Alex Bennée [Tue, 23 Mar 2021 16:52:53 +0000 (16:52 +0000)]
semihosting/arm-compat-semi: don't use SET_ARG to report SYS_HEAPINFO
As per the spec:
the PARAMETER REGISTER contains the address of a pointer to a
four-field data block.
So we need to follow arg0 and place the results of SYS_HEAPINFO there.
Fixes: 3c37cfe0b1 ("semihosting: Change internal common-semi interfaces to use CPUState *")
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Bug 1915925 <1915925@bugs.launchpad.net>
Cc: Keith Packard <keithp@keithp.com>
Bug: https://bugs.launchpad.net/bugs/
1915925
Message-Id: <
20210323165308.15244-8-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:52 +0000 (16:52 +0000)]
semihosting/arm-compat-semi: unify GET/SET_ARG helpers
>>>From the semihosting point of view what we want to know is the current
mode of the processor. Unify this into a single helper and allow us to
use the same GET/SET_ARG helpers for the rest of the code. Having the
helper will also be useful later.
Note: we aren't currently testing riscv32 due to missing toolchain for
check-tcg tests.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
Message-Id: <
20210323165308.15244-7-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:51 +0000 (16:52 +0000)]
semihosting: move semihosting tests to multiarch
It may be arm-compat-semihosting but more than one architecture uses
it so lets move the tests into the multiarch area. We gate it on the
feature and split the semicall.h header between the arches.
Also clean-up a bit of the Makefile messing about to one common set of
runners.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20210323165308.15244-6-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:50 +0000 (16:52 +0000)]
tools/virtiofsd: include --socket-group in help
I confused myself wandering if this had been merged by looking at the
help output. It seems fuse_opt doesn't automagically add to help
output so lets do it now.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Updates:
f6698f2b03 ("tools/virtiofsd: add support for --socket-group")
Message-Id: <
20210323165308.15244-5-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:49 +0000 (16:52 +0000)]
docs/devel: expand style section of memory management
This aims to provide a bit more guidance for those who take on one of
our "clean up memory allocation" bite-sized tasks.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20210323165308.15244-4-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:48 +0000 (16:52 +0000)]
docs/devel: include the plugin API information from the headers
We have kerneldoc tags for the headers so we might as well extract
them into our developer documentation whilst we are at it.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Aaron Lindsay <aaron@os.amperecomputing.com>
Message-Id: <
20210323165308.15244-3-alex.bennee@linaro.org>
Alex Bennée [Tue, 23 Mar 2021 16:52:47 +0000 (16:52 +0000)]
scripts/kernel-doc: strip QEMU_ from function definitions
Some packaged versions of Sphinx (fedora33/alpine so far) have issues
with the annotated C code that kernel-doc spits out. Without knowing
about things like QEMU_PLUGIN_EXPORT it chokes trying to understand
the code. Evidently this is a problem for the kernel as well as the
long stream of regex substitutions we add to in this patch can attest.
Fortunately we have a fairly common format for all our compiler
shenanigans as applied to functions so lets just filter them all out.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20210323165308.15244-2-alex.bennee@linaro.org>
Peter Maydell [Wed, 24 Mar 2021 11:22:08 +0000 (11:22 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-
20210323' into staging
Workaround for macos mprotect
Workaround for target_page vs -flto
# gpg: Signature made Wed 24 Mar 2021 01:40:12 GMT
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-tcg-
20210323:
exec: Build page-vary-common.c with -fno-lto
exec: Extract 'page-vary.h' header
exec: Rename exec-vary.c as page-vary.c
tcg: Workaround macOS 11.2 mprotect bug
tcg: Do not set guard pages on the rx portion of code_gen_buffer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Mon, 22 Mar 2021 11:24:26 +0000 (12:24 +0100)]
exec: Build page-vary-common.c with -fno-lto
In
bbc17caf81f, we used an alias attribute to allow target_page
to be declared const, and yet be initialized late.
This fails when using LTO with several versions of gcc.
The compiler looks through the alias and decides that the const
variable is statically initialized to zero, then propagates that
zero to many uses of the variable.
This can be avoided by compiling one object file with -fno-lto.
In this way, any initializer cannot be seen, and the constant
propagation does not occur.
Since we are certain to have this separate compilation unit, we
can drop the alias attribute as well. We simply have differing
declarations for target_page in different compilation units.
Drop the use of init_target_page, and drop the configure detection
for CONFIG_ATTRIBUTE_ALIAS.
In order to change the compilation flags for a file with meson,
we must use a static_library. This runs into specific_ss, where
we would need to create many static_library instances.
Fix this by splitting page-vary.c: the page-vary-common.c part is
compiled once as a static_library, while the page-vary.c part is
left in specific_ss in order to handle the target-specific value
of TARGET_PAGE_BITS_MIN.
Reported-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20210321211534.
2101231-1-richard.henderson@linaro.org>
[PMD: Fix typo in subject, split original patch in 3]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Gavin Shan <gshan@redhat.com>
Message-Id: <
20210322112427.
4045204-4-f4bug@amsat.org>
[rth: Update MAINTAINERS]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 22 Mar 2021 11:24:25 +0000 (12:24 +0100)]
exec: Extract 'page-vary.h' header
In the next commit we will extract the generic code out of
page-vary.c, only keeping the target specific code. Both
files will use the same TargetPageBits structure, so make
its declaration in a shared header.
As the common header can not use target specific types,
use a uint64_t to hold the page mask value, and add a
cast back to target_long in the TARGET_PAGE_MASK definitions.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210322112427.
4045204-3-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 22 Mar 2021 11:24:24 +0000 (12:24 +0100)]
exec: Rename exec-vary.c as page-vary.c
exec-vary.c is about variable page size handling,
rename it page-vary.c. Currently this file is target
specific (built once for each target), comment this.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210322112427.
4045204-2-f4bug@amsat.org>
[rth: Update MAINTAINERS]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Sat, 20 Mar 2021 16:57:20 +0000 (10:57 -0600)]
tcg: Workaround macOS 11.2 mprotect bug
There's a change in mprotect() behaviour [1] in the latest macOS
on M1 and it's not yet clear if it's going to be fixed by Apple.
As a short-term fix, ignore failures setting up the guard pages.
[1] https://gist.github.com/hikalium/
75ae822466ee4da13cbbe486498a191f
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Buglink: https://bugs.launchpad.net/qemu/+bug/1914849
Message-Id: <
20210320165720.
1813545-3-richard.henderson@linaro.org>
Richard Henderson [Sat, 20 Mar 2021 16:57:19 +0000 (10:57 -0600)]
tcg: Do not set guard pages on the rx portion of code_gen_buffer
The rw portion of the buffer is the only one in which overruns
can be generated. Allow the rx portion to be more completely
covered by huge pages.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <
20210320165720.
