Commit Graph

77135 Commits

Author SHA1 Message Date
Markus Armbruster
5217f1887a error: Use error_reportf_err() where appropriate
Replace

    error_report("...: %s", ..., error_get_pretty(err));

by

    error_reportf_err(err, "...: ", ...);

One of the replaced messages lacked a colon.  Add it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200505101908.6207-6-armbru@redhat.com>
2020-05-27 07:45:30 +02:00
Markus Armbruster
d01127584e tests/migration: Tighten error checking
migrate_get_socket_address() neglects to check
visit_type_SocketAddressList() failure.  This smells like a leak, but
it actually will crash dereferencing @addrs.  Pass &error_abort to
remove the code smell.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-5-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-27 07:45:25 +02:00
Markus Armbruster
5e959d2e6e s390x/cpumodel: Fix harmless misuse of visit_check_struct()
Commit e47970f51d "s390x/cpumodel: Fix query-cpu-model-FOO error API
violations" neglected to change visit_check_struct()'s Error **
argument along with the others.  If visit_check_struct() failed, we'd
take the success path.  Fortunately, it can't fail here:
qobject_input_check_struct() checks we consumed the whole dictionary,
and to get here, we did.  Fix it anyway.

Cc: David Hildenbrand <david@redhat.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200505101908.6207-4-armbru@redhat.com>
2020-05-27 07:45:25 +02:00
Markus Armbruster
56f9dde414 xen: Fix and improve handling of device_add usb-host errors
usbback_portid_add() leaks the error when qdev_device_add() fails.
Fix that.  While there, use the error to improve the error message.

The qemu_opts_from_qdict() similarly leaks on failure.  But any
failure there is a programming error.  Pass &error_abort.

Fixes: 816ac92ef7
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Paul Durrant <paul@xen.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: xen-devel@lists.xenproject.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-3-armbru@redhat.com>
Acked-by: Paul Durrant <paul@xen.org>
2020-05-27 07:45:17 +02:00
Markus Armbruster
75de4efa00 nvdimm: Plug memory leak in uuid property setter
nvdimm_set_uuid() leaks memory on qemu_uuid_parse() failure.  Fix
that.

Fixes: 6c5627bb24
Cc: Xiao Guangrong <xiaoguangrong.eric@gmail.com>
Cc: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200505101908.6207-2-armbru@redhat.com>
Tested-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Reviewed-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
2020-05-27 07:44:59 +02:00
Peter Maydell
ddc760832f - fix build with musl libc
- fix potential deadlock of QEMU main event loop (cannot be hit with linux
   client)
 - revert 9pfs reply truncation (LP 1877688)
 - xen backend waits for client to free space on the reply ring instead of
   truncating or disconnecting
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEtIKLr5QxQM7yo0kQcdTV5YIvc9YFAl7M4xcACgkQcdTV5YIv
 c9ZyjQ//X03vDTd3w7QgPT4ffJtNvEAjOhFkgVAxANz4qYpsB7sPReY4EIQSe3R2
 06z5CA1+ad6fI27+ogj1pNPdmMabkbVFl+8lS6aPk5mdZz3b/PHpcH5NfWjB3PLD
 Dm9EQIxqei0L3nbtro4Y3Rj2l4DFiv3q1hTkLjvGUxbljpOQUd4iNo9jIpasD5/h
 9TaZquHRcZc4EaQO5KzpyTfqFOYcApcXBm3tDVgKpeec5HbJKsszVUmXc6beKBHe
 Epvj3nTBs4hEEZCK2kzJqaJYaVAVyxn6AeGnXQzWAvIhtrrN6V1cGmPPHUV4i/pm
 Hgw75wD4Glzh62vNDHmpptt860T2d11FrljSUWgHVM2PG8+XAcNZqwppLOFKo2DZ
 yRCuBhvKCB6AiSe4l5mrduHAJatX14aK9+6DRscJEG/gKPcnKA3LlW5eMVLnZ+ue
 crxjTyPnPKiGRFdSa6Qg7tVO8Zg41r0QY7LeVByBDwN6sxRA4mbrfDIZhMTlLCX4
 xXueocG9TXSBNCEk4mOQFN6YsZ1oaSC90qw9txIfIsynlN1nugXrYQp4GetvdFgB
 Oj4rhHdwBX609kQRlBoaW0vex2dhgiRCsP1PYAXqYcKa+DnTKqn9fK2Ud6VBBkgM
 gH/0O/yNg7zVmjCqJpgn0F5kwNDxGwtSHM9Wzh+5vyAcjanhfQk=
 =XY8R
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-26' into staging

