Ilya Leoshkevich [Mon, 24 Jul 2023 08:15:56 +0000 (10:15 +0200)]
target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs
CONVERT TO LOGICAL/FIXED deviate from IEEE 754 in that they raise an
inexact exception on out-of-range inputs. float_flag_invalid_cvti
aligns nicely with that behavior, so convert it to
S390_IEEE_MASK_INEXACT.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <
20230724082032.66864-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Mon, 24 Jul 2023 08:15:55 +0000 (10:15 +0200)]
target/s390x: Fix CLM with M3=0
When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <
20230724082032.66864-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Mon, 24 Jul 2023 08:15:54 +0000 (10:15 +0200)]
target/s390x: Make CKSM raise an exception if R2 is odd
R2 designates an even-odd register pair; the instruction should raise
a specification exception when R2 is not even.
Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <
20230724082032.66864-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Peter Maydell [Mon, 24 Jul 2023 10:34:35 +0000 (11:34 +0100)]
Merge tag 'pull-riscv-to-apply-
20230723-3' of https://github.com/alistair23/qemu into staging
Fifth RISC-V PR for 8.1
* roms/opensbi: Upgrade from v1.3 to v1.3.1
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmS88+wACgkQr3yVEwxT
# gBNxwA//ZJxbSN4LR+5Cs12tW1ad4GMfkMyoRHp6CN6ZFA38W3xjvchqEAKMlk9C
# S8GHfoGukk0+dxqZ6QID/GTgaR0aH09WVFkr4SzWCvvFaJFnzU+wJknQv7aLOT/M
# yFflWbpUFM/JJlpouskSqG1eMjcC4P2ZD8e5CiP1OqRgzQ0HyQi99ADVpFMzET6X
# xP9LfFKvgaOrsTUJAGrnJ3EUkJIx9e1yTBm7wt+tREIj7peLZuwUGG6+vPAXnEq2
# JpAnFHlsiDWfOf72bIZt7Gw9AS64f6ej6IvtqhfjF5a7nOhPb0soejilIsvnTVS7
# akp4Ip2TQ8wULb4wehHPkmo882mzacmeHHsxPAzgW+FKbSK+LKiDvesJk0suO+SW
# 4tCL6xo2gFrTgSUxo762myTN6u5JxkPZnLJV7Lw/nfWJ04DYaZWJ4KdZ39HH+34/
# 1jNt1SXK/WF1DlXoRkRnQtzeenhIvmlSOtyhPhpAjSXHnwk5vfnarq/EAcKx2t+B
# OHWDwQlWgnZ/53m0EwBB91IDW4dMMc7CwTw8VPDjUQeRk8JFhrRjnY4TdT/LGBZt
# 87AfKEH8RPo0mIbDou7/bjXwraW647SzlZhrCfyNNyNQ4fo1z3Qo5tO5liloiBQb
# SRdhdZ6UCg6epokVuvaRPH+TMmMGWad6n4GKGqXa1edK1yCIKEE=
# =pNh6
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 23 Jul 2023 10:33:32 BST
# gpg: using RSA key
6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-
20230723-3' of https://github.com/alistair23/qemu:
roms/opensbi: Upgrade from v1.3 to v1.3.1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 24 Jul 2023 10:34:08 +0000 (11:34 +0100)]
Merge tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu into staging
Revert "linux-user: Fix qemu-arm to run static armhf binaries"
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS8Cj4PHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5ZLdsH/A7uTAODHopQnUGySPpHAT9uPjf6A21eZnnE
# MAcd3w+iEnrleJbpSftaZfKBKEUEN/vPPXg8nfCxhtfvgWUoHlglR3EoeTU+viFG
# cW7YO2LG9EbITL62uWDM6blVJzh7OHq+IjUf9xYuErnpREyXMvmGGAlRRjAN2yUz
# 3TMQ35JBNuSay2hwvC12jj4AqsmCEFBxvUiJkrrQTFeCVa+Gj/A9xoH7NWSrkW5F
# YE1qIfc2lCQFuWag3+Iag1PtTmj4oeW2LmLCJpxc75XnRqcl7MKK2mNhNJ012kun
# YZtySEG35t4x4Pyf11dhydtv4fbe5K+L0OjMf444zzEcW7TJ840=
# =Cp7j
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 22 Jul 2023 17:56:30 BST
# gpg: using RSA key
7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg: issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [full]
# gpg: aka "Michael Tokarev <mjt@debian.org>" [full]
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59
* tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu:
Revert "linux-user: Fix qemu-arm to run static armhf binaries"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 24 Jul 2023 10:34:01 +0000 (11:34 +0100)]
Merge tag 'pull-tcg-
20230724' of https://gitlab.com/rth7680/qemu into staging
accel/tcg: Zero-pad vaddr in tlb debug output
accel/tcg: Fix type of 'last' for pageflags_{find,next}
accel/tcg: Fix sense of read-only probes in ldst_atomicity
accel/tcg: Take mmap_lock in load_atomic*_or_exit
tcg: Add earlyclobber to op_add2 for x86 and s390x
tcg/ppc: Fix race in goto_tb implementation
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmS+O7cdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8qrAf/VeAFnMbtantUTfM5
# zOcfBlutsDlJrNwA/ajFDrPwUDewP7s5cqxImAYqhXfhqlc2RIB3UiMCgSaQ+q6O
# MBOH0bEj/zbeIlwRX07ZBWhUYVdqJVd7Nxb1W19YwgG9yieWUxa+Xo1i2fhyXMv+
# 20VOFB1dPnxYyUMrzh/bSiHE90JFZktO1WzV10FRD+IpnImY9R+YGdpGTpVzUhor
# ReRHTkMKyYilY6EEUG2gFhotrY/bbSSSFyl9BcQjkZh11603nAN0mNKxtSjPJnNB
# rXhCVEgmbbBvCufsO6szQ03W/7RZ/KCg/DyKqxyCP1Ril4BIOx3tiucROcapXH/K
# 0y/ycA==
# =hdk/
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jul 2023 09:52:07 BST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-tcg-
20230724' of https://gitlab.com/rth7680/qemu:
accel/tcg: Fix type of 'last' for pageflags_{find,next}
accel/tcg: Zero-pad vaddr in tlb_debug output
tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output
accel/tcg: Take mmap_lock in load_atomic*_or_exit
accel/tcg: Fix sense of read-only probes in ldst_atomicity
include/exec: Add WITH_MMAP_LOCK_GUARD
tcg/ppc: Fix race in goto_tb implementation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luca Bonissi [Sun, 23 Jul 2023 17:31:58 +0000 (18:31 +0100)]
accel/tcg: Fix type of 'last' for pageflags_{find,next}
These should match 'start' as target_ulong, not target_long.
On 32bit targets, the parameter was sign-extended to uint64_t,
so only the first mmap within the upper 2GB memory can succeed.
Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Message-Id: <
327460e2-0ebd-9edb-426b-
1df80d16c32a@bonslack.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Thu, 13 Jul 2023 12:07:46 +0000 (14:07 +0200)]
accel/tcg: Zero-pad vaddr in tlb_debug output
In replacing target_ulong with vaddr and TARGET_FMT_lx with VADDR_PRIx,
the zero-padding of TARGET_FMT_lx got lost. Readd 16-wide zero-padding
for logging consistency.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <
20230713120746.26897-1-anjo@rev.ng>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Wed, 19 Jul 2023 22:11:18 +0000 (00:11 +0200)]
tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output
i386 and s390x implementations of op_add2 require an earlyclobber,
which is currently missing. This breaks VCKSM in s390x guests. E.g., on
x86_64 the following op:
add2_i32 tmp2,tmp3,tmp2,tmp3,tmp3,tmp2 dead: 0 2 3 4 5 pref=none,0xffff
is translated to:
addl %ebx, %r12d
adcl %r12d, %ebx
Introduce a new C_N1_O1_I4 constraint, and make sure that earlyclobber
of aliased outputs is honored.
Cc: qemu-stable@nongnu.org
Fixes: 82790a870992 ("tcg: Add markup for output requires new register")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230719221310.
1968845-7-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Sun, 16 Jul 2023 16:54:16 +0000 (16:54 +0000)]
accel/tcg: Take mmap_lock in load_atomic*_or_exit
For user-only, the probe for page writability may race with another
thread's mprotect. Take the mmap_lock around the operation. This
is still faster than the start/end_exclusive fallback.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Sat, 22 Jul 2023 10:23:06 +0000 (11:23 +0100)]
accel/tcg: Fix sense of read-only probes in ldst_atomicity
In the initial commit,
cdfac37be0d, the sense of the test is incorrect,
as the -1/0 return was confusing. In
bef6f008b981, we mechanically
invert all callers while changing to false/true return, preserving the
incorrectness of the test.
Now that the return sense is sane, it's easy to see that if !write,
then the page is not modifiable (i.e. most likely read-only, with
PROT_NONE handled via SIGSEGV).