1813545-2-richard.henderson@linaro.org>
Peter Maydell [Tue, 23 Mar 2021 23:47:30 +0000 (23:47 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/ui-
20210323-pull-request' into staging
fixes for 6.0
# gpg: Signature made Tue 23 Mar 2021 15:36:06 GMT
# gpg: using RSA key
A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/ui-
20210323-pull-request:
edid: prefer standard timings
include/ui/console.h: Delete is_surface_bgr()
qmp: add new qmp display-reload
vnc: support reload x509 certificates for vnc
crypto: add reload for QCryptoTLSCredsClass
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 23 Mar 2021 22:28:58 +0000 (22:28 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2021-03-23' into staging
QAPI patches patches for 2021-03-23
# gpg: Signature made Tue 23 Mar 2021 21:37:53 GMT
# gpg: using RSA key
354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2021-03-23: (29 commits)
block: Remove monitor command block_passwd
qapi: Enforce union and alternate branch naming rules
qapi: Enforce enum member naming rules
qapi: Enforce struct member naming rules
tests/qapi-schema: Switch member name clash test to struct
qapi: Enforce command naming rules
qapi: Enforce feature naming rules
qapi: Prepare for rejecting underscore in command and member names
tests-qmp-cmds: Drop unused and incorrect qmp_TestIfCmd()
qapi/pragma: Streamline comments on member-name-exceptions
qapi: Rename pragma *-whitelist to *-exceptions
tests/qapi-schema: Rename returns-whitelist to returns-bad-type
tests/qapi-schema: Rename pragma-*-crap to pragma-value-not-*
qapi: Factor out QAPISchemaParser._check_pragma_list_of_str()
tests/qapi-schema: Rename redefined-builtin to redefined-predefined
qapi: Enforce type naming rules
qapi: Enforce event naming rules
qapi: Consistently permit any case in downstream prefixes
qapi: Move uppercase rejection to check_name_lower()
qapi: Rework name checking in preparation of stricter checking
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Tue, 23 Mar 2021 10:19:51 +0000 (11:19 +0100)]
block: Remove monitor command block_passwd
Command block_passwd always fails since
Commit
c01c214b69 "block: remove all encryption handling APIs"
(v2.10.0) turned block_passwd into a stub that always fails, and
hardcoded encryption_key_missing to false in query-named-block-nodes
and query-block.
Commit
ad1324e044 "block: remove 'encryption_key_missing' flag from
QAPI" just landed. Complete the cleanup job: remove block_passwd.
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323101951.
3686029-1-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:25 +0000 (10:40 +0100)]
qapi: Enforce union and alternate branch naming rules
Union branch names should use '-', not '_'. Enforce this. The only
offenders are in tests/. Fix them.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-29-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
Markus Armbruster [Tue, 23 Mar 2021 09:40:24 +0000 (10:40 +0100)]
qapi: Enforce enum member naming rules
Enum members should use '-', not '_'. Enforce this. Fix the fixable
offenders (all in tests/), and add the remainder to pragma
member-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-28-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:23 +0000 (10:40 +0100)]
qapi: Enforce struct member naming rules
Struct members, including command arguments, event data, and union
inline base members, should use '-', not '_'. Enforce this. Fix the
fixable offenders (all in tests/), and add the remainder to pragma
member-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-27-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:22 +0000 (10:40 +0100)]
tests/qapi-schema: Switch member name clash test to struct
Test args-name-clash covers command parameter name clash. This
effectively covers struct member name clash as well. The next commit
will make parameter name clash impossible. Convert args-name-clash
from testing command to testing a struct, and rename it to
struct-member-name-clash.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-26-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
Markus Armbruster [Tue, 23 Mar 2021 09:40:21 +0000 (10:40 +0100)]
qapi: Enforce command naming rules
Command names should be lower-case. Enforce this. Fix the fixable
offenders (all in tests/), and add the remainder to pragma
command-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-25-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:20 +0000 (10:40 +0100)]
qapi: Enforce feature naming rules
Feature names should use '-', not '_'. Enforce this.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-24-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:19 +0000 (10:40 +0100)]
qapi: Prepare for rejecting underscore in command and member names
Command names and member names within a type should be all lower case
with words separated by a hyphen. We also accept underscore. Rework
check_name_lower() to optionally reject underscores, but don't use
that option, yet.
Update expected test output for the changed error message.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-23-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:18 +0000 (10:40 +0100)]
tests-qmp-cmds: Drop unused and incorrect qmp_TestIfCmd()
Commit
967c885108 "qapi: add 'if' to top-level expressions" added
command TestIfCmd with an 'if' condition. It also added the
qmp_TestIfCmd() to go with it, guarded by the corresponding #if.
Commit
ccadd6bcba "qapi: Add 'if' to implicit struct members" changed
the command, but not the function. Compiles only because we don't
satisfy the #if. Instead of fixing the function, simply drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-22-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:17 +0000 (10:40 +0100)]
qapi/pragma: Streamline comments on member-name-exceptions
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-21-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:16 +0000 (10:40 +0100)]
qapi: Rename pragma *-whitelist to *-exceptions
Rename pragma returns-whitelist to command-returns-exceptions, and
name-case-whitelist to member-name-case-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-20-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:15 +0000 (10:40 +0100)]
tests/qapi-schema: Rename returns-whitelist to returns-bad-type
This test covers returning "bad" types. Pragma returns-whitelist is
just one aspect. Naming it returns-whitelist is suboptimal. Rename
to returns-bad-type.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-19-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:14 +0000 (10:40 +0100)]
tests/qapi-schema: Rename pragma-*-crap to pragma-value-not-*
Rename pragma-doc-required-crap to pragma-not-bool,
pragma-returns-whitelist-crap to pragma-value-not-list, and
pragma-name-case-whitelist-crap to pragma-value-not-list-of-str.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-18-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:13 +0000 (10:40 +0100)]
qapi: Factor out QAPISchemaParser._check_pragma_list_of_str()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-17-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:12 +0000 (10:40 +0100)]
tests/qapi-schema: Rename redefined-builtin to redefined-predefined
The previous commit changed this test to clash with a predefined enum
type, not a built-in type. Adjust its name.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-16-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:11 +0000 (10:40 +0100)]
qapi: Enforce type naming rules
Type names should be CamelCase. Enforce this. The only offenders are
in tests/. Fix them. Add test type-case to cover the new error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-15-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Regexp simplified, new test made more robust]
Markus Armbruster [Tue, 23 Mar 2021 09:40:10 +0000 (10:40 +0100)]
qapi: Enforce event naming rules
Event names should be ALL_CAPS with words separated by underscore.
Enforce this. The only offenders are in tests/. Fix them. Existing
test event-case covers the new error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-14-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:09 +0000 (10:40 +0100)]
qapi: Consistently permit any case in downstream prefixes
We require lowercase __RFQDN_ downstream prefixes only where we
require the prefixed name to be lowercase. Don't; permit any case in
__RFQDN_ prefixes anywhere.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-13-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:08 +0000 (10:40 +0100)]
qapi: Move uppercase rejection to check_name_lower()
check_name_lower() is the only user of check_name_str() using
permit_upper=False. Move the associated code from check_name_str() to
check_name_lower(), and drop the parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-12-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:07 +0000 (10:40 +0100)]
qapi: Rework name checking in preparation of stricter checking
Naming rules differ for the various kinds of names. To prepare
enforcing them, define functions to check them: check_name_upper(),
check_name_lower(), and check_name_camel(). For now, these merely
wrap around check_name_str(), but that will change shortly. Replace
the other uses of check_name_str() by appropriate uses of the
wrappers. No change in behavior just yet.
check_name_str() now returns the name without downstream and x-
prefix, for use by the wrappers in later patches. Requires tweaking
regexp @valid_name. It accepts the same strings as before.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-11-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message improved]
Markus Armbruster [Tue, 23 Mar 2021 09:40:06 +0000 (10:40 +0100)]
qapi: Lift enum-specific code out of check_name_str()
check_name_str() masks leading digits when passed enum_member=True.
