case MAC_PATMPS: + case MAC_SMACHINE: + return; /* No actual write */ + case MAC_MINFSZ: + /* 10-bits implemented */ + val &= 0x3ff; + break; + } + + s->macregs[addr >> 2] = val; + + /* Post write action */ + switch (addr) { + case MAC_TXMASK: + case MAC_RXMASK: + case MAC_MCMASK: + sungem_eval_cascade_irq(s); + break; + case MAC_RXCFG: + sungem_update_masks(s); + if ((s->macregs[MAC_RXCFG >> 2] & MAC_RXCFG_ENAB) != 0 && + (s->rxdmaregs[RXDMA_CFG >> 2] & RXDMA_CFG_ENABLE) != 0) { + qemu_flush_queued_packets(qemu_get_queue(s->nic)); + } + break; + } +} + +static uint64_t sungem_mmio_mac_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr <= 0x134)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown MAC register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->macregs[addr >> 2]; + + trace_sungem_mmio_mac_read(addr, val); + + switch (addr) { + case MAC_TXSTAT: + /* Side effect, clear all */ + s->macregs[addr >> 2] = 0; + sungem_update_status(s, GREG_STAT_TXMAC, false); + break; + case MAC_RXSTAT: + /* Side effect, clear all */ + s->macregs[addr >> 2] = 0; + sungem_update_status(s, GREG_STAT_RXMAC, false); + break; + case MAC_CSTAT: + /* Side effect, interrupt bits */ + s->macregs[addr >> 2] &= MAC_CSTAT_PTR; + sungem_update_status(s, GREG_STAT_MAC, false); + break; + } + + return val; +} + +static const MemoryRegionOps sungem_mmio_mac_ops = { + .read = sungem_mmio_mac_read, + .write = sungem_mmio_mac_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_mmio_mif_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr <= 0x1c)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown MIF register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_mif_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case MIF_STATUS: + case MIF_SMACHINE: + return; /* No actual write */ + case MIF_CFG: + /* Maintain the RO MDI bits to advertize an MDIO PHY on MDI0 */ + val &= ~MIF_CFG_MDI1; + val |= MIF_CFG_MDI0; + break; + } + + s->mifregs[addr >> 2] = val; + + /* Post write action */ + switch (addr) { + case MIF_FRAME: + s->mifregs[addr >> 2] = sungem_mii_op(s, val); + break; + } +} + +static uint64_t sungem_mmio_mif_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr <= 0x1c)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown MIF register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->mifregs[addr >> 2]; + + trace_sungem_mmio_mif_read(addr, val); + + return val; +} + +static const MemoryRegionOps sungem_mmio_mif_ops = { + .read = sungem_mmio_mif_read, + .write = sungem_mmio_mif_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_mmio_pcs_write(void *opaque, hwaddr addr, uint64_t val, + unsigned size) +{ + SunGEMState *s = opaque; + + if (!(addr <= 0x18) && !(addr >= 0x50 && addr <= 0x5c)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Write to unknown PCS register 0x%"HWADDR_PRIx"\n", + addr); + return; + } + + trace_sungem_mmio_pcs_write(addr, val); + + /* Pre-write filter */ + switch (addr) { + /* Read only registers */ + case PCS_MIISTAT: + case PCS_ISTAT: + case PCS_SSTATE: + return; /* No actual write */ + } + + s->pcsregs[addr >> 2] = val; +} + +static uint64_t sungem_mmio_pcs_read(void *opaque, hwaddr addr, unsigned size) +{ + SunGEMState *s = opaque; + uint32_t val; + + if (!(addr <= 0x18) && !(addr >= 0x50 && addr <= 0x5c)) { + qemu_log_mask(LOG_GUEST_ERROR, + "Read from unknown PCS register 0x%"HWADDR_PRIx"\n", + addr); + return 0; + } + + val = s->pcsregs[addr >> 2]; + + trace_sungem_mmio_pcs_read(addr, val); + + return val; +} + +static const MemoryRegionOps sungem_mmio_pcs_ops = { + .read = sungem_mmio_pcs_read, + .write = sungem_mmio_pcs_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, +}; + +static void sungem_uninit(PCIDevice *dev) +{ + SunGEMState *s = SUNGEM(dev); + + qemu_del_nic(s->nic); +} + +static NetClientInfo net_sungem_info = { + .type = NET_CLIENT_DRIVER_NIC, + .size = sizeof(NICState), + .can_receive = sungem_can_receive, + .receive = sungem_receive, + .link_status_changed = sungem_set_link_status, +}; + +static void sungem_realize(PCIDevice *pci_dev, Error **errp) +{ + DeviceState *dev = DEVICE(pci_dev); + SunGEMState *s = SUNGEM(pci_dev); + uint8_t *pci_conf; + + pci_conf = pci_dev->config; + + pci_set_word(pci_conf + PCI_STATUS, + PCI_STATUS_FAST_BACK | + PCI_STATUS_DEVSEL_MEDIUM | + PCI_STATUS_66MHZ); + + pci_set_word(pci_conf + PCI_SUBSYSTEM_VENDOR_ID, 0x0); + pci_set_word(pci_conf + PCI_SUBSYSTEM_ID, 0x0); + + pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */ + pci_conf[PCI_MIN_GNT] = 0x40; + pci_conf[PCI_MAX_LAT] = 0x40; + + sungem_reset_all(s, true); + memory_region_init(&s->sungem, OBJECT(s), "sungem", SUNGEM_MMIO_SIZE); + + memory_region_init_io(&s->greg, OBJECT(s), &sungem_mmio_greg_ops, s, + "sungem.greg", SUNGEM_MMIO_GREG_SIZE); + memory_region_add_subregion(&s->sungem, 0, &s->greg); + + memory_region_init_io(&s->txdma, OBJECT(s), &sungem_mmio_txdma_ops, s, + "sungem.txdma", SUNGEM_MMIO_TXDMA_SIZE); + memory_region_add_subregion(&s->sungem, 0x2000, &s->txdma); + + memory_region_init_io(&s->rxdma, OBJECT(s), &sungem_mmio_rxdma_ops, s, + "sungem.rxdma", SUNGEM_MMIO_RXDMA_SIZE); + memory_region_add_subregion(&s->sungem, 0x4000, &s->rxdma); + + memory_region_init_io(&s->mac, OBJECT(s), &sungem_mmio_mac_ops, s, + "sungem.mac", SUNGEM_MMIO_MAC_SIZE); + memory_region_add_subregion(&s->sungem, 0x6000, &s->mac); + + memory_region_init_io(&s->mif, OBJECT(s), &sungem_mmio_mif_ops, s, + "sungem.mif", SUNGEM_MMIO_MIF_SIZE); + memory_region_add_subregion(&s->sungem, 0x6200, &s->mif); + + memory_region_init_io(&s->pcs, OBJECT(s), &sungem_mmio_pcs_ops, s, + "sungem.pcs", SUNGEM_MMIO_PCS_SIZE); + memory_region_add_subregion(&s->sungem, 0x9000, &s->pcs); + + pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->sungem); + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_sungem_info, &s->conf, + object_get_typename(OBJECT(dev)), + dev->id, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), + s->conf.macaddr.a); +} + +static void sungem_reset(DeviceState *dev) +{ + SunGEMState *s = SUNGEM(dev); + + sungem_reset_all(s, true); +} + +static void sungem_instance_init(Object *obj) +{ + SunGEMState *s = SUNGEM(obj); + + device_add_bootindex_property(obj, &s->conf.bootindex, + "bootindex", "/ethernet-phy@0", + DEVICE(obj), NULL); +} + +static Property sungem_properties[] = { + DEFINE_NIC_PROPERTIES(SunGEMState, conf), + /* Phy address should be 0 for most Apple machines except + * for K2 in which case it's 1. Will be set by a machine + * override. + */ + DEFINE_PROP_UINT32("phy_addr", SunGEMState, phy_addr, 0), + DEFINE_PROP_END_OF_LIST(), +}; + +static const VMStateDescription vmstate_sungem = { + .name = "sungem", + .version_id = 0, + .minimum_version_id = 0, + .fields = (VMStateField[]) { + VMSTATE_PCI_DEVICE(pdev, SunGEMState), + VMSTATE_MACADDR(conf.macaddr, SunGEMState), + VMSTATE_UINT32(phy_addr, SunGEMState), + VMSTATE_UINT32_ARRAY(gregs, SunGEMState, (SUNGEM_MMIO_GREG_SIZE >> 2)), + VMSTATE_UINT32_ARRAY(txdmaregs, SunGEMState, + (SUNGEM_MMIO_TXDMA_SIZE >> 2)), + VMSTATE_UINT32_ARRAY(rxdmaregs, SunGEMState, + (SUNGEM_MMIO_RXDMA_SIZE >> 2)), + VMSTATE_UINT32_ARRAY(macregs, SunGEMState, (SUNGEM_MMIO_MAC_SIZE >> 2)), + VMSTATE_UINT32_ARRAY(mifregs, SunGEMState, (SUNGEM_MMIO_MIF_SIZE >> 2)), + VMSTATE_UINT32_ARRAY(pcsregs, SunGEMState, (SUNGEM_MMIO_PCS_SIZE >> 2)), + VMSTATE_UINT32(rx_mask, SunGEMState), + VMSTATE_UINT32(tx_mask, SunGEMState), + VMSTATE_UINT8_ARRAY(tx_data, SunGEMState, MAX_PACKET_SIZE), + VMSTATE_UINT32(tx_size, SunGEMState), + VMSTATE_UINT64(tx_first_ctl, SunGEMState), + VMSTATE_END_OF_LIST() + } +}; + +static void sungem_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); + + k->realize = sungem_realize; + k->exit = sungem_uninit; + k->vendor_id = PCI_VENDOR_ID_APPLE; + k->device_id = PCI_DEVICE_ID_APPLE_UNI_N_GMAC; + k->revision = 0x01; + k->class_id = PCI_CLASS_NETWORK_ETHERNET; + dc->vmsd = &vmstate_sungem; + dc->reset = sungem_reset; + dc->props = sungem_properties; + set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); +} + +static const TypeInfo sungem_info = { + .name = TYPE_SUNGEM, + .parent = TYPE_PCI_DEVICE, + .instance_size = sizeof(SunGEMState), + .class_init = sungem_class_init, + .instance_init = sungem_instance_init, +}; + +static void sungem_register_types(void) +{ + type_register_static(&sungem_info); +} + +type_init(sungem_register_types) diff --git a/hw/net/trace-events b/hw/net/trace-events index 27e5482765..5f816ef58e 100644 --- a/hw/net/trace-events +++ b/hw/net/trace-events @@ -278,3 +278,47 @@ spapr_vlan_h_send_logical_lan(uint64_t reg, uint64_t continue_token) "H_SEND_LOG spapr_vlan_h_send_logical_lan_rxbufs(uint32_t rx_bufs) "rxbufs = %"PRIu32 spapr_vlan_h_send_logical_lan_buf_desc(uint64_t buf) " buf desc: 0x%"PRIx64 spapr_vlan_h_send_logical_lan_total(int nbufs, unsigned total_len) "%d buffers, total length 0x%x" + +# hw/net/sungem.c +sungem_tx_checksum(uint16_t start, uint16_t off) "TX checksumming from byte %d, inserting at %d" +sungem_tx_checksum_oob(void) "TX checksum out of packet bounds" +sungem_tx_unfinished(void) "TX packet started without finishing the previous one" +sungem_tx_overflow(void) "TX packet queue overflow" +sungem_tx_finished(uint32_t size) "TX completing %"PRIu32 " bytes packet" +sungem_tx_kick(void) "TX Kick..." +sungem_tx_disabled(void) "TX not enabled" +sungem_tx_process(uint32_t comp, uint32_t kick, uint32_t size) "TX processing comp=%"PRIu32", kick=%"PRIu32" out of %"PRIu32 +sungem_tx_desc(uint32_t comp, uint64_t control, uint64_t buffer) "TX desc %"PRIu32 ": 0x%"PRIx64" 0x%"PRIx64 +sungem_tx_reset(void) "TX reset" +sungem_rx_mac_disabled(void) "Check RX MAC disabled" +sungem_rx_txdma_disabled(void) "Check RX TXDMA disabled" +sungem_rx_check(bool full, uint32_t kick, uint32_t done) "Check RX %d (kick=%"PRIu32", done=%"PRIu32")" +sungem_rx_mac_check(uint32_t mac0, uint32_t mac1, uint32_t mac2) "Word MAC: 0x%"PRIx32" 0x%"PRIx32" 0x%"PRIx32 +sungem_rx_mac_multicast(void) "Multicast" +sungem_rx_mac_compare(uint32_t mac0, uint32_t