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 17 Jul 2023 18:58:58 +0000 (19:58 +0100)]
include/exec: Add WITH_MMAP_LOCK_GUARD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Jordan Niethe [Mon, 17 Jul 2023 09:30:01 +0000 (19:30 +1000)]
tcg/ppc: Fix race in goto_tb implementation
Commit
20b6643324 ("tcg/ppc: Reorg goto_tb implementation") modified
goto_tb to ensure only a single instruction was patched to prevent
incorrect behavior if a thread was in the middle of multiple
instructions when they were replaced. However this introduced a race
between loading the jmp target into TCG_REG_TB and patching and
executing the direct branch.
The relevant part of the goto_tb implementation:
ld TCG_REG_TB, TARGET_ADDR_LOCATION(TCG_REG_TB)
patch_location:
mtctr TCG_REG_TB
bctr
tb_target_set_jmp_target() will replace 'patch_location' with a direct
branch if the target is in range. The direct branch now relies on
TCG_REG_TB being set up correctly by the ld. Prior to this commit
multiple instructions were patched in for the direct branch case; these
instructions would initialize TCG_REG_TB to the same value as the branch
target.
Imagine the following sequence:
1) Thread A is executing the goto_tb sequence and loads the jmp
target into TCG_REG_TB.
2) Thread B updates the jmp target address and calls
tb_target_set_jmp_target(). This patches a new direct branch into the
goto_tb sequence.
3) Thread A executes the newly patched direct branch. The value in
TCG_REG_TB still contains the old jmp target.
TCG_REG_TB MUST contain the translation block's tc.ptr. Execution will
eventually crash after performing memory accesses generated from a
faulty value in TCG_REG_TB.
This presents as segfaults or illegal instruction exceptions.
Do not revert commit
20b6643324 as it did fix a different race
condition. Instead remove the direct branch optimization and always use
indirect branches.
The direct branch optimization can be re-added later with a race free
sequence.
Fixes: 20b6643324 ("tcg/ppc: Reorg goto_tb implementation")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1726
Reported-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Co-developed-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Message-Id: <
20230717093001.13167-1-jniethe5@gmail.com>
Bin Meng [Wed, 19 Jul 2023 16:24:55 +0000 (00:24 +0800)]
roms/opensbi: Upgrade from v1.3 to v1.3.1
Upgrade OpenSBI from v1.3 to v1.3.1 and the pre-built bios images
which fixes the boot failure seen when using QEMU to do a direct
kernel boot with Microchip Icicle Kit board machine.
The v1.3.1 release includes the following commits:
0907de3 lib: sbi: fix comment indent
eb736a5 lib: sbi_pmu: Avoid out of bounds access
7828eeb gpio/desginware: add Synopsys DesignWare APB GPIO support
c6a3573 lib: utils: Fix sbi_hartid_to_scratch() usage in ACLINT drivers
057eb10 lib: utils/gpio: Fix RV32 compile error for designware GPIO driver
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <
20230719165817.889465-1-bmeng@tinylab.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Michael Tokarev [Sat, 22 Jul 2023 16:54:22 +0000 (19:54 +0300)]
Revert "linux-user: Fix qemu-arm to run static armhf binaries"
This reverts commit
518f32221af759a29500ac172c4c857bef142067.
It is causing similar segfaults at least on aarch64, ppc64el
and s390x. Let's revert this one for now and analyze what's
going on later.
Reopens: https://bugs.debian.org/
1040981
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Thu, 20 Jul 2023 08:54:07 +0000 (09:54 +0100)]
Merge tag 'pull-nbd-2023-07-19' of https://repo.or.cz/qemu/ericb into staging
NBD patches through 2023-07-19
- Denis V. Lunev: fix hang with 'ssh ... "qemu-nbd -c"'
- Eric Blake: preliminary work towards NBD 64-bit extensions
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmS4RwcACgkQp6FrSiUn
# Q2pXfQf/clnttPdw9BW2cJltFRKeMeZrgn8mut0S7jhC0DWIy6zanzp07MylryHP
# EyJ++dCbLEg8mueThL/n5mKsTS/OECtfZO9Ot11WmZqDZVtLKorfmy7YVI3VwMjI
# yQqrUIwiYxzZOkPban/MXofY6vJmuia5aGkEmYUyKiHvsLF3Hk2gHPB/qa2S+U6I
# QDmC032/L+/LgVkK5r/1vamwJNP29QI4DNp3RiTtcMK5sEZJfMsAZSxFDDdH2pqi
# 5gyVqw0zNl3vz6znoVy0XZ/8OUVloPKHswyf7xLlBukY1GL5D+aiXz2ilwBvk9aM
# SoZzYvaOOBDyJhSjapOvseTqXTNeqQ==
# =TB9t
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 21:26:47 BST
# gpg: using RSA key
71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* tag 'pull-nbd-2023-07-19' of https://repo.or.cz/qemu/ericb:
nbd: Use enum for various negotiation modes
nbd/client: Add safety check on chunk payload length
nbd/client: Simplify cookie vs. index computation
nbd: s/handle/cookie/ to match NBD spec
nbd/server: Refactor to pass full request around
nbd/server: Prepare for alternate-size headers
nbd: Consistent typedef usage in header
nbd/client: Use smarter assert
qemu-nbd: make verbose bool and local variable in main()
qemu-nbd: handle dup2() error when qemu-nbd finished setup process
qemu-nbd: properly report error on error in dup2() after qemu_daemon()
qemu-nbd: properly report error if qemu_daemon() is failed
qemu-nbd: fix regression with qemu-nbd --fork run over ssh
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 20 Jul 2023 08:53:52 +0000 (09:53 +0100)]
Merge tag 'linux-user-brk-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging
linux-user: brk() syscall fixes and armhf static binary fix
Commit
86f04735ac ("linux-user: Fix brk() to release pages") introduced
the possibility for userspace applications to reduce memory footprint by
calling brk() with a lower address and as such free up memory, the same
way as the Linux kernel allows on physical machines.
This change introduced some failures for applications with errors like
- accesing bytes above the brk heap address on the same page,
- freeing memory below the initial brk address,
and introduced a behaviour which isn't done by the kernel (e.g. zeroing
memory above brk).
This patch series fixes those issues and has been tested with existing
programs (e.g. upx).
Additionally one patch fixes running static armhf executables (e.g. fstype)
which was broken since qemu-8.0.
Changes in v2:
- dropped patch to revert
d28b3c90cfad ("linux-user: Make sure initial brk(0)
is page-aligned")
- rephrased some commit messages
- fixed Cc email addresses, added new ones
- added R-b tags
Helge
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZLgGswAKCRD3ErUQojoP
# XwkUAQCKb/lkI3IYxiqO48rVyHtLPtkXd+WttFpeZ076p73LTgD+IEpHZL4WV1Rw
# 4+eqW9vswjZwp1xm9bItLdnP2hkyUgI=
# =K3Va
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 16:52:19 BST
# gpg: using EDDSA key
BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'linux-user-brk-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
linux-user: Fix qemu-arm to run static armhf binaries
linux-user: Fix strace output for old_mmap
linux-user: Fix signed math overflow in brk() syscall
linux-user: Prohibit brk() to to shrink below initial heap address
linux-user: Fix qemu brk() to not zero bytes on current page
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Blake [Thu, 8 Jun 2023 13:56:37 +0000 (08:56 -0500)]
nbd: Use enum for various negotiation modes
Deciphering the hard-coded list of integer return values from
nbd_start_negotiate() will only get more confusing when adding support
for 64-bit extended headers. Better is to name things in an enum.
Although the function in question is private to client.c, putting the
enum in a public header and including an enum-to-string conversion
will allow its use in more places in upcoming patches.
The enum is intentionally laid out so that operators like <= can be
used to group multiple modes with similar characteristics, and where
the least powerful mode has value 0, even though this patch does not
exploit that. No semantic change intended.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20230608135653.
2918540-9-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Eric Blake [Thu, 8 Jun 2023 13:56:36 +0000 (08:56 -0500)]
nbd/client: Add safety check on chunk payload length
Our existing use of structured replies either reads into a qiov capped
at 32M (NBD_CMD_READ) or caps allocation to 1000 bytes (see
NBD_MAX_MALLOC_PAYLOAD in block/nbd.c). But the existing length
checks are rather late; if we encounter a buggy (or malicious) server
that sends a super-large payload length, we should drop the connection
right then rather than assuming the layer on top will be careful.
This becomes more important when we permit 64-bit lengths which are
even more likely to have the potential for attempted denial of service
abuse.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230608135653.
2918540-8-eblake@redhat.com>
Eric Blake [Thu, 8 Jun 2023 13:56:35 +0000 (08:56 -0500)]
nbd/client: Simplify cookie vs. index computation
Our code relies on a sentinel cookie value of zero for deciding when a
packet has been handled, as well as relying on array indices between 0
and MAX_NBD_REQUESTS-1 for dereferencing purposes. As long as we can
symmetrically convert between two forms, there is no reason to go with
the odd choice of using XOR with a random pointer, when we can instead
simplify the mappings with a mere offset of 1.
