Dehan Meng [Thu, 7 Nov 2024 10:21:55 +0000 (12:21 +0200)]
qemu-ga: Avoiding freeing line prematurely
It's now only freed at the end of the function.
Signed-off-by: Dehan Meng <demeng@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <
20241107102155.57573-4-kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Dehan Meng [Thu, 7 Nov 2024 10:21:54 +0000 (12:21 +0200)]
qemu-ga: Optimize var declaration and definition
Variable declarations moved to the beginning of blocks
Followed the coding style of using snake_case for variable names.
Proper initialization of param 'size_t n' to '0' for
Signed-off-by: Dehan Meng <demeng@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <
20241107102155.57573-3-kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Dehan Meng [Thu, 7 Nov 2024 10:21:53 +0000 (12:21 +0200)]
qemu-ga: Add 'Null' check and Redefine 'route'
sscanf return values are checked and add 'Null' check for
mandatory parameters. And merged redundant route and
networkroute variables.
Signed-off-by: Dehan Meng <demeng@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <
20241107102155.57573-2-kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Peter Maydell [Tue, 5 Nov 2024 21:27:18 +0000 (21:27 +0000)]
Merge tag 'pull-target-arm-
20241105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Fix MMU indexes for AArch32 Secure PL1&0 in a less complex and buggy way
* Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
* softfloat: set 2-operand NaN propagation rule at runtime
* disas: Fix build against Capstone v6 (again)
* hw/rtc/ds1338: Trace send and receive operations
* hw/timer/imx_gpt: Convert DPRINTF to trace events
* hw/watchdog/wdt_imx2: Remove redundant assignment
* hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access
* hw/net/npcm_gmac: Change error log to trace event
* target/arm: Enable FEAT_CMOW for -cpu max
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmcp/yoZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ucMD/9pWk2ETLjdviPxlacs5IoM
# HvGn8Ll2BSMbeb4YdJc7oZ4YJchGpgHhocEwZuaU9HheWjSg+ZEbyhZgN4DdkT8J
# pYr+Rl0MgDNN219kYnO/yqnqlgHbtUpE7y57Li3ApoGNbWAVxsH0xoT45Lpi7DOd
# uvJfIy/xdaT3zu/4uBjj7c2VrD8wntEayLM8hpqlgeQZKRG3Wtlk/xrQFKOHPDPO
# MDbsGoc2FyogRQoo6WH+J6gkkR9PhqXe6Hbf6WIr1/uffZUZU4M8leSw2DgxrYHo
# Zf36AzttwO4GHyML/5SR7uvzfXl7OkGyjedLGCUa7INc3br2+GvLMltdLGGPM9cc
# ckMHOWd9ZQuSxcpbtPkSYRG0McRE1GLT+KV3BNOLnN9AJl3qv5Qa55iPrtpB08vX
# 3jN6H964w99+NoSB2tTHszpep+M7SRuw5QLsuk3tC/qnBMpzKRwZjGVUegNUtfi/
# Lg5ExF8B62K+xb5j5FmODbbXZmb5AD0rV2MGRIVHjiHdnf7J2FmWUJCe2sYFRnRm
# nzszhdOKw4PBhC2fb6Vb/DwCqdQy9vcITWpWBtcjkV5mAPhcBo/VNKNeKoc/tPNS
# H8FIFIJbtv5aIixqtKcUBUmrBCYy4EoiRMLkqfC09VW60wtWswAP4KBQxi1ogehV
# jJw8AgSLCl2MsVmyzgleZQ==
# =Woag
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Nov 2024 11:19:06 GMT
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-
20241105' of https://git.linaro.org/people/pmaydell/qemu-arm: (31 commits)
target/arm: Enable FEAT_CMOW for -cpu max
hw/net/npcm_gmac: Change error log to trace event
hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access
hw/watchdog/wdt_imx2: Remove redundant assignment
hw/timer/imx_gpt: Convert DPRINTF to trace events
hw/rtc/ds1338: Trace send and receive operations
disas: Fix build against Capstone v6 (again)
target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
softfloat: Remove fallback rule from pickNaN()
target/rx: Explicitly set 2-NaN propagation rule
target/openrisc: Explicitly set 2-NaN propagation rule
target/microblaze: Explicitly set 2-NaN propagation rule
target/microblaze: Move setting of float rounding mode to reset
target/alpha: Explicitly set 2-NaN propagation rule
target/i386: Set 2-NaN propagation rule explicitly
target/xtensa: Explicitly set 2-NaN propagation rule
target/xtensa: Factor out calls to set_use_first_nan()
target/sparc: Explicitly set 2-NaN propagation rule
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 21:27:09 +0000 (21:27 +0000)]
Merge tag 'pull-plugin-tweaks-051124-1' of https://gitlab.com/stsquad/qemu into staging
final plugin updates for 9.2
- fix a warning in cflow plugin
- replace Makefile with meson.build
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmcp4uoACgkQ+9DbCVqe
# KkRj5gf/ZAULfTPipM4HhGpCT/cw5MPJrlK9LDGg5dasWQpZcKBjAjDUkAaizXTe
# anv+/TeXb1ybbQbUvmdVUi4HNXd6xpVfX2ippQWsOXYXqSzQLbBjsoM9pCeFZ+Yu
# G1M5vvCxnu77nfMMvILBz71eSNj9/HYrr5IPGBnualoBDYfkGgVkjxhC6fb00g52
# jcfabqMEvmn/SEi3kQK4t4BzrZcIIRJdTm5A4sS5Y8mHwQSt56PXoFt+wB0ycfNZ
# SWBXsUtYP5DtcQ9GSbxi3POoWGQY3Qa998GlyZIRUBVYhGbZHIi+mDR4eCX3cv+6
# s0xmjquu6aky269EprZhbiO+osZB7Q==
# =c48A
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Nov 2024 09:18:34 GMT
# gpg: using RSA key
6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-plugin-tweaks-051124-1' of https://gitlab.com/stsquad/qemu:
contrib/plugins: remove Makefile for contrib/plugins
meson: build contrib/plugins with meson
contrib/plugins/cflow: fix warning
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 15:47:52 +0000 (15:47 +0000)]
Merge tag 'for_upstream' of https://git./virt/kvm/mst/qemu into staging
virtio,pc,pci: features, fixes, cleanups
CXL now can use Generic Port Affinity Structures.
