1. 19 Dec, 2012 12 commits
  2. 17 Dec, 2012 10 commits
  3. 16 Dec, 2012 4 commits
  4. 15 Dec, 2012 2 commits
    • Blue Swirl's avatar
      Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf · 6d4e1892
      Blue Swirl authored
      * 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (40 commits)
        pseries: Increase default NVRAM size
        target-ppc: Don't use hwaddr to represent hardware state
        PPC: e500: pci: Export slot2irq calculation
        PPC: E500plat: Make a lot of PCI slots available
        PPC: E500: Move PCI slot information into params
        PPC: E500: Generate dt pci irq map dynamically
        PPC: E500: PCI: Make IRQ calculation more generic
        PPC: E500: PCI: Make first slot qdev settable
        openpic: Accelerate pending irq search
        openpic: fix minor coding style issues
        MSI-X: Fix endianness
        PPC: e500: Declare pci bridge as bridge
        PPC: e500: Add MSI support
        openpic: add Shared MSI support
        openpic: make brr1 model specific
        openpic: convert to qdev
        openpic: remove irq_out
        openpic: rename openpic_t to OpenPICState
        openpic: convert simple reg operations to builtin bitops
        openpic: remove unused type variable
        ...
      6d4e1892
    • Max Filippov's avatar
      target-xtensa: fix ITLB/DTLB page protection flags · 659f807c
      Max Filippov authored
      
      
      With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
      only used for code access, DTLB is only for data. However TLB entries in
      both TLBs have attribute field controlling write and exec access. These
      bits need to be properly masked off depending on TLB type before being
      used as tlb_set_page prot argument. Otherwise the following happens:
      
      (1) ITLB entry for some PFN gets invalidated
      (2) DTLB entry for the same PFN gets updated, attributes allow code
          execution
      (3) code at the page with that PFN is executed (possible due to step 2),
          entry for the TB is written into the jump cache
      (4) QEMU TLB entry for the PFN gets replaced with an entry for some
          other PFN
      (5) code in the TB from step 3 is executed (possible due to jump cache)
          and it accesses data, for which there's no DTLB entry, causing DTLB
          miss exception
      (6) re-translation of the TB from step 5 is attempted, but there's no
          QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
          miss exception at the TB start address
      (7) ITLB miss exception is handled by the guest, but execution is
          resumed from the beginning of the faulting TB (the point where ITLB
          miss occured), not from the point where DTLB miss occured, which is
          wrong.
      
      With that fix the above scenario causes ITLB miss exception (that used
      to be step 7) at step 3, right at the beginning of the TB.
      Signed-off-by: default avatarMax Filippov <jcmvbkbc@gmail.com>
      Cc: qemu-stable@nongnu.org
      Signed-off-by: default avatarBlue Swirl <blauwirbel@gmail.com>
      659f807c
  5. 14 Dec, 2012 12 commits