Using ((uint64_t)-1) as the sentinel instead of NULL such that the two
macros could be entirely eliminated might also be possible, but would
require a more careful audit to find places where we currently rely on
zero-initialization to be interpreted as the sentinel value, so I did
not pursue that course.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20230608135653.
2918540-7-eblake@redhat.com>
[eblake: enhance commit message]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Eric Blake [Thu, 8 Jun 2023 13:56:34 +0000 (08:56 -0500)]
nbd: s/handle/cookie/ to match NBD spec
Externally, libnbd exposed the 64-bit opaque marker for each client
NBD packet as the "cookie", because it was less confusing when
contrasted with 'struct nbd_handle *' holding all libnbd state. It
also avoids confusion between the noun 'handle' as a way to identify a
packet and the verb 'handle' for reacting to things like signals.
Upstream NBD changed their spec to favor the name "cookie" based on
libnbd's recommendations[1], so we can do likewise.
[1] https://github.com/NetworkBlockDevice/nbd/commit/
ca4392eb2b
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20230608135653.
2918540-6-eblake@redhat.com>
[eblake: typo fix]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Eric Blake [Thu, 8 Jun 2023 13:56:33 +0000 (08:56 -0500)]
nbd/server: Refactor to pass full request around
Part of NBD's 64-bit headers extension involves passing the client's
requested offset back as part of the reply header (one reason it
stated for this change: converting absolute offsets stored in
NBD_REPLY_TYPE_OFFSET_DATA to relative offsets within the buffer is
easier if the absolute offset of the buffer is also available). This
is a refactoring patch to pass the full request around the reply
stack, rather than just the handle, so that later patches can then
access request->from when extended headers are active. Meanwhile,
this patch enables us to now assert that simple replies are only
attempted when appropriate, and otherwise has no semantic change.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230608135653.
2918540-5-eblake@redhat.com>
Eric Blake [Thu, 8 Jun 2023 13:56:32 +0000 (08:56 -0500)]
nbd/server: Prepare for alternate-size headers
Upstream NBD now documents[1] an extension that supports 64-bit effect
lengths in requests. As part of that extension, the size of the reply
headers will change in order to permit a 64-bit length in the reply
for symmetry[2]. Additionally, where the reply header is currently 16
bytes for simple reply, and 20 bytes for structured reply; with the
extension enabled, there will only be one extended reply header, of 32
bytes, with both structured and extended modes sending identical
payloads for chunked replies.
Since we are already wired up to use iovecs, it is easiest to allow
for this change in header size by splitting each structured reply
across multiple iovecs, one for the header (which will become wider in
a future patch according to client negotiation), and the other(s) for
the chunk payload, and removing the header from the payload struct
definitions. Rename the affected functions with s/structured/chunk/
to make it obvious that the code will be reused in extended mode.
Interestingly, the client side code never utilized the packed types,
so only the server code needs to be updated.
[1] https://github.com/NetworkBlockDevice/nbd/blob/extension-ext-header/doc/proto.md
as of NBD commit
e6f3b94a934
[2] Note that on the surface, this is because some future server might
permit a 4G+ NBD_CMD_READ and need to reply with that much data in one
transaction. But even though the extended reply length is widened to
64 bits, for now the NBD spec is clear that servers will not reply
with more than a maximum payload bounded by the 32-bit
NBD_INFO_BLOCK_SIZE field; allowing a client and server to mutually
agree to transactions larger than 4G would require yet another
extension.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20230608135653.
2918540-4-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Eric Blake [Thu, 8 Jun 2023 13:56:31 +0000 (08:56 -0500)]
nbd: Consistent typedef usage in header
We had a mix of struct declarations followed by typedefs, and direct
struct definitions as part of a typedef. Pick a single style. Also
float forward declarations of opaque types to the top of the file,
rather than interspersed with function declarations, which will help a
future patch that wants to expose yet another opaque type that will be
referenced in NBDRequest. No semantic impact.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20230608135653.
2918540-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
[eblake: alter patch per mailing list feedback]
Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Thu, 8 Jun 2023 13:56:30 +0000 (08:56 -0500)]
nbd/client: Use smarter assert
Assigning strlen() to a uint32_t and then asserting that it isn't too
large doesn't catch the case of an input string 4G in length.
Thankfully, the incoming strings can never be that large: if the
export name or query is reflecting a string the client got from the
server, we already guarantee that we dropped the NBD connection if the
server sent more than 32M in a single reply to our NBD_OPT_* request;
if the export name is coming from qemu, nbd_receive_negotiate()
asserted that strlen(info->name) <= NBD_MAX_STRING_SIZE; and
similarly, a query string via x->dirty_bitmap coming from the user was
bounds-checked in either qemu-nbd or by the limitations of QMP.
Still, it doesn't hurt to be more explicit in how we write our
assertions to not have to analyze whether inadvertent wraparound is
possible.
Fixes: 93676c88 ("nbd: Don't send oversize strings", v4.2.0)
Reported-by: Dr. David Alan Gilbert <dave@treblig.org>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230608135653.
2918540-2-eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 20:25:20 +0000 (22:25 +0200)]
qemu-nbd: make verbose bool and local variable in main()
Pass 'verbose' to nbd_client_thread() inside NbdClientOpts which looks
a little bit cleaner and make it bool as it is used as bool actually.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230717202520.236999-1-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 14:55:44 +0000 (16:55 +0200)]
qemu-nbd: handle dup2() error when qemu-nbd finished setup process
Fail on error, we are in trouble.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230717145544.194786-6-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: avoid intermediate variable]
Signed-off-by: Eric Blake <eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 14:55:42 +0000 (16:55 +0200)]
qemu-nbd: properly report error on error in dup2() after qemu_daemon()
We are trying to temporarily redirect stderr of daemonized process to
a pipe to report a error and get failed. In that case we could not
use error_report() helper, but should write the message directly into
the problematic pipe.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230717145544.194786-4-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: rearrange patch series, fix typo]
Signed-off-by: Eric Blake <eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 14:55:43 +0000 (16:55 +0200)]
qemu-nbd: properly report error if qemu_daemon() is failed
errno has been overwritten by dup2() just below qemu_daemon() and thus
improperly returned to the caller. Fix accordingly.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <
20230717145544.194786-5-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: reorder patch series]
Signed-off-by: Eric Blake <eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 14:55:41 +0000 (16:55 +0200)]
qemu-nbd: fix regression with qemu-nbd --fork run over ssh
Commit
e6df58a5578fee7a50bbf36f4a50a2781cff855d
Author: Hanna Reitz <hreitz@redhat.com>
Date: Wed May 8 23:18:18 2019 +0200
qemu-nbd: Do not close stderr
has introduced an interesting regression. Original behavior of
ssh somehost qemu-nbd /home/den/tmp/file -f raw --fork
was the following:
* qemu-nbd was started as a daemon
* the command execution is done and ssh exited with success
The patch has changed this behavior and 'ssh' command now hangs forever.
According to the normal specification of the daemon() call, we should
endup with STDERR pointing to /dev/null. That should be done at the
very end of the successful startup sequence when the pipe to the
bootstrap process (used for diagnostics) is no longer needed.
This could be achived in the same way as done for 'qemu-nbd -c' case.
That was commit
0eaf453e, also fixing up
e6df58a5. STDOUT copying to
STDERR does the trick.