mac1, uint32_t mac2) "Compare MAC to 0x%"PRIx32" 0x%"PRIx32" 0x%"PRIx32".." +sungem_rx_packet(size_t size) "RX got %zu bytes packet" +sungem_rx_disabled(void) "RX not enabled" +sungem_rx_bad_frame_size(size_t size) "RX bad frame size %zu, dropped" +sungem_rx_unmatched(void) "No match, dropped" +sungem_rx_process(uint32_t done, uint32_t kick, uint32_t size) "RX processing done=%"PRIu32", kick=%"PRIu32" out of %"PRIu32 +sungem_rx_ringfull(void) "RX ring full" +sungem_rx_desc(uint64_t control, uint64_t buffer) "RX desc: 0x%"PRIx64" 0x%"PRIx64 +sungem_rx_reset(void) "RX reset" +sungem_rx_kick(uint64_t val) "RXDMA_KICK written to %"PRIu64 +sungem_reset(bool pci_reset) "Full reset (PCI:%d)" +sungem_mii_write(uint8_t phy_addr, uint8_t reg_addr, uint16_t val) "MII write addr 0x%x reg 0x%02x val 0x%04x" +sungem_mii_read(uint8_t phy_addr, uint8_t reg_addr, uint16_t val) "MII read addr 0x%x reg 0x%02x val 0x%04x" +sungem_mii_invalid_sof(uint32_t val) "MII op, invalid SOF field 0x%"PRIx32 +sungem_mii_invalid_op(uint8_t op) "MII op, invalid op field 0x%x" +sungem_mmio_greg_write(uint64_t addr, uint64_t val) "MMIO greg write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_greg_read(uint64_t addr, uint64_t val) "MMIO greg read from 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_txdma_write(uint64_t addr, uint64_t val) "MMIO txdma write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_txdma_read(uint64_t addr, uint64_t val) "MMIO txdma read from 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_rxdma_write(uint64_t addr, uint64_t val) "MMIO rxdma write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_rxdma_read(uint64_t addr, uint64_t val) "MMIO rxdma read from 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_mac_write(uint64_t addr, uint64_t val) "MMIO mac write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_mac_read(uint64_t addr, uint64_t val) "MMIO mac read from 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_mif_write(uint64_t addr, uint64_t val) "MMIO mif write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_mif_read(uint64_t addr, uint64_t val) "MMIO mif read from 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_pcs_write(uint64_t addr, uint64_t val) "MMIO pcs write to 0x%"PRIx64" val=0x%"PRIx64 +sungem_mmio_pcs_read(uint64_t addr, uint64_t val) "MMIO pcs read from 0x%"PRIx64" val=0x%"PRIx64 diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c index 83084b9aab..be25245219 100644 --- a/hw/pci-host/gpex.c +++ b/hw/pci-host/gpex.c @@ -43,6 +43,27 @@ static void gpex_set_irq(void *opaque, int irq_num, int level) qemu_set_irq(s->irq[irq_num], level); } +int gpex_set_irq_num(GPEXHost *s, int index, int gsi) +{ + if (index >= GPEX_NUM_IRQS) { + return -EINVAL; + } + + s->irq_num[index] = gsi; + return 0; +} + +static PCIINTxRoute gpex_route_intx_pin_to_irq(void *opaque, int pin) +{ + PCIINTxRoute route; + GPEXHost *s = opaque; + + route.mode = PCI_INTX_ENABLED; + route.irq = s->irq_num[pin]; + + return route; +} + static void gpex_host_realize(DeviceState *dev, Error **errp) { PCIHostState *pci = PCI_HOST_BRIDGE(dev); @@ -67,6 +88,7 @@ static void gpex_host_realize(DeviceState *dev, Error **errp) &s->io_ioport, 0, 4, TYPE_PCIE_BUS); qdev_set_parent_bus(DEVICE(&s->gpex_root), BUS(pci->bus)); + pci_bus_set_route_irq_fn(pci->bus, gpex_route_intx_pin_to_irq); qdev_init_nofail(DEVICE(&s->gpex_root)); } diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 21e203b056..1e6fb88eba 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -1821,6 +1821,7 @@ static const char * const pci_nic_models[] = { "e1000", "pcnet", "virtio", + "sungem", NULL }; @@ -1833,6 +1834,7 @@ static const char * const pci_nic_names[] = { "e1000", "pcnet", "virtio-net-pci", + "sungem", NULL }; diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index caffa12763..f680f28a15 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -391,10 +391,8 @@ static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState *spapr) return ret; } -static hwaddr spapr_node0_size(void) +static hwaddr spapr_node0_size(MachineState *machine) { - MachineState *machine = MACHINE(qdev_get_machine()); - if (nb_numa_nodes) { int i; for (i = 0; i < nb_numa_nodes; ++i) { @@ -939,7 +937,7 @@ static void spapr_dt_ov5_platform_support(void *fdt, int chosen) PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu); char val[2 * 4] = { - 23, 0x00, /* Xive mode: 0 = legacy (as in ISA 2.7), 1 = Exploitation */ + 23, 0x00, /* Xive mode, filled in below. */ 24, 0x00, /* Hash/Radix, filled in below. */ 25, 0x00, /* Hash options: Segment Tables == no, GTSE == no. */ 26, 0x40, /* Radix options: GTSE == yes. */ @@ -1052,7 +1050,7 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr, hwaddr rtas_addr, hwaddr rtas_size) { - MachineState *machine = MACHINE(qdev_get_machine()); + MachineState *machine = MACHINE(spapr); MachineClass *mc = MACHINE_GET_CLASS(machine); sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine); int ret; @@ -1372,7 +1370,7 @@ void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr) spapr_reallocate_hpt(spapr, hpt_shift, &error_fatal); if (spapr->vrma_adjust) { - spapr->rma_size = kvmppc_rma_size(spapr_node0_size(), + spapr->rma_size = kvmppc_rma_size(spapr_node0_size(MACHINE(spapr)), spapr->htab_shift); } /* We're setting up a hash table, so that means we're not radix */ @@ -2033,7 +2031,7 @@ static SaveVMHandlers savevm_htab_handlers = { static void spapr_boot_set(void *opaque, const char *boot_device, Error **errp) { - MachineState *machine = MACHINE(qdev_get_machine()); + MachineState *machine = MACHINE(opaque); machine->boot_order = g_strdup(boot_device); } @@ -2235,7 +2233,7 @@ static void ppc_spapr_init(MachineState *machine) MemoryRegion *rma_region; void *rma = NULL; hwaddr rma_alloc_size; - hwaddr node0_size = spapr_node0_size(); + hwaddr node0_size = spapr_node0_size(machine); long load_limit, fw_size; char *filename; Error *resize_hpt_err = NULL; @@ -3298,7 +3296,8 @@ out: static void spapr_machine_device_plug(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp) { - sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(qdev_get_machine()); + MachineState *ms = MACHINE(hotplug_dev); + sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(ms); if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) { int node; @@ -3347,8 +3346,8 @@ static void spapr_machine_device_plug(HotplugHandler *hotplug_dev, static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp) { - sPAPRMachineState *sms = SPAPR_MACHINE(qdev_get_machine()); - MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine()); + sPAPRMachineState *sms = SPAPR_MACHINE(OBJECT(hotplug_dev)); + MachineClass *mc = MACHINE_GET_CLASS(sms); if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) { if (spapr_ovec_test(sms->ov5_cas, OV5_HP_EVT)) { diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c index 85037ef71e..c08ee7571a 100644 --- a/hw/ppc/spapr_cpu_core.c +++ b/hw/ppc/spapr_cpu_core.c @@ -174,10 +174,10 @@ static void spapr_cpu_core_unrealizefn(DeviceState *dev, Error **errp) g_free(sc->threads); } -static void spapr_cpu_core_realize_child(Object *child, Error **errp) +static void spapr_cpu_core_realize_child(Object *child, + sPAPRMachineState *spapr, Error **errp) { Error *local_err = NULL; - sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine()); CPUState *cs = CPU(child); PowerPCCPU *cpu = POWERPC_CPU(cs); Object *obj; @@ -213,7 +213,7 @@ error: static void spapr_cpu_core_realize(DeviceState *dev, Error **errp) { - sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine()); + sPAPRMachineState *spapr; sPAPRCPUCore *sc = SPAPR_CPU_CORE(OBJECT(dev)); sPAPRCPUCoreClass *scc = SPAPR_CPU_CORE_GET_CLASS(OBJECT(dev)); CPUCore *cc = CPU_CORE(OBJECT(dev)); @@ -223,7 +223,8 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error **errp) void *obj; int i, j; - if (!object_dynamic_cast(qdev_get_machine(), TYPE_SPAPR_MACHINE)) { + spapr = (sPAPRMachineState *) qdev_get_machine(); + if (!object_dynamic_cast((Object *) spapr, TYPE_SPAPR_MACHINE)) { error_setg(errp, "spapr-cpu-core needs a pseries machine"); return; } @@ -265,7 +266,7 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error **errp) for (j = 0; j < cc->nr_threads; j++) { obj = sc->threads + j * size; - spapr_cpu_core_realize_child(obj, &local_err); + spapr_cpu_core_realize_child(obj, spapr, &local_err); if (local_err) { goto err; } diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c index 66b8164f30..e377fc7dde 100644 --- a/hw/ppc/spapr_events.c +++ b/hw/ppc/spapr_events.c @@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState *spapr, void spapr_clear_pending_events(sPAPRMachineState *spapr) { - sPAPREventLogEntry *entry = NULL; + sPAPREventLogEntry *entry = NULL, *next_entry; - QTAILQ_FOREACH(entry, &spapr->pending_events, next) { + QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) { QTAILQ_REMOVE(&spapr->pending_events, entry, next); g_free(entry->extended_log); g_free(entry); diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 8b3c0e17e7..57bb411394 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -1559,20 +1559,16 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu, } if (spapr->htab_shift < maxshift) { - CPUState *cs; - /* Guest doesn't know about HPT resizing, so we * pre-emptively resize for the maximum permitted RAM. At * the point this is called, nothing should have been * entered into the existing HPT */ spapr_reallocate_hpt(spapr, maxshift, &error_fatal); - CPU_FOREACH(cs) { - if (kvm_enabled()) { - /* For KVM PR, update the HPT pointer */ - target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab - | (spapr->htab_shift - 18); - kvmppc_update_sdr1(sdr1); - } + if (kvm_enabled()) { + /* For KVM PR, update the HPT pointer */ + target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab + | (spapr->htab_shift - 18); + kvmppc_update_sdr1(sdr1); } } } @@ -1585,6 +1581,13 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu, * to worry about this for now. */ ov5_cas_old = spapr_ovec_clone(spapr->ov5_cas); + + /* also clear the radix/hash bit from the current ov5_cas bits to + * be in sync with the newly ov5 bits. Else the radix bit will be + * seen as being removed and this will generate a reset loop + */ + spapr_ovec_clear(ov5_cas_old, OV5_MMU_RADIX_300); + /* full range of negotiated ov5 capabilities */ spapr_ovec_intersect(spapr->ov5_cas, spapr->ov5, ov5_guest); spapr_ovec_cleanup(ov5_guest); diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index d7880f257a..cf54160526 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -40,7 +40,7 @@ #include "trace.h" #include "qemu/error-report.h" #include "qapi/qmp/qerror.h" - +#include "hw/ppc/fdt.h" #include "hw/pci/pci_bridge.h" #include "hw/pci/pci_bus.h" #include "hw/pci/pci_ids.h" @@ -61,16 +61,6 @@ #define RTAS_TYPE_MSI 1 #define RTAS_TYPE_MSIX 2 -#define FDT_NAME_MAX 128 - -#define _FDT(exp) \ - do { \ - int ret = (exp); \ - if (ret < 0) { \ - return ret; \ - } \ - } while (0) - sPAPRPHBState *spapr_pci_find_phb(sPAPRMachineState *spapr, uint64_t buid) { sPAPRPHBState *sphb; @@ -766,7 +756,7 @@ static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev) /* Construct the path of the file that will give us the DT location */ path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host); g_free(host); - if (!path || !g_file_get_contents(path, &buf, NULL, NULL)) { + if (!g_file_get_contents(path, &buf, NULL, NULL)) { goto err_out; } g_free(path); @@ -774,7 +764,7 @@ static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev) /* Construct and read from host device tree the loc-code */ path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf); g_free(buf); - if (!path || !g_file_get_contents(path, &buf, NULL, NULL)) { + if (!g_file_get_contents(path, &buf, NULL, NULL)) { goto err_out; } return buf; @@ -1194,7 +1184,7 @@ static const char *pci_find_device_name(uint8_t class, uint8_t subclass, return name; } -static void pci_get_node_name(char *nodename, int len, PCIDevice *dev) +static gchar *pci_get_node_name(PCIDevice *dev) { int slot = PCI_SLOT(dev->devfn); int func = PCI_FUNC(dev->devfn); @@ -1205,21 +1195,21 @@ static void pci_get_node_name(char *nodename, int len, PCIDevice *dev) ccode & 0xff); if (func != 0) { - snprintf(nodename, len, "%s@%x,%x", name, slot, func); + return g_strdup_printf("%s@%x,%x", name, slot, func); } else { - snprintf(nodename, len, "%s@%x", name, slot); + return g_strdup_printf("%s@%x", name, slot); } } static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState *phb, PCIDevice *pdev); -static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset, +static void spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset, sPAPRPHBState *sphb) { ResourceProps rp; bool is_bridge = false; - int pci_status, err; + int pci_status; char *buf = NULL; uint32_t drc_index = spapr_phb_get_pci_drc_index(sphb, dev); uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3); @@ -1282,17 +1272,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset, pci_find_device_name((ccode >> 16) & 0xff, (ccode >> 8) & 0xff, ccode & 0xff))); - buf = spapr_phb_get_loc_code(sphb, dev); - if (!buf) { - error_report("Failed setting the ibm,loc-code"); - return -1; - } - err = fdt_setprop_string(fdt, offset, "ibm,loc-code", buf); + buf = spapr_phb_get_loc_code(sphb, dev); + _FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf)); g_free(buf); - if (err < 0) { - return err; - } if (drc_index) { _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index)); @@ -1320,25 +1303,21 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset, if (sphb->pcie_ecs && pci_is_express(dev)) { _FDT(fdt_setprop_cell(fdt, offset, "ibm,pci-config-space-type", 0x1)); } - - return 0; } /* create OF node for pci device and required OF DT properties */ static int spapr_create_pci_child_dt(sPAPRPHBState *phb, PCIDevice *dev, void *fdt, int node_offset) { - int offset, ret; - char nodename[FDT_NAME_MAX]; + int offset; + gchar *nodename; - pci_get_node_name(nodename, FDT_NAME_MAX, dev); - offset = fdt_add_subnode(fdt, node_offset, nodename); - ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb); + nodename = pci_get_node_name(dev); + _FDT(offset = fdt_add_subnode(fdt, node_offset, nodename)); + g_free(nodename); + + spapr_populate_pci_child_dt(dev, fdt, offset, phb); - g_assert(!ret); - if (ret) { - return 0; - } return offset; } @@ -1428,10 +1407,6 @@ static void spapr_pci_plug(HotplugHandler *plug_handler, fdt = create_device_tree(&fdt_size); fdt_start_offset = spapr_create_pci_child_dt(phb, pdev, fdt, 0); - if (!fdt_start_offset) { - error_setg(&local_err, "Failed to create pci child device tree node"); - goto out; - } spapr_drc_attach(drc, DEVICE(pdev), fdt, fdt_start_offset, &local_err); if (local_err) { @@ -1634,34 +1609,43 @@ static void spapr_phb_realize(DeviceState *dev, Error **errp) sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid); - namebuf = alloca(strlen(sphb->dtbusname) + 32); - /* Initialize memory regions */ - sprintf(namebuf, "%s.mmio", sphb->dtbusname); + namebuf = g_strdup_printf("%s.mmio", sphb->dtbusname); memory_region_init(&sphb->memspace, OBJECT(sphb), namebuf, UINT64_MAX); + g_free(namebuf); - sprintf(namebuf, "%s.mmio32-alias", sphb->dtbusname); + namebuf = g_strdup_printf("%s.mmio32-alias", sphb->dtbusname); memory_region_init_alias(&sphb->mem32window, OBJECT(sphb), namebuf, &sphb->memspace, SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size); + g_free(namebuf); memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr, &sphb->mem32window); - sprintf(namebuf, "%s.mmio64-alias", sphb->dtbusname); - memory_region_init_alias(&sphb->mem64window, OBJECT(sphb), - namebuf, &sphb->memspace, - sphb->mem64_win_pciaddr, sphb->mem64_win_size); - memory_region_add_subregion(get_system_memory(), sphb->mem64_win_addr, - &sphb->mem64window); + if (sphb->mem64_win_pciaddr != (hwaddr)-1) { + namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname); + memory_region_init_alias(&sphb->mem64window, OBJECT(sphb), + namebuf, &sphb->memspace, + sphb->mem64_win_pciaddr, sphb->mem64_win_size); + g_free(namebuf); + + if (sphb->mem64_win_addr != (hwaddr)-1) { + memory_region_add_subregion(get_system_memory(), + sphb->mem64_win_addr, + &sphb->mem64window); + } + } /* Initialize IO regions */ - sprintf(namebuf, "%s.io", sphb->dtbusname); + namebuf = g_strdup_printf("%s.io", sphb->dtbusname); memory_region_init(&sphb->iospace, OBJECT(sphb), namebuf, SPAPR_PCI_IO_WIN_SIZE); + g_free(namebuf); - sprintf(namebuf, "%s.io-alias", sphb->dtbusname); + namebuf = g_strdup_printf("%s.io-alias", sphb->dtbusname); memory_region_init_alias(&sphb->iowindow, OBJECT(sphb), namebuf, &sphb->iospace, 0, SPAPR_PCI_IO_WIN_SIZE); + g_free(namebuf); memory_region_add_subregion(get_system_memory(), sphb->io_win_addr, &sphb->iowindow); @@ -1679,10 +1663,10 @@ static void spapr_phb_realize(DeviceState *dev, Error **errp) * Later the guest might want to create another DMA window * which will become another memory subregion. */ - sprintf(namebuf, "%s.iommu-root", sphb->dtbusname); - + namebuf = g_strdup_printf("%s.iommu-root", sphb->dtbusname); memory_region_init(&sphb->iommu_root, OBJECT(sphb), namebuf, UINT64_MAX); + g_free(namebuf); address_space_init(&sphb->iommu_as, &sphb->iommu_root, sphb->dtbusname); @@ -2076,7 +2060,7 @@ int spapr_populate_pci_dt(sPAPRPHBState *phb, void *fdt) { int bus_off, i, j, ret; - char nodename[FDT_NAME_MAX]; + gchar *nodename; uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) }; struct { uint32_t hi; @@ -2125,11 +2109,9 @@ int spapr_populate_pci_dt(sPAPRPHBState *phb, sPAPRFDT s_fdt; /* Start populating the FDT */ - snprintf(nodename, FDT_NAME_MAX, "pci@%" PRIx64, phb->buid); - bus_off = fdt_add_subnode(fdt, 0, nodename); - if (bus_off < 0) { - return bus_off; - } + nodename = g_strdup_printf("pci@%" PRIx64, phb->buid); + _FDT(bus_off = fdt_add_subnode(fdt, 0, nodename)); + g_free(nodename); /* Write PHB properties */ _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci")); diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c index 32fd6a9b54..259397c002 100644 --- a/hw/vfio/spapr.c +++ b/hw/vfio/spapr.c @@ -163,7 +163,7 @@ int vfio_spapr_create_window(VFIOContainer *container, */ entries = create.window_size >> create.page_shift; pages = MAX((entries * sizeof(uint64_t)) / getpagesize(), 1); - pages = MAX(pow2ceil(pages) - 1, 1); /* Round up */ + pages = MAX(pow2ceil(pages), 1); /* Round up */ create.levels = ctz64(pages) / 6 + 1; ret = ioctl(container->fd, VFIO_IOMMU_SPAPR_TCE_CREATE, &create); diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h index c2931bf39c..6eff81a995 100644 --- a/include/hw/arm/xlnx-zynqmp.h +++ b/include/hw/arm/xlnx-zynqmp.h @@ -91,6 +91,8 @@ typedef struct XlnxZynqMPState { /* Has the ARM Security extensions? */ bool secure; + /* Has the ARM Virtualization extensions? */ + bool virt; /* Has the RPU subsystem? */ bool has_rpu; } XlnxZynqMPState; diff --git a/include/hw/pci-host/gpex.h b/include/hw/pci-host/gpex.h index 68c93488c9..aef38b881b 100644 --- a/include/hw/pci-host/gpex.h +++ b/include/hw/pci-host/gpex.h @@ -51,6 +51,9 @@ typedef struct GPEXHost { MemoryRegion io_ioport; MemoryRegion io_mmio; qemu_irq irq[GPEX_NUM_IRQS]; + int irq_num[GPEX_NUM_IRQS]; } GPEXHost; +int gpex_set_irq_num(GPEXHost *s, int index, int gsi); + #endif /* HW_GPEX_H */ diff --git a/include/hw/pci/pci_ids.h b/include/hw/pci/pci_ids.h index 3752ddc93a..b9c2bad851 100644 --- a/include/hw/pci/pci_ids.h +++ b/include/hw/pci/pci_ids.h @@ -183,6 +183,7 @@ #define PCI_VENDOR_ID_APPLE 0x106b #define PCI_DEVICE_ID_APPLE_UNI_N_AGP 0x0020 #define PCI_DEVICE_ID_APPLE_U3_AGP 0x004b +#define PCI_DEVICE_ID_APPLE_UNI_N_GMAC 0x0021 #define PCI_VENDOR_ID_SUN 0x108e #define PCI_DEVICE_ID_SUN_EBUS 0x1000 diff --git a/include/hw/ppc/spapr_ovec.h b/include/hw/ppc/spapr_ovec.h index 9edfa5ff75..bf25e5d954 100644 --- a/include/hw/ppc/spapr_ovec.h +++ b/include/hw/ppc/spapr_ovec.h @@ -51,7 +51,8 @@ typedef struct sPAPROptionVector sPAPROptionVector; #define OV5_FORM1_AFFINITY OV_BIT(5, 0) #define OV5_HP_EVT OV_BIT(6, 5) #define OV5_HPT_RESIZE OV_BIT(6, 7) -#define OV5_XIVE_EXPLOIT OV_BIT(23, 7) +#define OV5_XIVE_BOTH OV_BIT(23, 0) +#define OV5_XIVE_EXPLOIT OV_BIT(23, 1) /* 1=exploitation 0=legacy */ /* ISA 3.00 MMU features: */ #define OV5_MMU_BOTH OV_BIT(24, 0) /* Radix and hash */ diff --git a/include/sysemu/seccomp.h b/include/sysemu/seccomp.h index cfc06008cb..e67c2dc840 100644 --- a/include/sysemu/seccomp.h +++ b/include/sysemu/seccomp.h @@ -15,7 +15,13 @@ #ifndef QEMU_SECCOMP_H #define QEMU_SECCOMP_H +#define QEMU_SECCOMP_SET_DEFAULT (1 << 0) +#define QEMU_SECCOMP_SET_OBSOLETE (1 << 1) +#define QEMU_SECCOMP_SET_PRIVILEGED (1 << 2) +#define QEMU_SECCOMP_SET_SPAWN (1 << 3) +#define QEMU_SECCOMP_SET_RESOURCECTL (1 << 4) + #include <seccomp.h> -int seccomp_start(void); +int seccomp_start(uint32_t seccomp_opts); #endif diff --git a/qemu-options.hx b/qemu-options.hx index 9f6e2adfff..600614f6e5 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4017,13 +4017,35 @@ Old param mode (ARM only). ETEXI DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \ - "-sandbox <arg> Enable seccomp mode 2 system call filter (default 'off').