[PULL 0/3] MIPS/SPARC patches for 2022-08-09

[PULL 0/3] MIPS/SPARC patches for 2022-08-09

[Philippe Mathieu-Daudé via]

The following changes since commit 8a1337e60400ef54432e063164faf5043a55555d:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-08-08 09:57:37 -0700)

are available in the Git repository at:

  https://github.com/philmd/qemu.git tags/mips-20220809

for you to fetch changes up to 09d12c81ec5d8dc9208e5739d17a56c34be96247:

  hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (2022-08-08 23:43:11 +0200)

----------------------------------------------------------------
MIPS/SPARC patches queue

- target/mips: Handle lock_user failure in UHI_plog semihosting (Peter Maydell)
- hw/mips/malta: Turn off x86 specific features of PIIX4 PM (Igor Mammedov)
- hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter Maydell)

----------------------------------------------------------------

Igor Mammedov (1):
  hw/mips/malta: turn off x86 specific features of PIIX4_PM

Peter Maydell (2):
  target/mips: Handle lock_user() failure in UHI_plog semihosting call
  hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses

 hw/mips/malta.c                    |  9 +++++++++
 hw/misc/grlib_ahb_apb_pnp.c        | 10 ++++++----
 hw/misc/trace-events               |  4 ++--
 target/mips/tcg/sysemu/mips-semi.c |  3 +++
 4 files changed, 20 insertions(+), 6 deletions(-)

-- 
2.36.1

[PULL 1/3] target/mips: Handle lock_user() failure in UHI_plog semihosting call

[Philippe Mathieu-Daudé via]

From: Peter Maydell <peter.maydell@linaro.org>

Coverity notes that we forgot to check the error return from
lock_user() in one place in the handling of the UHI_plog semihosting
call.  Add the missing error handling.

report_fault() is rather brutal in that it will call abort(), but
this is the same error-handling used in the rest of this file.

Resolves: Coverity CID 1490684
Fixes: ea4210600db3c5 ("target/mips: Avoid qemu_semihosting_log_out for UHI_plog")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220719191737.384744-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 target/mips/tcg/sysemu/mips-semi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/mips/tcg/sysemu/mips-semi.c b/target/mips/tcg/sysemu/mips-semi.c
index 5fb1ad9092..85f0567a7f 100644
--- a/target/mips/tcg/sysemu/mips-semi.c
+++ b/target/mips/tcg/sysemu/mips-semi.c
@@ -321,6 +321,9 @@ void mips_semihosting(CPUMIPSState *env)
             if (use_gdb_syscalls()) {
                 addr = gpr[29] - str->len;
                 p = lock_user(VERIFY_WRITE, addr, str->len, 0);
+                if (!p) {
+                    report_fault(env);
+                }
                 memcpy(p, str->str, str->len);
                 unlock_user(p, addr, str->len);
                 semihost_sys_write(cs, uhi_cb, 2, addr, str->len);
-- 
2.36.1

[PULL 2/3] hw/mips/malta: turn off x86 specific features of PIIX4_PM

[Philippe Mathieu-Daudé via]

From: Igor Mammedov <imammedo@redhat.com>

QEMU crashes trying to save VMSTATE when only MIPS target are compiled in
  $ qemu-system-mips -monitor stdio
  (qemu) migrate "exec:gzip -c > STATEFILE.gz"
  Segmentation fault (core dumped)

It happens due to PIIX4_PM trying to parse hotplug vmstate structures
which are valid only for x86 and not for MIPS (as it requires ACPI
tables support which is not existent for ithe later)

Issue was probably exposed by trying to cleanup/compile out unused
ACPI bits from MIPS target (but forgetting about migration bits).

Disable compiled out features using compat properties as the least
risky way to deal with issue.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/995
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220728115034.1327988-1-imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/mips/malta.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index 7a0ec513b0..0e932988e0 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1442,6 +1442,14 @@ static const TypeInfo mips_malta_device = {
     .instance_init = mips_malta_instance_init,
 };
 
+GlobalProperty malta_compat[] = {
+    { "PIIX4_PM", "memory-hotplug-support", "off" },
+    { "PIIX4_PM", "acpi-pci-hotplug-with-bridge-support", "off" },
+    { "PIIX4_PM", "acpi-root-pci-hotplug", "off" },
+    { "PIIX4_PM", "x-not-migrate-acpi-index", "true" },
+};
+const size_t malta_compat_len = G_N_ELEMENTS(malta_compat);
+
 static void mips_malta_machine_init(MachineClass *mc)
 {
     mc->desc = "MIPS Malta Core LV";
@@ -1455,6 +1463,7 @@ static void mips_malta_machine_init(MachineClass *mc)
     mc->default_cpu_type = MIPS_CPU_TYPE_NAME("24Kf");
 #endif
     mc->default_ram_id = "mips_malta.ram";
+    compat_props_add(mc->compat_props, malta_compat, malta_compat_len);
 }
 
