RISC-V PR for 6.0
This PR is a collection of RISC-V patches:
- Improvements to SiFive U OTP
- Upgrade OpenSBI to v0.9
- Support the QMP dump-guest-memory
- Add support for the SiFive SPI controller (sifive_u)
- Initial RISC-V system documentation
- A fix for the Goldfish RTC
- MAINTAINERS updates
- Support for high PCIe memory in the virt machine
# gpg: Signature made Thu 04 Mar 2021 14:44:31 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20210304:
hw/riscv: virt: Map high mmio for PCIe
hw/riscv: virt: Limit RAM size in a 32-bit system
hw/riscv: virt: Drop the 'link_up' parameter of gpex_pcie_init()
hw/riscv: Drop 'struct MemmapEntry'
MAINTAINERS: Add a SiFive machine section
goldfish_rtc: re-arm the alarm after migration
docs/system: riscv: Add documentation for sifive_u machine
docs/system: Add RISC-V documentation
docs/system: Sort targets in alphabetical order
hw/riscv: sifive_u: Change SIFIVE_U_GEM_IRQ to decimal value
hw/riscv: sifive_u: Add QSPI2 controller and connect an SD card
hw/riscv: sifive_u: Add QSPI0 controller and connect a flash
hw/ssi: Add SiFive SPI controller support
hw/block: m25p80: Add various ISSI flash information
hw/block: m25p80: Add ISSI SPI flash support
target-riscv: support QMP dump-guest-memory
roms/opensbi: Upgrade from v0.8 to v0.9
hw/misc: sifive_u_otp: Use error_report() when block operation fails
target/riscv: Declare csr_ops[] with a known size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This adds detailed documentation for RISC-V `sifive_u` machine,
including the following information:
- Supported devices
- Hardware configuration information
- Boot options
- Machine-specific options
- Running Linux kernel
- Running VxWorks kernel
- Running U-Boot, and with an alternate configuration
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Message-id: 20210126060007.12904-10-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
On Linux, the 'security.capability' xattr holds a set of
capabilities that can change when an executable is run, giving
a limited form of privilege escalation to those programs that
the writer of the file deemed worthy.
Any write causes the 'security.capability' xattr to be dropped,
stopping anyone from gaining privilege by modifying a blessed
file.
Fuse relies on the daemon to do this dropping, and in turn the
daemon relies on the host kernel to drop the xattr for it. However,
with the addition of -o xattrmap, the xattr that the guest
stores its capabilities in is now not the same as the one that
the host kernel automatically clears.
Where the mapping changes 'security.capability', explicitly clear
the remapped name to preserve the same behaviour.
This bug is assigned CVE-2021-20263.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
This has the following visible changes:
- GBM is required only for OpenGL dma-buf.
- X11 is explicitly required by gtk-egl.
- EGL is now mandatory for the OpenGL displays.
The last one needs some detailed description. Before this change,
EGL was tested only for OpenGL dma-buf with the check of
EGL_MESA_image_dma_buf_export. However, all of the OpenGL
displays depend on EGL and EGL_MESA_image_dma_buf_export is always
defined by epoxy's EGL interface.
Therefore, it makes more sense to always check the presence of EGL
and say the OpenGL displays are available along with OpenGL dma-buf
if it is present.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210223060307.87736-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* fix --enable-fuzzing linker failures (Alexander)
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)
# gpg: Signature made Thu 25 Feb 2021 14:41:56 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (29 commits)
tcg/i386: rdpmc: fix the the condtions
chardev: do not use short form boolean options in non-QemuOpts character device descriptions
vl: deprecate -writeconfig
target/i386: Add bus lock debug exception support
qom/object.c: Fix typo
target/i386: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -vnc
docs: update to show preferred boolean syntax for -chardev
qemu-options: update to show preferred boolean syntax for -vnc
qemu-options: update to show preferred boolean syntax for -incoming
qemu-options: update to show preferred boolean syntax for -netdev
qemu-options: update to show preferred boolean syntax for -spice
qemu-options: update to show preferred boolean syntax for -chardev
gdbstub: use preferred boolean option syntax
char: don't fail when client is not connected
scsi: drop 'result' argument from command_complete callback
scsi-disk: pass guest recoverable errors through even for rerror=stop
scsi-disk: pass SCSI status to scsi_handle_rw_error
scsi: introduce scsi_sense_from_errno()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The functionality of -writeconfig is limited and the code
does not even try to detect cases where it prints incorrect
syntax (for example if values have a quote in them, since
qemu_config_parse does not support any kind of escaping)
so remove it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There is no particular reason to keep this on it's own in the root of
the tree. Move it into the rest of the fine developer manual and fixup
any links to it. The only tweak I've made is to fix the code-block
annotations to mention the language C.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Message-Id: <20210223095931.16908-1-alex.bennee@linaro.org>
This section has grown a little stale so clean-up the language and
examples for current usage:
- refer to containers at the top
- mention podman can also be used
- add podman prerequisites section
- move to using "docker-help" for online help
- mention the registry and it's purpose
- don't refer to out-of-date min-glib image
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210222101455.12640-6-alex.bennee@linaro.org>
This is a plugin intended to help with profiling access to various
bits of system hardware. It only really makes sense for system
emulation.