CXL now allows control of link speed and width
vhost-user-blk now supports live resize, by means of
a new device-sync-config command
amd iommu now supports interrupt remapping
pcie devices now report extended tag field support
intel_iommu dropped support for Transient Mapping, to match VTD spec
arch agnostic ACPI infrastructure for vCPU Hotplug
Fixes, cleanups all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmcpNqUPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp/2oH/0qO33prhDa48J5mqT9NuJzzYwp5QHKF9Zjv
# fDAplMUEmfxZIEgJchcyDWPYTGX2geT4pCFhRWioZMIR/0JyzrFgSwsk1kL88cMh
# 46gzhNVD6ybyPJ7O0Zq3GLy5jo7rlw/n+fFxKAuRCzcbK/fmH8gNC+RwW1IP64Na
# HDczYilHUhnO7yKZFQzQNQVbK4BckrG1bu0Fcx0EMUQBf4V6x7GLOrT+3hkKYcr6
# +DG5DmUmv20or/FXnu2Ye+MzR8Ebx6JVK3A3sXEE4Ns2CCzK9QLzeeyc2aU13jWN
# OpZ6WcKF8HqYprIwnSsMTxhPcq0/c7TvrGrazVwna5RUBMyjjvc=
# =zSX4
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 21:03:33 GMT
# gpg: using RSA key
5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (65 commits)
intel_iommu: Add missed reserved bit check for IEC descriptor
intel_iommu: Add missed sanity check for 256-bit invalidation queue
intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL
hw/acpi: Update GED with vCPU Hotplug VMSD for migration
tests/qtest/bios-tables-test: Update DSDT golden masters for x86/{pc,q35}
hw/acpi: Update ACPI `_STA` method with QOM vCPU ACPI Hotplug states
qtest: allow ACPI DSDT Table changes
hw/acpi: Make CPUs ACPI `presence` conditional during vCPU hot-unplug
hw/pci: Add parenthesis to PCI_BUILD_BDF macro
hw/cxl: Ensure there is enough data to read the input header in cmd_get_physical_port_state()
hw/cxl: Ensure there is enough data for the header in cmd_ccls_set_lsa()
hw/cxl: Check that writes do not go beyond end of target attributes
hw/cxl: Ensuring enough data to read parameters in cmd_tunnel_management_cmd()
hw/cxl: Avoid accesses beyond the end of cel_log.
hw/cxl: Check the length of data requested fits in get_log()
hw/cxl: Check enough data in cmd_firmware_update_transfer()
hw/cxl: Check input length is large enough in cmd_events_clear_records()
hw/cxl: Check input includes at least the header in cmd_features_set_feature()
hw/cxl: Check size of input data to dynamic capacity mailbox commands
hw/cxl/cxl-mailbox-util: Fix output buffer index update when retrieving DC extents
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 14:23:22 +0000 (14:23 +0000)]
Merge tag 'pull-nvme-
20241104' of https://gitlab.com/birkelund/qemu into staging
nvme queue
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmcpDm8ACgkQTeGvMW1P
# DenpLQgAjpk5tN8oYQKxJVu8qO3RUDatlIXgaZ8ljDSZVIB3cg/qh36qByt2iZNK
# FC7oLl/Yl44FHF+6ScWJBcSjXuVkQ/aT8UA1pYbTb9wcURB8atMG9IJxmQuhjlnl
# hgvDbpLwyHb4eVuWwA2aKukGZtYyhUcJIoP2RN8wugwg5T7I6R/eaiBG3kCCqIHB
# xshgEPIWModzGKR8i6NawhIhFFc3icOabB15QHYwA69BuAK69O9XNlVut2oMLquS
# Lv9INkAtYQtqHHvUJGsgcQcTS8vxBGR+TFk05heiThgu2f9kGLu+lV1Ud3WBWeW1
# 6Kt4N1WF9hw6Y4I8pGzEs8C49marFg==
# =0S/1
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 18:11:59 GMT
# gpg: using RSA key
522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [full]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [full]
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'pull-nvme-
20241104' of https://gitlab.com/birkelund/qemu:
hw/nvme: remove dead code
hw/nvme: add NPDAL/NPDGL
hw/nvme: i/o cmd set independent namespace data structure
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 14:23:12 +0000 (14:23 +0000)]
Merge tag 'qga-pull-2024-11-4' of https://github.com/kostyanf14/qemu into staging
qga-pull-2024-11-4
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmcozUUACgkQ711egWG6
# hOeSgQ/9FJNPfiGyhbh9RqvAr3DJ8kUskEy7HFedJN0KQJW1U4+0QeMPot9A6Kju
# y+1KNKnLPRNSwB6HtbOKwiWGEg37cl0EeEwwxV8kteVlXLHTRguIHK7EXRahOq57
# oU+y2nZEaZeooHOfWsLgIXqxo3OtsYr1v7HZEvuBGakjJ5irSSdDXoZHzPIOJ36K
# JY7QdAbEgAfmoLP6LRIMQwbUkhColRPy3mVg5RUOjgYhFbLgCLpr56E5JlLu+J0z
# XWrUc8rvpiUYuXqNSNPSrkwhhkb6Wa1g99YA0yJLvnXVp1fG7Utm2Q+QIsKeUuTp
# p9jRVvX27dkfHMIQfG+s90NHt9SGCXGoTPVvd3ACpbZy9hCyFh48FzkyRAhrLiF0
# iZ4xAv5gjnne8i+RFJeAtMPh5N32LcnFOODnEbM17xAXWOMKvHqXVHGTiAF6I1mr
# iyNdPwfZ9rFH81SbsgAjhs5rjXSNIlwoJq2y7jyoNB0Z1/sGMzy/DlLGP+Xyw2Td
# snDXswQ62qgFl2Ea7Vd+adhAbjFkjqt+L5i+8I2c640w2tbTE3Q6v8QZuKCR/I+t
# N6nmiifCv0dq90yeBxP5Lq7vIowVKWJegMGSfWokts0UKMXTvYe3EA0LjtWB1zLS
# D0dHPtj5/iYrc6Hvu6Ciizb+kJVv5GBk1FAz7kz1AxkW366zSr8=
# =O2+e
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 13:33:57 GMT
# gpg: using RSA key
C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423 EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2024-11-4' of https://github.com/kostyanf14/qemu:
qemu-ga: Fix a SIGSEGV in ga_run_command() helper
qga: fix missing static and prototypes windows warnings
qga: fix -Wsometimes-uninitialized windows warning
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 14:23:01 +0000 (14:23 +0000)]
Merge tag 'mips-
20241104' of https://github.com/philmd/qemu into staging
MIPS patches queue
- Migrate missing CP0 TLB MemoryMapID register (Yongbok)
- Enable MSA ASE for mips32r6-generic (Aleksandar)
- Convert Loongson LEXT opcodes to decodetree (Philippe)
- Introduce ase_3d_available and disas_mt_available helpers (Philippe)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmcopxgACgkQ4+MsLN6t
# wN4DzQ//UPDSvcwCj6QIZ2TR2oKG5JIVRYrep7aUb+LdK1uus8P2G9REMnr1X/uC
# 817aiUC6fK/PJEGAo6dTCKrPnMz71YAHM2259jreQXVZtCzOEzU9Fg9RHBCrbzxP
# +kL+Sjzvnw3Kp0jVB1sgNn8PhKCkIVg9Go6tr4sXyTjINzsNbk78H6w3O4YlFOSX
# dbQLWDpFQQRvliiSJR5erQyELs1tVJt+76aab9mM7uWvSbpX/6O80bJ607fUFG8J
# t07c5u6aOU1MaZrGE5KO6G7BQwqYE/O3lGAd1akj8UMQNxJY8lrS+4bxH9+vjJTF
# ojRdTRGa2cXC1wxiifFphUNfJe2fH+Wvjtdpgnu3vdp17J0wbnJyw5PmZolS2RI6
# w9rAn1xnF2C/2HVZw37+Ghf+sdR9EgewgPAGoU1bKN4iQVE7FX1B4B6rIuq5Zxje
# l2EFyFzkVWFDd+uy62o6WdH8mgwlHySxUkDeUgLLJwjupVKKvm4FCs0r8CE3g5RZ
# GkHW6iOVg7QqR4OveGe3BGVK41Gex/iU7WNDWqQ2xqXDywnyFuTQVs/y2b7dPtMd
# dbcQ6a/zFQl+WdhhnE5S1Y4Pjfw0TQ/+nKd+jc8lme8eihUbPvETfDLk3j0JI9xd
# eXf4plnVMy33qvlLG4GVYzjYU+jNlGK1KCBcBFccFWasLo75Lyk=
# =Ocl+
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 10:51:04 GMT
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'mips-
20241104' of https://github.com/philmd/qemu:
target/mips: Remove unused CPUMIPSState::current_fpu field
target/mips: Introduce disas_mt_available()
target/mips: Introduce ase_3d_available() helper
target/mips: Remove unreachable 32-bit code on 64-bit Loongson Ext
target/mips: Convert Loongson [D]MULT[U].G opcodes to decodetree