- fix build with musl libc
- fix potential deadlock of QEMU main event loop (cannot be hit with linux
  client)
- revert 9pfs reply truncation (LP 1877688)
- xen backend waits for client to free space on the reply ring instead of
  truncating or disconnecting

# gpg: Signature made Tue 26 May 2020 10:36:23 BST
# gpg:                using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>" [full]
# gpg:                 aka "Gregory Kurz <gregory.kurz@free.fr>" [full]
# gpg:                 aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3  4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/9p-next-2020-05-26:
  xen/9pfs: increase max ring order to 9
  xen/9pfs: yield when there isn't enough room on the ring
  Revert "9p: init_in_iov_from_pdu can truncate the size"
  9p: Lock directory streams with a CoMutex
  9pfs: include linux/limits.h for XATTR_SIZE_MAX

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-26 14:05:53 +01:00
Peter Maydell
8f72c75cfc audio: add JACK client audiodev.
audio: bugfixes and cleanups.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJezMulAAoJEEy22O7T6HE4SPwQAJgGCeeNjyP6c4uMu1de9eRU
 w2n4C0cYKVvjpieDSniyHkSjUpz4T+aClxk52F4PMAsF4QnYmEaFvT9fbEJmbEBz
 wZaoHDwBhUbA62/uXld8iygLHi6ujE+ez8sPJNBlqxlj8fQ0QcHV0oKtG/zfMy0p
 ZTq5a8oGaoMDUg1Yyl20LxnW9yCSPPfIlwN8EkNCM8WhSU+xo0LYveu8iFc+6mXH
 iEh1ONNrvr8AU29ZSh0VNJ4k6YA9hpO4HFG9L+K2T/20DtsUQFpyWygQtaTFBQCs
 lplmX1SLuLBpJ5gclpe66D1EPag6tRqJJGOaMy7kGa0JdfHUCmf35n2LAUxNqzZN
 sJ+U7f3Pdn2T2Pwq4ElXDscpNcp4REOUYT2/59oBoDsWrnNGNX7L6j845nV91oCS
 SoLBRDZgDhlOAqiqbRLQKr4VD/sXb1Bden0TO9J3j6mgF8AQb9zjQTFdpZ1WvOUk
 n6jDpS5ds8w/3KVPeJMYPbtS2XGn3w6u9iG75XeCXFe+XRsdxGWleO665lFLkrbi
 iBL84mpZxSD/yXgUT4UUxAhSSCTD9wly8um7e4yeqmbqG9csv8Rkevrrh0jGBdj+
 v5kUq2r9PQPFJDHdMIUX9EINF55S+4aDvZtFj/wN2VxZd7qCPT+I/B5GTytM1rRl
 z2H9aevxRPTwyYbQlyHd
 =inB0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20200526-pull-request' into staging

audio: add JACK client audiodev.
audio: bugfixes and cleanups.

# gpg: Signature made Tue 26 May 2020 08:56:21 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20200526-pull-request:
  hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include
  audio: Let capture_callback handler use const buffer argument
  audio: Let audio_sample_to_uint64() use const samples argument
  audio: fix wavcapture segfault
  audio/mixeng: fix clang 10+ warning
  audio/jack: add JACK client audiodev
  hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h'
  es1370: check total frame count against current frame

