[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 09bbdb: hw/intc/arm_gic: Allow to use QTest w
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 09bbdb: hw/intc/arm_gic: Allow to use QTest without crashing |
|
Date: |
Wed, 03 Feb 2021 05:01:18 -0800 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 09bbdb89bc25660044c946137ec7ccb0d1fcee32
https://github.com/qemu/qemu/commit/09bbdb89bc25660044c946137ec7ccb0d1fcee32
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/intc/arm_gic.c
Log Message:
-----------
hw/intc/arm_gic: Allow to use QTest without crashing
Alexander reported an issue in gic_get_current_cpu() using the
fuzzer. Yet another "deref current_cpu with QTest" bug, reproducible
doing:
$ echo readb 0xf03ff000 | qemu-system-arm -M npcm750-evb,accel=qtest -qtest
stdio
[I 1611849440.651452] OPENED
[R +0.242498] readb 0xf03ff000
hw/intc/arm_gic.c:63:29: runtime error: member access within null pointer of
type 'CPUState' (aka 'struct CPUState')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
hw/intc/arm_gic.c:63:29 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3719691==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000082a0
(pc 0x5618790ac882 bp 0x7ffca946f4f0 sp 0x7ffca946f4a0 T0)
==3719691==The signal is caused by a READ memory access.
#0 0x5618790ac882 in gic_get_current_cpu hw/intc/arm_gic.c:63:29
#1 0x5618790a8901 in gic_dist_readb hw/intc/arm_gic.c:955:11
#2 0x5618790a7489 in gic_dist_read hw/intc/arm_gic.c:1158:17
#3 0x56187adc573b in memory_region_read_with_attrs_accessor
softmmu/memory.c:464:9
#4 0x56187ad7903a in access_with_adjusted_size softmmu/memory.c:552:18
#5 0x56187ad766d6 in memory_region_dispatch_read1 softmmu/memory.c:1426:16
#6 0x56187ad758a8 in memory_region_dispatch_read softmmu/memory.c:1449:9
#7 0x56187b09e84c in flatview_read_continue softmmu/physmem.c:2822:23
#8 0x56187b0a0115 in flatview_read softmmu/physmem.c:2862:12
#9 0x56187b09fc9e in address_space_read_full softmmu/physmem.c:2875:18
#10 0x56187aa88633 in address_space_read include/exec/memory.h:2489:18
#11 0x56187aa88633 in qtest_process_command softmmu/qtest.c:558:13
#12 0x56187aa81881 in qtest_process_inbuf softmmu/qtest.c:797:9
#13 0x56187aa80e02 in qtest_read softmmu/qtest.c:809:5
current_cpu is NULL because QTest accelerator does not use CPU.
Fix by skipping the check and returning the first CPU index when
QTest accelerator is used, similarly to commit c781a2cc423
("hw/i386/vmport: Allow QTest use without crashing").
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-id: 20210128161417.3726358-1-philmd@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 40b4c2ae90e4f864a1015ff748a4af00518ff0c0
https://github.com/qemu/qemu/commit/40b4c2ae90e4f864a1015ff748a4af00518ff0c0
Author: Iris Johnson <iris@modwiz.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/char/exynos4210_uart.c
Log Message:
-----------
hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
Currently the Exynos 4210 UART code always reports available FIFO space
when the backend checks for buffer space. When the FIFO is disabled this
is behavior causes the backend chardev code to replace the data before the
guest can read it.
This patch changes adds the logic to report the capacity properly when the
FIFO is not being used.
Buglink: https://bugs.launchpad.net/qemu/+bug/1913344
Signed-off-by: Iris Johnson <iris@modwiz.com>
Message-id: 20210128033655.1029577-1-iris@modwiz.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: f2c0fb93a44972a96f93510311c93ff4c2c6fab5
https://github.com/qemu/qemu/commit/f2c0fb93a44972a96f93510311c93ff4c2c6fab5
Author: Iris Johnson <iris@modwiz.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/char/exynos4210_uart.c
Log Message:
-----------
hw/char/exynos4210_uart: Fix missing call to report ready for input
When the frontend device has no space for a read the fd is removed
from polling to allow time for the guest to read and clear the buffer.
Without the call to qemu_chr_fe_accept_input(), the poll will not be
broken out of when the guest has cleared the buffer causing significant
IO delays that get worse with smaller buffers.