target/mips: Convert Loongson [D]MOD[U].G opcodes to decodetree
target/mips: Convert Loongson [D]DIVU.G opcodes to decodetree
target/mips: Convert Loongson DIV.G opcodes to decodetree
target/mips: Convert Loongson DDIV.G opcodes to decodetree
target/mips: Re-introduce OPC_ADDUH_QB_DSP and OPC_MUL_PH_DSP
target/mips: Simplify Loongson MULTU.G opcode
target/mips: Extract decode_64bit_enabled() helper
target/mips: Enable MSA ASE for mips32r6-generic
target/mips: Migrate TLB MemoryMapID register
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gustavo Romero [Tue, 5 Nov 2024 10:10:00 +0000 (10:10 +0000)]
target/arm: Enable FEAT_CMOW for -cpu max
FEAT_CMOW introduces support for controlling cache maintenance
instructions executed in EL0/1 and is mandatory from Armv8.8.
On real hardware, the main use for this feature is to prevent processes
from invalidating or flushing cache lines for addresses they only have
read permission, which can impact the performance of other processes.
QEMU implements all cache instructions as NOPs, and, according to rule
[1], which states that generating any Permission fault when a cache
instruction is implemented as a NOP is implementation-defined, no
Permission fault is generated for any cache instruction when it lacks
read and write permissions.
QEMU does not model any cache topology, so the PoU and PoC are before
any cache, and rules [2] apply. These rules state that generating any
MMU fault for cache instructions in this topology is also
implementation-defined. Therefore, for FEAT_CMOW, we do not generate any
MMU faults either, instead, we only advertise it in the feature
register.
[1] Rule R_HGLYG of section D8.14.3, Arm ARM K.a.
[2] Rules R_MZTNR and R_DNZYL of section D8.14.3, Arm ARM K.a.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241104142606.941638-1-gustavo.romero@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nabih Estefan [Tue, 5 Nov 2024 10:10:00 +0000 (10:10 +0000)]
hw/net/npcm_gmac: Change error log to trace event
Convert the LOG_GUEST_ERROR for the "tx descriptor is owned
by software" to a trace message. This condition is normal
when there is there is nothing to transmit, and we would
otherwise spam the logs with it in that situation.
Signed-off-by: Nabih Estefan <nabihestefan@google.com>
Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20241014184847.
1594056-1-roqueh@google.com
[PMM: tweaked commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Tue, 5 Nov 2024 10:10:00 +0000 (10:10 +0000)]
hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access
printf() unconditionally prints to the console which disturbs `-serial stdio`.
Fix that by converting into a trace event. While at it, add some tracing for
read and write access.
Fixes: 7e7c5e4c1ba5 "Nokia N800 machine support (ARM)."
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20241103143330.123596-5-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Tue, 5 Nov 2024 10:10:00 +0000 (10:10 +0000)]
hw/watchdog/wdt_imx2: Remove redundant assignment
The same statement is executed unconditionally right before the if statement.
Cc: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241103143330.123596-4-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Tue, 5 Nov 2024 10:09:59 +0000 (10:09 +0000)]
hw/timer/imx_gpt: Convert DPRINTF to trace events
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id:
20241103143330.123596-3-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Tue, 5 Nov 2024 10:09:59 +0000 (10:09 +0000)]
hw/rtc/ds1338: Trace send and receive operations
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id:
20241103143330.123596-2-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Tue, 5 Nov 2024 10:09:59 +0000 (10:09 +0000)]
disas: Fix build against Capstone v6 (again)
Like
9971cbac2f3, which set CAPSTONE_AARCH64_COMPAT_HEADER,
also set CAPSTONE_SYSTEMZ_COMPAT_HEADER. Fixes the build
against capstone v6-alpha.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id:
20241022013047.830273-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 10:09:58 +0000 (10:09 +0000)]
target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
Our implementation of the indexed version of SVE SDOT/UDOT/USDOT got
the calculation of the inner loop terminator wrong. Although we
correctly account for the element size when we calculate the
terminator for the first iteration:
intptr_t segend = MIN(16 / sizeof(TYPED), opr_sz_n);
we don't do that when we move it forward after the first inner loop
completes. The intention is that we process the vector in 128-bit
segments, which for a 64-bit element size should mean (1, 2), (3, 4),
(5, 6), etc. This bug meant that we would iterate (1, 2), (3, 4, 5,
6), (7, 8, 9, 10) etc and apply the wrong indexed element to some of
the operations, and also index off the end of the vector.
You don't see this bug if the vector length is small enough that we
don't need to iterate the outer loop, i.e. if it is only 128 bits,
or if it is the 64-bit special case from AA32/AA64 AdvSIMD. If the
vector length is 256 bits then we calculate the right results for the
elements in the vector but do index off the end of the vector. Vector
lengths greater than 256 bits see wrong answers. The instructions
that produce 32-bit results behave correctly.
Fix the recalculation of 'segend' for subsequent iterations, and
restore a version of the comment that was lost in the refactor of
commit
7020ffd656a5 that explains why we only need to clamp segend to
opr_sz_n for the first iteration, not the later ones.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2595
Fixes: 7020ffd656a5 ("target/arm: Macroize helper_gvec_{s,u}dot_idx_{b,h}")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241101185544.
2130972-1-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:58 +0000 (10:09 +0000)]
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
* code at EL3, which might be Mon, or SVC, or any of the
other privileged modes (PL1)
* code at EL0 (Secure PL0)
This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.
We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.
The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.
Fix this by adding two new MMU indexes:
* ARMMMUIdx_E30_0 is for Secure PL0
* ARMMMUIdx_E30_3_PAN is for Secure PL1 when PAN is enabled
The existing ARMMMUIdx_E3 is used to mean "Secure PL1 without PAN"
(and would be named ARMMMUIdx_E30_3 in an AArch32-centric scheme).