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-26 10:59:01 +01:00
Philippe Mathieu-Daudé
b3b8a1fea6 hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include
The Fuloong machine never had to use "audio/audio.h", remove it.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhc@lemote.com>
Message-id: 20200515084209.9419-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 08:46:14 +02:00
Philippe Mathieu-Daudé
57a878ed4f audio: Let capture_callback handler use const buffer argument
The buffer is the captured input to pass to backends.
As we should not modify it, mark the argument const.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505132603.8575-3-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 08:29:39 +02:00
Philippe Mathieu-Daudé
e709d2ac47 audio: Let audio_sample_to_uint64() use const samples argument
The samples are the input to convert to u64. As we should
not modify them, mark the argument const.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200505132603.8575-2-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 08:29:30 +02:00
Bruce Rogers
cbaf25d1f5 audio: fix wavcapture segfault
Commit 571a8c522e caused the HMP wavcapture command to segfault when
processing audio data in audio_pcm_sw_write(), where a NULL
sw->hw->pcm_ops is dereferenced. This fix checks that the pointer is
valid before dereferincing it. A similar fix is also made in the
parallel function audio_pcm_sw_read().

Fixes: 571a8c522e (audio: split ctl_* functions into enable_* and
volume_*)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200521172931.121903-1-brogers@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 07:55:23 +02:00
Volker Rümelin
9c61fcc89a audio/mixeng: fix clang 10+ warning
The code in CONV_NATURAL_FLOAT() and CLIP_NATURAL_FLOAT()
seems to use the constant 2^31-0.5 to convert float to integer
and back. But the float type lacks the required precision and
the constant used for the conversion is 2^31. This is equiva-
lent to a [-1.f, 1.f] <-> [INT32_MIN, INT32_MAX + 1] mapping.

This patch explicitly writes down the used constant. The
compiler generated code doesn't change.

The constant 2^31 has an exact float representation and the
clang 10 compiler stops complaining about an implicit int to
float conversion with a changed value.

A few notes:
- The conversion of 1.f to INT32_MAX + 1 doesn't overflow. The
  type of the destination variable is int64_t.
- At a later stage one of the clip_* functions in
  audio/mixeng_template.h limits INT32_MAX + 1 to the integer
  range.
- The clip_natural_float_* functions in audio/mixeng.c convert
  INT32_MAX and INT32_MAX + 1 to 1.f.

Buglink: https://bugs.launchpad.net/bugs/1878627
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200523201712.23908-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-26 07:46:51 +02:00
Stefano Stabellini
84af75577c xen/9pfs: increase max ring order to 9
The max order allowed by the protocol is 9. Increase the max order
supported by QEMU to 9 to increase performance.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-3-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:40 +02:00
Stefano Stabellini
a4c4d46272 xen/9pfs: yield when there isn't enough room on the ring
Instead of truncating replies, which is problematic, wait until the
client reads more data and frees bytes on the reply ring.

Do that by calling qemu_coroutine_yield(). The corresponding
qemu_coroutine_enter_if_inactive() is called from xen_9pfs_bh upon
receiving the next notification from the client.

We need to be careful to avoid races in case xen_9pfs_bh and the
coroutine are both active at the same time. In xen_9pfs_bh, wait until
either the critical section is over (ring->co == NULL) or until the
coroutine becomes inactive (qemu_coroutine_yield() was called) before
continuing. Then, simply wake up the coroutine if it is inactive.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-2-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:39 +02:00
Stefano Stabellini
cf45183b71 Revert "9p: init_in_iov_from_pdu can truncate the size"
This reverts commit 16724a1730.
It causes https://bugs.launchpad.net/bugs/1877688.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200521192627.15259-1-sstabellini@kernel.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 11:45:38 +02:00
Geoffrey McRae
2e44570321 audio/jack: add JACK client audiodev
This commit adds a new audiodev backend to allow QEMU to use JACK as
both an audio sink and source.

Signed-off-by: Geoffrey McRae <geoff@hostfission.com>
Message-Id: <20200512101603.E3DB73A038E@moya.office.hostfission.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-25 11:30:03 +02:00
Philippe Mathieu-Daudé
2f097e1964 hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h'
Use the generic AUDIO_HOST_ENDIANNESS definition instead
of a custom one.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200505100750.27332-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-25 11:30:03 +02:00
Prasad J Pandit
369ff955a8 es1370: check total frame count against current frame
A guest user may set channel frame count via es1370_write()
such that, in es1370_transfer_audio(), total frame count
'size' is lesser than the number of frames that are processed
'cnt'.

    int cnt = d->frame_cnt >> 16;
    int size = d->frame_cnt & 0xffff;

if (size < cnt), it results in incorrect calculations leading
to OOB access issue(s). Add check to avoid it.

Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20200514200608.1744203-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-05-25 11:30:03 +02:00
Greg Kurz
ed463454ef 9p: Lock directory streams with a CoMutex
Locking was introduced in QEMU 2.7 to address the deprecation of
readdir_r(3) in glibc 2.24. It turns out that the frontend code is
the worst place to handle a critical section with a pthread mutex:
the code runs in a coroutine on behalf of the QEMU mainloop and then
yields control, waiting for the fsdev backend to process the request
in a worker thread. If the client resends another readdir request for
the same fid before the previous one finally unlocked the mutex, we're
deadlocked.

This never bit us because the linux client serializes readdir requests
for the same fid, but it is quite easy to demonstrate with a custom
client.

A good solution could be to narrow the critical section in the worker
thread code and to return a copy of the dirent to the frontend, but
this causes quite some changes in both 9p.c and codir.c. So, instead
of that, in order for people to easily backport the fix to older QEMU
versions, let's simply use a CoMutex since all the users for this
sit in coroutines.

Fixes: 7cde47d4a8 ("9p: add locking to V9fsDir")
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <158981894794.109297.3530035833368944254.stgit@bahia.lan>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 10:38:03 +02:00
Dan Robertson
03556ea920 9pfs: include linux/limits.h for XATTR_SIZE_MAX
linux/limits.h should be included for the XATTR_SIZE_MAX definition used
by v9fs_xattrcreate.

Fixes: 3b79ef2cf4 ("9pfs: limit xattr size in xattrcreate")
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20200515203015.7090-2-dan@dlrobertson.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
2020-05-25 10:38:03 +02:00
Peter Maydell
fea8f3ed73 - Remove unused timer in CFI01 flash,
- Clean up code documentation,
 - Silent a long-standing Coverity warning (2016-07-15).
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl7IDycACgkQ4+MsLN6t
 wN6dsg//Qy487c8DU+ebPfazz1qv0Il3IG+BVtPN6veXuoOg607yEi+W02rTbk05
 7R5pXPZPpb6OPrBWdCem0nzAPMTTyzMJRHrCzVaMgzZjDtSW+zv0s5KQncNmoJu2
 NV2aFMt6fK8wsU0fgvha8HpbJYyed420UNcFOqButYs8L+rincRc1YOtw8e54u34
 g4HXJUj/IHjJpcrRYIFPQpHc3IWV/ZMt0EWFCwK+yd32O6brNWb90yEWYrYP5WGX
 D4O2cAZ2DGLF1PbKfCzz68boWmXGQQkJYh91+AzZFJ+B6jZz1Qs+KyQaTa7xg5YJ
 jZgd0F4qY5kPNfBDOpMC9iF+exacGwoWGf3FT1Gtjf+MfbuV2rlMHDx5bm8/gvPm
 wO+BToJrmSzJ5VJ29st5KtDMQGNBrevibadAEHL9ewntEverdMhbHzDRvONY6ff4
 XC0xmJmzd9iIUSwEfykC35vjuwbrb+bNcV8CJeKk5AWR4ojS3UhXwm3m0ogIEq+i
 x1qPT9gxfxqVLYaeESZIEuS90iN6YgMGTlznb4mAOZ3N/qd23dnkCdyLMSZp8914
 lp+KIH2NkR+B3Osh2m0dNBmmVwt22KFICr7BbRHPJbC2M/+otXcKFZNgy9FlzAbR
 HTHRmr/qBnVtb6Yt8OJup9x1iQHd0UyJUaOGhWkm7X5+zpHLjOo=
 =CQqn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/pflash-next-20200522' into staging

- Remove unused timer in CFI01 flash,
- Clean up code documentation,
- Silent a long-standing Coverity warning (2016-07-15).