Buglink: https://bugs.launchpad.net/qemu/+bug/1913341
Signed-off-by: Iris Johnson <iris@modwiz.com>
Message-id: 20210130184016.1787097-1-iris@modwiz.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: dcda883cd21125c699419a3fc0fe182ea989d9c4
https://github.com/qemu/qemu/commit/dcda883cd21125c699419a3fc0fe182ea989d9c4
Author: Zenghui Yu <yuzenghui@huawei.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/arm/smmuv3.c
Log Message:
-----------
hw/arm/smmuv3: Fix addr_mask for range-based invalidation
When handling guest range-based IOTLB invalidation, we should decode the TG
field into the corresponding translation granule size so that we can pass
the correct invalidation range to backend. Set @granule to (tg * 2 + 10) to
properly emulate the architecture.
Fixes: d52915616c05 ("hw/arm/smmuv3: Get prepared for range invalidation")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210130043220.1345-1-yuzenghui@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 1da79ecc7a299a6f3633876c8e49e5418ae37fcf
https://github.com/qemu/qemu/commit/1da79ecc7a299a6f3633876c8e49e5418ae37fcf
Author: Bin Meng <bin.meng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
M include/hw/ssi/imx_spi.h
Log Message:
-----------
hw/ssi: imx_spi: Use a macro for number of chip selects supported
Avoid using a magic number (4) everywhere for the number of chip
selects supported.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 20210129132323.30946-2-bmeng.cn@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 3c9829e57468f3a53078aa2e10d35afde3208b36
https://github.com/qemu/qemu/commit/3c9829e57468f3a53078aa2e10d35afde3208b36
Author: Bin Meng <bin.meng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Remove imx_spi_update_irq() in imx_spi_reset()
Usually the approach is that the device on the other end of the line
is going to reset its state anyway, so there's no need to actively
signal an irq line change during the reset hook.
Move imx_spi_update_irq() out of imx_spi_reset(), to a new function
imx_spi_soft_reset() that is called when the controller is disabled.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210129132323.30946-3-bmeng.cn@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 9c431a43a62255402a6bbe9a01b0464e73b30fe4
https://github.com/qemu/qemu/commit/9c431a43a62255402a6bbe9a01b0464e73b30fe4
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Remove pointless variable initialization
'burst_length' is cleared in imx_spi_reset(), which is called
after imx_spi_realize(). Remove the initialization to simplify.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-id: 20210129132323.30946-4-bmeng.cn@gmail.com
Message-Id: <20210115153049.3353008-3-f4bug@amsat.org>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 93722b6f6a6ef0ab0544f20440a2f6b951103dcb
https://github.com/qemu/qemu/commit/93722b6f6a6ef0ab0544f20440a2f6b951103dcb
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Rework imx_spi_reset() to keep CONREG register value
When the block is disabled, all registers are reset with the
exception of the ECSPI_CONREG. It is initialized to zero
when the instance is created.
Ref: i.MX 6DQ Applications Processor Reference Manual (IMX6DQRM),
chapter 21.7.3: Control Register (ECSPIx_CONREG)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210129132323.30946-5-bmeng.cn@gmail.com
[bmeng: add a 'common_reset' function that does most of reset operation]
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 7c87bb5333f0fdb17fee7e52acff1d915a68857e
https://github.com/qemu/qemu/commit/7c87bb5333f0fdb17fee7e52acff1d915a68857e
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Rework imx_spi_read() to handle block disabled
When the block is disabled, it stay it is 'internal reset logic'
(internal clocks are gated off). Reading any register returns
its reset value. Only update this value if the device is enabled.
Ref: i.MX 6DQ Applications Processor Reference Manual (IMX6DQRM),
chapter 21.7.3: Control Register (ECSPIx_CONREG)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-id: 20210129132323.30946-6-bmeng.cn@gmail.com
Message-Id: <20210115153049.3353008-5-f4bug@amsat.org>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: fb116b5456c818ae7c3b788adcbc05dfa416c90c
https://github.com/qemu/qemu/commit/fb116b5456c818ae7c3b788adcbc05dfa416c90c
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Rework imx_spi_write() to handle block disabled
When the block is disabled, only the ECSPI_CONREG register can
be modified. Setting the EN bit enabled the device, clearing it
"disables the block and resets the internal logic with the
exception of the ECSPI_CONREG" register.