This also leads to proper 'ssh' connection closing which fixes my
original problem.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: Hanna Reitz <hreitz@redhat.com>
CC: <qemu-stable@nongnu.org>
Message-ID: <
20230717145544.194786-3-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Denis V. Lunev [Mon, 17 Jul 2023 14:55:40 +0000 (16:55 +0200)]
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
We are going to pass additional flag inside next patch.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: <qemu-stable@nongnu.org>
Message-ID: <
20230717145544.194786-2-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Peter Maydell [Wed, 19 Jul 2023 19:31:43 +0000 (20:31 +0100)]
Update version for v8.1.0-rc0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 19 Jul 2023 12:42:17 +0000 (13:42 +0100)]
Merge tag 'pull-riscv-to-apply-
20230719-1' of https://github.com/alistair23/qemu into staging
Fourth RISC-V PR for 8.1
* Fix LMUL check to use VLEN
* Fix typo field in NUMA error_report
* check priv_ver before auto-enable zca/zcd/zcf
* Fix disas output of upper immediates
* tidy CPU firmware section
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmS3akMACgkQr3yVEwxT
# gBPQ/BAArrieEkrRco3tIQJFZqTLfII28M0cYdwN+gjMAkL6RlauCh5yKkc+gsGy
# bhhpr0AE+EzrjKfJgdyMQe2ZH08WEpoAfJHAmLTSm2ktgIlnDAjyJtVksZ3FSwfG
# MRK3v0CChyOav3EfDZzK9jcaXeaSSfjCIG8JW3enoZxf2TnpoXlsCIQdRTnMw7Um
# C73BWoOGOfixFehywHBnkkAPo/nkQPofELrRKNTlefAIsH1RcgYw+s3IgCIuYxJN
# zCjM1y6ye1aiaQhKcNJiLoiP4Eq2R6vUuL8RKWkXqTP3QBZUqKMPnRVgI+W0qRAj
# 9DS+l37zMdxytovQ4gmIqnENT8ty9bholOtWM8nI54subJBplQhkRednG3RBFYjH
# hqbsakcHfE1lyyNI7WoBpO8UMtnOad6eBNmMOM48VduSdNuBZN3ksoRVomnJTlCY
# nq1ZdteywHEZ3uBqk3k/4yzKH+jLj0McPz5FswxsMIGScVjd6H8rMYmM95r1He4k
# YTJ8GwnOTBs1tFxOz5DaM3BVfq5hrzB0SbpDHMOdQHNXnqkyfvSd/QWeXfnY09Ux
# kbNvSpzjn7wWRSP7s4KMcTmas4oGtPS2dheREB/gmoC1ubrfuhbzduDNXJt+omuC
# GDcn9cpouyE/Vp/358PuEe1gW9GFMH0CbYBJ66P0hI/76iPfwLY=
# =MOsI
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 05:44:51 BST
# gpg: using RSA key
6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-
20230719-1' of https://github.com/alistair23/qemu:
target/riscv: Fix LMUL check to use VLEN
hw/riscv: Fix typo field in error_report
target/riscv/cpu.c: check priv_ver before auto-enable zca/zcd/zcf
riscv/disas: Fix disas output of upper immediates
docs/system/target-riscv.rst: tidy CPU firmware section
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 19 Jul 2023 12:41:20 +0000 (13:41 +0100)]
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme fixes
* fix shadow doorbell endian issue
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmS3kkAACgkQTeGvMW1P
# DenG1ggArIHi1dQQBIG1ubzHx/C+93cybpKwT73/5wfO7BT8CCh1v+qrH/6SsYUT
# 5O7y1MaCLDV4ocf5dRQseXFK0tpjo7EqDnr25UhcSunQ+d2Tn7MAIuubQOFD+Axh
# 5gIwOEJbKqw9apJgnVWnInTBd//ManOgh6OyC1uJ+DEJE7ISJzLlJeWaBekiWpAA
# hNL1zsR5+eTcwnewDRmMs4FlKBlSfgcNgNYnz8tfpnW0DzXKuiY4ITnk6kX9eMAM
# kDlbjFjlgoTPZ8IsYcyhVCJMcH8jqY/LuZcaF7XHHsdX7fa5p17C6rR1hxVyDs+E
# rydOtWetQDhXlyakE+Jp2RB3HLcSmg==
# =j1TL
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 08:35:28 BST
# gpg: using RSA key
522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [full]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [full]
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix endianness issue for shadow doorbells
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 19 Jul 2023 08:43:38 +0000 (09:43 +0100)]
Merge tag 'pull-request-2023-07-18' of https://gitlab.com/thuth/qemu into staging
* Fix s390x KVM guests when compiling with --without-default-devices
* Fix /proc/cpuinfo features list in s390x linux-user emulation
* Generate FreeBSD VM package list via lcitool
* Disable the flaky test_sbsaref_edk2_firmware avocado test by default
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmS2W14RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbW25g/7B68fy5dMzrrYlESm/PSYKa+POZtXt7IO
# EuDNgqIz8bBtlK/4HgMiY0huoT+5cWJ73qZeSzoiDjte8CqOAfjy2TeOWEpd+1qZ
# xHZ7W1t1fwN2rNQlOlGw4jASkrwdYeiBbD8PopixKeevwMOOAxroYNHSvzPNG+Qa
# rTJAlzq1Q80z8DP5zl6ufsxQNiWQsCdCO3hdTZQsRi+RCxl+3SMx2xKA2bBtw9VL
# skwItYqvvw21LtR7yYhnb9bMtikh+nVYuyAW6CJl9vrG2zwf6D/tURIk4LLaIxlS
# XfDVRul6BJHWWdWAZ42Q7Xwe0olrzOfl57wYb/gvh09E6NEjyJcyIr/mor+yz1/q
# Qomb/Stt5K8pphiSSwkKmZUGA0s96MjOYe/xXbJegu+6X6HNgYVobZDMMq/BABy2
# XeESwUE/Hfz+VW14oqCk4edZb6+jQbYaKO/YDPd7uyXzfas079koWYfWx9Ew08U8
# f5h7achjECr3R4DJ9VgYIOKJuv37LcnwbePspXdRK5pjRrqr9FD9XsEg4gF7rbIe
# A/g/UUx1+AXeie4z1MrUwFhOrqV1g5t34cBR9iqZtISd0UiNk6ExoiX8i+ELaw5+
# ADirr46HJFS9jVAKKw9zym932qC92AQNH0d0iOYv3AHzvKvTDiQOXHyl1bLTMeYd
# yUJNn+Jkdns=
# =dw94
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 18 Jul 2023 10:29:02 BST
# gpg: using RSA key
27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2023-07-18' of https://gitlab.com/thuth/qemu:
tests/avocado: Disable the test_sbsaref_edk2_firmware by default
tests/vm/freebsd: Get up-to-date package list from lcitool vars file
tests/vm: Introduce get_qemu_packages_from_lcitool_json() helper
tests/lcitool: Refresh generated files
tests/lcitool: Generate distribution packages list in JSON format
tests/qtest: Fix typo in multifd cancel test
linux-user/elfload: Fix /proc/cpuinfo features: on s390x
s390x: Fix QEMU abort by selecting S390_FLIC_KVM
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Klaus Jensen [Tue, 18 Jul 2023 09:44:17 +0000 (11:44 +0200)]
hw/nvme: fix endianness issue for shadow doorbells
In commit
2fda0726e514 ("hw/nvme: fix missing endian conversions for
doorbell buffers"), we fixed shadow doorbells for big-endian guests
running on little endian hosts. But I did not fix little-endian guests
on big-endian hosts. Fix this.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1765
Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support")
Cc: qemu-stable@nongnu.org
Reported-by: Thomas Huth <thuth@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Rob Bradford [Tue, 18 Jul 2023 13:11:44 +0000 (14:11 +0100)]
target/riscv: Fix LMUL check to use VLEN
The previous check was failing with:
VLEN=128 ELEN = 64 SEW = 16 and LMUL = 1/8 which is a
valid combination.
Fix the check to allow valid combinations when VLEN is a multiple of
ELEN.
From the specification:
"In general, the requirement is to support LMUL ≥ SEWMIN/ELEN, where
SEWMIN is the narrowest supported SEW value and ELEN is the widest
supported SEW value. In the standard extensions, SEWMIN=8. For standard
vector extensions with ELEN=32, fractional LMULs of 1/2 and 1/4 must be
supported. For standard vector extensions with ELEN=64, fractional LMULs
of 1/2, 1/4, and 1/8 must be supported." Elsewhere in the specification
it makes clear that VLEN>=ELEN.
From inspection this new check allows:
VLEN=ELEN=64 1/2, 1/4, 1/8 for SEW >=8
VLEN=ELEN=32 1/2, 1/4 for SEW >=8
Fixes: d9b7609a1fb2 ("target/riscv: rvv-1.0: configure instructions")
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Message-Id: <
20230718131316.12283-2-rbradford@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Zhao Liu [Tue, 18 Jul 2023 08:07:12 +0000 (16:07 +0800)]
hw/riscv: Fix typo field in error_report
"smp.cpus" means the number of online CPUs and "smp.max_cpus" means the
total number of CPUs.
riscv_numa_get_default_cpu_node_id() checks "smp.cpus" and the
"available CPUs" description in the next error message also indicates
online CPUs.
So report "smp.cpus" in error_report() instand of "smp.max_cpus".
Since "smp.cpus" is "unsigned int", use "%u".
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <
20230718080712.503333-1-zhao1.liu@linux.intel.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Mon, 17 Jul 2023 15:41:41 +0000 (12:41 -0300)]
target/riscv/cpu.c: check priv_ver before auto-enable zca/zcd/zcf
Commit
bd30559568 made changes in how we're checking and disabling
extensions based on env->priv_ver. One of the changes was to move the
extension disablement code to the end of realize(), being able to
disable extensions after we've auto-enabled some of them.
An unfortunate side effect of this change started to happen with CPUs
that has an older priv version, like sifive-u54. Starting on commit
2288a5ce43e5 we're auto-enabling zca, zcd and zcf if RVC is enabled,
but these extensions are priv version 1.12.0. When running a cpu that
has an older priv ver (like sifive-u54) the user is spammed with
warnings like these:
qemu-system-riscv64: warning: disabling zca extension for hart 0x0000000000000000 because privilege spec version does not match
qemu-system-riscv64: warning: disabling zcd extension for hart 0x0000000000000000 because privilege spec version does not match
The warnings are part of the code that disables the extension, but in this
case we're throwing user warnings for stuff that we enabled on our own,
without user intervention. Users are left wondering what they did wrong.