These extra two indexes bring us up to the maximum of 16 that the
core code can currently support.
This commit:
* adds the new MMU index handling to the various places
where we deal in MMU index values
* adds assertions that we aren't AArch32 EL3 in a couple of
places that currently use the E10 indexes, to document why
they don't also need to handle the E30 indexes
* documents in a comment why regime_has_2_ranges() doesn't need
updating
Notes for backporting: this commit depends on the preceding revert of
4c2c04746932; that revert and this commit should probably be
backported to everywhere that we originally backported
4c2c04746932.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2588
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241101142845.
1712482-3-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:58 +0000 (10:09 +0000)]
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
This reverts commit
4c2c0474693229c1f533239bb983495c5427784d.
This commit tried to fix a problem with our usage of MMU indexes when
EL3 is AArch32, using what it described as a "more complicated
approach" where we share the same MMU index values for Secure PL1&0
and NonSecure PL1&0. In theory this should work, but the change
didn't account for (at least) two things:
(1) The design change means we need to flush the TLBs at any point
where the CPU state flips from one to the other. We already flush
the TLB when SCR.NS is changed, but we don't flush the TLB when we
take an exception from NS PL1&0 into Mon or when we return from Mon
to NS PL1&0, and the commit didn't add any code to do that.
(2) The ATS12NS* address translate instructions allow Mon code (which
is Secure) to do a stage 1+2 page table walk for NS. I thought this
was OK because do_ats_write() does a page table walk which doesn't
use the TLBs, so because it can pass both the MMU index and also an
ARMSecuritySpace argument we can tell the table walk that we want NS
stage1+2, not S. But that means that all the code within the ptw
that needs to find e.g. the regime EL cannot do so only with an
mmu_idx -- all these functions like regime_sctlr(), regime_el(), etc
would need to pass both an mmu_idx and the security_space, so they
can tell whether this is a translation regime controlled by EL1 or
EL3 (and so whether to look at SCTLR.S or SCTLR.NS, etc).
In particular, because regime_el() wasn't updated to look at the
ARMSecuritySpace it would return 1 even when the CPU was in Monitor
mode (and the controlling EL is 3). This meant that page table walks
in Monitor mode would look at the wrong SCTLR, TCR, etc and would
generally fault when they should not.
Rather than trying to make the complicated changes needed to rescue
the design of
4c2c04746932, we revert it in order to instead take the
route that that commit describes as "the most straightforward" fix,
where we add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond
to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at
PL1 with PAN".
This revert will re-expose the "spurious alignment faults in
Secure PL0" issue #2326; we'll fix it again in the next commit.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id:
20241101142845.
1712482-2-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 10:09:58 +0000 (10:09 +0000)]
softfloat: Remove fallback rule from pickNaN()
Now that all targets have been converted to explicitly set a NaN
propagation rule, we can remove the set of target ifdefs (which now
list every target) and clean up the references to fallback behaviour
for float_2nan_prop_none.
The "default" case in the switch will catch any remaining places
where status->float_2nan_prop_rule was not set by the target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-22-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:57 +0000 (10:09 +0000)]
target/rx: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly for the float_status word
used in the rx target.
This not the architecturally correct behaviour, but since this is a
no-behaviour-change patch, we leave a TODO note to that effect.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-21-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:57 +0000 (10:09 +0000)]
target/openrisc: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly for the float_status word
used in the openrisc target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-20-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:57 +0000 (10:09 +0000)]
target/microblaze: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly for the float_status word
used in the microblaze target.
This is probably not the architecturally correct behaviour,
but since this is a no-behaviour-change patch, we leave a
TODO note to that effect.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-19-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:56 +0000 (10:09 +0000)]
target/microblaze: Move setting of float rounding mode to reset
Although the floating point rounding mode for Microblaze is always
nearest-even, we cannot set it just once in the CPU initfn. This is
because env->fp_status is in the part of the CPU state struct that is
zeroed on reset.
Move the call to set_float_rounding_mode() into the reset fn.
(This had no guest-visible effects because it happens that the
float_round_nearest_even enum value is 0, so when the struct was
zeroed it didn't corrupt the setting.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-18-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:56 +0000 (10:09 +0000)]
target/alpha: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly for the float_status word
used in this target.
This is a no-behaviour-change commit, so we retain the existing
behaviour of x87-style pick-largest-significand NaN propagation.
This is however not the architecturally correct handling, so we leave
a TODO note to that effect.
We also leave a TODO note pointing out that all this code in the cpu
initfn (including the existing setting up of env->flags and the FPCR)
should be in a currently non-existent CPU reset function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-17-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:56 +0000 (10:09 +0000)]
target/i386: Set 2-NaN propagation rule explicitly
Set the NaN propagation rule explicitly for the float_status words
used in the x86 target.
This is a no-behaviour-change commit, so we retain the existing
behaviour of using the x87-style "prefer QNaN over SNaN, then prefer
the NaN with the larger significand" for MMX and SSE. This is
however not the documented hardware behaviour, so we leave a TODO
note about what we should be doing instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-16-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:55 +0000 (10:09 +0000)]
target/xtensa: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly in xtensa_use_first_nan().
(When we convert the softfloat pickNaNMulAdd routine to also
select a NaN propagation rule at runtime, we will be able to
remove the use_first_nan flag because the propagation rules
will handle everything.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-15-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:55 +0000 (10:09 +0000)]
target/xtensa: Factor out calls to set_use_first_nan()
In xtensa we currently call set_use_first_nan() in a lot of
places where we want to switch the NaN-propagation handling.
We're about to change the softfloat API we use to do that,
so start by factoring all the calls out into a single
xtensa_use_first_nan() function.
The bulk of this change was done with
sed -i -e 's/set_use_first_nan(\([^,]*\),[^)]*)/xtensa_use_first_nan(env, \1)/' target/xtensa/fpu_helper.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-14-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:55 +0000 (10:09 +0000)]
target/sparc: Explicitly set 2-NaN propagation rule
Set the NaN propagation rule explicitly in the float_status
words we use.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-13-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:55 +0000 (10:09 +0000)]
target/sparc: Move cpu_put_fsr(env, 0) call to reset
Currently we call cpu_put_fsr(0) in sparc_cpu_realizefn(), which
initializes various fields in the CPU struct:
* fsr_cexc_ftt
* fcc[]
* fsr_qne
* fsr
It also sets the rounding mode in env->fp_status.
This is largely pointless, because when we later reset the CPU
this will zero out all the fields up until the "end_reset_fields"
label, which includes all of these (but not fp_status!)
Move the cpu_put_fsr(env, 0) call to reset, because that expresses
the logical requirement: we want to reset FSR to 0 on every reset.
This isn't a behaviour change because the fields are all zero anyway.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-12-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/m68k: Initialize float_status fields in gdb set/get functions
In cf_fpu_gdb_get_reg() and cf_fpu_gdb_set_reg() we use a temporary
float_status variable to pass to floatx80_to_float64() and
float64_to_floatx80(), but we don't initialize it, meaning that those
functions could access uninitialized data. Zero-init the structs.