Ignore all other registers write except ECSPI_CONREG when the
block is disabled.
Ref: i.MX 6DQ Applications Processor Reference Manual (IMX6DQRM),
chapter 21.7.3: Control Register (ECSPIx_CONREG)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210129132323.30946-7-bmeng.cn@gmail.com
Message-Id: <20210115153049.3353008-6-f4bug@amsat.org>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 50dc25932eb31fca15104968e596b7035ce9ece1
https://github.com/qemu/qemu/commit/50dc25932eb31fca15104968e596b7035ce9ece1
Author: Xuzhou Cheng <xuzhou.cheng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Disable chip selects when controller is disabled
When a write to ECSPI_CONREG register to disable the SPI controller,
imx_spi_soft_reset() is called to reset the controller, but chip
select lines should have been disabled, otherwise the state machine
of any devices (e.g.: SPI flashes) connected to the SPI master is
stuck to its last state and responds incorrectly to any follow-up
commands.
Fixes: c906a3a01582 ("i.MX: Add the Freescale SPI Controller")
Signed-off-by: Xuzhou Cheng <xuzhou.cheng@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210129132323.30946-8-bmeng.cn@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 24bf8ef3f5300943940fd054763f92808f8481a0
https://github.com/qemu/qemu/commit/24bf8ef3f5300943940fd054763f92808f8481a0
Author: Bin Meng <bin.meng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Round up the burst length to be multiple of 8
Current implementation of the imx spi controller expects the burst
length to be multiple of 8, which is the most common use case.
In case the burst length is not what we expect, log it to give user
a chance to notice it, and round it up to be multiple of 8.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-id: 20210129132323.30946-9-bmeng.cn@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 6ed924823c87999191776a2bd9a56efd3d83a387
https://github.com/qemu/qemu/commit/6ed924823c87999191776a2bd9a56efd3d83a387
Author: Bin Meng <bin.meng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Correct the burst length > 32 bit transfer logic
For the ECSPIx_CONREG register BURST_LENGTH field, the manual says:
0x020 A SPI burst contains the 1 LSB in first word and all 32 bits in second
word.
0x021 A SPI burst contains the 2 LSB in first word and all 32 bits in second
word.
Current logic uses either s->burst_length or 32, whichever smaller,
to determine how many bits it should read from the tx fifo each time.
For example, for a 48 bit burst length, current logic transfers the
first 32 bit from the first word in the tx fifo, followed by a 16
bit from the second word in the tx fifo, which is wrong. The correct
logic should be: transfer the first 16 bit from the first word in
the tx fifo, followed by a 32 bit from the second word in the tx fifo.
With this change, SPI flash can be successfully probed by U-Boot on
imx6 sabrelite board.
=> sf probe
SF: Detected sst25vf016b with page size 256 Bytes, erase size 4 KiB, total 2
MiB
Fixes: c906a3a01582 ("i.MX: Add the Freescale SPI Controller")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210129132323.30946-10-bmeng.cn@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 8c495d1379211554208c58be75736e3be5ad60e8
https://github.com/qemu/qemu/commit/8c495d1379211554208c58be75736e3be5ad60e8
Author: Bin Meng <bin.meng@windriver.com>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/ssi/imx_spi.c
Log Message:
-----------
hw/ssi: imx_spi: Correct tx and rx fifo endianness
The endianness of data exchange between tx and rx fifo is incorrect.
Earlier bytes are supposed to show up on MSB and later bytes on LSB,
ie: in big endian. The manual does not explicitly say this, but the
U-Boot and Linux driver codes have a swap on the data transferred
to tx fifo and from rx fifo.
With this change, U-Boot read from / write to SPI flash tests pass.