Only check_enum() does. Lift the masking into check_enum().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-10-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:05 +0000 (10:40 +0100)]
qapi: Permit flat union members for any tag value
Flat union branch names match the tag enum's member names. Omitted
branches default to "no members for this tag value".
Branch names starting with a digit get rejected like "'data' member
'0' has an invalid name". However, omitting the branch works.
This is because flat union tag values get checked twice: as enum
member name, and as union branch name. The former accepts leading
digits, the latter doesn't.
Branches whose names start with a digit therefore cannot have members.
Feels wrong. Get rid of the restriction by skipping the latter check.
This can expose c_name() to input it can't handle: a name starting
with a digit. Improve it to return a valid C identifier for any
input.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-9-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message rewritten]
Markus Armbruster [Tue, 23 Mar 2021 09:40:04 +0000 (10:40 +0100)]
qapi: Fix to reject optional members with reserved names
check_type() fails to reject optional members with reserved names,
because it neglects to strip off the leading '*'. Fix that.
The stripping in check_name_str() is now useless. Drop.
Also drop the "no leading '*'" assertion, because valid_name.match()
ensures it can't fail.
Fixes: 9fb081e0b98409556d023c7193eeb68947cd1211
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-8-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:03 +0000 (10:40 +0100)]
tests/qapi-schema: Tweak to demonstrate buggy member name check
Member name 'u' and names starting with 'has-' or 'has_' are reserved
for the generator. check_type() enforces this, covered by tests
reserved-member-u and reserved-member-has.
These tests neglect to cover optional members, where the name starts
with '*'. Tweak reserved-member-u to fix that. Test
reserved-member-has still covers non-optional members.
This demonstrates the reserved member name check is broken for
optional members. The next commit will fix it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-7-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
[Commit message improved slightly]
Peter Maydell [Tue, 23 Mar 2021 21:15:16 +0000 (21:15 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-
20210323' into staging
target-arm queue:
* hw/arm/virt: Disable pl011 clock migration if needed
* target/arm: Make M-profile VTOR loads on reset handle memory aliasing
* target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
# gpg: Signature made Tue 23 Mar 2021 14:26:09 GMT
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-
20210323:
target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
target/arm: Make M-profile VTOR loads on reset handle memory aliasing
hw/core/loader: Add new function rom_ptr_for_as()
memory: Add offset_in_region to flatview_cb arguments
memory: Document flatview_for_each_range()
memory: Make flatview_cb return bool, not int
hw/arm/virt: Disable pl011 clock migration if needed
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Tue, 23 Mar 2021 09:40:02 +0000 (10:40 +0100)]
tests/qapi-schema: Drop TODO comment on simple unions
Simple unions don't need more features, they need to die.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-6-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:01 +0000 (10:40 +0100)]
tests/qapi-schema: Belatedly update comment on alternate clash
Commit
0426d53c65 "qapi: Simplify visiting of alternate types"
eliminated the implicit alternate enum, but neglected to update a
comment about it in a test. Do that now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-5-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:40:00 +0000 (10:40 +0100)]
tests/qapi-schema: Rework comments on longhand member definitions
A few old comments talk about "desired future use of defaults" and
"anonymous inline branch types". Kind of misleading since commit
87adbbffd4 "qapi: add a dictionary form for TYPE" added longhand
member definitions. Talk about that instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-4-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:39:59 +0000 (10:39 +0100)]
tests/qapi-schema: Drop redundant flat-union-inline test
flat-union-inline.json covers longhand branch definition with an
invalid type value. It's redundant: longhand branch definition is
covered by flat-union-inline-invalid-dict.json, and invalid type value
is covered by nested-struct-data.json. Drop the test.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-3-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Tue, 23 Mar 2021 09:39:58 +0000 (10:39 +0100)]
qapi/pragma: Tidy up after removal of deprecated commands
Commit
cbde7be900 "migrate: remove QMP/HMP commands for speed,
downtime and cache size" neglected to remove query-migrate-cache-size
from pragma returns-whitelist.
Commit
8af54b9172 "machine: remove 'query-cpus' QMP command" neglected
to remove CpuInfo & friends from pragma name-case-exceptions.
Remove these now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
20210323094025.
3569441-2-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Peter Maydell [Tue, 23 Mar 2021 16:49:23 +0000 (16:49 +0000)]
Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-
20210323' into staging
Xen patch
- Fix Xen backend block detach via xenstore.
# gpg: Signature made Tue 23 Mar 2021 11:53:08 GMT
# gpg: using RSA key
F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg: aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A 7161 D8D5 7199 DF83 42C8
# Subkey fingerprint: F80C 0063 08E2 2CFD 8A92 E798 0CF5 572F D7FB 55AF
* remotes/aperard/tags/pull-xen-
20210323:
xen-block: Fix removal of backend instance via xenstore
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 23 Mar 2021 15:30:46 +0000 (15:30 +0000)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-
20210322-2' into staging
RISC-V PR for 6.0
This PR includes:
- Fix for vector CSR access
- Improvements to the Ibex UART device
- PMP improvements and bug fixes
- Hypervisor extension bug fixes
- ramfb support for the virt machine
- Fast read support for SST flash
- Improvements to the microchip_pfsoc machine
# gpg: Signature made Tue 23 Mar 2021 01:56:53 GMT
# gpg: using RSA key
F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-
20210322-2:
target/riscv: Prevent lost illegal instruction exceptions
docs/system: riscv: Add documentation for 'microchip-icicle-kit' machine
hw/riscv: microchip_pfsoc: Map EMMC/SD mux register
hw/block: m25p80: Support fast read for SST flashes
target/riscv: Add proper two-stage lookup exception detection
target/riscv: Fix read and write accesses to vsip and vsie
hw/riscv: allow ramfb on virt
hw/riscv: Add fw_cfg support to virt
target/riscv: Use background registers also for MSTATUS_MPV
target/riscv: Make VSTIP and VSEIP read-only in hip
target/riscv: Adjust privilege level for HLV(X)/HSV instructions
target/riscv: flush TLB pages if PMP permission has been changed
target/riscv: add log of PMP permission checking
target/riscv: propagate PMP permission to TLB page
hw/char: disable ibex uart receive if the buffer is full
target/riscv: fix vs() to return proper error code
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Sat, 20 Mar 2021 00:06:06 +0000 (18:06 -0600)]
target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
Pretend the fault always happens at page table level 3.
Failure to set this leaves level = 0, which is impossible for
ARMFault_Permission, and produces an invalid syndrome, which
reaches g_assert_not_reached in cpu_loop.