It takes advantage of the recently exposed helper API that allows us
to see the device name (memory region name) associated with a device.
You can specify arg=read or arg=write to limit the tracking to just
reads or writes (by default it does both).
The pattern option:
-plugin ./tests/plugin/libhwprofile.so,arg=pattern
will allow you to see the access pattern to devices, eg:
gic_cpu @ 0xffffffc010040000
off:00000000, 8, 1, 8, 1
off:00000000, 4, 1, 4, 1
off:00000000, 2, 1, 2, 1
off:00000000, 1, 1, 1, 1
The source option:
-plugin ./tests/plugin/libhwprofile.so,arg=source
will track the virtual source address of the instruction making the
access:
pl011 @ 0xffffffc010031000
pc:ffffffc0104c785c, 1, 4, 0, 0
pc:ffffffc0104c7898, 1, 4, 0, 0
pc:ffffffc010512bcc, 2, 1867, 0, 0
You cannot mix source and pattern.
Finally the match option allow you to limit the tracking to just the
devices you care about.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Robert Foley <robert.foley@linaro.org>
Reviewed-by: Robert Foley <robert.foley@linaro.org>
Message-Id: <20210213130325.14781-4-alex.bennee@linaro.org>
This commit implements the single-byte mode of the SMBus.
Each Nuvoton SoC has 16 System Management Bus (SMBus). These buses
compliant with SMBus and I2C protocol.
This patch implements the single-byte mode of the SMBus. In this mode,
the user sends or receives a byte each time. The SMBus device transmits
it to the underlying i2c device and sends an interrupt back to the QEMU
guest.
Reviewed-by: Doug Evans<dje@google.com>
Reviewed-by: Tyrong Ting<kfting@nuvoton.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Corey Minyard <cminyard@mvista.com>
Message-id: 20210210220426.3577804-2-wuhaotsh@google.com
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In commit e2bbc4eaa7 we changed the QAPI modules to name the built-in
module "./builtin" rather than None, but forgot to update the Sphinx
plugin. The effect of this was that when the plugin generated a dependency
file it was including a bogus dependency on a non-existent file named
"builtin", which meant that ninja would run Sphinx and rebuild all
the documentation every time even if nothing had changed.
Update the plugin to use the new name of the builtin module.
Fixes: e2bbc4eaa7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Message-id: 20210212161311.28915-1-peter.maydell@linaro.org
The 'Quick Start' section of the userspace emulator documentation is
very old and outdated. In particular:
- it suggests running x86-on-x86 emulation, which is the least
interesting possible use case
- it recommends that users download tarballs of guest binaries
from the QEMU web page which we no longer provide there
There's nothing salvageable here; delete it all.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20201122000131.18487-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Original specification says that l1 table size if 64 * l1_size, which
is obviously wrong. The size of the l1 entry is 64 _bits_, not bytes.
Thus 64 is to be replaces with 8 as specification says about bytes.
There is also minor tweak, field name is renamed from l1 to l1_table,
which matches with the later text.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20210128171313.2210947-1-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
[Replace the original commit message "docs: fix mistake in dirty bitmap
feature description" as suggested by Eric Blake.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Integration testing patches
Tests added:
- Armbian 20.08 on Orange Pi PC (Philippe)
- MPC8544ds machine (Thomas)
- Virtex-ml507 ppc machine (Thomas)
- Re-enable the microblaze test (Thomas)
Various fixes and documentation improvements from Cleber.
# gpg: Signature made Mon 08 Feb 2021 20:19:12 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/integration-testing-20210208:
Acceptance Tests: remove unnecessary tag from documentation example
Acceptance tests: clarify ssh connection failure reason
tests/acceptance/virtiofs_submounts: required space between IP and port
tests/acceptance/virtiofs_submounts: standardize port as integer
tests/acceptance/virtiofs_submounts: use a virtio-net device instead
tests/acceptance/virtiofs_submounts: do not ask for ssh key password
tests/acceptance/virtiofs_submounts: use workdir property
tests/acceptance/boot_linux: rename misleading cloudinit method
tests/acceptance/boot_linux: fix typo on cloudinit error message
tests/acceptance: Re-enable the microblaze test
tests/acceptance: Add a test for the virtex-ml507 ppc machine
tests/acceptance: Test the mpc8544ds machine
tests/acceptance: Move the pseries test to a separate file
tests/acceptance: Test U-Boot/Linux from Armbian 20.08 on Orange Pi PC
tests/acceptance: Extract do_test_arm_orangepi_armbian_uboot() method
tests/acceptance: Introduce tesseract_ocr() helper
tests/acceptance: Extract tesseract_available() helper in new namespace
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Meson's "static" argument to cc.find_library is a tri-state. By default
Meson *prefers* a shared library, which basically means using -l to
look for it; instead, "static: false" *requires* a shared library. Of
course, "static: true" requires a static library, which is all good
for --enable-static builds.