A quick 8.1 fix for this nuisance is to check the CPU priv spec before
auto-enabling zca/zcd/zcf. A more appropriate fix will include a more
robust framework that will account for both priv_ver and user choice
when auto-enabling/disabling extensions, but for 8.1 we'll make it do
with this simple check.
It's also worth noticing that this is the only case where we're
auto-enabling extensions based on a criteria (in this case RVC) that
doesn't match the priv spec of the extensions we're enabling. There's no
need for more 8.1 band-aids.
Cc: Conor Dooley <conor@kernel.org>
Fixes: 2288a5ce43e5 ("target/riscv: add cfg properties for Zc* extension")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Message-Id: <
20230717154141.60898-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Christoph Müllner [Tue, 11 Jul 2023 07:50:51 +0000 (09:50 +0200)]
riscv/disas: Fix disas output of upper immediates
The GNU assembler produces the following output for instructions
with upper immediates:
00002597 auipc a1,0x2
000024b7 lui s1,0x2
6409 lui s0,0x2 # c.lui
The immediate operands of upper immediates are not shifted.
However, the QEMU disassembler prints them shifted:
00002597 auipc a1,8192
000024b7 lui s1,8192
6409 lui s0,8192 # c.lui
The current implementation extracts the immediate bits and shifts the by 12,
so the internal representation of the immediate is the actual immediate.
However, the immediates are later printed using rv_fmt_rd_imm or
rv_fmt_rd_offset, which don't undo the shift.
Let's fix this by using specific output formats for instructions
with upper immediates, that take care of the shift.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <
20230711075051.
1531007-1-christoph.muellner@vrull.eu>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 12 Jul 2023 14:37:28 +0000 (11:37 -0300)]
docs/system/target-riscv.rst: tidy CPU firmware section
This is how the content of the "RISC-V CPU firmware" section is
displayed after the html is generated:
"When using the sifive_u or virt machine there are three different
firmware boot options: 1. -bios default - This is the default behaviour
if no -bios option is included. (...) 3. -bios <file> - Tells QEMU to
load the specified file as the firmware."
It's all in the same paragraph, in a numbered list, and no special
formatting for the options.
Tidy it a bit by adding line breaks between items and its description.
Remove the numbered list. And apply formatting for the options cited in
the middle of the text.
Cc: qemu-trivial@nongnu.org
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <
20230712143728.383528-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Helge Deller [Mon, 17 Jul 2023 20:06:02 +0000 (22:06 +0200)]
linux-user: Fix qemu-arm to run static armhf binaries
qemu-user crashes immediately when running static binaries on the armhf
architecture. The problem is the memory layout where the executable is
loaded before the interpreter library, in which case the reserved brk
region clashes with the interpreter code and is released before qemu
tries to start the program.
At load time qemu calculates a brk value for interpreter and executable
each. The fix is to choose the higher one of both.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Andreas Schwab <schwab@suse.de>
Cc: qemu-stable@nongnu.org
Reported-by: Venkata.Pyla@toshiba-tsip.com
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040981
Helge Deller [Mon, 17 Jul 2023 17:06:32 +0000 (19:06 +0200)]
linux-user: Fix strace output for old_mmap
The old_mmap syscall (e.g. on i386) hands over the parameters in
a struct. Adjust the strace output to print the correct values.
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1760
Helge Deller [Mon, 17 Jul 2023 10:39:38 +0000 (12:39 +0200)]
linux-user: Fix signed math overflow in brk() syscall
Fix the math overflow when calculating the new_malloc_size.
new_host_brk_page and brk_page are unsigned integers. If userspace
reduces the heap, new_host_brk_page is lower than brk_page which results
in a huge positive number (but should actually be negative).
Fix it by adding a proper check and as such make the code more readable.
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Helge Deller [Mon, 17 Jul 2023 10:27:13 +0000 (12:27 +0200)]
linux-user: Prohibit brk() to to shrink below initial heap address
Since commit
86f04735ac ("linux-user: Fix brk() to release pages") it's
possible for userspace applications to reduce their memory footprint by
calling brk() with a lower address and free up memory. Before that commit
guest heap memory was never unmapped.
But the Linux kernel prohibits to reduce brk() below the initial memory
address which is set at startup by the set_brk() function in binfmt_elf.c.
Such a range check was missed in commit
86f04735ac.
This patch adds the missing check by storing the initial brk value in
initial_target_brk and verify any new brk addresses against that value.
Tested with the i386 upx binary from
https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Helge Deller [Mon, 17 Jul 2023 06:37:17 +0000 (08:37 +0200)]
linux-user: Fix qemu brk() to not zero bytes on current page
The qemu brk() implementation is too aggressive and cleans remaining bytes
on the current page above the last brk address.
But some existing applications are buggy and read/write bytes above their
current heap address. On a phyiscal machine this does not trigger a
runtime error as long as the access happens on the same page. Additionally
the Linux kernel allocates only full pages and does no zeroing on already
allocated pages, even if the brk address is lowered.
Fix qemu to behave the same way as the kernel does. Do not touch already
allocated pages, and - when running with different page sizes of guest and
host - zero out only those memory areas where the host page size is bigger
than the guest page size.
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Thomas Huth [Mon, 10 Jul 2023 17:01:55 +0000 (19:01 +0200)]
tests/avocado: Disable the test_sbsaref_edk2_firmware by default
The test fails occasionally, see e.g.:
https://gitlab.com/thuth/qemu/-/jobs/
4196177756#L489
https://gitlab.com/thuth/qemu/-/jobs/
4623296271#L290
It also fails on my laptop in ca. 50% of all runs. Thus disable it by
default by using the QEMU_TEST_FLAKY_TESTS environment variable to fence
it (which we also already use in flaky qtests). While we're at it, also
document this variable in docs/devel/testing.rst.
Message-Id: <
20230710170155.7192-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé [Tue, 11 Jul 2023 14:49:22 +0000 (16:49 +0200)]
tests/vm/freebsd: Get up-to-date package list from lcitool vars file
Get an up-to-date package list from lcitool, that way we
don't need to manually keep this array in sync.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Inspired-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20230711144922.67491-5-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé [Tue, 11 Jul 2023 14:49:21 +0000 (16:49 +0200)]
tests/vm: Introduce get_qemu_packages_from_lcitool_json() helper
Add the get_qemu_packages_from_lcitool_json() helper which return
such package list from a lcitool env var file in JSON format.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20230711144922.67491-4-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé [Tue, 11 Jul 2023 14:49:20 +0000 (16:49 +0200)]
tests/lcitool: Refresh generated files
Refresh the generated files by running:
$ make lcitool-refresh
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20230711144922.67491-3-philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[thuth: Drop changes to libpmem-dev and libxen-dev]
Signed-off-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé [Tue, 11 Jul 2023 14:49:19 +0000 (16:49 +0200)]
tests/lcitool: Generate distribution packages list in JSON format
Add the generate_pkglist() helper to generate a list of packages
required by a distribution to build QEMU.
Since we can not add a "THIS FILE WAS AUTO-GENERATED" comment in
JSON, create the files under tests/vm/generated/ sub-directory;
add a README mentioning the files are generated.
Suggested-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <
20230711144922.67491-2-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Fabiano Rosas [Tue, 11 Jul 2023 21:21:31 +0000 (18:21 -0300)]
tests/qtest: Fix typo in multifd cancel test
This wasn't noticed because the test is currently disabled.
Fixes: 02f56e3de ("tests/qtest: massively speed up migration-test")
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Message-Id: <
20230711212131.2370-1-farosas@suse.de>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Tue, 27 Jun 2023 15:13:33 +0000 (17:13 +0200)]
linux-user/elfload: Fix /proc/cpuinfo features: on s390x
elf_hwcap_str() takes a bit number, but compares it for equality with
the HWCAP_S390_* masks. This causes /proc/cpuinfo to display incorrect
hwcaps.
Fix by introducing the HWCAP_S390_NR_* constants and using them in
elf_hwcap_str() instead of the HWCAP_S390_*. While at it, add the
missing nnpa, pcimio and sie hwcaps from the latest kernel.
Output before:
features : esan3 zarch stfle msa
Output after:
features : esan3 zarch stfle msa ldisp eimm etf3eh highgprs vx vxe
Fixes: e19807bee357 ("linux-user/elfload: Introduce elf_hwcap_str() on s390x")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <
20230627151356.273259-1-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Tue, 11 Jul 2023 15:14:40 +0000 (17:14 +0200)]
s390x: Fix QEMU abort by selecting S390_FLIC_KVM
If QEMU is built with --without-default-devices, the s390-flic-kvm
device is missing and QEMU aborts when started with the KVM accelerator.
Make sure it's available by selecting S390_FLIC_KVM in Kconfig.