# gpg: Signature made Fri 22 May 2020 18:43:03 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/pflash-next-20200522:
  hw/block/pflash: Check return value of blk_pwrite()
  hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array'
  hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00'
  hw/block/pflash_cfi01: Removed an unused timer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-22 18:54:47 +01:00
Mansour Ahmadi
1857b9db49 hw/block/pflash: Check return value of blk_pwrite()
When updating the PFLASH file contents, we should check for a
possible failure of blk_pwrite(). Similar to commit 3a688294e.

Reported-by: Coverity (CID 1357678 CHECKED_RETURN)
Signed-off-by: Mansour Ahmadi <mansourweb@gmail.com>
Message-Id: <20200408003552.58095-1-mansourweb@gmail.com>
[PMD: Add missing "qemu/error-report.h" include and TODO comment]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 19:38:14 +02:00
Philippe Mathieu-Daudé
3072182dc1 hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array'
Rename the 'reset_flash' as 'mode_read_array' to make explicit we
do not reset the device, we simply set its internal state machine
in the READ_ARRAY mode. We do not reset the status register error
bits, as a device reset would do.

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-5-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Philippe Mathieu-Daudé
aba53a12bd hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00'
The command 0x00 is used by this model since its origin (commit
05ee37ebf6). In this commit the command is described with a
amusing '/* ??? */' comment, probably meaning 'FIXME'.

        switch (cmd) {
        case 0x00: /* ??? */
            ...

This comment survived 12 years because the 0x00 value is indeed
not specified by the CFI open standard (as of this commit).

The 'cmd' field is transfered during migration. To keep the
migration feature working with older QEMU version, we have to
take a lot of care with migrated field. We figured out it is
too late to remove a non-specified value from this model
(this would make migration review very complex). It is however
not too late to improve the documentation.

Add few comments to remember this is a special value related
to QEMU, and we won't find information about it on the CFI
spec.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190716221555.11145-3-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Philippe Mathieu-Daudé
d23048c05c hw/block/pflash_cfi01: Removed an unused timer
The 'CFI02' NOR flash was introduced in commit 29133e9a0f, with
timing modelled. One year later, the CFI01 model was introduced
(commit 05ee37ebf6) based on the CFI02 model. As noted in the
header, "It does not support timings". 12 years later, we never
had to model the device timings. Time to remove the unused timer,
we can still add it back if required.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
[Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html]
Message-Id: <20190716221555.11145-2-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22 18:44:36 +02:00
Peter Maydell
1cc9c62e42 qemu-openbios queue
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAl7G3mQeHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIfSfAH/2J41A1R2VV2nbrg
 5IUle4NLpgTPvRRTIivLVo2glNgCGtU23ZH2DWgLKZ6QpFLF6kdq8IyzppJRezem
 +kHhnJ2/07/eiGAZTd1mIUOf7Id8ffqLmy6pHGzTmSog54ZZk1e/KajAUzQYBltI
 EXI06Gc/Mxk8bnalO4zMvylySF2qMcTDakS1SQbtAwFC2XWHXBue/WBdHZU94HK7
 cms7Xt1zzSIY3FiRkDnnt24Zmuk3x6brvStFqcu6on7KZEa2Vpa74Duelap4SZSF
 ZXLykSjv8REW/3kQu94kgT9aaAdgKUrrBpFlm+AB/P5CbAt3XHi92+hZqiEZYf3Y
 9Lgfv+4=
 =R17e
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-20200521' into staging