For --disable-static, "static: false" is rarely desirable; it does not
match what the configure script used to do and the test is more complex
(and harder to debug if it fails, which was reported by Peter Lieven
for librbd).
Reported-by: Peter Lieven <pl@kamp.de>
Tested-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Testing, gdbstub and doc tweaks:
- increase timeout on replay kernel acceptance test
- fixes for binfmt_misc docker images
- better gdb version detection
- don't silently skip gdb tests
- fix for gdbstub auxv handling
- cleaner handling of check-tcg on tcg disabled builds
- expand vexpress/versitile docs with examples
# gpg: Signature made Mon 08 Feb 2021 11:12:03 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-testing-gdbstub-docs-080221-1:
docs/system: document an example booting the versatilepb machine
docs/system: document an example vexpress-a15 invocation
tests/Makefile.include: don't use TARGET_DIRS for check-tcg
scripts/mtest2make.py: export all-%s-targets variable and use it
tests/tcg: Replace /bin/true by true (required on macOS)
gdbstub: Fix handle_query_xfer_auxv
tests/tcg: don't silently skip the gdb tests
configure: bump the minimum gdb version for check-tcg to 9.1
configure: make version_ge more tolerant of shady version input
tests/docker: add a docker-exec-copy-test
tests/docker: alias docker-help target for consistency
tests/docker: preserve original name when copying libs
tests/docker: make _copy_with_mkdir accept missing files
tests/docker: Fix typo in help message
tests/docker: Fix _get_so_libs() for docker-binfmt-image
tests/acceptance: Increase the timeout in the replay tests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The wiki and the web are curiously absent of the right runes to boot a
vexpress model so I had to work from first principles to work it out.
Use the more modern -drive notation so alternative backends can be
used (unlike the hardwired -sd mode).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Message-Id: <20210202134001.25738-15-alex.bennee@linaro.org>
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.
This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option. s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).
To integrate this with the option used by other platforms, we
implement the following compromise:
- When the confidential-guest-support option is set, s390 will
recognize it, verify that the CPU can support PV (failing if not)
and set virtio default options necessary for encrypted or protected
guests, as on other platforms. i.e. if confidential-guest-support
is set, we will either create a guest capable of entering PV mode,
or fail outright.
- If confidential-guest-support is not set, guests might still be
able to enter PV mode, if the CPU has the right model. This may be
a little surprising, but shouldn't actually be harmful.
To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
-object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Some upcoming POWER machines have a system called PEF (Protected
Execution Facility) which uses a small ultravisor to allow guests to
run in a way that they can't be eavesdropped by the hypervisor. The
effect is roughly similar to AMD SEV, although the mechanisms are
quite different.
Most of the work of this is done between the guest, KVM and the
ultravisor, with little need for involvement by qemu. However qemu
does need to tell KVM to allow secure VMs.
Because the availability of secure mode is a guest visible difference
which depends on having the right hardware and firmware, we don't
enable this by default. In order to run a secure guest you need to
create a "pef-guest" object and set the confidential-guest-support
property to point to it.
Note that this just *allows* secure guests, the architecture of PEF is
such that the guest still needs to talk to the ultravisor to enter
secure mode. Qemu has no direct way of knowing if the guest is in
secure mode, and certainly can't know until well after machine
creation time.
To start a PEF-capable guest, use the command line options:
-object pef-guest,id=pef0 -machine confidential-guest-support=pef0
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Now that we've implemented a generic machine option for configuring various
confidential guest support mechanisms:
1. Update docs/amd-memory-encryption.txt to reference this rather than
the earlier SEV specific option
2. Add a docs/confidential-guest-support.txt to cover the generalities of
the confidential guest support scheme
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
The documentation still refers to the makefile and the old sub-directory
layout. Meson works differently: tracetool output is placed into the
builddir with mangled filenames like <builddir>/trace/trace-accel_kvm.h
for the accel/kvm/ trace.h definition.
This meson setup also requires a manually-created accel/kvm/trace.h file
that #includes the <builddir>/trace/trace-accel_kvm.h file. Document
this!
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20210112165859.225534-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