Fixes: 8db94ab4e5db ("linux-user/aarch64: Pass syndrome to EXC_*_ABORT")
Reported-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
20210320000606.
1788699-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 18 Mar 2021 17:48:23 +0000 (17:48 +0000)]
target/arm: Make M-profile VTOR loads on reset handle memory aliasing
For Arm M-profile CPUs, on reset the CPU must load its initial PC and
SP from a vector table in guest memory. Because we can't guarantee
reset ordering, we have to handle the possibility that the ROM blob
loader's reset function has not yet run when the CPU resets, in which
case the data in an ELF file specified by the user won't be in guest
memory to be read yet.
We work around the reset ordering problem by checking whether the ROM
blob loader has any data for the address where the vector table is,
using rom_ptr(). Unfortunately this does not handle the possibility
of memory aliasing. For many M-profile boards, memory can be
accessed via multiple possible physical addresses; if the board has
the vector table at address X but the user's ELF file loads data via
a different address Y which is an alias to the same underlying guest
RAM then rom_ptr() will not find it.
Use the new rom_ptr_for_as() function, which deals with memory
aliasing when locating a relevant ROM blob.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210318174823.18066-6-peter.maydell@linaro.org
Peter Maydell [Thu, 18 Mar 2021 17:48:22 +0000 (17:48 +0000)]
hw/core/loader: Add new function rom_ptr_for_as()
For accesses to rom blob data before or during reset, we have a
function rom_ptr() which looks for a rom blob that would be loaded to
the specified address, and returns a pointer into the rom blob data
corresponding to that address. This allows board or CPU code to say
"what is the data that is going to be loaded to this address?".
However, this function does not take account of memory region
aliases. If for instance a machine model has RAM at address
0x0000_0000 which is aliased to also appear at 0x1000_0000, a
rom_ptr() query for address 0x0000_0000 will only return a match if
the guest image provided by the user was loaded at 0x0000_0000 and
not if it was loaded at 0x1000_0000, even though they are the same
RAM and a run-time guest CPU read of 0x0000_0000 will read the data
loaded to 0x1000_0000.
Provide a new function rom_ptr_for_as() which takes an AddressSpace
argument, so that it can check whether the MemoryRegion corresponding
to the address is also mapped anywhere else in the AddressSpace and
look for rom blobs that loaded to that alias.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210318174823.18066-5-peter.maydell@linaro.org
Peter Maydell [Thu, 18 Mar 2021 17:48:21 +0000 (17:48 +0000)]
memory: Add offset_in_region to flatview_cb arguments
The function flatview_for_each_range() calls a callback for each
range in a FlatView. Currently the callback gets the start and
length of the range and the MemoryRegion involved, but not the offset
within the MemoryRegion. Add this to the callback's arguments; we're
going to want it for a new use in the next commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id:
20210318174823.18066-4-peter.maydell@linaro.org
Peter Maydell [Thu, 18 Mar 2021 17:48:20 +0000 (17:48 +0000)]
memory: Document flatview_for_each_range()
Add a documentation comment describing flatview_for_each_range().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id:
20210318174823.18066-3-peter.maydell@linaro.org
Peter Maydell [Thu, 18 Mar 2021 17:48:19 +0000 (17:48 +0000)]
memory: Make flatview_cb return bool, not int
The return value of the flatview_cb callback passed to the
flatview_for_each_range() function is zero if the iteration through
the ranges should continue, or non-zero to break out of it. Use a
bool for this rather than int.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id:
20210318174823.18066-2-peter.maydell@linaro.org
Gavin Shan [Thu, 18 Mar 2021 02:38:01 +0000 (10:38 +0800)]
hw/arm/virt: Disable pl011 clock migration if needed
A clock is added by commit
aac63e0e6ea3 ("hw/char/pl011: add a clock
input") since v5.2.0 which corresponds to virt-5.2 machine type. It
causes backwards migration failure from upstream to downstream (v5.1.0)
when the machine type is specified with virt-5.1.
This fixes the issue by following instructions from section "Connecting
subsections to properties" in docs/devel/migration.rst. With this applied,
the PL011 clock is migrated based on the machine type.
virt-5.2 or newer: migration
virt-5.1 or older: non-migration
Cc: qemu-stable@nongnu.org # v5.2.0+
Fixes: aac63e0e6ea3 ("hw/char/pl011: add a clock input")
Suggested-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id:
20210318023801.18287-1-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Tue, 16 Mar 2021 14:38:08 +0000 (15:38 +0100)]
edid: prefer standard timings
Windows guests using the "Basic Display Adapter" don't parse the
"Established timings III" block. They also don't parse any edid
extension.
So prefer the "Standard Timings" block to store the display resolutions
in edid_fill_modes(). Also reorder the mode list, so more exotic
resolutions (specifically the ones which are not supported by vgabios)
are moved down and the remaining ones have a better chance to get one of
the eight slots in the "Standard Timings" block.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20210316143812.
2363588-6-kraxel@redhat.com>
Anthony PERARD [Mon, 8 Mar 2021 14:32:32 +0000 (14:32 +0000)]
xen-block: Fix removal of backend instance via xenstore
Whenever a Xen block device is detach via xenstore, the image
associated with it remained open by the backend QEMU and an error is
logged:
qemu-system-i386: failed to destroy drive: Node xvdz-qcow2 is in use
This happened since object_unparent() doesn't immediately frees the
object and thus keep a reference to the node we are trying to free.
The reference is hold by the "drive" property and the call
xen_block_drive_destroy() fails.
In order to fix that, we call drain_call_rcu() to run the callback
setup by bus_remove_child() via object_unparent().
Fixes: 2d24a6466154 ("device-core: use RCU for list of children of a bus")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <
20210308143232.83388-1-anthony.perard@citrix.com>
Peter Maydell [Tue, 23 Mar 2021 10:50:44 +0000 (10:50 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,virtio,pci: fixes, features
Fixes all over the place.
ACPI index support.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 22 Mar 2021 22:58:45 GMT
# gpg: using RSA key
5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
acpi: Move setters/getters of oem fields to X86MachineState
acpi: Set proper maximum size for "etc/acpi/rsdp" blob
acpi: Move maximum size logic into acpi_add_rom_blob()
microvm: Don't open-code "etc/table-loader"
acpi: Set proper maximum size for "etc/table-loader" blob
tests: acpi: update expected blobs
pci: acpi: add _DSM method to PCI devices
acpi: add aml_to_decimalstring() and aml_call6() helpers
pci: acpi: ensure that acpi-index is unique
pci: introduce acpi-index property for PCI device
tests: acpi: temporary whitelist DSDT changes
virtio-pmem: fix virtio_pmem_resp assign problem
vhost-user: Monitor slave channel in vhost_user_read()
vhost-user: Introduce nested event loop in vhost_user_read()
vhost-user: Convert slave channel to QIOChannelSocket
vhost-user: Factor out duplicated slave_fd teardown code
vhost-user: Fix double-close on slave_read() error path
vhost-user: Drop misleading EAGAIN checks in slave_read()
virtio: Fix virtio_mmio_read()/virtio_mmio_write()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 14 Mar 2021 16:39:27 +0000 (16:39 +0000)]
include/ui/console.h: Delete is_surface_bgr()
The function is_surface_bgr() is no longer used anywhere,
so we can delete it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210314163927.1184-1-peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zihao Chang [Tue, 16 Mar 2021 07:58:45 +0000 (15:58 +0800)]
qmp: add new qmp display-reload
This patch provides a new qmp to reload display configuration
without restart VM, but only reloading the vnc tls certificates
is implemented.