(We don't need to set a NaN-propagation rule here because we
don't use these with a 2-argument fpu operation.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-11-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/m68k: Explicitly set 2-NaN propagation rule
Explicitly set the 2-NaN propagation rule on env->fp_status
and on the temporary fp_status that we use in frem (since
we pass that to a division operation function).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/ppc: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in env->fp_status
and env->vec_status.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-9-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/s390x: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in env->fpu_status.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-8-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/hppa: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in env->fp_status.
Really we only need to do this at CPU reset (after reset has zeroed
out most of the CPU state struct, which typically includes fp_status
fields). However target/hppa does not currently implement CPU reset
at all, so leave a TODO comment to note that this could be moved if
we ever do implement reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-7-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:54 +0000 (10:09 +0000)]
target/loongarch: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in the float_status word we
use.
(There are a couple of places in fpu_helper.c where we create a
dummy float_status word with "float_status *s = { };", but these
are only used for calling float*_is_quiet_nan() so it doesn't
matter that we don't set a 2-NaN propagation rule there.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-6-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:53 +0000 (10:09 +0000)]
target/mips: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in the float_status words
we use.
For active_fpu.fp_status, we do this in a new fp_reset() function
which mirrors the existing msa_reset() function in doing "first call
restore to set the fp status parts that depend on CPU state, then set
the fp status parts that are constant".
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20241025141254.
2141506-5-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:53 +0000 (10:09 +0000)]
target/arm: Explicitly set 2-NaN propagation rule
Set the 2-NaN propagation rule explicitly in the float_status words
we use. We wrap this plus the pre-existing setting of the
tininess-before-rounding flag in a new function
arm_set_default_fp_behaviours() to avoid repetition, since we have a
lot of float_status words at this point.
The situation with FPA11 emulation in linux-user is a little odd, and
arguably "correct" behaviour there would be to exactly match a real
Linux kernel's FPA11 emulation. However FPA11 emulation is
essentially dead at this point and so it seems better to continue
with QEMU's current behaviour and leave a comment describing the
situation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-4-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:53 +0000 (10:09 +0000)]
tests/fp: Explicitly set 2-NaN propagation rule
Explicitly set a 2-NaN propagation rule in the softfloat tests. In
meson.build we put -DTARGET_ARM in fpcflags, and so we should select
here the Arm propagation rule of float_2nan_prop_s_ab.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-3-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:09:52 +0000 (10:09 +0000)]
softfloat: Allow 2-operand NaN propagation rule to be set at runtime
IEEE 758 does not define a fixed rule for which NaN to pick as the
result if both operands of a 2-operand operation are NaNs. As a
result different architectures have ended up with different rules for
propagating NaNs.
QEMU currently hardcodes the NaN propagation logic into the binary
because pickNaN() has an ifdef ladder for different targets. We want
to make the propagation rule instead be selectable at runtime,
because:
* this will let us have multiple targets in one QEMU binary
* the Arm FEAT_AFP architectural feature includes letting
the guest select a NaN propagation rule at runtime
* x86 specifies different propagation rules for x87 FPU ops
and for SSE ops, and specifying the rule in the float_status
would let us emulate this, instead of wrongly using the
x87 rules everywhere
In this commit we add an enum for the propagation rule, the field in
float_status, and the corresponding getters and setters. We change
pickNaN to honour this, but because all targets still leave this
field at its default 0 value, the fallback logic will pick the rule
type with the old ifdef ladder.
It's valid not to set a propagation rule if default_nan_mode is
enabled, because in that case there's no need to pick a NaN; all the
callers of pickNaN() catch this case and skip calling it. So we can
already assert that we don't get into the "no rule defined" codepath
for our four targets which always set default_nan_mode: Hexagon,
RiscV, SH4 and Tricore, and for the one target which does not have FP
at all: avr. These targets will not need to be updated to call
set_float_2nan_prop_rule().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20241025141254.
2141506-2-peter.maydell@linaro.org
Peter Maydell [Tue, 5 Nov 2024 10:06:08 +0000 (10:06 +0000)]
Merge tag 'pull-aspeed-
20241104' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fixed eMMC size calculation
* Fixed IRQ definitions on AST2700
* Added RTC support to AST2700
* Fixed timer IRQ status on AST2600
* Improved SDHCI model with new registers
* Added -nodefaults support to AST1030
* Provided a way to use an eMMC device without boot partitions
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmcoo4oACgkQUaNDx8/7
# 7KGYAQ/9GWiwM7SHFD/WTEo6iClQCk+Do3pzGXZPQq7WLqYhBU8mYwSaqMDUtXj+
# MQVywyLxSYaKdCKessN0haATyzEDVRtxKwIRnbrSDWWnxG8NGj2esOTsU6/wgfD4
# FqARaMH91FQB6rY8QbmbGmqTJ1QbWEPXj7v2piJol5dvI2Oe8iqn/6z1Cv4NMXwh
# aYHwSVwcHLD9tfmyXP0DKN/XHLC4pTAOoU96ajcN6RRW+D6vuQEsQq0caZt8CHQc
# I2oSptU+RZF2DPbSeEB42y9I138/kQzTIaVnbBN//NLRwbzRsLlXhA92F2CJyDrD
# FGNQyynteil8F7M5Oab47fFia1QF/v4G45VOAsHpT1tLBsZPKJdRwfLLqDPZbVbG
# 2lAVuukqW0gKoEHsXfVsDzcIxpX81SlUsccHY4kCxsRNnwSzCWaDK9OOTx3CAxjG
# CzzDgQszNr/12dzkWExIhLpMhQNeiUXX1veAH/jzbjyRAKxzjkDYaX2lUC3MfmqX
# irjmzOU0AbtComv4ybeBqtqNmQvUx5/y993Hgakc9mqqCoAm/Fn4qtx6uW5vSSZJ
# w4heyWbzcLp5RIzSYZypWlmgI+3bJgJq2aX276MYqAe3m8PnUCkuW9NTsfb+ARMl
# XGExHPNrAsw7eiiQsTa7Byt/jkEf3KmEp8ye+3cAvJwPgxlDyys=
# =ms8H
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 10:35:54 GMT