qemu-openbios queue

# gpg: Signature made Thu 21 May 2020 21:02:44 BST
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-openbios-20200521:
  Update OpenBIOS images to 4704d9eb built from submodule.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-22 12:11:48 +01:00
Peter Maydell
d19f1ab0de target-arm queue:
* tests/acceptance: Add a test for the canon-a1100 machine
  * docs/system: Document some of the Arm development boards
  * linux-user: make BKPT insn cause SIGTRAP, not be a syscall
  * target/arm: Remove unused GEN_NEON_INTEGER_OP macro
  * fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
  * hw/arm: Use qemu_log_mask() instead of hw_error() in various places
  * ARM: PL061: Introduce N_GPIOS
  * target/arm: Improve clear_vec_high() usage
  * target/arm: Allow user-mode code to write CPSR.E via MSR
  * linux-user/arm: Reset CPSR_E when entering a signal handler
  * linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl7G7SwZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3qlND/0bnTGXns6FdYfWahEchgzJ
 2C3LbE7ELund+vmn8BQX+TNsxC3sypbNa0HTx5uiAaRt3ohD6f/lYmvKjGkLJJ0l
 g/6KQNXz2Tru5uB3wXWJuSQhX5qEei4EAHoHLo5lseslQq8pF8xpZvkj7P6TYJGp
 ReEd48OPQJwrs6nlHahQkLX1TveDGNI/GTvUxVG6wTXZnYP6+/LK71yCZDplaKFb
 j2vD7Q9kgFBHmjRiBMvYRhxQXRMnRe+5Y4khDSyiQdZId+2zD0PkxoL6qujSU0Ty
 /P6vWzqdn66n3nD86PzthuWT2294xdsKGx6+otxIsJevMlZxZ7jNP/z7eJEIEvMI
 Pqd28iStpdheiU2siM0NwunRWyr+c/zX6J1KYGBFrVFb869eePaDmIrn0AGKOh9S
 IEO4n7t+M+IkYbc5RfdU2UhE2ubijLDrWnm/mZ7cCd7jT3SwPitVLqtcQWYFI0fL
 GUEJlRstsuSXTWI4g5Cwpuv6U90sc/sIERAVW5qP45FoSnhRaK3+ySzmlTTqZ+jq
 k8xywFjAijITplrvsbIsN0Y074PHFiOuk6e+FXaCyBOc9TA9sZKQUNk/XLuYzhYr
 86jSELIt+YHrpHwxkplrvO+3MvqV95+6AU77cuNAC9O2E5HgE4SPE4RnfRTG8ULj
 FtzVM8JOjCLKha+oAD9ucA==
 =bh3x
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200521-1' into staging

target-arm queue:
 * tests/acceptance: Add a test for the canon-a1100 machine
 * docs/system: Document some of the Arm development boards
 * linux-user: make BKPT insn cause SIGTRAP, not be a syscall
 * target/arm: Remove unused GEN_NEON_INTEGER_OP macro
 * fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
 * hw/arm: Use qemu_log_mask() instead of hw_error() in various places
 * ARM: PL061: Introduce N_GPIOS
 * target/arm: Improve clear_vec_high() usage
 * target/arm: Allow user-mode code to write CPSR.E via MSR
 * linux-user/arm: Reset CPSR_E when entering a signal handler
 * linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32

# gpg: Signature made Thu 21 May 2020 22:05:48 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200521-1: (29 commits)
  linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
  linux-user/arm: Reset CPSR_E when entering a signal handler
  target/arm: Allow user-mode code to write CPSR.E via MSR
  target/arm: Use clear_vec_high more effectively
  target/arm: Use tcg_gen_gvec_mov for clear_vec_high
  ARM: PL061: Introduce N_GPIOS
  hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
  hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
  hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
  hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
  hw/arm/fsl-imx7: Connect watchdog interrupts
  hw/arm/fsl-imx7: Instantiate various unimplemented devices
  hw/arm/fsl-imx6ul: Connect watchdog interrupts
  hw/arm/fsl-imx6: Connect watchdog interrupts
  hw/arm/fsl-imx31: Wire up watchdog
  hw/arm/fsl-imx25: Wire up watchdog
  hw/watchdog: Implement full i.MX watchdog support
  hw: Move i.MX watchdog driver to hw/watchdog
  target/arm: Remove unused GEN_NEON_INTEGER_OP macro
  linux-user/arm: Fix identification of syscall numbers
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:06:56 +01:00
Peter Maydell
fafe722927 linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
The Arm signal-handling code has some parts ifdeffed with a
TARGET_CONFIG_CPU_32, which is always defined. This is a leftover
from when this code's structure was based on the Linux kernel
signal handling code, where it was intended to support 26-bit
Arm CPUs. The kernel dropped its CONFIG_CPU_32 in kernel commit
4da8b8208eded0ba21e3 in 2009.