Example:
{"execute": "display-reload", "arguments":{"type": "vnc", "tls-certs": true}}
Signed-off-by: Zihao Chang <changzihao1@huawei.com>
Message-Id: <
20210316075845.1476-4-changzihao1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zihao Chang [Tue, 16 Mar 2021 07:58:44 +0000 (15:58 +0800)]
vnc: support reload x509 certificates for vnc
This patch add vnc_display_reload_certs() to support
update x509 certificates.
Signed-off-by: Zihao Chang <changzihao1@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210316075845.1476-3-changzihao1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zihao Chang [Tue, 16 Mar 2021 07:58:43 +0000 (15:58 +0800)]
crypto: add reload for QCryptoTLSCredsClass
This patch adds reload interface for QCryptoTLSCredsClass and implements
the interface for QCryptoTLSCredsX509.
Signed-off-by: Zihao Chang <changzihao1@huawei.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210316075845.1476-2-changzihao1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Georg Kotheimer [Mon, 22 Mar 2021 12:16:09 +0000 (13:16 +0100)]
target/riscv: Prevent lost illegal instruction exceptions
When decode_insn16() fails, we fall back to decode_RV32_64C() for
further compressed instruction decoding. However, prior to this change,
we did not raise an illegal instruction exception, if decode_RV32_64C()
fails to decode the instruction. This means that we skipped illegal
compressed instructions instead of raising an illegal instruction
exception.
Instead of patching decode_RV32_64C(), we can just remove it,
as it is dead code since
f330433b363 anyway.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210322121609.
3097928-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Mon, 22 Mar 2021 07:52:48 +0000 (15:52 +0800)]
docs/system: riscv: Add documentation for 'microchip-icicle-kit' machine
This adds the documentation to describe what is supported for the
'microchip-icicle-kit' machine, and how to boot the machine in QEMU.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210322075248.136255-2-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Mon, 22 Mar 2021 07:52:47 +0000 (15:52 +0800)]
hw/riscv: microchip_pfsoc: Map EMMC/SD mux register
Since HSS commit
c20a89f8dcac, the Icicle Kit reference design has
been updated to use a register mapped at 0x4f000000 instead of a
GPIO to control whether eMMC or SD card is to be used. With this
support the same HSS image can be used for both eMMC and SD card
boot flow, while previously two different board configurations were
used. This is undocumented but one can take a look at the HSS code
HSS_MMCInit() in services/mmc/mmc_api.c.
With this commit, HSS image built from 2020.12 release boots again.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210322075248.136255-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Sat, 6 Mar 2021 06:01:52 +0000 (14:01 +0800)]
hw/block: m25p80: Support fast read for SST flashes
Per SST25VF016B datasheet [1], SST flash requires a dummy byte after
the address bytes. Note only SPI mode is supported by SST flashes.
[1] http://ww1.microchip.com/downloads/en/devicedoc/s71271_04.pdf
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210306060152.7250-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Georg Kotheimer [Fri, 19 Mar 2021 14:14:59 +0000 (15:14 +0100)]
target/riscv: Add proper two-stage lookup exception detection
The current two-stage lookup detection in riscv_cpu_do_interrupt falls
short of its purpose, as all it checks is whether two-stage address
translation either via the hypervisor-load store instructions or the
MPRV feature would be allowed.
What we really need instead is whether two-stage address translation was
active when the exception was raised. However, in riscv_cpu_do_interrupt
we do not have the information to reliably detect this. Therefore, when
we raise a memory fault exception we have to record whether two-stage
address translation is active.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210319141459.
1196741-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Georg Kotheimer [Thu, 11 Mar 2021 09:47:38 +0000 (10:47 +0100)]
target/riscv: Fix read and write accesses to vsip and vsie
The previous implementation was broken in many ways:
- Used mideleg instead of hideleg to mask accesses
- Used MIP_VSSIP instead of VS_MODE_INTERRUPTS to mask writes to vsie
- Did not shift between S bits and VS bits (VSEIP <-> SEIP, ...)
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210311094738.
1376795-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Asherah Connor [Thu, 18 Mar 2021 23:50:41 +0000 (10:50 +1100)]
hw/riscv: allow ramfb on virt
Allow ramfb on virt. This lets `-device ramfb' work.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210318235041.17175-3-ashe@kivikakk.ee
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Asherah Connor [Thu, 18 Mar 2021 23:50:40 +0000 (10:50 +1100)]
hw/riscv: Add fw_cfg support to virt
Provides fw_cfg for the virt machine on riscv. This enables
using e.g. ramfb later.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210318235041.17175-2-ashe@kivikakk.ee
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Georg Kotheimer [Thu, 11 Mar 2021 10:30:36 +0000 (11:30 +0100)]
target/riscv: Use background registers also for MSTATUS_MPV
The current condition for the use of background registers only
considers the hypervisor load and store instructions,
but not accesses from M mode via MSTATUS_MPRV+MPV.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210311103036.
1401073-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Georg Kotheimer [Thu, 11 Mar 2021 09:49:02 +0000 (10:49 +0100)]
target/riscv: Make VSTIP and VSEIP read-only in hip
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210311094902.
1377593-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Georg Kotheimer [Thu, 11 Mar 2021 10:30:05 +0000 (11:30 +0100)]
target/riscv: Adjust privilege level for HLV(X)/HSV instructions
According to the specification the "field SPVP of hstatus controls the
privilege level of the access" for the hypervisor virtual-machine load
and store instructions HLV, HLVX and HSV.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210311103005.
1400718-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Sun, 21 Feb 2021 14:01:22 +0000 (22:01 +0800)]
target/riscv: flush TLB pages if PMP permission has been changed
If PMP permission of any address has been changed by updating PMP entry,
flush all TLB pages to prevent from getting old permission.
Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
1613916082-19528-4-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Sun, 21 Feb 2021 14:01:21 +0000 (22:01 +0800)]
target/riscv: add log of PMP permission checking
Like MMU translation, add qemu log of PMP permission checking for
debugging.
Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
1613916082-19528-3-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Sun, 21 Feb 2021 14:01:20 +0000 (22:01 +0800)]
target/riscv: propagate PMP permission to TLB page
Currently, PMP permission checking of TLB page is bypassed if TLB hits
Fix it by propagating PMP permission to TLB page permission.
PMP permission checking also use MMU-style API to change TLB permission
and size.
Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
1613916082-19528-2-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alexander Wagner [Tue, 9 Mar 2021 15:21:30 +0000 (16:21 +0100)]
hw/char: disable ibex uart receive if the buffer is full
Not disabling the UART leads to QEMU overwriting the UART receive buffer with
the newest received byte. The rx_level variable is added to allow the use of
the existing OpenTitan driver libraries.