# gpg: using RSA key
A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-aspeed-
20241104' of https://github.com/legoater/qemu:
aspeed: Don't set always boot properties of the emmc device
aspeed: Support create flash devices via command line for AST1030
hw/sd/aspeed_sdhci: Introduce Capabilities Register 2 for SD slot 0 and 1
hw/timer/aspeed: Fix interrupt status does not be cleared for AST2600
hw/timer/aspeed: Fix coding style
aspeed/soc: Support RTC for AST2700
hw/arm/aspeed_ast27x0: Avoid hardcoded '256' in IRQ calculation
hw/arm/aspeed_ast27x0: Use bsa.h for PPI definitions
hw/sd/sdcard: Fix calculation of size when using eMMC boot partitions
hw/arm: enable at24c with aspeed
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Nov 2024 10:05:59 +0000 (10:05 +0000)]
Merge tag 'pull-ppc-for-9.2-1-
20241104' of https://gitlab.com/npiggin/qemu into staging
* Various bug fixes
* Big cleanup of deprecated machines
* Power11 support for spapr
* XIVE improvements
* Goodbye to Cedric and David as ppc reviewers, thank you both o7
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEETkN92lZhb0MpsKeVZ7MCdqhiHK4FAmcoEicACgkQZ7MCdqhi
# HK5M8Q//fz+ZkJndXkBjb1Oinx+q+eVtNm2JrvcWIsXyhG3K+6VxYPp69H+SRv/Z
# TWuUqMQPxq8mhQvBJlDAttp/oaUEiOcCRvs/iUoBN12L4mVxXfdoT88TZ4frN3eP
# 8bePq+DW2N/7gpmsJm5CyEZPpcf9AjVHgLRp3KYFkOJ/14uzvuwnocU39gl+2IUh
# MXHTedQgMNXaKorJXk1NVdM6NxMuVhOvwxAs6ya2gwhxyA5tteo5PiQOnDJWkejf
# xg3RRsNzGYcs1Qg/3kFIf3RfEB0aYbPxROM8IfPaJWKN5KnMggj/JAkHyK1x/V3J
# wml7+cB0doMt/yRiuYJhXpyrtOqpvjRWPA6RhxECWW2kwrovv8NAF8IrFnw9NvOQ
# QC66ZaaFcbAcFrVT1e/iggU76d01II6m4OAgKcXw+FRHgps4VU9y83j7ApNnNUWN
# IXp9hkzoHi5VwX0FrG4ELUr2iEf1HASMvM8EZ/0AxzWj5iNtQB8lFsrEdaGVXyIS
# M5JaJeNjCn4koCyYaFSctH5eKtbzIwnGWnDcdTwaOuQ+9itBvY8O+HZalE6sAc5S
# kLFZ7i/Ut/qxbY5pMumt8LKD4pR1SsOxFB8dJCmn/f/tvRGtIVsoY6btNe4M0+24
# 42MxZbWO6W379C32bwbtsPiGA+aLSgShjP4cWm9cgRjz4RJFnwg=
# =vmIG
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 00:15:35 GMT
# gpg: using RSA key
4E437DDA56616F4329B0A79567B30276A8621CAE
# gpg: Good signature from "Nicholas Piggin <npiggin@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4E43 7DDA 5661 6F43 29B0 A795 67B3 0276 A862 1CAE
* tag 'pull-ppc-for-9.2-1-
20241104' of https://gitlab.com/npiggin/qemu: (67 commits)
MAINTAINERS: Remove myself as reviewer
MAINTAINERS: Remove myself from XIVE
MAINTAINERS: Remove myself from the PowerNV machines
hw/ppc: Consolidate ppc440 initial mapping creation functions
hw/ppc: Consolidate e500 initial mapping creation functions
tests/qtest: Add XIVE tests for the powernv10 machine
pnv/xive2: TIMA CI ops using alternative offsets or byte lengths
pnv/xive2: TIMA support for 8-byte OS context push for PHYP
pnv/xive: Update PIPR when updating CPPR
pnv/xive: Add special handling for pool targets
ppc/xive2: Support "Pull Thread Context to Odd Thread Reporting Line"
ppc/xive2: Change context/ring specific functions to be generic
ppc/xive2: Support "Pull Thread Context to Register" operation
ppc/xive2: Allow 1-byte write of Target field in TIMA
ppc/xive2: Dump the VP-group and crowd tables with 'info pic'
ppc/xive2: Dump more NVP state with 'info pic'
pnv/xive2: Support for "OS LGS Push" TIMA operation
ppc/xive2: Support TIMA "Pull OS Context to Odd Thread Reporting Line"
pnv/xive2: Define OGEN field in the TIMA
pnv/xive: TIMA patch sets pre-req alignment and formatting changes
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pierrick Bouvier [Wed, 23 Oct 2024 21:28:12 +0000 (14:28 -0700)]
contrib/plugins: remove Makefile for contrib/plugins
Now replaced by meson build.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20241023212812.
1376972-4-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Pierrick Bouvier [Wed, 23 Oct 2024 21:28:11 +0000 (14:28 -0700)]
meson: build contrib/plugins with meson
Tried to unify this meson.build with tests/tcg/plugins/meson.build but
the resulting modules are not output in the right directory.
Originally proposed by Anton Kochkov, thank you!
Solves: https://gitlab.com/qemu-project/qemu/-/issues/1710
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20241023212812.
1376972-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Pierrick Bouvier [Wed, 23 Oct 2024 21:28:10 +0000 (14:28 -0700)]
contrib/plugins/cflow: fix warning
contrib/plugins/cflow.c: In function ‘plugin_exit’:
contrib/plugins/cflow.c:167:19: error: declaration of ‘n’ shadows a previous local [-Werror=shadow=local]
167 | NodeData *n = l->data;
| ^
contrib/plugins/cflow.c:139:9: note: shadowed declaration is here
139 | int n = 0;
| ^
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20241023212812.
1376972-2-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Zhenzhong Duan [Mon, 4 Nov 2024 12:55:36 +0000 (20:55 +0800)]
intel_iommu: Add missed reserved bit check for IEC descriptor
IEC descriptor is 128-bit invalidation descriptor, must be padded with
128-bits of 0s in the upper bytes to create a 256-bit descriptor when
the invalidation queue is configured for 256-bit descriptors (IQA_REG.DW=1).
Fixes: 02a2cbc872df ("x86-iommu: introduce IEC notifiers")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <
20241104125536.
1236118-4-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhenzhong Duan [Mon, 4 Nov 2024 12:55:35 +0000 (20:55 +0800)]
intel_iommu: Add missed sanity check for 256-bit invalidation queue
According to VTD spec, a 256-bit descriptor will result in an invalid
descriptor error if submitted in an IQ that is setup to provide hardware
with 128-bit descriptors (IQA_REG.DW=0). Meanwhile, there are old inv desc
types (e.g. iotlb_inv_desc) that can be either 128bits or 256bits. If a
128-bit version of this descriptor is submitted into an IQ that is setup
to provide hardware with 256-bit descriptors will also result in an invalid
descriptor error.
The 2nd will be captured by the tail register update. So we only need to
focus on the 1st.
Because the reserved bit check between different types of invalidation desc
are common, so introduce a common function vtd_inv_desc_reserved_check()
to do all the checks and pass the differences as parameters.
With this change, need to replace error_report_once() call with error_report()
to catch different call sites. This isn't an issue as error_report_once()
here is mainly used to help debug guest error, but it only dumps once in
qemu life cycle and doesn't help much, we need error_report() instead.
Fixes: c0c1d351849b ("intel_iommu: add 256 bits qi_desc support")
Suggested-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <
20241104125536.