=> sf test 1ff000 1000
SPI flash test:
0 erase: 0 ticks, 4096000 KiB/s 32768.000 Mbps
1 check: 3 ticks, 1333 KiB/s 10.664 Mbps
2 write: 235 ticks, 17 KiB/s 0.136 Mbps
3 read: 2 ticks, 2000 KiB/s 16.000 Mbps
Test passed
0 erase: 0 ticks, 4096000 KiB/s 32768.000 Mbps
1 check: 3 ticks, 1333 KiB/s 10.664 Mbps
2 write: 235 ticks, 17 KiB/s 0.136 Mbps
3 read: 2 ticks, 2000 KiB/s 16.000 Mbps
Fixes: c906a3a01582 ("i.MX: Add the Freescale SPI Controller")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210129132323.30946-11-bmeng.cn@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a
https://github.com/qemu/qemu/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-02 (Tue, 02 Feb 2021)
Changed paths:
M hw/intc/arm_gic.c
Log Message:
-----------
hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
Per the ARM Generic Interrupt Controller Architecture specification
(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit,
not 10:
- 4.3 Distributor register descriptions
- 4.3.15 Software Generated Interrupt Register, GICD_SG
- Table 4-21 GICD_SGIR bit assignments
The Interrupt ID of the SGI to forward to the specified CPU
interfaces. The value of this field is the Interrupt ID, in
the range 0-15, for example a value of 0b0011 specifies
Interrupt ID 3.
Correct the irq mask to fix an undefined behavior (which eventually
lead to a heap-buffer-overflow, see [Buglink]):
$ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M
virt,accel=qtest -qtest stdio
[I 1612088147.116987] OPENED
[R +0.278293] writel 0x8000f00 0xff4affb0
../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type
'uint8_t [16][8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../hw/intc/arm_gic.c:1498:13
This fixes a security issue when running with KVM on Arm with
kernel-irqchip=off. (The default is kernel-irqchip=on, which is
unaffected, and which is also the correct choice for performance.)
Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20221
Fixes: 9ee6e8bb853 ("ARMv7 support.")
Buglink: https://bugs.launchpad.net/qemu/+bug/1913916
Buglink: https://bugs.launchpad.net/qemu/+bug/1913917
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210131103401.217160-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 9e39983e5daeedcf1d34a4d53dcf71b637886bf5
https://github.com/qemu/qemu/commit/9e39983e5daeedcf1d34a4d53dcf71b637886bf5
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/arm/Kconfig
Log Message:
-----------
hw/arm/stm32f405_soc: Add missing dependency on OR_IRQ
The STM32F405 SoC uses an OR gate on its ADC IRQs.
Fixes: 529fc5fd3e1 ("hw/arm: Add the STM32F4xx SoC")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210131184449.382425-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 5900c7a6d4ca1f968f51f3639ade56dba111455e
https://github.com/qemu/qemu/commit/5900c7a6d4ca1f968f51f3639ade56dba111455e
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/arm/Kconfig
Log Message:
-----------
hw/arm/exynos4210: Add missing dependency on OR_IRQ
The Exynos4210 SoC uses an OR gate on the PL330 IRQ lines.
Fixes: dab15fbe2ab ("hw/arm/exynos4210: Fix DMA initialization")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210131184449.382425-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 6bfaec73a116e88c28ea91b10bc2a472aefcf957
https://github.com/qemu/qemu/commit/6bfaec73a116e88c28ea91b10bc2a472aefcf957
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/arm/Kconfig
M hw/dma/Kconfig
M hw/dma/meson.build
Log Message:
-----------
hw/arm/xlnx-versal: Versal SoC requires ZDMA
The Versal SoC instantiates the TYPE_XLNX_ZDMA object in
versal_create_admas(). Introduce the XLNX_ZDMA configuration
and select it to fix:
$ qemu-system-aarch64 -M xlnx-versal-virt ...
qemu-system-aarch64: missing object type 'xlnx.zdma'
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210131184449.382425-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 1de3b490179bedb253e0cf0fac659212175e4530
https://github.com/qemu/qemu/commit/1de3b490179bedb253e0cf0fac659212175e4530
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/arm/Kconfig
Log Message:
-----------
hw/arm/xlnx-versal: Versal SoC requires ZynqMP peripherals
The Versal SoC instantiates the TYPE_XLNX_ZYNQMP_RTC object in
versal_create_rtc()(). Select CONFIG_XLNX_ZYNQMP to fix:
$ make check-qtest-aarch64
...