Signed-off-by: Alexander Wagner <alexander.wagner@ulal.de>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210309152130.13038-1-alexander.wagner@ulal.de
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Tue, 23 Feb 2021 06:59:32 +0000 (14:59 +0800)]
target/riscv: fix vs() to return proper error code
vs() should return -RISCV_EXCP_ILLEGAL_INST instead of -1 if rvv feature
is not enabled.
If -1 is returned, exception will be raised and cs->exception_index will
be set to the negative return value. The exception will then be treated
as an instruction access fault instead of illegal instruction fault.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id:
20210223065935.20208-1-frank.chang@sifive.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Marian Postevca [Sun, 21 Feb 2021 00:17:36 +0000 (02:17 +0200)]
acpi: Move setters/getters of oem fields to X86MachineState
The code that sets/gets oem fields is duplicated in both PC and MICROVM
variants. This commit moves it to X86MachineState so that all x86
variants can use it and duplication is removed.
Signed-off-by: Marian Postevca <posteuca@mutex.one>
Message-Id: <
20210221001737.24499-2-posteuca@mutex.one>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
David Hildenbrand [Thu, 4 Mar 2021 10:55:54 +0000 (11:55 +0100)]
acpi: Set proper maximum size for "etc/acpi/rsdp" blob
Let's also set a maximum size for "etc/acpi/rsdp", so the maximum
size doesn't get implicitly set based on the initial table size. In my
experiments, the table size was in the range of 22 bytes, so a single
page (== what we used until now) seems to be good enough.
Now that we have defined maximum sizes for all currently used table types,
let's assert that we catch usage with new tables that need a proper maximum
size definition.
Also assert that our initial size does not exceed the maximum size; while
qemu_ram_alloc_internal() properly asserts that the initial RAMBlock size
is <= its maximum size, the result might differ when the host page size
is bigger than 4k.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Cc: Alistair Francis <alistair.francis@xilinx.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Shannon Zhao <shannon.zhaosl@gmail.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <
20210304105554.121674-5-david@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
David Hildenbrand [Thu, 4 Mar 2021 10:55:53 +0000 (11:55 +0100)]
acpi: Move maximum size logic into acpi_add_rom_blob()
We want to have safety margins for all tables based on the table type.
Let's move the maximum size logic into acpi_add_rom_blob() and make it
dependent on the table name, so we don't have to replicate for each and
every instance that creates such tables.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Cc: Alistair Francis <alistair.francis@xilinx.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Shannon Zhao <shannon.zhaosl@gmail.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <
20210304105554.121674-4-david@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
David Hildenbrand [Thu, 4 Mar 2021 10:55:52 +0000 (11:55 +0100)]
microvm: Don't open-code "etc/table-loader"
Let's just reuse ACPI_BUILD_LOADER_FILE.
Cc: Alistair Francis <alistair.francis@xilinx.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Shannon Zhao <shannon.zhaosl@gmail.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <
20210304105554.121674-3-david@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
David Hildenbrand [Thu, 4 Mar 2021 10:55:51 +0000 (11:55 +0100)]
acpi: Set proper maximum size for "etc/table-loader" blob
The resizeable memory region / RAMBlock that is created for the cmd blob
has a maximum size of whole host pages (e.g., 4k), because RAMBlocks
work on full host pages. In addition, in i386 ACPI code:
acpi_align_size(tables->linker->cmd_blob, ACPI_BUILD_ALIGN_SIZE);
makes sure to align to multiples of 4k, padding with 0.
For example, if our cmd_blob is created with a size of 2k, the maximum
size is 4k - we cannot grow beyond that. Growing might be required
due to guest action when rebuilding the tables, but also on incoming
migration.
This automatic generation of the maximum size used to be sufficient,
however, there are cases where we cross host pages now when growing at
runtime: we exceed the maximum size of the RAMBlock and can crash QEMU when
trying to resize the resizeable memory region / RAMBlock:
$ build/qemu-system-x86_64 --enable-kvm \
-machine q35,nvdimm=on \
-smp 1 \
-cpu host \
-m size=2G,slots=8,maxmem=4G \
-object memory-backend-file,id=mem0,mem-path=/tmp/nvdimm,size=256M \
-device nvdimm,label-size=131072,memdev=mem0,id=nvdimm0,slot=1 \
-nodefaults \
-device vmgenid \
-device intel-iommu
Results in:
Unexpected error in qemu_ram_resize() at ../softmmu/physmem.c:1850:
qemu-system-x86_64: Size too large: /rom@etc/table-loader:
0x2000 > 0x1000: Invalid argument
In this configuration, we consume exactly 4k (32 entries, 128 bytes each)
when creating the VM. However, once the guest boots up and maps the MCFG,
we also create the MCFG table and end up consuming 2 additional entries
(pointer + checksum) -- which is where we try resizing the memory region
/ RAMBlock, however, the maximum size does not allow for it.
Currently, we get the following maximum sizes for our different
mutable tables based on behavior of resizeable RAMBlock:
hw table max_size
------- ---------------------------------------------------------
virt "etc/acpi/tables" ACPI_BUILD_TABLE_MAX_SIZE (0x200000)
virt "etc/table-loader" HOST_PAGE_ALIGN(initial_size)
virt "etc/acpi/rsdp" HOST_PAGE_ALIGN(initial_size)
i386 "etc/acpi/tables" ACPI_BUILD_TABLE_MAX_SIZE (0x200000)
i386 "etc/table-loader" HOST_PAGE_ALIGN(initial_size)
i386 "etc/acpi/rsdp" HOST_PAGE_ALIGN(initial_size)
microvm "etc/acpi/tables" ACPI_BUILD_TABLE_MAX_SIZE (0x200000)
microvm "etc/table-loader" HOST_PAGE_ALIGN(initial_size)
microvm "etc/acpi/rsdp" HOST_PAGE_ALIGN(initial_size)
Let's set the maximum table size for "etc/table-loader" to 64k, so we
can properly grow at runtime, which should be good enough for the future.