\n", + "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \ + " [,spawn=allow|deny][,resourcecontrol=allow|deny]\n" \ + " Enable seccomp mode 2 system call filter (default 'off').\n" \ + " use 'obsolete' to allow obsolete system calls that are provided\n" \ + " by the kernel, but typically no longer used by modern\n" \ + " C library implementations.\n" \ + " use 'elevateprivileges' to allow or deny QEMU process to elevate\n" \ + " its privileges by blacklisting all set*uid|gid system calls.\n" \ + " The value 'children' will deny set*uid|gid system calls for\n" \ + " main QEMU process but will allow forks and execves to run unprivileged\n" \ + " use 'spawn' to avoid QEMU to spawn new threads or processes by\n" \ + " blacklisting *fork and execve\n" \ + " use 'resourcecontrol' to disable process affinity and schedular priority\n", QEMU_ARCH_ALL) STEXI -@item -sandbox @var{arg} +@item -sandbox @var{arg}[,obsolete=@var{string}][,elevateprivileges=@var{string}][,spawn=@var{string}][,resourcecontrol=@var{string}] @findex -sandbox Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will disable it. The default is 'off'. +@table @option +@item obsolete=@var{string} +Enable Obsolete system calls +@item elevateprivileges=@var{string} +Disable set*uid|gid system calls +@item spawn=@var{string} +Disable *fork and execve +@item resourcecontrol=@var{string} +Disable process affinity and schedular priority +@end table ETEXI DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig, diff --git a/qemu-seccomp.c b/qemu-seccomp.c index df75d9c471..b770a77d33 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -28,253 +28,92 @@ struct QemuSeccompSyscall { int32_t num; - uint8_t priority; + uint8_t set; }; -static const struct QemuSeccompSyscall seccomp_whitelist[] = { - { SCMP_SYS(timer_settime), 255 }, - { SCMP_SYS(timer_gettime), 254 }, - { SCMP_SYS(futex), 253 }, - { SCMP_SYS(select), 252 }, - { SCMP_SYS(recvfrom), 251 }, - { SCMP_SYS(sendto), 250 }, - { SCMP_SYS(socketcall), 250 }, - { SCMP_SYS(read), 249 }, - { SCMP_SYS(io_submit), 249 }, - { SCMP_SYS(brk), 248 }, - { SCMP_SYS(clone), 247 }, - { SCMP_SYS(mmap), 247 }, - { SCMP_SYS(mprotect), 246 }, - { SCMP_SYS(execve), 245 }, - { SCMP_SYS(open), 245 }, - { SCMP_SYS(ioctl), 245 }, - { SCMP_SYS(socket), 245 }, - { SCMP_SYS(setsockopt), 245 }, - { SCMP_SYS(recvmsg), 245 }, - { SCMP_SYS(sendmsg), 245 }, - { SCMP_SYS(accept), 245 }, - { SCMP_SYS(connect), 245 }, - { SCMP_SYS(socketpair), 245 }, - { SCMP_SYS(bind), 245 }, - { SCMP_SYS(listen), 245 }, - { SCMP_SYS(semget), 245 }, - { SCMP_SYS(ipc), 245 }, - { SCMP_SYS(gettimeofday), 245 }, - { SCMP_SYS(readlink), 245 }, - { SCMP_SYS(access), 245 }, - { SCMP_SYS(prctl), 245 }, - { SCMP_SYS(signalfd), 245 }, - { SCMP_SYS(getrlimit), 245 }, - { SCMP_SYS(getrusage), 245 }, - { SCMP_SYS(set_tid_address), 245 }, - { SCMP_SYS(statfs), 245 }, - { SCMP_SYS(unlink), 245 }, - { SCMP_SYS(wait4), 245 }, - { SCMP_SYS(fcntl64), 245 }, - { SCMP_SYS(fstat64), 245 }, - { SCMP_SYS(stat64), 245 }, - { SCMP_SYS(getgid32), 245 }, - { SCMP_SYS(getegid32), 245 }, - { SCMP_SYS(getuid32), 245 }, - { SCMP_SYS(geteuid32), 245 }, - { SCMP_SYS(sigreturn), 245 }, - { SCMP_SYS(_newselect), 245 }, - { SCMP_SYS(_llseek), 245 }, - { SCMP_SYS(mmap2), 245 }, - { SCMP_SYS(sigprocmask), 245 }, - { SCMP_SYS(sched_getparam), 245 }, - { SCMP_SYS(sched_getscheduler), 245 }, - { SCMP_SYS(fstat), 245 }, - { SCMP_SYS(clock_getres), 245 }, - { SCMP_SYS(sched_get_priority_min), 245 }, - { SCMP_SYS(sched_get_priority_max), 245 }, - { SCMP_SYS(stat), 245 }, - { SCMP_SYS(uname), 245 }, - { SCMP_SYS(eventfd2), 245 }, - { SCMP_SYS(io_getevents), 245 }, - { SCMP_SYS(dup), 245 }, - { SCMP_SYS(dup2), 245 }, - { SCMP_SYS(dup3), 245 }, - { SCMP_SYS(gettid), 245 }, - { SCMP_SYS(getgid), 245 }, - { SCMP_SYS(getegid), 245 }, - { SCMP_SYS(getuid), 245 }, - { SCMP_SYS(geteuid), 245 }, - { SCMP_SYS(timer_create), 245 }, - { SCMP_SYS(times), 245 }, - { SCMP_SYS(exit), 245 }, - { SCMP_SYS(clock_gettime), 245 }, - { SCMP_SYS(time), 245 }, - { SCMP_SYS(restart_syscall), 245 }, - { SCMP_SYS(pwrite64), 245 }, - { SCMP_SYS(nanosleep), 245 }, - { SCMP_SYS(chown), 245 }, - { SCMP_SYS(openat), 245 }, - { SCMP_SYS(getdents), 245 }, - { SCMP_SYS(timer_delete), 245 }, - { SCMP_SYS(exit_group), 245 }, - { SCMP_SYS(rt_sigreturn), 245 }, - { SCMP_SYS(sync), 245 }, - { SCMP_SYS(pread64), 245 }, - { SCMP_SYS(madvise), 245 }, - { SCMP_SYS(set_robust_list), 245 }, - { SCMP_SYS(lseek), 245 }, - { SCMP_SYS(pselect6), 245 }, - { SCMP_SYS(fork), 245 }, - { SCMP_SYS(rt_sigprocmask), 245 }, - { SCMP_SYS(write), 244 }, - { SCMP_SYS(fcntl), 243 }, - { SCMP_SYS(tgkill), 242 }, - { SCMP_SYS(kill), 242 }, - { SCMP_SYS(rt_sigaction), 242 }, - { SCMP_SYS(pipe2), 242 }, - { SCMP_SYS(munmap), 242 }, - { SCMP_SYS(mremap), 242 }, - { SCMP_SYS(fdatasync), 242 }, - { SCMP_SYS(close), 242 }, - { SCMP_SYS(rt_sigpending), 242 }, - { SCMP_SYS(rt_sigtimedwait), 242 }, - { SCMP_SYS(readv), 242 }, - { SCMP_SYS(writev), 242 }, - { SCMP_SYS(preadv), 242 }, - { SCMP_SYS(pwritev), 242 }, - { SCMP_SYS(setrlimit), 242 }, - { SCMP_SYS(ftruncate), 242 }, - { SCMP_SYS(lstat), 242 }, - { SCMP_SYS(pipe), 242 }, - { SCMP_SYS(umask), 242 }, - { SCMP_SYS(chdir), 242 }, - { SCMP_SYS(setitimer), 242 }, - { SCMP_SYS(setsid), 242 }, - { SCMP_SYS(poll), 242 }, - { SCMP_SYS(epoll_create), 242 }, - { SCMP_SYS(epoll_ctl), 242 }, - { SCMP_SYS(epoll_wait), 242 }, - { SCMP_SYS(waitpid), 242 }, - { SCMP_SYS(getsockname), 242 }, - { SCMP_SYS(getpeername), 242 }, - { SCMP_SYS(accept4), 242 }, - { SCMP_SYS(timerfd_settime), 242 }, - { SCMP_SYS(newfstatat), 241 }, - { SCMP_SYS(shutdown), 241 }, - { SCMP_SYS(getsockopt), 241 }, - { SCMP_SYS(semop), 241 }, - { SCMP_SYS(semtimedop), 241 }, - { SCMP_SYS(epoll_ctl_old), 241 }, - { SCMP_SYS(epoll_wait_old), 241 }, - { SCMP_SYS(epoll_pwait), 241 }, - { SCMP_SYS(epoll_create1), 241 }, - { SCMP_SYS(ppoll), 241 }, - { SCMP_SYS(creat), 241 }, - { SCMP_SYS(link), 241 }, - { SCMP_SYS(getpid), 241 }, - { SCMP_SYS(getppid), 241 }, - { SCMP_SYS(getpgrp), 241 }, - { SCMP_SYS(getpgid), 241 }, - { SCMP_SYS(getsid), 241 }, - { SCMP_SYS(getdents64), 241 }, - { SCMP_SYS(getresuid), 241 }, - { SCMP_SYS(getresgid), 241 }, - { SCMP_SYS(getgroups), 241 }, - { SCMP_SYS(getresuid32), 241 }, - { SCMP_SYS(getresgid32), 241 }, - { SCMP_SYS(getgroups32), 241 }, - { SCMP_SYS(signal), 241 }, - { SCMP_SYS(sigaction), 241 }, - { SCMP_SYS(sigsuspend), 241 }, - { SCMP_SYS(sigpending), 241 }, - { SCMP_SYS(truncate64), 241 }, - { SCMP_SYS(ftruncate64), 241 }, - { SCMP_SYS(fchown32), 241 }, - { SCMP_SYS(chown32), 241 }, - { SCMP_SYS(lchown32), 241 }, - { SCMP_SYS(statfs64), 241 }, - { SCMP_SYS(fstatfs64), 241 }, - { SCMP_SYS(fstatat64), 241 }, - { SCMP_SYS(lstat64), 241 }, - { SCMP_SYS(sendfile64), 241 }, - { SCMP_SYS(ugetrlimit), 241 }, - { SCMP_SYS(alarm), 241 }, - { SCMP_SYS(rt_sigsuspend), 241 }, - { SCMP_SYS(rt_sigqueueinfo), 241 }, - { SCMP_SYS(rt_tgsigqueueinfo), 241 }, - { SCMP_SYS(sigaltstack), 241 }, - { SCMP_SYS(signalfd4), 241 }, - { SCMP_SYS(truncate), 241 }, - { SCMP_SYS(fchown), 241 }, - { SCMP_SYS(lchown), 241 }, - { SCMP_SYS(fchownat), 241 }, - { SCMP_SYS(fstatfs), 241 }, - { SCMP_SYS(getitimer), 241 }, - { SCMP_SYS(syncfs), 241 }, - { SCMP_SYS(fsync), 241 }, - { SCMP_SYS(fchdir), 241 }, - { SCMP_SYS(msync), 241 }, - { SCMP_SYS(sched_setparam), 241 }, - { SCMP_SYS(sched_setscheduler), 241 }, - { SCMP_SYS(sched_yield), 241 }, - { SCMP_SYS(sched_rr_get_interval), 241 }, - { SCMP_SYS(sched_setaffinity), 241 }, - { SCMP_SYS(sched_getaffinity), 241 }, - { SCMP_SYS(readahead), 241 }, - { SCMP_SYS(timer_getoverrun), 241 }, - { SCMP_SYS(unlinkat), 241 }, - { SCMP_SYS(readlinkat), 241 }, - { SCMP_SYS(faccessat), 241 }, - { SCMP_SYS(get_robust_list), 241 }, - { SCMP_SYS(splice), 241 }, - { SCMP_SYS(vmsplice), 241 }, - { SCMP_SYS(getcpu), 241 }, - { SCMP_SYS(sendmmsg), 241 }, - { SCMP_SYS(recvmmsg), 241 }, - { SCMP_SYS(prlimit64), 241 }, - { SCMP_SYS(waitid), 241 }, - { SCMP_SYS(io_cancel), 241 }, - { SCMP_SYS(io_setup), 241 }, - { SCMP_SYS(io_destroy), 241 }, - { SCMP_SYS(arch_prctl), 240 }, - { SCMP_SYS(mkdir), 240 }, - { SCMP_SYS(fchmod), 240 }, - { SCMP_SYS(shmget), 240 }, - { SCMP_SYS(shmat), 240 }, - { SCMP_SYS(shmdt), 240 }, - { SCMP_SYS(timerfd_create), 240 }, - { SCMP_SYS(shmctl), 240 }, - { SCMP_SYS(mlockall), 240 }, - { SCMP_SYS(mlock), 240 }, - { SCMP_SYS(munlock), 240 }, - { SCMP_SYS(semctl), 240 }, - { SCMP_SYS(fallocate), 240 }, - { SCMP_SYS(fadvise64), 240 }, - { SCMP_SYS(inotify_init1), 240 }, - { SCMP_SYS(inotify_add_watch), 240 }, - { SCMP_SYS(mbind), 240 }, - { SCMP_SYS(memfd_create), 240 }, -#ifdef HAVE_CACHEFLUSH - { SCMP_SYS(cacheflush), 240 }, -#endif - { SCMP_SYS(sysinfo), 240 }, +static const struct QemuSeccompSyscall blacklist[] = { + /* default set of syscalls to blacklist */ + { SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(syslog), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(mount), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(kexec_load), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(afs_syscall), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(ftime), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(getpmsg), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(gtty), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(lock), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(mpx), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(prof), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(profil), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(putpmsg), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(security), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(stty), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(tuxcall), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(ulimit), QEMU_SECCOMP_SET_DEFAULT }, + { SCMP_SYS(vserver), QEMU_SECCOMP_SET_DEFAULT }, + /* obsolete */ + { SCMP_SYS(readdir), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(_sysctl), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(bdflush), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(create_module), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(get_kernel_syms), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(query_module), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(sgetmask), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(ssetmask), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(sysfs), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(uselib), QEMU_SECCOMP_SET_OBSOLETE }, + { SCMP_SYS(ustat), QEMU_SECCOMP_SET_OBSOLETE }, + /* privileged */ + { SCMP_SYS(setuid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setgid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setpgid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setsid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setreuid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setregid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setresuid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setresgid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setfsuid), QEMU_SECCOMP_SET_PRIVILEGED }, + { SCMP_SYS(setfsgid), QEMU_SECCOMP_SET_PRIVILEGED }, + /* spawn */ + { SCMP_SYS(fork), QEMU_SECCOMP_SET_SPAWN }, + { SCMP_SYS(vfork), QEMU_SECCOMP_SET_SPAWN }, + { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN }, + /* resource control */ + { SCMP_SYS(getpriority), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_get_priority_max), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL }, }; -int seccomp_start(void) + +int seccomp_start(uint32_t seccomp_opts) { int rc = 0; unsigned int i = 0; scmp_filter_ctx ctx; - ctx = seccomp_init(SCMP_ACT_KILL); + ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) { rc = -1; goto seccomp_return; } - for (i = 0; i < ARRAY_SIZE(seccomp_whitelist); i++) { - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, seccomp_whitelist[i].num, 0); - if (rc < 0) { - goto seccomp_return; + for (i = 0; i < ARRAY_SIZE(blacklist); i++) { + if (!(seccomp_opts & blacklist[i].set)) { + continue; } - rc = seccomp_syscall_priority(ctx, seccomp_whitelist[i].num, - seccomp_whitelist[i].priority); + + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0); if (rc < 0) { goto seccomp_return; } diff --git a/qtest.c b/qtest.c index 88a09e9afc..cbbfb71114 100644 --- a/qtest.c +++ b/qtest.c @@ -332,10 +332,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) strcmp(words[0], "outl") == 0) { unsigned long addr; unsigned long value; + int ret; g_assert(words[1] && words[2]); - g_assert(qemu_strtoul(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtoul(words[2], NULL, 0, &value) == 0); + ret = qemu_strtoul(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtoul(words[2], NULL, 0, &value); + g_assert(ret == 0); g_assert(addr <= 0xffff); if (words[0][3] == 'b') { @@ -352,9 +355,11 @@ static void qtest_process_command(CharBackend *chr, gchar **words) strcmp(words[0], "inl") == 0) { unsigned long addr; uint32_t value = -1U; + int ret; g_assert(words[1]); - g_assert(qemu_strtoul(words[1], NULL, 0, &addr) == 0); + ret = qemu_strtoul(words[1], NULL, 0, &addr); + g_assert(ret == 0); g_assert(addr <= 0xffff); if (words[0][2] == 'b') { @@ -372,10 +377,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) strcmp(words[0], "writeq") == 0) { uint64_t addr; uint64_t value; + int ret; g_assert(words[1] && words[2]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &value) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &value); + g_assert(ret == 0); if (words[0][5] == 'b') { uint8_t data = value; @@ -401,9 +409,11 @@ static void qtest_process_command(CharBackend *chr, gchar **words) strcmp(words[0], "readq") == 0) { uint64_t addr; uint64_t value = UINT64_C(-1); + int ret; g_assert(words[1]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); if (words[0][4] == 'b') { uint8_t data; @@ -427,10 +437,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) uint64_t addr, len, i; uint8_t *data; char *enc; + int ret; g_assert(words[1] && words[2]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &len) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &len); + g_assert(ret == 0); /* We'd send garbage to libqtest if len is 0 */ g_assert(len); @@ -451,10 +464,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) uint64_t addr, len; uint8_t *data; gchar *b64_data; + int ret; g_assert(words[1] && words[2]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &len) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &len); + g_assert(ret == 0); data = g_malloc(len); cpu_physical_memory_read(addr, data, len); @@ -468,10 +484,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) uint64_t addr, len, i; uint8_t *data; size_t data_len; + int ret; g_assert(words[1] && words[2] && words[3]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &len) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &len); + g_assert(ret == 0); data_len = strlen(words[3]); if (data_len < 3) { @@ -497,11 +516,15 @@ static void qtest_process_command(CharBackend *chr, gchar **words) uint64_t addr, len; uint8_t *data; unsigned long pattern; + int ret; g_assert(words[1] && words[2] && words[3]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &len) == 0); - g_assert(qemu_strtoul(words[3], NULL, 0, &pattern) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &len); + g_assert(ret == 0); + ret = qemu_strtoul(words[3], NULL, 0, &pattern); + g_assert(ret == 0); if (len) { data = g_malloc(len); @@ -517,10 +540,13 @@ static void qtest_process_command(CharBackend *chr, gchar **words) uint8_t *data; size_t data_len; gsize out_len; + int ret; g_assert(words[1] && words[2] && words[3]); - g_assert(qemu_strtou64(words[1], NULL, 0, &addr) == 0); - g_assert(qemu_strtou64(words[2], NULL, 0, &len) == 0); + ret = qemu_strtou64(words[1], NULL, 0, &addr); + g_assert(ret == 0); + ret = qemu_strtou64(words[2], NULL, 0, &len); + g_assert(ret == 0); data_len = strlen(words[3]); if (data_len < 3) { @@ -551,11 +577,16 @@ static void qtest_process_command(CharBackend *chr, gchar **words) } else if (strcmp(words[0], "rtas") == 0) { uint64_t res, args, ret; unsigned long nargs, nret; - - g_assert(qemu_strtoul(words[2], NULL, 0, &nargs) == 0); - g_assert(qemu_strtou64(words[3], NULL, 0, &args) == 0); - g_assert(qemu_strtoul(words[4], NULL, 0, &nret) == 0); - g_assert(qemu_strtou64(words[5], NULL, 0, &ret) == 0); + int rc; + + rc = qemu_strtoul(words[2], NULL, 0, &nargs); + g_assert(rc == 0); + rc = qemu_strtou64(words[3], NULL, 0, &args); + g_assert(rc == 0); + rc = qemu_strtoul(words[4], NULL, 0, &nret); + g_assert(rc == 0); + rc = qemu_strtou64(words[5], NULL, 0, &ret); + g_assert(rc == 0); res = qtest_rtas_call(words[1], nargs, args, nret, ret); qtest_send_prefix(chr); @@ -565,7 +596,8 @@ static void qtest_process_command(CharBackend *chr, gchar **words) int64_t ns; if (words[1]) { - g_assert(qemu_strtoi64(words[1], NULL, 0, &ns) == 0); + int ret = qemu_strtoi64(words[1], NULL, 0, &ns); + g_assert(ret == 0); } else { ns = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL); } @@ -575,9 +607,11 @@ static void qtest_process_command(CharBackend *chr, gchar **words) (int64_t)qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); } else if (qtest_enabled() && strcmp(words[0], "clock_set") == 0) { int64_t ns; + int ret; g_assert(words[1]); - g_assert(qemu_strtoi64(words[1], NULL, 0, &ns) == 0); + ret = qemu_strtoi64(words[1], NULL, 0, &ns); + g_assert(ret == 0); qtest_clock_warp(ns); qtest_send_prefix(chr); qtest_sendf(chr, "OK %"PRIi64"\n", diff --git a/target/arm/cpu.c b/target/arm/cpu.c index a1acce3c7a..412e94c7ad 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -235,6 +235,12 @@ static void arm_cpu_reset(CPUState *s) env->regs[15] = 0xFFFF0000; } + /* M profile requires that reset clears the exclusive monitor; + * A profile does not, but clearing it makes more sense than having it + * set with an exclusive access on address zero. + */ + arm_clear_exclusive(env); + env->vfp.xregs[ARM_VFP_FPEXC] = 0; #endif diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 98b9b26fd3..5a1f957c51 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -81,8 +81,11 @@ * accessed via env->registerfield[env->v7m.secure] (whether the security * extension is implemented or not). */ -#define M_REG_NS 0 -#define M_REG_S 1 +enum { + M_REG_NS = 0, + M_REG_S = 1, + M_REG_NUM_BANKS = 2, +}; /* ARM-specific interrupt pending bits. */ #define CPU_INTERRUPT_FIQ CPU_INTERRUPT_TGT_EXT_1 @@ -433,19 +436,19 @@ typedef struct CPUARMState { uint32_t other_sp; uint32_t other_ss_msp; uint32_t other_ss_psp; - uint32_t vecbase[2]; - uint32_t basepri[2]; - uint32_t control[2]; - uint32_t ccr[2]; /* Configuration and Control */ - uint32_t cfsr[2]; /* Configurable Fault Status */ + uint32_t vecbase[M_REG_NUM_BANKS]; + uint32_t basepri[M_REG_NUM_BANKS]; + uint32_t