1236118-3-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhenzhong Duan [Mon, 4 Nov 2024 12:55:34 +0000 (20:55 +0800)]
intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL
According to VTD spec, Figure 11-22, Invalidation Queue Tail Register,
"When Descriptor Width (DW) field in Invalidation Queue Address Register
(IQA_REG) is Set (256-bit descriptors), hardware treats bit-4 as reserved
and a value of 1 in the bit will result in invalidation queue error."
Current code missed to send IQE event to guest, fix it.
Fixes: c0c1d351849b ("intel_iommu: add 256 bits qi_desc support")
Suggested-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <
20241104125536.
1236118-2-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Salil Mehta [Sun, 3 Nov 2024 10:24:19 +0000 (10:24 +0000)]
hw/acpi: Update GED with vCPU Hotplug VMSD for migration
The ACPI CPU hotplug states must be migrated along with other vCPU
hotplug states to the destination VM. Update the GED's VM State
Description (VMSD) table subsection to conditionally include the CPU
Hotplug VM State Description (VMSD).
Excerpt of GED VMSD State Dump at Source:
"acpi-ged (16)": {
"ged_state": {
"sel": "0x00000000"
},
[...]
"acpi-ged/cpuhp": {
"cpuhp_state": {
"selector": "0x00000005",
"command": "0x00",
"devs": [
{
"is_inserting": false,
"is_removing": false,
"ost_event": "0x00000000",
"ost_status": "0x00000000"
},
[...]
{
"is_inserting": false,
"is_removing": false,
"ost_event": "0x00000000",
"ost_status": "0x00000000"
}
]
}
}
},
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Message-Id: <
20241103102419.202225-6-salil.mehta@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Salil Mehta [Mon, 4 Nov 2024 11:28:23 +0000 (06:28 -0500)]
tests/qtest/bios-tables-test: Update DSDT golden masters for x86/{pc,q35}
Update DSDT golden master files for x86/pc and x86/q35 platforms to
accommodate changes made in the architecture-agnostic CPU AML. These
updates notify the guest OS of vCPU hot-plug and hot-unplug status
using the ACPI `_STA.Enabled` bit.
The following is a diff of the changes in the .dsl file generated with
IASL:
@@ -1480,6 +1480,7 @@
CRMV, 1,
CEJ0, 1,
CEJF, 1,
+ CPRS, 1,
Offset (0x05),
CCMD, 8
}
@@ -1514,9 +1515,16 @@
Acquire (\_SB.PCI0.PRES.CPLK, 0xFFFF)
\_SB.PCI0.PRES.CSEL = Arg0
Local0 = Zero
- If ((\_SB.PCI0.PRES.CPEN == One))
- {
- Local0 = 0x0F
+ If ((\_SB.PCI0.PRES.CPRS == One))
+ {
+ If ((\_SB.PCI0.PRES.CPEN == One))
+ {
+ Local0 = 0x0F
+ }
+ Else
+ {
+ Local0 = 0x0D
+ }
}
Release (\_SB.PCI0.PRES.CPLK)
Reported-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Salil Mehta [Sun, 3 Nov 2024 10:24:17 +0000 (10:24 +0000)]
hw/acpi: Update ACPI `_STA` method with QOM vCPU ACPI Hotplug states
Reflect the QOM vCPUs ACPI CPU hotplug states in the `_STA.Present` and
and `_STA.Enabled` bits when the guest kernel evaluates the ACPI
`_STA` method during initialization, as well as when vCPUs are
hot-plugged or hot-unplugged. If the CPU is present then the its
`enabled` status can be fetched using architecture-specific code [1].
Reference:
[1] Example implementation of architecture-specific hook to fetch CPU
`enabled status
Link: https://github.com/salil-mehta/qemu/commit/c0b416b11e5af6505e558866f0eb6c9f3709173e
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Message-Id: <
20241103102419.202225-4-salil.mehta@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Salil Mehta [Sun, 3 Nov 2024 10:24:16 +0000 (10:24 +0000)]
qtest: allow ACPI DSDT Table changes
list changed files in tests/qtest/bios-tables-test-allowed-diff.h
Reported-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Message-Id: <
20241103102419.202225-3-salil.mehta@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Salil Mehta [Sun, 3 Nov 2024 10:24:15 +0000 (10:24 +0000)]
hw/acpi: Make CPUs ACPI `presence` conditional during vCPU hot-unplug
On most architectures, during vCPU hot-plug and hot-unplug actions, the
firmware or VMM/QEMU can update the OS on vCPU status by toggling the
ACPI method `_STA.Present` bit. However, certain CPU architectures
prohibit [1] modifications to a CPU’s `presence` status after the kernel
has booted.
This limitation [2][3] exists because many per-CPU components, such as
interrupt controllers and various per-CPU features tightly integrated
with CPUs, may not support reconfiguration once the kernel is
initialized. Often, these components cannot be powered down, as they may
belong to an `always-on` power domain. As a result, some architectures
require all CPUs to remain `_STA.Present` after system initialization.
Therefore, it is essential to mirror the exact QOM vCPU status through
ACPI for the Guest kernel. For this, we should determine—via
architecture-specific code[4]—whether vCPUs must always remain present
and whether the associated `AcpiCpuStatus::cpu` object should remain
valid, even following a vCPU hot-unplug operation.
References:
[1] Check comment 5 in the bugzilla entry
Link: https://bugzilla.tianocore.org/show_bug.cgi?id=4481#c5
[2] KVMForum 2023 Presentation: Challenges Revisited in Supporting Virt CPU Hotplug on
architectures that don’t Support CPU Hotplug (like ARM64)
Link: https://kvm-forum.qemu.org/2023/KVM-forum-cpu-hotplug_7OJ1YyJ.pdf
b. Qemu Link: https://kvm-forum.qemu.org/2023/Challenges_Revisited_in_Supporting_Virt_CPU_Hotplug_-__ii0iNb3.pdf
[3] KVMForum 2020 Presentation: Challenges in Supporting Virtual CPU Hotplug on
SoC Based Systems (like ARM64)
Link: https://kvmforum2020.sched.com/event/eE4m
[4] Example implementation of architecture-specific CPU persistence hook
Link: https://github.com/salil-mehta/qemu/commit/c0b416b11e5af6505e558866f0eb6c9f3709173e
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Message-Id: <
20241103102419.202225-2-salil.mehta@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Roque Arcudia Hernandez [Fri, 1 Nov 2024 21:59:23 +0000 (21:59 +0000)]
hw/pci: Add parenthesis to PCI_BUILD_BDF macro
The bus parameter in the macro PCI_BUILD_BDF is not surrounded by
parenthesis. This can create a compile error when warnings are
treated as errors or can potentially create runtime errors due to the
operator precedence.
For instance:
file.c:x:32: error: suggest parentheses around '-' inside '<<'
[-Werror=parentheses]
171 | uint16_t bdf = PCI_BUILD_BDF(a - b, sdev->devfn);
| ~~^~~
include/hw/pci/pci.h:19:41: note: in definition of macro
'PCI_BUILD_BDF'
19 | #define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn))
| ^~~
cc1: all warnings being treated as errors
Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Reviewed-by: Nabih Estefan <nabihestefan@google.com>
Message-Id: <
20241101215923.