QEMU has never had 26-bit CPU support and is unlikely to ever
add it; we certainly aren't going to support 26-bit Linux
binaries via linux-user mode. The ifdef is just unhelpful
noise, so remove it entirely.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200518143014.20689-1-peter.maydell@linaro.org
2020-05-21 22:05:27 +01:00
Amanieu d'Antras
45e2813964 linux-user/arm: Reset CPSR_E when entering a signal handler
This fixes signal handlers running with the wrong endianness if the
interrupted code used SETEND to dynamically switch endianness.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200511131117.2486486-1-amanieu@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Peter Maydell
268b1b3dfb target/arm: Allow user-mode code to write CPSR.E via MSR
Using the MSR instruction to write to CPSR.E is deprecated, but it is
required to work from any mode including unprivileged code.  We were
incorrectly forbidding usermode code from writing it because
CPSR_USER did not include the CPSR_E bit.

We use CPSR_USER in only three places:
 * as the mask of what to allow userspace MSR to write to CPSR
 * when deciding what bits a linux-user signal-return should be
   able to write from the sigcontext structure
 * in target_user_copy_regs() when we set up the initial
   registers for the linux-user process

In the first two cases not being able to update CPSR.E is a bug, and
in the third case it doesn't matter because CPSR.E is always 0 there.
So we can fix both bugs by adding CPSR_E to CPSR_USER.

Because the cpsr_write() in restore_sigcontext() is now changing
a CPSR bit which is cached in hflags, we need to add an
arm_rebuild_hflags() call there; the callsite in
target_user_copy_regs() was already rebuilding hflags for other
reasons.

(The recommended way to change CPSR.E is to use the 'SETEND'
instruction, which we do correctly allow from usermode code.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200518142801.20503-1-peter.maydell@linaro.org
2020-05-21 22:05:27 +01:00
Richard Henderson
e1f778596e target/arm: Use clear_vec_high more effectively
Do not explicitly store zero to the NEON high part
when we can pass !is_q to clear_vec_high.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200519212453.28494-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Richard Henderson
5c27392dd0 target/arm: Use tcg_gen_gvec_mov for clear_vec_high
The 8-byte store for the end a !is_q operation can be
merged with the other stores.  Use a no-op vector move
to trigger the expand_clr portion of tcg_gen_gvec_mov.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200519212453.28494-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Geert Uytterhoeven
faf58e5369 ARM: PL061: Introduce N_GPIOS
Add a definition for the number of GPIO lines controlled by a PL061
instance, and use it instead of the hardcoded magic value 8.

Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200519085143.1376-1-geert+renesas@glider.be
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé
a50fe66846 hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00"
Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4,
the default value on the APB bus is 0.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-5-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé
492edf3e30 hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé
5a0001ec7e hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Philippe Mathieu-Daudé
9904625f1b hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
hw_error() calls exit(). This a bit overkill when we can log
the accesses as unimplemented or guest error.

When fuzzing the devices, we don't want the whole process to
exit. Replace some hw_error() calls by qemu_log_mask().