Consequently, this also fixes an abort in tests/qtest/migration-test.
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20230711151440.716822-1-clg@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Richard Henderson [Mon, 17 Jul 2023 14:49:27 +0000 (15:49 +0100)]
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
Fix the hang in the nvme:// block driver during startup.
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmS1QFoACgkQnKSrs4Gr
# c8i1KQgAqTW/rH+Mq9gC+MabLKXL8BW3KAp/lJqcaTrWRX+9O968E5RjF8fk5KzY
# CZGKGcFd2+r6poUaRrp2CcnDe9AU9r3NBfQIoVAnyWL8fwRBl5ERPZ3q6dmW63vX
# K8ckI9c0tHUNRuKpWiFCFlcEh7GGgl2pZhY1U50J1iaFTtvmDKl4Ls/2GqVUSiSY
# 4HbJ99qAYyZ/EUzbFhDPq4XFneqJzU0Gu4uL3bbVY+KlmGOp36W8wwPaKaD6yXWv
# mnv4DkoO3qlZ8tGegwk4SwePWN2Coec+KssMgYR1GWv0pbF8G4sX+UTeQin56Xny
# EY3lJy2z793lMjFVMDd7N8+uKAczsQ==
# =xvCy
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jul 2023 02:21:30 PM BST
# gpg: using RSA key
8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
block/nvme: invoke blk_io_plug_call() outside q->lock
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 17 Jul 2023 14:48:27 +0000 (15:48 +0100)]
Merge tag 'pull-target-arm-
20230717' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* hw/arm/sbsa-ref: set 'slots' property of xhci
* linux-user: Remove pointless NULL check in clock_adjtime handling
* ptw: Fix S1_ptw_translate() debug path
* ptw: Account for FEAT_RME when applying {N}SW, SA bits
* accel/tcg: Zero-pad PC in TCG CPU exec trace lines
* hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmS1OEUZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3syoEACBj2B+btKASbWs6c7iUF9R
# bsMhVVZbeNrW7try7fIjAcvRQV2X7cdqHMGeX0yP9M5EcqBfz4ptxDbxcmEsgm0h
# kZJudG8RuZ/gnw7wbwQ1TfJf4KgsBh49yZjlom2s8CgVStpbuFO4xz7ZucR65uhl
# PwLCgW0/DJR4SQTvDLnCOTTNbY/cuWCKK1CmuLMOE9IgozMNOxxW5wkryrvdllKs
# hYSCWM1jy9fJ4TRlhDJy8JI7+t4TEZN9ESwYGE6QDly8r3GoGMFj5Z9okUbGp3/V
# MYfkbz7l2/C5QxcpY5d0mJUR1HlP7McO7rWhtQjqmCPGpDVqMUu4/DClu6Q/2Ob3
# GRQcgztZ8a9wgVa6b4g1UBkqCnloT7WtU3wLVVmZGF3DO4k+oz53XPHb2zFtI3Xx
# pQ9LyABIoKCM5ql+/WaA3thtTC1qH6lZnjMBqVBx8+d0zKYWSG4wlnbihy70GOpw
# V5n0fQlTXr5WV4tZT/euP17odvnkictH7Vmj6zHUFkHdqHxwFwG0OCw1ZjBrMbzl
# 7kY9DxGA+5iKEZoTwHpxXYny70MnpdRIrUhpZ/4PNq68hzIAQ5Dqm29DtKjodM60
# M49CIo+O9E3+0xpcGPDtcuJ7bVPd/95o3usVjapDdBREGWcJsPS6PHK3MuAxgkHo
# B0y1egitacJYp3x91gYIRA==
# =JPpH
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jul 2023 01:47:01 PM BST
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
* tag 'pull-target-arm-
20230717' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
accel/tcg: Zero-pad PC in TCG CPU exec trace lines
target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
target/arm: Fix S1_ptw_translate() debug path
target/arm/ptw.c: Add comments to S1Translate struct fields
linux-user: Remove pointless NULL check in clock_adjtime handling
hw/arm/sbsa-ref: set 'slots' property of xhci
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 17 Jul 2023 14:44:54 +0000 (15:44 +0100)]
Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
ui & audio fixes
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmS1N6IcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5SYsD/44+FIoik9v478pZDTp
# CpaezX+DfsW1zee4Ana5eKJkrVld/xEa6i9/msfUHy12bha+kiJ4a6wLu3H4KRZc
# vX/t6sehG2wNcsV5wLhfcjsKzaNUkYpnxLhIZ0fOYXKA0fSBuM/Bsj6zzGTG6kQA
# nt/cK58r1wy63V7werZbA7BI8PF0opDUw5SrZqN0GeoN5clbdyLdcXvD50ibvkDf
# eOVjNQ3QH8IbihmgBVm1wUV8hTuvYRpBmeLJyk7NeR4bnPl3XGIAgtAY8hJL5LdY
# Bm+I3AuxMSskVcag/22QR8mGR0HhDbf3NZauw4ND3LhSctvNN5syaKHVnY5a9aGe
# QLVEV9pxXGfqzWQcsD2HmbupRoBihmp6+WsIpV8ZtuSfeD6slyObw+lqarSQL9b5
# 2C4UFmGCsCOk8rrczZRDp9IWbm23toc/QcQZtg/LhdlCr8nM+7m0XtyEY5WtT3U1
# 8rJEmjOHHqlD4cVBathc8+ZRjKr8HFRRo1ed6WKMoP6voTsw2fiR7I3Vdc7jO7h9
# A1lMiMoLdAXi0Q2VqbmBdLMgb4fXtLzYl2mcbzW0aEUm8uyUfDy2bkVIIUopu40M
# pROmLjaUzUVE3CruckBUCvoYZtJ5hBtvy3W2k8drBNylnP5B8tEqpxpPb+tSFk82
# xgT6oLp8En8asE293eaACbswuw==
# =W2Xa
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jul 2023 01:44:18 PM BST
# gpg: using RSA key
87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
audio/pw: improve channel position code
audio/pw: remove wrong comment
audio/pw: simplify error reporting in stream creation
audio/pw: add more error reporting
audio/pw: factorize some common code
audio/pw: add more details on error
audio/pw: trace during init before calling pipewire API
audio/pw: needless check for NULL
audio/pw: drop needless case statement
audio/pw: Pipewire->PipeWire case fix for user-visible text
tests/lcitool: add pipewire
libvirt-ci: update submodule to cover pipewire
ui/gtk: skip refresh if new dmabuf has been submitted
ui/gtk: set scanout-mode right before scheduling draw
virtio-gpu-udmabuf: correct naming of QemuDmaBuf size properties
virtio-gpu: replace the surface with null surface when resetting
ui/gtk: Make sure the right EGL context is currently bound
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
virtio-gpu: fix potential divide-by-zero regression
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Stefan Hajnoczi [Wed, 12 Jul 2023 19:16:28 +0000 (15:16 -0400)]
block/nvme: invoke blk_io_plug_call() outside q->lock
blk_io_plug_call() is invoked outside a blk_io_plug()/blk_io_unplug()
section while opening the NVMe drive from:
nvme_file_open() ->
nvme_init() ->
nvme_identify() ->
nvme_admin_cmd_sync() ->
nvme_submit_command() ->
blk_io_plug_call()
blk_io_plug_call() immediately invokes the given callback when the
current thread is not plugged, as is the case during nvme_file_open().
Unfortunately, nvme_submit_command() calls blk_io_plug_call() with
q->lock still held:
...
q->sq.tail = (q->sq.tail + 1) % NVME_QUEUE_SIZE;
q->need_kick++;
blk_io_plug_call(nvme_unplug_fn, q);
qemu_mutex_unlock(&q->lock);
^^^^^^^^^^^^^^^^^^^^^^^^^^^
nvme_unplug_fn() deadlocks trying to acquire q->lock because the lock is
already acquired by the same thread. The symptom is that QEMU hangs
during startup while opening the NVMe drive.
Fix this by moving the blk_io_plug_call() outside q->lock. This is safe
because no other thread runs code related to this queue and
blk_io_plug_call()'s internal state is immune to thread safety issues
since it is thread-local.
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Lukas Doktor <ldoktor@redhat.com>
Message-id:
20230712191628.252806-1-stefanha@redhat.com
Fixes: f2e590002bd6 ("block/nvme: convert to blk_io_plug_call() API")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:35 +0000 (20:37 +0400)]
audio/pw: improve channel position code
Follow PulseAudio backend comment and code, and only implement the
channels QEMU actually supports at this point, and add the same comment
about limits and future mappings. Simplify a bit the code.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-13-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:34 +0000 (20:37 +0400)]
audio/pw: remove wrong comment
The stream is actually created connected.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-12-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:33 +0000 (20:37 +0400)]
audio/pw: simplify error reporting in stream creation
create_stream() now reports on all error paths.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-11-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:32 +0000 (20:37 +0400)]
audio/pw: add more error reporting
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-10-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:31 +0000 (20:37 +0400)]
audio/pw: factorize some common code
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-9-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:30 +0000 (20:37 +0400)]
audio/pw: add more details on error
PipeWire uses errno to report error details.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-8-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:29 +0000 (20:37 +0400)]
audio/pw: trace during init before calling pipewire API
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-7-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:28 +0000 (20:37 +0400)]
audio/pw: needless check for NULL
g_clear_pointer() already checks for NULL.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-6-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:27 +0000 (20:37 +0400)]
audio/pw: drop needless case statement
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-5-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:26 +0000 (20:37 +0400)]
audio/pw: Pipewire->PipeWire case fix for user-visible text
"PipeWire" is the correct case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20230506163735.