Migration is not concerned with the maximum size of a RAMBlock, only
with the used size - so existing setups are not affected. Of course, we
cannot migrate a VM that would have crash when started on older QEMU from
new QEMU to older QEMU without failing early on the destination when
synchronizing the RAM state:
qemu-system-x86_64: Size too large: /rom@etc/table-loader: 0x2000 > 0x1000: Invalid argument
qemu-system-x86_64: error while loading state for instance 0x0 of device 'ram'
qemu-system-x86_64: load of migration failed: Invalid argument
We'll refactor the code next, to make sure we get rid of this implicit
behavior for "etc/acpi/rsdp" as well and to make the code easier to
grasp.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Cc: Alistair Francis <alistair.francis@xilinx.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Shannon Zhao <shannon.zhaosl@gmail.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <
20210304105554.121674-2-david@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:01:02 +0000 (14:01 -0400)]
tests: acpi: update expected blobs
expected changes are:
* larger BNMR operation region
* new PIDX field and method to fetch acpi-index
* PDSM method that implements PCI device _DSM +
per device _DSM that calls PDSM
@@ -221,10 +221,11 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
B0EJ, 32
}
- OperationRegion (BNMR, SystemIO, 0xAE10, 0x04)
+ OperationRegion (BNMR, SystemIO, 0xAE10, 0x08)
Field (BNMR, DWordAcc, NoLock, WriteAsZeros)
{
- BNUM, 32
+ BNUM, 32,
+ PIDX, 32
}
Mutex (BLCK, 0x00)
@@ -236,6 +237,52 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
Release (BLCK)
Return (Zero)
}
+
+ Method (AIDX, 2, NotSerialized)
+ {
+ Acquire (BLCK, 0xFFFF)
+ BNUM = Arg0
+ PIDX = (One << Arg1)
+ Local0 = PIDX /* \_SB_.PCI0.PIDX */
+ Release (BLCK)
+ Return (Local0)
+ }
+
+ Method (PDSM, 6, Serialized)
+ {
+ If ((Arg0 == ToUUID ("
e5c937d0-3553-4d7a-9117-
ea4d19c3434d") /* Device Labeling Interface */))
+ {
+ Local0 = AIDX (Arg4, Arg5)
+ If ((Arg2 == Zero))
+ {
+ If ((Arg1 == 0x02))
+ {
+ If (!((Local0 == Zero) | (Local0 == 0xFFFFFFFF)))
+ {
+ Return (Buffer (One)
+ {
+ 0x81 // .
+ })
+ }
+ }
+
+ Return (Buffer (One)
+ {
+ 0x00 // .
+ })
+ }
+ ElseIf ((Arg2 == 0x07))
+ {
+ Local1 = Package (0x02)
+ {
+ Zero,
+ ""
+ }
+ Local1 [Zero] = Local0
+ Return (Local1)
+ }
+ }
+ }
}
Scope (_SB)
@@ -785,7 +832,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
0xAE00, // Range Minimum
0xAE00, // Range Maximum
0x01, // Alignment
- 0x14, // Length
+ 0x18, // Length
)
})
}
@@ -842,11 +889,22 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
Device (S00)
{
Name (_ADR, Zero) // _ADR: Address
+ Name (_SUN, Zero) // _SUN: Slot User Number
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
}
Device (S10)
{
Name (_ADR, 0x00020000) // _ADR: Address
+ Name (_SUN, 0x02) // _SUN: Slot User Number
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
+
Method (_S1D, 0, NotSerialized) // _S1D: S1 Device State
{
Return (Zero)
[...]
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:01:01 +0000 (14:01 -0400)]
pci: acpi: add _DSM method to PCI devices
Implement _DSM according to:
PCI Firmware Specification 3.1
4.6.7. DSM for Naming a PCI or PCI Express Device Under
Operating Systems
and wire it up to cold and hot-plugged PCI devices.
Feature depends on ACPI hotplug being enabled (as that provides
PCI devices descriptions in ACPI and MMIO registers that are
reused to fetch acpi-index).
acpi-index should work for
- cold plugged NICs:
$QEMU -device e1000,acpi-index=100
=> 'eno100'
- hot-plugged
(monitor) device_add e1000,acpi-index=200,id=remove_me
=> 'eno200'
- re-plugged
(monitor) device_del remove_me
(monitor) device_add e1000,acpi-index=1
=> 'eno1'
Windows also sees index under "PCI Label Id" field in properties
dialog but otherwise it doesn't seem to have any effect.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-6-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:01:00 +0000 (14:01 -0400)]
acpi: add aml_to_decimalstring() and aml_call6() helpers
it will be used by follow up patches
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-5-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:00:59 +0000 (14:00 -0400)]
pci: acpi: ensure that acpi-index is unique
it helps to avoid device naming conflicts when guest OS is
configured to use acpi-index for naming.
Spec ialso says so:
PCI Firmware Specification Revision 3.2
4.6.7. _DSM for Naming a PCI or PCI Express Device Under Operating Systems
"
Instance number must be unique under \_SB scope. This instance number does not have to
be sequential in a given system configuration.
"
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-4-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:00:58 +0000 (14:00 -0400)]
pci: introduce acpi-index property for PCI device
In x86/ACPI world, linux distros are using predictable
network interface naming since systemd v197. Which on
QEMU based VMs results into path based naming scheme,
that names network interfaces based on PCI topology.
With itm on has to plug NIC in exactly the same bus/slot,
which was used when disk image was first provisioned/configured
or one risks to loose network configuration due to NIC being
renamed to actually used topology.
That also restricts freedom to reshape PCI configuration of
VM without need to reconfigure used guest image.
systemd also offers "onboard" naming scheme which is
preferred over PCI slot/topology one, provided that
firmware implements:
"
PCI Firmware Specification 3.1
4.6.7. DSM for Naming a PCI or PCI Express Device Under
Operating Systems
"
that allows to assign user defined index to PCI device,
which systemd will use to name NIC. For example, using
-device e1000,acpi-index=100
guest will rename NIC to 'eno100', where 'eno' is default
prefix for "onboard" naming scheme. This doesn't require
any advance configuration on guest side to com in effect
at 'onboard' scheme takes priority over path based naming.
Hope is that 'acpi-index' it will be easier to consume by
management layer, compared to forcing specific PCI topology
and/or having several disk image templates for different
topologies and will help to simplify process of spawning
VM from the same template without need to reconfigure
guest NIC.
This patch adds, 'acpi-index'* property and wires up
a 32bit register on top of pci hotplug register block
to pass index value to AML code at runtime.
Following patch will add corresponding _DSM code and
wire it up to PCI devices described in ACPI.
*) name comes from linux kernel terminology
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Mon, 15 Mar 2021 18:00:57 +0000 (14:00 -0400)]
tests: acpi: temporary whitelist DSDT changes
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210315180102.
3008391-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Mon, 22 Mar 2021 18:50:25 +0000 (18:50 +0000)]
Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-
20210322' into staging
SD/MMC patches queue
- Fix build error when DEBUG_SD is on
- Perform SD ERASE operation
- SDHCI ADMA heap buffer overflow
(CVE-2020-17380, CVE-2020-25085, CVE-2021-3409)
# gpg: Signature made Mon 22 Mar 2021 17:13:43 GMT
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/sdmmc-
20210322:
hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] when a different block size is programmed
hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE register is writable
hw/sd: sdhci: Correctly set the controller status for ADMA
hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress
hw/sd: sdhci: Don't transfer any data when command time out
hw/sd: sd: Actually perform the erase operation
hw/sd: sd: Fix build error when DEBUG_SD is on
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bin Meng [Wed, 3 Mar 2021 12:26:39 +0000 (20:26 +0800)]
hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] when a different block size is programmed
If the block size is programmed to a different value from the
previous one, reset the data pointer of s->fifo_buffer[] so that
s->fifo_buffer[] can be filled in using the new block size in
the next transfer.