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200518140309.5220-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
c4947e64ef hw/arm/fsl-imx7: Connect watchdog interrupts
i.MX7 supports watchdog pretimeout interupts. With this commit,
the watchdog in mcimx7d-sabre is fully operational, including
pretimeout support.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-9-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
72465e1eba hw/arm/fsl-imx7: Instantiate various unimplemented devices
Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid
crashes when booting mainline Linux.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-8-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
5671e960e2 hw/arm/fsl-imx6ul: Connect watchdog interrupts
With this commit, the watchdog on mcimx6ul-evk is fully operational,
including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-7-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
bd8045a704 hw/arm/fsl-imx6: Connect watchdog interrupts
With this patch applied, the watchdog in the sabrelite emulation
is fully operational, including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-6-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
b9e521dda3 hw/arm/fsl-imx31: Wire up watchdog
With this patch, the watchdog on i.MX31 emulations is fully operational.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-5-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Guenter Roeck
4f0aff00f9 hw/arm/fsl-imx25: Wire up watchdog
With this commit, the watchdog on imx25-pdk is fully operational,
including pretimeout support.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-4-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 22:05:27 +01:00
Mark Cave-Ayland
e70626551a Update OpenBIOS images to 4704d9eb built from submodule.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-05-21 21:00:39 +01:00
Guenter Roeck
daca13d495 hw/watchdog: Implement full i.MX watchdog support
Implement full support for the watchdog in i.MX systems.
Pretimeout support is optional because the watchdog hardware
on i.MX31 does not support pretimeouts.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-3-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added Property array terminator entry]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 20:00:18 +01:00
Guenter Roeck
37f95959c7 hw: Move i.MX watchdog driver to hw/watchdog
In preparation for a full implementation, move i.MX watchdog driver
from hw/misc to hw/watchdog. While at it, add the watchdog files
to MAINTAINERS.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200517162135.110364-2-linux@roeck-us.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-21 20:00:18 +01:00
Peter Maydell
ef81aa68a7 target/arm: Remove unused GEN_NEON_INTEGER_OP macro
The GEN_NEON_INTEGER_OP macro is no longer used; remove it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-05-21 20:00:18 +01:00
Peter Maydell
3986a1721e linux-user/arm: Fix identification of syscall numbers
Our code to identify syscall numbers has some issues:
 * for Thumb mode, we never need the immediate value from the insn,
   but we always read it anyway
 * bad immediate values in the svc insn should cause a SIGILL, but we
   were abort()ing instead (via "goto error")

We can fix both these things by refactoring the code that identifies
the syscall number to more closely follow the kernel COMPAT_OABI code:
 * for Thumb it is always r7
 * for Arm, if the immediate value is 0, then this is an EABI call
   with the syscall number in r7
 * otherwise, we XOR the immediate value with 0x900000
   (ARM_SYSCALL_BASE for QEMU; __NR_OABI_SYSCALL_BASE in the kernel),
   which converts valid syscall immediates into the desired value,
   and puts all invalid immediates in the range 0x100000 or above
 * then we can just let the existing "value too large, deliver
   SIGILL" case handle invalid numbers, and drop the 'goto error'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200420212206.12776-5-peter.maydell@linaro.org
2020-05-21 20:00:18 +01:00
Peter Maydell
ab546bd238 linux-user/arm: Handle invalid arm-specific syscalls correctly
The kernel has different handling for syscalls with invalid
numbers that are in the "arm-specific" range 0x9f0000 and up:
 * 0x9f0000..0x9f07ff return -ENOSYS if not implemented
 * other out of range syscalls cause a SIGILL
(see the kernel's arch/arm/kernel/traps.c:arm_syscall())

Implement this distinction. (Note that our code doesn't look
quite like the kernel's, because we have removed the
0x900000 prefix by this point, whereas the kernel retains
it in arm_syscall().)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200420212206.12776-4-peter.maydell@linaro.org
2020-05-21 20:00:18 +01:00
Peter Maydell
62f141a426 linux-user/arm: Remove bogus SVC 0xf0002 handling
We incorrectly treat SVC 0xf0002 as a cacheflush request (which is a
NOP for QEMU).  This is the wrong syscall number, because in the
svc-immediate OABI syscall numbers are all offset by the
ARM_SYSCALL_BASE value and so the correct insn is SVC 0x9f0002.
(This is handled further down in the code with the other Arm-specific
syscalls like NR_breakpoint.)

When this code was initially added in commit 6f1f31c069 in
2004, ARM_NR_cacheflush was defined as (ARM_SYSCALL_BASE + 0xf0000 + 2)
so the value in the comparison took account of the extra 0x900000
offset. In commit fbb4a2e371 in 2008, the ARM_SYSCALL_BASE
was removed from the definition of ARM_NR_cacheflush and handling
for this group of syscalls was added below the point where we subtract
ARM_SYSCALL_BASE from the SVC immediate value. However that commit
forgot to remove the now-obsolete earlier handling code.

Remove the spurious ARM_NR_cacheflush condition.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20200420212206.12776-3-peter.maydell@linaro.org
2020-05-21 20:00:18 +01:00