Running test qtest-aarch64/qom-test
qemu-system-aarch64: missing object type 'xlnx-zynmp.rtc'
Broken pipe
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210131184449.382425-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: e022f2a205b93f5c5203352c0482634b4ec705ea
https://github.com/qemu/qemu/commit/e022f2a205b93f5c5203352c0482634b4ec705ea
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/Kconfig
Log Message:
-----------
hw/net/can: ZynqMP CAN device requires PTIMER
Add a dependency XLNX_ZYNQMP -> PTIMER to fix:
/usr/bin/ld:
libcommon.fa.p/hw_net_can_xlnx-zynqmp-can.c.o: in function
`xlnx_zynqmp_can_realize':
hw/net/can/xlnx-zynqmp-can.c:1082: undefined reference to `ptimer_init'
hw/net/can/xlnx-zynqmp-can.c:1085: undefined reference to
`ptimer_transaction_begin'
hw/net/can/xlnx-zynqmp-can.c:1087: undefined reference to `ptimer_set_freq'
hw/net/can/xlnx-zynqmp-can.c:1088: undefined reference to `ptimer_set_limit'
hw/net/can/xlnx-zynqmp-can.c:1089: undefined reference to `ptimer_run'
hw/net/can/xlnx-zynqmp-can.c:1090: undefined reference to
`ptimer_transaction_commit'
libcommon.fa.p/hw_net_can_xlnx-zynqmp-can.c.o:(.data.rel+0x2c8): undefined
reference to `vmstate_ptimer'
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210131184449.382425-6-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: fd8f71b95da86f530aae3d02a14b0ccd9e024772
https://github.com/qemu/qemu/commit/fd8f71b95da86f530aae3d02a14b0ccd9e024772
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/arm/digic_boards.c
M hw/arm/microbit.c
M hw/arm/netduino2.c
M hw/arm/netduinoplus2.c
M hw/arm/orangepi.c
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm: Display CPU type in machine description
Most of ARM machines display their CPU when QEMU list the available
machines (-M help). Some machines do not. Fix to unify the help
output.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210131184449.382425-7-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 99ae0cd90d3e41b424582cf74bcf32498ca81bb9
https://github.com/qemu/qemu/commit/99ae0cd90d3e41b424582cf74bcf32498ca81bb9
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-02-03 (Wed, 03 Feb 2021)
Changed paths:
M hw/Kconfig
M hw/arm/Kconfig
M hw/arm/digic_boards.c
M hw/arm/microbit.c
M hw/arm/netduino2.c
M hw/arm/netduinoplus2.c
M hw/arm/orangepi.c
M hw/arm/smmuv3.c
M hw/arm/stellaris.c
M hw/char/exynos4210_uart.c
M hw/dma/Kconfig
M hw/dma/meson.build
M hw/intc/arm_gic.c
M hw/ssi/imx_spi.c
M include/hw/ssi/imx_spi.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210203'
into staging
target-arm queue:
* hw/intc/arm_gic: Allow to use QTest without crashing
* hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
* hw/char/exynos4210_uart: Fix missing call to report ready for input
* hw/arm/smmuv3: Fix addr_mask for range-based invalidation
* hw/ssi/imx_spi: Fix various minor bugs
* hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
* hw/arm: Add missing Kconfig dependencies
* hw/arm: Display CPU type in machine description
# gpg: Signature made Wed 03 Feb 2021 10:16:36 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
[ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20210203: (21 commits)
hw/arm: Display CPU type in machine description
hw/net/can: ZynqMP CAN device requires PTIMER
hw/arm/xlnx-versal: Versal SoC requires ZynqMP peripherals
hw/arm/xlnx-versal: Versal SoC requires ZDMA
hw/arm/exynos4210: Add missing dependency on OR_IRQ
hw/arm/stm32f405_soc: Add missing dependency on OR_IRQ
hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
hw/ssi: imx_spi: Correct tx and rx fifo endianness
hw/ssi: imx_spi: Correct the burst length > 32 bit transfer logic
hw/ssi: imx_spi: Round up the burst length to be multiple of 8
hw/ssi: imx_spi: Disable chip selects when controller is disabled
hw/ssi: imx_spi: Rework imx_spi_write() to handle block disabled
hw/ssi: imx_spi: Rework imx_spi_read() to handle block disabled
hw/ssi: imx_spi: Rework imx_spi_reset() to keep CONREG register value
hw/ssi: imx_spi: Remove pointless variable initialization
hw/ssi: imx_spi: Remove imx_spi_update_irq() in imx_spi_reset()
hw/ssi: imx_spi: Use a macro for number of chip selects supported
hw/arm/smmuv3: Fix addr_mask for range-based invalidation
hw/char/exynos4210_uart: Fix missing call to report ready for input
hw/char/exynos4210_uart: Fix buffer size reporting with FIFO disabled
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/8360ebeb4f4a...99ae0cd90d3e