With this fix, the following reproducer:
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001001
outl 0xcfc 0x06000000
write 0xe000002c 0x1 0x05
write 0xe0000005 0x1 0x02
write 0xe0000007 0x1 0x01
write 0xe0000028 0x1 0x10
write 0x0 0x1 0x23
write 0x2 0x1 0x08
write 0xe000000c 0x1 0x01
write 0xe000000e 0x1 0x20
write 0xe000000f 0x1 0x00
write 0xe000000c 0x1 0x32
write 0xe0000004 0x2 0x0200
write 0xe0000028 0x1 0x00
write 0xe0000003 0x1 0x40
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-6-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Wed, 3 Mar 2021 12:26:38 +0000 (20:26 +0800)]
hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE register is writable
The codes to limit the maximum block size is only necessary when
SDHC_BLKSIZE register is writable.
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-5-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Wed, 3 Mar 2021 12:26:37 +0000 (20:26 +0800)]
hw/sd: sdhci: Correctly set the controller status for ADMA
When an ADMA transfer is started, the codes forget to set the
controller status to indicate a transfer is in progress.
With this fix, the following 2 reproducers:
https://paste.debian.net/plain/
1185136
https://paste.debian.net/plain/
1185141
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-4-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Wed, 3 Mar 2021 12:26:36 +0000 (20:26 +0800)]
hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in progress
Per "SD Host Controller Standard Specification Version 7.00"
chapter 2.2.1 SDMA System Address Register:
This register can be accessed only if no transaction is executing
(i.e., after a transaction has stopped).
With this fix, the following reproducer:
outl 0xcf8 0x80001010
outl 0xcfc 0xfbefff00
outl 0xcf8 0x80001001
outl 0xcfc 0x06000000
write 0xfbefff2c 0x1 0x05
write 0xfbefff0f 0x1 0x37
write 0xfbefff0a 0x1 0x01
write 0xfbefff0f 0x1 0x29
write 0xfbefff0f 0x1 0x02
write 0xfbefff0f 0x1 0x03
write 0xfbefff04 0x1 0x01
write 0xfbefff05 0x1 0x01
write 0xfbefff07 0x1 0x02
write 0xfbefff0c 0x1 0x33
write 0xfbefff0e 0x1 0x20
write 0xfbefff0f 0x1 0x00
write 0xfbefff2a 0x1 0x01
write 0xfbefff0c 0x1 0x00
write 0xfbefff03 0x1 0x00
write 0xfbefff05 0x1 0x00
write 0xfbefff2a 0x1 0x02
write 0xfbefff0c 0x1 0x32
write 0xfbefff01 0x1 0x01
write 0xfbefff02 0x1 0x01
write 0xfbefff03 0x1 0x01
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-3-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Wed, 3 Mar 2021 12:26:35 +0000 (20:26 +0800)]
hw/sd: sdhci: Don't transfer any data when command time out
At the end of sdhci_send_command(), it starts a data transfer if the
command register indicates data is associated. But the data transfer
should only be initiated when the command execution has succeeded.
With this fix, the following reproducer:
outl 0xcf8 0x80001810
outl 0xcfc 0xe1068000
outl 0xcf8 0x80001804
outw 0xcfc 0x7
write 0xe106802c 0x1 0x0f
write 0xe1068004 0xc 0x2801d10101fffffbff28a384
write 0xe106800c 0x1f 0x9dacbbcad9e8f7061524334251606f7e8d9cabbac9d8e7f60514233241505f
write 0xe1068003 0x28 0x80d000251480d000252280d000253080d000253e80d000254c80d000255a80d000256880d0002576
write 0xe1068003 0x1 0xfe
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -M pc-q35-5.0 \
-device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive \
-monitor none -serial none -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-2-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Sat, 20 Feb 2021 08:58:13 +0000 (16:58 +0800)]
hw/sd: sd: Actually perform the erase operation
At present the sd_erase() does not erase the requested range of card
data to 0xFFs. Let's make the erase operation actually happen.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <
1613811493-58815-1-git-send-email-bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Bin Meng [Sun, 28 Feb 2021 05:06:09 +0000 (13:06 +0800)]
hw/sd: sd: Fix build error when DEBUG_SD is on
"qemu-common.h" should be included to provide the forward declaration
of qemu_hexdump() when DEBUG_SD is on.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210228050609.24779-1-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Peter Maydell [Mon, 22 Mar 2021 14:26:13 +0000 (14:26 +0000)]
Merge remote-tracking branch 'remotes/philmd/tags/mips-fixes-
20210322' into staging
MIPS patches queue
- Fix array overrun (Coverity CID
1450831)
- Deprecate KVM TE (Trap-and-Emul)
# gpg: Signature made Mon 22 Mar 2021 14:06:48 GMT
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/mips-fixes-
20210322:
target/mips: Deprecate Trap-and-Emul KVM support
target/mips/mxu_translate.c: Fix array overrun for D16MIN/D16MAX
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Wang Liang [Wed, 17 Mar 2021 02:41:45 +0000 (22:41 -0400)]
virtio-pmem: fix virtio_pmem_resp assign problem
ret in virtio_pmem_resp is a uint32_t variable, which should be assigned
using virtio_stl_p.
The kernel side driver does not guarantee virtio_pmem_resp to be initialized
to zero in advance, So sometimes the flush operation will fail.
Signed-off-by: Wang Liang <wangliangzz@inspur.com>
Message-Id: <
20210317024145.271212-1-wangliangzz@126.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 09:22:11 +0000 (10:22 +0100)]
vhost-user: Monitor slave channel in vhost_user_read()
Now that everything is in place, have the nested event loop to monitor
the slave channel. The source in the main event loop is destroyed and
recreated to ensure any pending even for the slave channel that was
previously detected is purged. This guarantees that the main loop
wont invoke slave_read() based on an event that was already handled
by the nested loop.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210312092212.782255-7-groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 09:22:10 +0000 (10:22 +0100)]
vhost-user: Introduce nested event loop in vhost_user_read()
A deadlock condition potentially exists if a vhost-user process needs
to request something to QEMU on the slave channel while processing a
vhost-user message.
This doesn't seem to affect any vhost-user implementation so far, but
this is currently biting the upcoming enablement of DAX with virtio-fs.
The issue is being observed when the guest does an emergency reboot while
a mapping still exits in the DAX window, which is very easy to get with
a busy enough workload (e.g. as simulated by blogbench [1]) :
- QEMU sends VHOST_USER_GET_VRING_BASE to virtiofsd.
- In order to complete the request, virtiofsd then asks QEMU to remove
the mapping on the slave channel.
All these dialogs are synchronous, hence the deadlock.
As pointed out by Stefan Hajnoczi:
When QEMU's vhost-user master implementation sends a vhost-user protocol
message, vhost_user_read() does a "blocking" read during which slave_fd
is not monitored by QEMU.
The natural solution for this issue is an event loop. The main event
loop cannot be nested though since we have no guarantees that its
fd handlers are prepared for re-entrancy.
Introduce a new event loop that only monitors the chardev I/O for now
in vhost_user_read() and push the actual reading to a one-shot handler.
A subsequent patch will teach the loop to monitor and process messages
from the slave channel as well.
[1] https://github.com/jedisct1/Blogbench
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210312092212.782255-6-groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
projects / qemu.git / log