 DEFINE_MACHINE("malta", mips_malta_machine_init)
-- 
2.36.1

[PULL 3/3] hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses

[Philippe Mathieu-Daudé via]

From: Peter Maydell <peter.maydell@linaro.org>

In real hardware, the APB and AHB PNP data tables can be accessed
with byte and halfword reads as well as word reads.  Our
implementation currently only handles word reads.  Add support for
the 8 and 16 bit accesses.  Note that we only need to handle aligned
accesses -- unaligned accesses should continue to trap, as happens on
hardware.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1132
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220802131925.3380923-1-peter.maydell@linaro.org>
Tested-by: Tomasz Martyniak <gitlab.com/tom4r>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/misc/grlib_ahb_apb_pnp.c | 10 ++++++----
 hw/misc/trace-events        |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
index 43e001c3c7..5b05f15859 100644
--- a/hw/misc/grlib_ahb_apb_pnp.c
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -136,7 +136,8 @@ static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size)
     uint32_t val;
 
     val = ahb_pnp->regs[offset >> 2];
-    trace_grlib_ahb_pnp_read(offset, val);
+    val = extract32(val, (4 - (offset & 3) - size) * 8, size * 8);
+    trace_grlib_ahb_pnp_read(offset, size, val);
 
     return val;
 }
@@ -152,7 +153,7 @@ static const MemoryRegionOps grlib_ahb_pnp_ops = {
     .write      = grlib_ahb_pnp_write,
     .endianness = DEVICE_BIG_ENDIAN,
     .impl = {
-        .min_access_size = 4,
+        .min_access_size = 1,
         .max_access_size = 4,
     },
 };
@@ -247,7 +248,8 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
     uint32_t val;
 
     val = apb_pnp->regs[offset >> 2];
-    trace_grlib_apb_pnp_read(offset, val);
+    val = extract32(val, (4 - (offset & 3) - size) * 8, size * 8);
+    trace_grlib_apb_pnp_read(offset, size, val);
 
     return val;
 }
@@ -263,7 +265,7 @@ static const MemoryRegionOps grlib_apb_pnp_ops = {
     .write      = grlib_apb_pnp_write,
     .endianness = DEVICE_BIG_ENDIAN,
     .impl = {
-        .min_access_size = 4,
+        .min_access_size = 1,
         .max_access_size = 4,
     },
 };
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index 4d51a80de1..c18bc0605e 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -247,8 +247,8 @@ via1_adb_poll(uint8_t data, const char *vadbint, int status, int index, int size
 via1_auxmode(int mode) "setting auxmode to %d"
 
 # grlib_ahb_apb_pnp.c
-grlib_ahb_pnp_read(uint64_t addr, uint32_t value) "AHB PnP read addr:0x%03"PRIx64" data:0x%08x"
-grlib_apb_pnp_read(uint64_t addr, uint32_t value) "APB PnP read addr:0x%03"PRIx64" data:0x%08x"
+grlib_ahb_pnp_read(uint64_t addr, unsigned size, uint32_t value) "AHB PnP read addr:0x%03"PRIx64" size:%u data:0x%08x"
+grlib_apb_pnp_read(uint64_t addr, unsigned size, uint32_t value) "APB PnP read addr:0x%03"PRIx64" size:%u data:0x%08x"
 
 # led.c
 led_set_intensity(const char *color, const char *desc, uint8_t intensity_percent) "LED desc:'%s' color:%s intensity: %u%%"
-- 
2.36.1

Re: [PULL 0/3] MIPS/SPARC patches for 2022-08-09

[Richard Henderson]

On 8/8/22 15:33, Philippe Mathieu-Daudé via wrote:
> The following changes since commit 8a1337e60400ef54432e063164faf5043a55555d:
> 
>    Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-08-08 09:57:37 -0700)
> 
> are available in the Git repository at:
> 
>    https://github.com/philmd/qemu.git tags/mips-20220809
> 
> for you to fetch changes up to 09d12c81ec5d8dc9208e5739d17a56c34be96247:
> 
>    hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (2022-08-08 23:43:11 +0200)
> 
> ----------------------------------------------------------------
> MIPS/SPARC patches queue
> 
> - target/mips: Handle lock_user failure in UHI_plog semihosting (Peter Maydell)
> - hw/mips/malta: Turn off x86 specific features of PIIX4 PM (Igor Mammedov)
> - hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter Maydell)

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.


r~


> 
> ----------------------------------------------------------------
> 
> Igor Mammedov (1):
>    hw/mips/malta: turn off x86 specific features of PIIX4_PM
> 
> Peter Maydell (2):
>    target/mips: Handle lock_user() failure in UHI_plog semihosting call
>    hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses
> 
>   hw/mips/malta.c                    |  9 +++++++++
>   hw/misc/grlib_ahb_apb_pnp.c        | 10 ++++++----
>   hw/misc/trace-events               |  4 ++--
>   target/mips/tcg/sysemu/mips-semi.c |  3 +++
>   4 files changed, 20 insertions(+), 6 deletions(-)
>