control[M_REG_NUM_BANKS]; + uint32_t ccr[M_REG_NUM_BANKS]; /* Configuration and Control */ + uint32_t cfsr[M_REG_NUM_BANKS]; /* Configurable Fault Status */ uint32_t hfsr; /* HardFault Status */ uint32_t dfsr; /* Debug Fault Status Register */ - uint32_t mmfar[2]; /* MemManage Fault Address */ + uint32_t mmfar[M_REG_NUM_BANKS]; /* MemManage Fault Address */ uint32_t bfar; /* BusFault Address */ - unsigned mpu_ctrl[2]; /* MPU_CTRL */ + unsigned mpu_ctrl[M_REG_NUM_BANKS]; /* MPU_CTRL */ int exception; - uint32_t primask[2]; - uint32_t faultmask[2]; + uint32_t primask[M_REG_NUM_BANKS]; + uint32_t faultmask[M_REG_NUM_BANKS]; uint32_t secure; /* Is CPU in Secure state? (not guest visible) */ } v7m; @@ -546,7 +549,7 @@ typedef struct CPUARMState { uint32_t *drbar; uint32_t *drsr; uint32_t *dracr; - uint32_t rnr[2]; + uint32_t rnr[M_REG_NUM_BANKS]; } pmsav7; /* PMSAv8 MPU */ @@ -556,10 +559,10 @@ typedef struct CPUARMState { * pmsav7.rnr (region number register) * pmsav7_dregion (number of configured regions) */ - uint32_t *rbar[2]; - uint32_t *rlar[2]; - uint32_t mair0[2]; - uint32_t mair1[2]; + uint32_t *rbar[M_REG_NUM_BANKS]; + uint32_t *rlar[M_REG_NUM_BANKS]; + uint32_t mair0[M_REG_NUM_BANKS]; + uint32_t mair1[M_REG_NUM_BANKS]; } pmsav8; void *nvic; diff --git a/target/arm/helper.c b/target/arm/helper.c index 329e5178d8..4f41841ef6 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6175,6 +6175,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) armv7m_nvic_acknowledge_irq(env->nvic); switch_v7m_sp(env, 0); + arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; env->regs[14] = lr; @@ -6211,7 +6212,7 @@ static void v7m_push_stack(ARMCPU *cpu) static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; - uint32_t type; + uint32_t excret; uint32_t xpsr; bool ufault = false; bool return_to_sp_process = false; @@ -6232,18 +6233,19 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * the target value up between env->regs[15] and env->thumb in * gen_bx(). Reconstitute it. */ - type = env->regs[15]; + excret = env->regs[15]; if (env->thumb) { - type |= 1; + excret |= 1; } qemu_log_mask(CPU_LOG_INT, "Exception return: magic PC %" PRIx32 " previous exception %d\n", - type, env->v7m.exception); + excret, env->v7m.exception); - if (extract32(type, 5, 23) != extract32(-1, 5, 23)) { + if ((excret & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) { qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero high bits in exception " - "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", type); + "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", + excret); } if (env->v7m.exception != ARMV7M_EXCP_NMI) { @@ -6254,7 +6256,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.) */ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { - int es = type & 1; + int es = excret & R_V7M_EXCRET_ES_MASK; if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) { env->v7m.faultmask[es] = 0; } @@ -6282,7 +6284,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } - switch (type & 0xf) { + switch (excret & 0xf) { case 1: /* Return to Handler */ return_to_handler = true; break; @@ -6305,7 +6307,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); - v7m_exception_taken(cpu, type | 0xf0000000); + v7m_exception_taken(cpu, excret); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); return; @@ -6340,20 +6342,21 @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the - * exception return type specified then this is a UsageFault. + * exception return excret specified then this is a UsageFault. */ if (return_to_handler != arm_v7m_is_handler_mode(env)) { /* Take an INVPC UsageFault by pushing the stack again. */ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); - v7m_exception_taken(cpu, type | 0xf0000000); + v7m_exception_taken(cpu, excret); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: " "failed exception return integrity check\n"); return; } /* Otherwise, we have a successful exception exit. */ + arm_clear_exclusive(env); qemu_log_mask(CPU_LOG_INT, "...successful exception return\n"); } @@ -6428,15 +6431,15 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) case 0x8: /* External Abort */ switch (cs->exception_index) { case EXCP_PREFETCH_ABORT: - env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_PRECISERR_MASK; - qemu_log_mask(CPU_LOG_INT, "...with CFSR.PRECISERR\n"); + env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK; + qemu_log_mask(CPU_LOG_INT, "...with CFSR.IBUSERR\n"); break; case EXCP_DATA_ABORT: env->v7m.cfsr[M_REG_NS] |= - (R_V7M_CFSR_IBUSERR_MASK | R_V7M_CFSR_BFARVALID_MASK); + (R_V7M_CFSR_PRECISERR_MASK | R_V7M_CFSR_BFARVALID_MASK); env->v7m.bfar = env->exception.vaddress; qemu_log_mask(CPU_LOG_INT, - "...with CFSR.IBUSERR and BFAR 0x%x\n", + "...with CFSR.PRECISERR and BFAR 0x%x\n", env->v7m.bfar); break; } @@ -6489,12 +6492,16 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) return; /* Never happens. Keep compiler happy. */ } - lr = 0xfffffff1; + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_S_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK | + R_V7M_EXCRET_ES_MASK; if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) { - lr |= 4; + lr |= R_V7M_EXCRET_SPSEL_MASK; } if (!arm_v7m_is_handler_mode(env)) { - lr |= 8; + lr |= R_V7M_EXCRET_MODE_MASK; } v7m_push_stack(cpu); diff --git a/target/arm/internals.h b/target/arm/internals.h index 5d7f24c95c..18be3702f2 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -61,6 +61,16 @@ FIELD(V7M_CONTROL, NPRIV, 0, 1) FIELD(V7M_CONTROL, SPSEL, 1, 1) FIELD(V7M_CONTROL, FPCA, 2, 1) +/* Bit definitions for v7M exception return payload */ +FIELD(V7M_EXCRET, ES, 0, 1) +FIELD(V7M_EXCRET, RES0, 1, 1) +FIELD(V7M_EXCRET, SPSEL, 2, 1) +FIELD(V7M_EXCRET, MODE, 3, 1) +FIELD(V7M_EXCRET, FTYPE, 4, 1) +FIELD(V7M_EXCRET, DCRS, 5, 1) +FIELD(V7M_EXCRET, S, 6, 1) +FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */ + /* * For AArch64, map a given EL to an index in the banked_spsr array. * Note that this mapping and the AArch32 mapping defined in bank_number() @@ -444,6 +454,16 @@ void arm_handle_psci_call(ARMCPU *cpu); #endif /** + * arm_clear_exclusive: clear the exclusive monitor + * @env: CPU env + * Clear the CPU's exclusive monitor, like the guest CLREX instruction. + */ +static inline void arm_clear_exclusive(CPUARMState *env) +{ + env->exclusive_addr = -1; +} + +/** * ARMMMUFaultInfo: Information describing an ARM MMU Fault * @s2addr: Address that caused a fault at stage 2 * @stage2: True if we faulted at stage 2 diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index d1bca462cc..6a60464ab9 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -1022,7 +1022,7 @@ void HELPER(exception_return)(CPUARMState *env) aarch64_save_sp(env, cur_el); - env->exclusive_addr = -1; + arm_clear_exclusive(env); /* We must squash the PSTATE.SS bit to zero unless both of the * following hold: diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 9017e30510..083568c468 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -1894,7 +1894,7 @@ static void gen_load_exclusive(DisasContext *s, int rt, int rt2, } static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, - TCGv_i64 inaddr, int size, int is_pair) + TCGv_i64 addr, int size, int is_pair) { /* if (env->exclusive_addr == addr && env->exclusive_val == [addr] * && (!is_pair || env->exclusive_high == [addr + datasize])) { @@ -1910,13 +1910,8 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, */ TCGLabel *fail_label = gen_new_label(); TCGLabel *done_label = gen_new_label(); - TCGv_i64 addr = tcg_temp_local_new_i64(); TCGv_i64 tmp; - /* Copy input into a local temp so it is not trashed when the - * basic block ends at the branch insn. - */ - tcg_gen_mov_i64(addr, inaddr); tcg_gen_brcond_i64(TCG_COND_NE, addr, cpu_exclusive_addr, fail_label); tmp = tcg_temp_new_i64(); @@ -1927,27 +1922,24 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, } else { tcg_gen_concat32_i64(tmp, cpu_reg(s, rt2), cpu_reg(s, rt)); } - tcg_gen_atomic_cmpxchg_i64(tmp, addr, cpu_exclusive_val, tmp, + tcg_gen_atomic_cmpxchg_i64(tmp, cpu_exclusive_addr, + cpu_exclusive_val, tmp, get_mem_index(s), MO_64 | MO_ALIGN | s->be_data); tcg_gen_setcond_i64(TCG_COND_NE, tmp, tmp, cpu_exclusive_val); } else if (s->be_data == MO_LE) { - gen_helper_paired_cmpxchg64_le(tmp, cpu_env, addr, cpu_reg(s, rt), - cpu_reg(s, rt2)); + gen_helper_paired_cmpxchg64_le(tmp, cpu_env, cpu_exclusive_addr, + cpu_reg(s, rt), cpu_reg(s, rt2)); } else { - gen_helper_paired_cmpxchg64_be(tmp, cpu_env, addr, cpu_reg(s, rt), - cpu_reg(s, rt2)); + gen_helper_paired_cmpxchg64_be(tmp, cpu_env, cpu_exclusive_addr, + cpu_reg(s, rt), cpu_reg(s, rt2)); } } else { - TCGv_i64 val = cpu_reg(s, rt); - tcg_gen_atomic_cmpxchg_i64(tmp, addr, cpu_exclusive_val, val, - get_mem_index(s), + tcg_gen_atomic_cmpxchg_i64(tmp, cpu_exclusive_addr, cpu_exclusive_val, + cpu_reg(s, rt), get_mem_index(s), size | MO_ALIGN | s->be_data); tcg_gen_setcond_i64(TCG_COND_NE, tmp, tmp, cpu_exclusive_val); } - - tcg_temp_free_i64(addr); - tcg_gen_mov_i64(cpu_reg(s, rd), tmp); tcg_temp_free_i64(tmp); tcg_gen_br(done_label); @@ -11348,6 +11340,7 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) default: gen_a64_set_pc_im(dc->pc); /* fall through */ + case DISAS_EXIT: case DISAS_JUMP: if (dc->base.singlestep_enabled) { gen_exception_internal(EXCP_DEBUG); diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 6442dfcb95..1deaf106d2 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -120,7 +120,7 @@ static void kvm_kick_cpu(void *opaque) static bool kvmppc_is_pr(KVMState *ks) { /* Assume KVM-PR if the GET_PVINFO capability is available */ - return kvm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0; + return kvm_vm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0; } static int kvm_ppc_register_host_cpu_type(void); diff --git a/tests/libqos/pci.c b/tests/libqos/pci.c index 2dcdeade2a..0b73cb23d0 100644 --- a/tests/libqos/pci.c +++ b/tests/libqos/pci.c @@ -120,6 +120,8 @@ void qpci_msix_enable(QPCIDevice *dev) bir_pba = table & PCI_MSIX_FLAGS_BIRMASK; if (bir_pba != bir_table) { dev->msix_pba_bar = qpci_iomap(dev, bir_pba, NULL); + } else { + dev->msix_pba_bar = dev->msix_table_bar; } dev->msix_pba_off = table & ~PCI_MSIX_FLAGS_BIRMASK; @@ -138,8 +140,11 @@ void qpci_msix_disable(QPCIDevice *dev) qpci_config_writew(dev, addr + PCI_MSIX_FLAGS, val & ~PCI_MSIX_FLAGS_ENABLE); + if (dev->msix_pba_bar.addr != dev->msix_table_bar.addr) { + qpci_iounmap(dev, dev->msix_pba_bar); + } qpci_iounmap(dev, dev->msix_table_bar); - qpci_iounmap(dev, dev->msix_pba_bar); + dev->msix_enabled = 0; dev->msix_table_off = 0; dev->msix_pba_off = 0; @@ -394,21 +399,6 @@ QPCIBar qpci_legacy_iomap(QPCIDevice *dev, uint16_t addr) void qpci_plug_device_test(const char *driver, const char *id, uint8_t slot, const char *opts) { - QDict *response; - char *cmd; - - cmd = g_strdup_printf("{'execute': 'device_add'," - " 'arguments': {" - " 'driver': '%s'," - " 'addr': '%d'," - " %s%s" - " 'id': '%s'" - "}}", driver, slot, - opts ? opts : "", opts ? "," : "", - id); - response = qmp(cmd); - g_free(cmd); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); + qtest_qmp_device_add(driver, id, "'addr': '%d'%s%s", slot, + opts ? ", " : "", opts ? opts : ""); } diff --git a/tests/libqos/usb.c b/tests/libqos/usb.c index 0cdfaecda7..2a476049a8 100644 --- a/tests/libqos/usb.c +++ b/tests/libqos/usb.c @@ -40,34 +40,16 @@ void uhci_port_test(struct qhc *hc, int port, uint16_t expect) void usb_test_hotplug(const char *hcd_id, const int port, void (*port_check)(void)) { - QDict *response; - char *cmd; + char *id = g_strdup_printf("usbdev%d", port); - cmd = g_strdup_printf("{'execute': 'device_add'," - " 'arguments': {" - " 'driver': 'usb-tablet'," - " 'port': '%d'," - " 'bus': '%s.0'," - " 'id': 'usbdev%d'" - "}}", port, hcd_id, port); - response = qmp(cmd); - g_free(cmd); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); + qtest_qmp_device_add("usb-tablet", id, "'port': '%d', 'bus': '%s.0'", + port, hcd_id); if (port_check) { port_check(); } - cmd = g_strdup_printf("{'execute': 'device_del'," - " 'arguments': {" - " 'id': 'usbdev%d'" - "}}", port); - response = qmp(cmd); - g_free(cmd); - g_assert(response); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); + qtest_qmp_device_del(id); + + g_free(id); } diff --git a/tests/libqtest.c b/tests/libqtest.c index b9a1f180e1..cbd709470b 100644 --- a/tests/libqtest.c +++ b/tests/libqtest.c @@ -42,7 +42,6 @@ struct QTestState }; static GHookList abrt_hooks; -static GList *qtest_instances; static struct sigaction sigact_old; #define g_assert_no_errno(ret) do { \ @@ -150,6 +149,19 @@ void qtest_add_abrt_handler(GHookFunc fn, const void *data) g_hook_prepend(&abrt_hooks, hook); } +static const char *qtest_qemu_binary(void) +{ + const char *qemu_bin; + + qemu_bin = getenv("QTEST_QEMU_BINARY"); + if (!qemu_bin) { + fprintf(stderr, "Environment variable QTEST_QEMU_BINARY required\n"); + exit(1); + } + + return qemu_bin; +} + QTestState *qtest_init_without_qmp_handshake(const char *extra_args) { QTestState *s; @@ -157,13 +169,7 @@ QTestState *qtest_init_without_qmp_handshake(const char *extra_args) gchar *socket_path; gchar *qmp_socket_path; gchar *command; - const char *qemu_binary; - - qemu_binary = getenv("QTEST_QEMU_BINARY"); - if (!qemu_binary) { - fprintf(stderr, "Environment variable QTEST_QEMU_BINARY required\n"); - exit(1); - } + const char *qemu_binary = qtest_qemu_binary(); s = g_malloc(sizeof(*s)); @@ -240,13 +246,10 @@ QTestState *qtest_init(const char *extra_args) void qtest_quit(QTestState *s) { - qtest_instances = g_list_remove(qtest_instances, s); g_hook_destroy_link(&abrt_hooks, g_hook_find_data(&abrt_hooks, TRUE, s)); /* Uninstall SIGABRT handler on last instance */ - if (!qtest_instances) { - cleanup_sigabrt_handler(); - } + cleanup_sigabrt_handler(); kill_qemu(s); close(s->fd); @@ -624,8 +627,7 @@ char *qtest_hmp(QTestState *s, const char *fmt, ...) const char *qtest_get_arch(void) { - const char *qemu = getenv("QTEST_QEMU_BINARY"); - g_assert(qemu != NULL); + const char *qemu = qtest_qemu_binary(); const char *end = strrchr(qemu, '/'); return end + strlen("/qemu-system-"); @@ -987,3 +989,78 @@ void qtest_cb_for_every_machine(void (*cb)(const char *machine)) qtest_end(); QDECREF(response); } + +/* + * Generic hot-plugging test via the device_add QMP command. + */ +void qtest_qmp_device_add(const char *driver, const char *id, const char *fmt, + ...) +{ + QDict *response; + char *cmd, *opts = NULL; + va_list va; + + if (fmt) { + va_start(va, fmt); + opts = g_strdup_vprintf(fmt, va); + va_end(va); + } + + cmd = g_strdup_printf("{'execute': 'device_add'," + " 'arguments': { 'driver': '%s', 'id': '%s'%s%s }}", + driver, id, opts ? ", " : "", opts ? opts : ""); + g_free(opts); + + response = qmp(cmd); + g_free(cmd); + g_assert(response); + g_assert(!qdict_haskey(response, "event")); /* We don't expect any events */ + g_assert(!qdict_haskey(response, "error")); + QDECREF(response); +} + +/* + * Generic hot-unplugging test via the device_del QMP command. + * Device deletion will get one response and one event. For example: + * + * {'execute': 'device_del','arguments': { 'id': 'scsi-hd'}} + * + * will get this one: + * + * {"timestamp": {"seconds": 1505289667, "microseconds": 569862}, + * "event": "DEVICE_DELETED", "data": {"device": "scsi-hd", + * "path": "/machine/peripheral/scsi-hd"}} + * + * and this one: + * + * {"return": {}} + * + * But the order of arrival may vary - so we've got to detect both. + */ +void qtest_qmp_device_del(const char *id) +{ + QDict *response1, *response2, *event = NULL; + char *cmd; + + cmd = g_strdup_printf("{'execute': 'device_del'," + " 'arguments': { 'id': '%s' }}", id); + response1 = qmp(cmd); + g_free(cmd); + g_assert(response1); + g_assert(!qdict_haskey(response1, "error")); + + response2 = qmp(""); + g_assert(response2); + g_assert(!qdict_haskey(response2, "error")); + + if (qdict_haskey(response1, "event")) { + event = response1; + } else if (qdict_haskey(response2, "event")) { + event = response2; + } + g_assert(event); + g_assert_cmpstr(qdict_get_str(event, "event"), ==, "DEVICE_DELETED"); + + QDECREF(response1); + QDECREF(response2); +} diff --git a/tests/libqtest.h b/tests/libqtest.h index 3ae570927a..86b3a3bb0d 100644 --- a/tests/libqtest.h +++ b/tests/libqtest.h @@ -134,14 +134,14 @@ QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event); /** * qtest_hmp: * @s: #QTestState instance to operate on. - * @fmt...: HMP command to send to QEMU + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). * * Send HMP command to QEMU via QMP's human-monitor-command. * QMP events are discarded. * * Returns: the command's output. The caller should g_free() it. */ -char *qtest_hmp(QTestState *s, const char *fmt, ...); +char *qtest_hmp(QTestState *s, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /** * qtest_hmpv: @@ -592,13 +592,13 @@ static inline QDict *qmp_eventwait_ref(const char *event) /** * hmp: - * @fmt...: HMP command to send to QEMU + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf(). * * Send HMP command to QEMU via QMP's human-monitor-command. * * Returns: the command's output. The caller should g_free() it. */ -char *hmp(const char *fmt, ...); +char *hmp(const char *fmt, ...) GCC_FMT_ATTR(1, 2); /** * get_irq: @@ -927,4 +927,23 @@ QDict *qmp_fd(int fd, const char *fmt, ...); */ void qtest_cb_for_every_machine(void (*cb)(const char *machine)); +/** + * qtest_qmp_device_add: + * @driver: Name of the device that should be added + * @id: Identification string + * @fmt: printf-like format string for further options to device_add + * + * Generic hot-plugging test via the device_add QMP command. + */ +void qtest_qmp_device_add(const char *driver, const char *id, const char *fmt, + ...) GCC_FMT_ATTR(3, 4); + +/** + * qtest_qmp_device_del: + * @id: Identification string + * + * Generic hot-unplugging test via the device_del QMP command. + */ +void qtest_qmp_device_del(const char *id); + #endif diff --git a/tests/numa-test.c b/tests/numa-test.c index 3f636840b1..e1b6152244 100644 --- a/tests/numa-test.c +++ b/tests/numa-test.c @@ -17,21 +17,6 @@ static char *make_cli(const char *generic_cli, const char *test_cli) return g_strdup_printf("%s %s", generic_cli ? generic_cli : "", test_cli); } -static char *hmp_info_numa(void) -{ - QDict *resp; - char *s; - - resp = qmp("{ 'execute': 'human-monitor-command', 'arguments': " - "{ 'command-line': 'info numa '} }"); - g_assert(resp); - g_assert(qdict_haskey(resp, "return")); - s = g_strdup(qdict_get_str(resp, "return")); - g_assert(s); - QDECREF(resp); - return s; -} - static void test_mon_explicit(const void *data) { char *s; @@ -42,7 +27,7 @@ static void test_mon_explicit(const void *data) "-numa node,nodeid=1,cpus=4-7 "); qtest_start(cli); - s = hmp_info_numa(); + s = hmp("info numa"); g_assert(strstr(s, "node 0 cpus: 0 1 2 3")); g_assert(strstr(s, "node 1 cpus: 4 5 6 7")); g_free(s); @@ -59,7 +44,7 @@ static void test_mon_default(const void *data) cli = make_cli(data, "-smp 8 -numa node -numa node"); qtest_start(cli); - s = hmp_info_numa(); + s = hmp("info numa"); g_assert(strstr(s, "node 0 cpus: 0 2 4 6")); g_assert(strstr(s, "node 1 cpus: 1 3 5 7")); g_free(s); @@ -78,7 +63,7 @@ static void test_mon_partial(const void *data) "-numa node,nodeid=1,cpus=4-5 "); qtest_start(cli); - s = hmp_info_numa(); + s = hmp("info numa"); g_assert(strstr(s, "node 0 cpus: 0 1 2 3 6 7")); g_assert(strstr(s, "node 1 cpus: 4 5")); g_free(s); diff --git a/tests/test-hmp.c b/tests/test-hmp.c index d124e81850..5677fbf775 100644 --- a/tests/test-hmp.c +++ b/tests/test-hmp.c @@ -81,7 +81,7 @@ static void test_commands(void) if (verbose) { fprintf(stderr, "\t%s\n", hmp_cmds[i]); } - response = hmp(hmp_cmds[i]); + response = hmp("%s", hmp_cmds[i]); g_free(response); } @@ -104,7 +104,7 @@ static void test_info_commands(void) if (verbose) { fprintf(stderr, "\t%s\n", info); } - resp = hmp(info); + resp = hmp("%s", info); g_free(resp); /* And move forward to the next line */ info = strchr(endp + 1, '\n'); @@ -138,8 +138,7 @@ static void add_machine_test_case(const char *mname) char *path; /* Ignore blacklisted machines that have known problems */ - if (!strcmp("puv3", mname) || !strcmp("tricore_testboard", mname) || - !strcmp("xenfv", mname) || !strcmp("xenpv", mname)) { + if (!strcmp("xenfv", mname) || !strcmp("xenpv", mname)) { return; } diff --git a/tests/test-qga.c b/tests/test-qga.c index 06783e7585..fd6bc7690f 100644 --- a/tests/test-qga.c +++ b/tests/test-qga.c @@ -642,65 +642,6 @@ static void test_qga_get_time(gconstpointer fix) QDECREF(ret); } -static void test_qga_set_time(gconstpointer fix) -{ - const TestFixture *fixture = fix; - QDict *ret; - int64_t current, time; - gchar *cmd; - - /* get current time */ - ret = qmp_fd(fixture->fd, "{'execute': 'guest-get-time'}"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - current = qdict_get_int(ret, "return"); - g_assert_cmpint(current, >, 0); - QDECREF(ret); - - /* set some old time */ - ret = qmp_fd(fixture->fd, "{'execute': 'guest-set-time'," - " 'arguments': { 'time': 1000 } }"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - QDECREF(ret); - - /* check old time */ - ret = qmp_fd(fixture->fd, "{'execute': 'guest-get-time'}"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - time = qdict_get_int(ret, "return"); - g_assert_cmpint(time / 1000, <, G_USEC_PER_SEC * 10); - QDECREF(ret); - - /* set back current time */ - cmd = g_strdup_printf("{'execute': 'guest-set-time'," - " 'arguments': { 'time': %" PRId64 " } }", - current + time * 1000); - ret = qmp_fd(fixture->fd, cmd); - g_free(cmd); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - QDECREF(ret); -} - -static void test_qga_fstrim(gconstpointer fix) -{ - const TestFixture *fixture = fix; - QDict *ret; - QList *list; - const QListEntry *entry; - - ret = qmp_fd(fixture->fd, "{'execute': 'guest-fstrim'," - " arguments: { minimum: 4194304 } }"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - list = qdict_get_qlist(ret, "return"); - entry = qlist_first(list); - g_assert(qdict_haskey(qobject_to_qdict(entry->value), "paths")); - - QDECREF(ret); -} - static void test_qga_blacklist(gconstpointer data) { TestFixture fix; @@ -831,30 +772,6 @@ static void test_qga_fsfreeze_status(gconstpointer fix) QDECREF(ret); } -static void test_qga_fsfreeze_and_thaw(gconstpointer fix) -{ - const TestFixture *fixture = fix; - QDict *ret; - const gchar *status; - - ret = qmp_fd(fixture->fd, "{'execute': 'guest-fsfreeze-freeze'}"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - QDECREF(ret); - - ret = qmp_fd(fixture->fd, "{'execute': 'guest-fsfreeze-status'}"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - status = qdict_get_try_str(ret, "return"); - g_assert_cmpstr(status, ==, "frozen"); - QDECREF(ret); - - ret = qmp_fd(fixture->fd, "{'execute': 'guest-fsfreeze-thaw'}"); - g_assert_nonnull(ret); - qmp_assert_no_error(ret); - QDECREF(ret); -} - static void test_qga_guest_exec(gconstpointer fix) { const TestFixture *fixture = fix; @@ -1029,13 +946,6 @@ int main(int argc, char **argv) g_test_add_data_func("/qga/guest-get-osinfo", &fix, test_qga_guest_get_osinfo); - if (g_getenv("QGA_TEST_SIDE_EFFECTING")) { - g_test_add_data_func("/qga/fsfreeze-and-thaw", &fix, - test_qga_fsfreeze_and_thaw); - g_test_add_data_func("/qga/set-time", &fix, test_qga_set_time); - g_test_add_data_func("/qga/fstrim", &fix, test_qga_fstrim); - } - ret = g_test_run(); fixture_tear_down(&fix, NULL); diff --git a/tests/usb-hcd-uhci-test.c b/tests/usb-hcd-uhci-test.c index 5b500fedb0..62e0c7829d 100644 --- a/tests/usb-hcd-uhci-test.c +++ b/tests/usb-hcd-uhci-test.c @@ -48,31 +48,9 @@ static void test_uhci_hotplug(void) static void test_usb_storage_hotplug(void) { - QDict *response; + qtest_qmp_device_add("usb-storage", "usbdev0", "'drive': 'drive0'"); - response = qmp("{'execute': 'device_add'," - " 'arguments': {" - " 'driver': 'usb-storage'," - " 'drive': 'drive0'," - " 'id': 'usbdev0'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp("{'execute': 'device_del'," - " 'arguments': {" - " 'id': 'usbdev0'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp(""); - g_assert(response); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); + qtest_qmp_device_del("usbdev0"); } int main(int argc, char **argv) diff --git a/tests/usb-hcd-xhci-test.c b/tests/usb-hcd-xhci-test.c index 031764da6d..9c14e3053a 100644 --- a/tests/usb-hcd-xhci-test.c +++ b/tests/usb-hcd-xhci-test.c @@ -23,59 +23,16 @@ static void test_xhci_hotplug(void) static void test_usb_uas_hotplug(void) { - QDict *response; - - response = qmp("{'execute': 'device_add'," - " 'arguments': {" - " 'driver': 'usb-uas'," - " 'id': 'uas'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp("{'execute': 'device_add'," - " 'arguments': {" - " 'driver': 'scsi-hd'," - " 'drive': 'drive0'," - " 'id': 'scsi-hd'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); + qtest_qmp_device_add("usb-uas", "uas", NULL); + qtest_qmp_device_add("scsi-hd", "scsihd", "'drive': 'drive0'"); /* TODO: UAS HBA driver in libqos, to check that added disk is visible after BUS rescan */ - response = qmp("{'execute': 'device_del'," - " 'arguments': {" - " 'id': 'scsi-hd'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp(""); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); - - - response = qmp("{'execute': 'device_del'," - " 'arguments': {" - " 'id': 'uas'" - "}}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp(""); - g_assert(response); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); + qtest_qmp_device_del("scsihd"); + qtest_qmp_device_del("uas"); } int main(int argc, char **argv) diff --git a/tests/virtio-scsi-test.c b/tests/virtio-scsi-test.c index 87a3b6e81a..d1485128bd 100644 --- a/tests/virtio-scsi-test.c +++ b/tests/virtio-scsi-test.c @@ -192,32 +192,12 @@ static void pci_nop(void) static void hotplug(void) { - QDict *response; QOSState *qs; qs = qvirtio_scsi_start( "-drive id=drv1,if=none,file=null-co://,format=raw"); - response = qmp("{\"execute\": \"device_add\"," - " \"arguments\": {" - " \"driver\": \"scsi-hd\"," - " \"id\": \"scsi-hd\"," - " \"drive\": \"drv1\"" - "}}"); - - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp("{\"execute\": \"device_del\"," - " \"arguments\": {" - " \"id\": \"scsi-hd\"" - "}}"); - - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); + qtest_qmp_device_add("scsi-hd", "scsihd", "'drive': 'drv1'"); + qtest_qmp_device_del("scsihd"); qvirtio_scsi_stop(qs); } diff --git a/tests/virtio-serial-test.c b/tests/virtio-serial-test.c index b14d943ada..7d1517dee3 100644 --- a/tests/virtio-serial-test.c +++ b/tests/virtio-serial-test.c @@ -17,28 +17,9 @@ static void pci_nop(void) static void hotplug(void) { - QDict *response; - - response = qmp("{\"execute\": \"device_add\"," - " \"arguments\": {" - " \"driver\": \"virtserialport\"," - " \"id\": \"hp-port\"" - "}}"); - - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - QDECREF(response); - - response = qmp("{\"execute\": \"device_del\"," - " \"arguments\": {" - " \"id\": \"hp-port\"" - "}}"); - - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - g_assert(qdict_haskey(response, "event")); - g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED")); - QDECREF(response); + qtest_qmp_device_add("virtserialport", "hp-port", NULL); + + qtest_qmp_device_del("hp-port"); } int main(int argc, char **argv) diff --git a/vl.c b/vl.c index fb1f05b937..9e62e92aea 100644 --- a/vl.c +++ b/vl.c @@ -29,6 +29,7 @@ #ifdef CONFIG_SECCOMP #include "sysemu/seccomp.h" +#include "sys/prctl.h" #endif #if defined(CONFIG_VDE) @@ -271,6 +272,22 @@ static QemuOptsList qemu_sandbox_opts = { .name = "enable", .type = QEMU_OPT_BOOL, }, + { + .name = "obsolete", + .type = QEMU_OPT_STRING, + }, + { + .name = "elevateprivileges", + .type = QEMU_OPT_STRING, + }, + { + .name = "spawn", + .type = QEMU_OPT_STRING, + }, + { + .name = "resourcecontrol", + .type = QEMU_OPT_STRING, + }, { /* end of list */ } }, }; @@ -1032,10 +1049,73 @@ static int bt_parse(const char *opt) static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) { - /* FIXME: change this to true for 1.3 */ if (qemu_opt_get_bool(opts, "enable", false)) { #ifdef CONFIG_SECCOMP - if (seccomp_start() < 0) { + uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT + | QEMU_SECCOMP_SET_OBSOLETE; + const char *value = NULL; + + value = qemu_opt_get(opts, "obsolete"); + if (value) { + if (g_str_equal(value, "allow")) { + seccomp_opts &= ~QEMU_SECCOMP_SET_OBSOLETE; + } else if (g_str_equal(value, "deny")) { + /* this is the default option, this if is here + * to provide a little bit of consistency for + * the command line */ + } else { + error_report("invalid argument for obsolete"); + return -1; + } + } + + value = qemu_opt_get(opts, "elevateprivileges"); + if (value) { + if (g_str_equal(value, "deny")) { + seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED; + } else if (g_str_equal(value, "children")) { + seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED; + + /* calling prctl directly because we're + * not sure if host has CAP_SYS_ADMIN set*/ + if (prctl(PR_SET_NO_NEW_PRIVS, 1)) { + error_report("failed to set no_new_privs " + "aborting"); + return -1; + } + } else if (g_str_equal(value, "allow")) { + /* default value */ + } else { + error_report("invalid argument for elevateprivileges"); + return -1; + } + } + + value = qemu_opt_get(opts, "spawn"); + if (value) { + if (g_str_equal(value, "deny")) { + seccomp_opts |= QEMU_SECCOMP_SET_SPAWN; + } else if (g_str_equal(value, "allow")) { + /* default value */ + } else { + error_report("invalid argument for spawn"); + return -1; + } + } + + value = qemu_opt_get(opts, "resourcecontrol"); + if (value) { + if (g_str_equal(value, "deny")) { + seccomp_opts |= QEMU_SECCOMP_SET_RESOURCECTL; + } else if (g_str_equal(value, "allow")) { + /* default value */ + } else { + error_report("invalid argument for resourcecontrol"); + return -1; + } + } + + if (seccomp_start(seccomp_opts) < 0) { error_report("failed to install seccomp syscall filter " "in the kernel"); return -1; |