3481387-4-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:25 +0000 (20:37 +0400)]
tests/lcitool: add pipewire
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20230506163735.
3481387-3-marcandre.lureau@redhat.com>
Marc-André Lureau [Sat, 6 May 2023 16:37:24 +0000 (20:37 +0400)]
libvirt-ci: update submodule to cover pipewire
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20230506163735.
3481387-2-marcandre.lureau@redhat.com>
Dongwon Kim [Thu, 6 Jul 2023 18:33:55 +0000 (11:33 -0700)]
ui/gtk: skip refresh if new dmabuf has been submitted
Skip refresh if a new dmabuf (guest scanout frame) has already been
submitted and ready to be drawn because the scanout will be updated
with new frame anyway.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230706183355.29361-2-dongwon.kim@intel.com>
Dongwon Kim [Thu, 6 Jul 2023 18:33:54 +0000 (11:33 -0700)]
ui/gtk: set scanout-mode right before scheduling draw
Setting scanout mode is better to be done very last minute
right because the mode can be reset anytime after it is set in
dpy_gl_scanout_texture by any asynchronouse dpy_refresh call,
which eventually cancels drawing of the guest scanout texture.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230706183355.29361-1-dongwon.kim@intel.com>
Dongwon Kim [Thu, 13 Jul 2023 04:04:44 +0000 (21:04 -0700)]
virtio-gpu-udmabuf: correct naming of QemuDmaBuf size properties
Replace 'width' and 'height' in QemuDmaBuf with 'backing_widht'
and 'backing_height' as these commonly indicate the size of the
whole surface (e.g. guest's Xorg extended display). Then use
'width' and 'height' for sub region in there (e.g. guest's
scanouts).
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230713040444.32267-1-dongwon.kim@intel.com>
Dongwon Kim [Tue, 27 Jun 2023 22:44:51 +0000 (15:44 -0700)]
virtio-gpu: replace the surface with null surface when resetting
The primary guest scanout shows the booting screen right after reboot
but additional guest displays (i.e. max_ouptuts > 1) will keep displaying
the old frames until the guest virtio gpu driver gets initialized, which
could cause some confusion. A better way is to to replace the surface with
a place holder that tells the display is not active during the reset of
virtio-gpu device.
And to immediately update the surface with the place holder image after
the switch, displaychangelistener_gfx_switch needs to be called with
'update == TRUE' in dpy_gfx_replace_surface when the new surface is NULL.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230627224451.11739-1-dongwon.kim@intel.com>
Dongwon Kim [Wed, 28 Jun 2023 19:15:04 +0000 (12:15 -0700)]
ui/gtk: Make sure the right EGL context is currently bound
Observed a wrong context is bound when changing the scanout mode.
To prevent problem, it is needed to make sure to bind the right
context in gtk_egl_set_scanout_mode/gtk_gl_area_set_scanout_mode
as well as unbind one in the end of gd_egl_update/gd_gl_area_update.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230628191504.17185-1-dongwon.kim@intel.com>
Mauro Matteo Cascella [Tue, 4 Jul 2023 08:41:22 +0000 (10:41 +0200)]
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).
Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20230704084210.101822-1-mcascell@redhat.com>
Marc-André Lureau [Tue, 4 Jul 2023 09:16:42 +0000 (11:16 +0200)]
virtio-gpu: fix potential divide-by-zero regression
Commit
9462ff4695aa0 ("virtio-gpu/win32: allocate shareable 2d
resources/images") introduces a division, which can lead to crashes when
"height" is 0.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1744
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tong Ho [Wed, 26 Apr 2023 21:16:07 +0000 (14:16 -0700)]
hw/nvram: Avoid unnecessary Xilinx eFuse backstore write
Add a check in the bit-set operation to write the backstore
only if the affected bit is 0 before.
With this in place, there will be no need for callers to
do the checking in order to avoid unnecessary writes.
Signed-off-by: Tong Ho <tong.ho@amd.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 17 Jul 2023 10:05:08 +0000 (11:05 +0100)]
accel/tcg: Zero-pad PC in TCG CPU exec trace lines
In commit
f0a08b0913befbd we changed the type of the PC from
target_ulong to vaddr. In doing so we inadvertently dropped the
zero-padding on the PC in trace lines (the second item inside the []
in these lines). They used to look like this on AArch64, for
instance:
Trace 0: 0x7f2260000100 [
00000000/
0000000040000000/
00000061/
ff200000]
and now they look like this:
Trace 0: 0x7f4f50000100 [
00000000/
40000000/
00000061/
ff200000]
and if the PC happens to be somewhere low like 0x5000
then the field is shown as /5000/.
This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier,
depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64
with no width specifier.
Restore the zero-padding by adding an 016 width specifier to
this tracing and a couple of others that were similarly recently
changed to use VADDR_PRIx without a width specifier.
We can't unfortunately restore the "32-bit guests are padded to
8 hex digits and 64-bit guests to 16 hex digits" behaviour so
easily.
Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Message-id:
20230711165434.
4123674-1-peter.maydell@linaro.org
Peter Maydell [Mon, 17 Jul 2023 10:05:08 +0000 (11:05 +0100)]
target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits
In get_phys_addr_twostage() the code that applies the effects of
VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure.
Now we also have f.attrs.space for FEAT_RME, we need to keep the two
in sync.
These bits only have an effect for Secure space translations, not
for Root, so use the input in_space field to determine whether to
apply them rather than the input is_secure. This doesn't actually
make a difference because Root translations are never two-stage,
but it's a little clearer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20230710152130.
3928330-4-peter.maydell@linaro.org
Peter Maydell [Mon, 17 Jul 2023 10:05:08 +0000 (11:05 +0100)]
target/arm: Fix S1_ptw_translate() debug path
In commit
fe4a5472ccd6 we rearranged the logic in S1_ptw_translate()
so that the debug-access "call get_phys_addr_*" codepath is used both
when S1 is doing ptw reads from stage 2 and when it is doing ptw
reads from physical memory. However, we didn't update the
calculation of s2ptw->in_space and s2ptw->in_secure to account for
the "ptw reads from physical memory" case. This meant that debug
accesses when in Secure state broke.
Create a new function S2_security_space() which returns the
correct security space to use for the ptw load, and use it to
determine the correct .in_secure and .in_space fields for the
stage 2 lookup for the ptw load.
Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20230710152130.
3928330-3-peter.maydell@linaro.org
Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 17 Jul 2023 10:05:07 +0000 (11:05 +0100)]
target/arm/ptw.c: Add comments to S1Translate struct fields
Add comments to the in_* fields in the S1Translate struct
that explain what they're doing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20230710152130.
3928330-2-peter.maydell@linaro.org
Peter Maydell [Mon, 17 Jul 2023 10:05:07 +0000 (11:05 +0100)]
linux-user: Remove pointless NULL check in clock_adjtime handling
In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to
the address of the local variable htx. This means it can never be
NULL, but later in the code we check it for NULL anyway. Coverity
complains about this (CID
1507683) because the NULL check comes after
a call to clock_adjtime() that assumes it is non-NULL.
Since phtx is always &htx, and is used only in three places, it's not
really necessary. Remove it, bringing the code structure in to line
with that for TARGET_NR_clock_adjtime64, which already uses a simple
'&htx' when it wants a pointer to 'htx'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20230623144410.
1837261-1-peter.maydell@linaro.org
Yuquan Wang [Mon, 17 Jul 2023 10:05:07 +0000 (11:05 +0100)]
hw/arm/sbsa-ref: set 'slots' property of xhci
This extends the slots of xhci to 64, since the default xhci_sysbus
just supports one slot.
Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn>
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id:
20230710063750.473510-2-wangyuquan1236@phytium.com.cn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Sat, 15 Jul 2023 13:54:04 +0000 (14:54 +0100)]
Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging
Merge tpm 2023/07/14 v1
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmSxasMACgkQda1lgCoL
# QhHaJwgAzOzXV9xRId1wjNLHI9HF4dkblfr12PgKsECKz7uPvcbpZOsDvu629Z8f
# a2X502Mep+6lBqq5RNUF59a5nE3laoYItaF+P+TFWz74+na7WKyFg107YyoHvCfJ
# GdjpCNyOGaXzDycAcwjqvkX5q532YBD9npedD9NzZ2UgUYWVXOYAZFhek6H9kwHN
# xlewj80pHLw3X8MM/Z1jR5hDFQa4ocCvF8F2Fnr4u0L5b+noga1WzspKTY8mcbVJ
# 3ncOTuvoWReBPweZhvSzsFbYAFb3OEeaimUHQrKVJj1L7pJtSJZeOuS+umbhvpFR
# 9baczGwrqYqpPtiDT48lTjArdJ8Cqw==
# =6Hmf
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 14 Jul 2023 04:33:23 PM BST
# gpg: using RSA key
B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm:
hw/tpm: TIS on sysbus: Remove unsupport ppi command line option
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Sat, 15 Jul 2023 13:53:37 +0000 (14:53 +0100)]
Merge tag 'pull-tcg-
20230715' of https://gitlab.com/rth7680/qemu into staging
tcg: Use HAVE_CMPXCHG128 instead of CONFIG_CMPXCHG128
accel/tcg: Introduce page_check_range_empty
accel/tcg: Introduce page_find_range_empty
accel/tcg: Accept more page flags in page_check_range
accel/tcg: Return bool from page_check_range
accel/tcg: Always lock pages before translation
linux-user: Use abi_* types for target structures in syscall_defs.h
linux-user: Fix abi_llong alignment for microblaze and nios2
linux-user: Fix do_shmat type errors
linux-user: Implement execve without execveat
linux-user: Make sure initial brk is aligned
linux-user: Use a mask with strace flags
linux-user: Implement MAP_FIXED_NOREPLACE
linux-user: Widen target_mmap offset argument to off_t
linux-user: Use page_find_range_empty for mmap_find_vma_reserved
linux-user: Use 'last' instead of 'end' in target_mmap and subroutines
linux-user: Remove can_passthrough_madvise
linux-user: Simplify target_madvise
linux-user: Drop uint and ulong types
linux-user/arm: Do not allocate a commpage at all for M-profile CPUs
bsd-user: Use page_check_range_empty for MAP_EXCL
bsd-user: Use page_find_range_empty for mmap_find_vma_reserved
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmSypEYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9VzQf/RMRK4SQDJiJEbQ6K
# 5U1i955Rl4MMLT8PrkbT/UDA9soyIlSVjUenW8ThJJg6SLbSvkXZsWn165PFu+yW
# nYkeCYxkJtAjWmmFlZ44J+VLEZZ6LkWrIvPZHvKohelpi6uT/fuQaAZjKuH2prI/
# 7bdP5YdLUMpCztERHYfxmroEX4wJR6knsRpt5rYchADxEfkWk82PanneCw7grQ6V
# VNg1pRGplp0jMkpOOBvMD1ENkmoipklMe9P1gQdCHobg2/kqpozhT1oQp/gHNkP5
# 66Cjzv8o0nnPjJetm74pnP06iNhuMjDesD7f+Vq/DALgMobwjvhDW5GD+Ccto85B
# hqvwHA==
# =vm0t
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 15 Jul 2023 02:51:02 PM BST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-
20230715' of https://gitlab.com/rth7680/qemu: (47 commits)
tcg: Use HAVE_CMPXCHG128 instead of CONFIG_CMPXCHG128
accel/tcg: Always lock pages before translation
linux-user/arm: Do not allocate a commpage at all for M-profile CPUs
linux-user: Drop uint and ulong
linux-user: Simplify target_madvise
linux-user: Remove can_passthrough_madvise
accel/tcg: Return bool from page_check_range
accel/tcg: Accept more page flags in page_check_range
linux-user: Simplify target_munmap
linux-user: Rename mmap_reserve to mmap_reserve_or_unmap
linux-user: Rewrite mmap_reserve
linux-user: Use 'last' instead of 'end' in target_mmap
linux-user: Use page_find_range_empty for mmap_find_vma_reserved
bsd-user: Use page_find_range_empty for mmap_find_vma_reserved
accel/tcg: Introduce page_find_range_empty
linux-user: Rewrite mmap_frag
linux-user: Rewrite target_mprotect
linux-user: Widen target_mmap offset argument to off_t
linux-user: Split out target_to_host_prot
linux-user: Implement MAP_FIXED_NOREPLACE
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 13 Jul 2023 20:06:15 +0000 (20:06 +0000)]
tcg: Use HAVE_CMPXCHG128 instead of CONFIG_CMPXCHG128
We adjust CONFIG_ATOMIC128 and CONFIG_CMPXCHG128 with
CONFIG_ATOMIC128_OPT in atomic128.h. It is difficult
to tell when those changes have been applied with the
ifdef we must use with CONFIG_CMPXCHG128. So instead
use HAVE_CMPXCHG128, which triggers -Werror-undef when
the proper header has not been included.
Improves tcg_gen_atomic_cmpxchg_i128 for s390x host, which
requires CONFIG_ATOMIC128_OPT. Without this we fall back
to EXCP_ATOMIC to single-step 128-bit atomics, which is
slow enough to cause some tests to time out.
Reported-by: Thomas Huth <thuth@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 6 Jul 2023 16:55:48 +0000 (17:55 +0100)]
accel/tcg: Always lock pages before translation
We had done this for user-mode by invoking page_protect
within the translator loop. Extend this to handle system
mode as well. Move page locking out of tb_link_page.
Reported-by: Liren Wei <lrwei@bupt.edu.cn>
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Philippe Mathieu-Daudé [Tue, 11 Jul 2023 15:34:08 +0000 (17:34 +0200)]
linux-user/arm: Do not allocate a commpage at all for M-profile CPUs
Since commit
fbd3c4cff6 ("linux-user/arm: Mark the commpage
executable") executing bare-metal (linked with rdimon.specs)
cortex-M code fails as:
$ qemu-arm -cpu cortex-m3 ~/hello.exe.m3
qemu-arm: ../../accel/tcg/user-exec.c:492: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
Aborted (core dumped)
Commit
4f5c67f8df ("linux-user/arm: Take more care allocating
commpage") already took care of not allocating a commpage for
M-profile CPUs, however it had to be reverted as commit
6cda41daa2.
Re-introduce the M-profile fix from commit
4f5c67f8df.
Fixes: fbd3c4cff6 ("linux-user/arm: Mark the commpage executable")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1755
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230711153408.68389-1-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Juan Quintela [Sun, 9 Jul 2023 17:34:30 +0000 (18:34 +0100)]
linux-user: Drop uint and ulong
These are types not used anymore anywhere else.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: <
20230511085056.13809-1-quintela@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:54 +0000 (21:40 +0100)]
linux-user: Simplify target_madvise
The trivial length 0 check can be moved up, simplifying some
of the other cases. The end < start test is handled by
guest_range_valid_untagged.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-27-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:53 +0000 (21:40 +0100)]
linux-user: Remove can_passthrough_madvise
Use page_check_range instead, which uses the interval tree
instead of checking each page individually.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-26-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:52 +0000 (21:40 +0100)]
accel/tcg: Return bool from page_check_range
Replace the 0/-1 result with true/false.
Invert the sense of the test of all callers.
Document the function.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-25-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:51 +0000 (21:40 +0100)]
accel/tcg: Accept more page flags in page_check_range
Only PAGE_WRITE needs special attention, all others can be
handled as we do for PAGE_READ. Adjust the mask.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20230707204054.8792-24-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:50 +0000 (21:40 +0100)]
linux-user: Simplify target_munmap
All of the guest to host page adjustment is handled by
mmap_reserve_or_unmap; there is no need to duplicate that.
There are no failure modes for munmap after alignment and
guest address range have been validated.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-23-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:49 +0000 (21:40 +0100)]
linux-user: Rename mmap_reserve to mmap_reserve_or_unmap
If !reserved_va, munmap instead and assert success.
Update all callers.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-22-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:48 +0000 (21:40 +0100)]
linux-user: Rewrite mmap_reserve
Use 'last' variables instead of 'end' variables; be careful
about avoiding overflow. Assert that the mmap succeeded.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-21-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:47 +0000 (21:40 +0100)]
linux-user: Use 'last' instead of 'end' in target_mmap
Complete the transition within the mmap functions to a formulation
that does not overflow at the end of the address space.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20230707204054.8792-20-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:46 +0000 (21:40 +0100)]
linux-user: Use page_find_range_empty for mmap_find_vma_reserved
Use the interval tree to find empty space, rather than
probing each page in turn.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20230707204054.8792-19-richard.henderson@linaro.org>
Richard Henderson [Fri, 7 Jul 2023 20:40:45 +0000 (21:40 +0100)]
bsd-user: Use page_find_range_empty for mmap_find_vma_reserved
Use the interval tree to find empty space, rather than
probing each page in turn.
Cc: Warner Losh <imp@bsdimp.com>
Cc: Kyle Evans <kevans@freebsd.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-bt: Warner Losh <imp@bsdimp.com>
Message-Id: <
20230707204054.8792-18-richard.henderson@linaro.org>
projects / qemu.git / log