3399311-1-roqueh@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:17 +0000 (13:39 +0000)]
hw/cxl: Ensure there is enough data to read the input header in cmd_get_physical_port_state()
If len_in is smaller than the header length then the accessing the
number of ports will result in an out of bounds access.
Add a check to avoid this.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-11-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:16 +0000 (13:39 +0000)]
hw/cxl: Ensure there is enough data for the header in cmd_ccls_set_lsa()
The properties of the requested set command cannot be established if
len_in is less than the size of the header.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-10-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:15 +0000 (13:39 +0000)]
hw/cxl: Check that writes do not go beyond end of target attributes
In cmd_features_set_feature() the an offset + data size schemed
is used to allow for large features. Ensure this does not write
beyond the end fo the buffers used to accumulate the full feature
attribute set.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-9-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:14 +0000 (13:39 +0000)]
hw/cxl: Ensuring enough data to read parameters in cmd_tunnel_management_cmd()
If len_in is less than the minimum spec allowed value, then return
CXL_MBOX_INVALID_PAYLOAD_LENGTH
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-8-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:13 +0000 (13:39 +0000)]
hw/cxl: Avoid accesses beyond the end of cel_log.
Add a check that the requested offset + length does not go beyond the end
of the cel_log.
Whilst the cci->cel_log is large enough to include all possible CEL
entries, the guest might still ask for entries beyond the end of it.
Move the comment to this new check rather than before the check on the
type of log requested.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-7-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:12 +0000 (13:39 +0000)]
hw/cxl: Check the length of data requested fits in get_log()
Checking offset + length is of no relevance when verifying the CEL
data will fit in the mailbox payload. Only the length is is relevant.
Note that this removes a potential overflow.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-6-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:11 +0000 (13:39 +0000)]
hw/cxl: Check enough data in cmd_firmware_update_transfer()
Buggy guest can write a message that advertises more data that
is provided. As QEMU internally duplicates the reported message
size, this may result in an out of bounds access.
Add sanity checks on the size to avoid this.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-5-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:10 +0000 (13:39 +0000)]
hw/cxl: Check input length is large enough in cmd_events_clear_records()
Buggy software might write a message that is too short for
either the header, or the header + the event data that is specified
in the header. This may result in accesses beyond the range of the
message allocated as a duplicate of the incoming message buffer.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:09 +0000 (13:39 +0000)]
hw/cxl: Check input includes at least the header in cmd_features_set_feature()
A buggy guest might write an insufficiently large message.
Check the header is present. Whilst zero data after the header is very
odd it will just result in failure to copy any data.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 1 Nov 2024 13:39:08 +0000 (13:39 +0000)]
hw/cxl: Check size of input data to dynamic capacity mailbox commands
cxl_cmd_dcd_release_dyn_cap() and cmd_dcd_add_dyn_cap_rsp() are missing
input message size checks. These must be done in the individual
commands when the command has a variable length input payload.
A buggy or malicious guest might send undersized messages via the mailbox.
As that size is used to take a copy of the mailbox content, each command
must check there is sufficient data. In this case the first check is that
there is enough data to read how many extents there are, and the second
that there is enough for those elements to be accessed.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101133917.27634-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fan Ni [Fri, 1 Nov 2024 13:20:05 +0000 (13:20 +0000)]
hw/cxl/cxl-mailbox-util: Fix output buffer index update when retrieving DC extents
In the function of retrieving DC extents (cmd_dcd_get_dyn_cap_ext_list),
the output buffer index was not correctly updated while iterating the
extent list on the device, leaving the extents returned incorrect except for
the first one.
Fixes: 1c9221f19e62 ("hw/mem/cxl_type3: Add DC extent list representative and get DC extent list mailbox support")
Signed-off-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101132005.26633-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fan Ni [Fri, 1 Nov 2024 13:20:04 +0000 (13:20 +0000)]
cxl/cxl-mailbox-utils: Fix size check for cmd_firmware_update_get_info
In the function cmd_firmware_update_get_info for handling Get FW info
command (0x0200h), the vmem, pmem and DC capacity size check were
incorrect. The size should be aligned to 256MiB, not smaller than
256MiB.
Signed-off-by: Fan Ni <fan.ni@samsung.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241101132005.26633-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Marcin Juszkiewicz [Wed, 23 Oct 2024 11:38:20 +0000 (13:38 +0200)]
pcie: enable Extended tag field support
>From what I read PCI has 32 transactions, PCI Express devices can handle
256 with Extended tag enabled (spec mentions also larger values but I
lack PCIe knowledge).
QEMU leaves 'Extended tag field' with 0 as value:
Capabilities: [e0] Express (v1) Root Complex Integrated Endpoint, IntMsgNum 0
DevCap: MaxPayload 128 bytes, PhantFunc 0
ExtTag- RBE+ FLReset- TEE-IO-
SBSA ACS has test 824 which checks for PCIe device capabilities. BSA
specification [1] (SBSA is on top of BSA) in section F.3.2 lists
expected values for Device Capabilities Register:
Device Capabilities Register Requirement
Role based error reporting RCEC and RCiEP: Hardwired to 1
Endpoint L0s acceptable latency RCEC and RCiEP: Hardwired to 0
L1 acceptable latency RCEC and RCiEP: Hardwired to 0
Captured slot power limit scale RCEC and RCiEP: Hardwired to 0
Captured slot power limit value RCEC and RCiEP: Hardwired to 0
Max payload size value must be compliant with PCIe spec
Phantom functions RCEC and RCiEP: Recommendation is to
hardwire this bit to 0.
Extended tag field Hardwired to 1
1. https://developer.arm.com/documentation/den0094/c/
This change enables Extended tag field. All versioned platforms should
have it disabled for older versions (tested with Arm/virt).
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-Id: <
20241023113820.486017-1-marcin.juszkiewicz@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhenzhong Duan [Mon, 28 Oct 2024 02:25:14 +0000 (10:25 +0800)]
intel_iommu: Introduce property "stale-tm" to control Transient Mapping (TM) field
VT-d spec removed Transient Mapping (TM) field from second-level page-tables
and treat the field as Reserved(0) since revision 3.2.
Changing the field as reserved(0) will break backward compatibility, so
introduce a property "stale-tm" to allow user to control the setting.
Use pc_compat_9_1 to handle the compatibility for machines before 9.2 which
allow guest to set the field. Starting from 9.2, this field is reserved(0)
by default to match spec. Of course, user can force it on command line.
This doesn't impact function of vIOMMU as there was no logic to emulate
Transient Mapping.
Suggested-by: Yi Liu <yi.l.liu@intel.com>
Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <
20241028022514.806657-1-zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Albert Esteve [Tue, 22 Oct 2024 12:46:14 +0000 (14:46 +0200)]
vhost-user: fix shared object return values
VHOST_USER_BACKEND_SHARED_OBJECT_ADD and
VHOST_USER_BACKEND_SHARED_OBJECT_REMOVE state
in the spec that they return 0 for successful
operations, non-zero otherwise. However,
implementation relies on the return types
of the virtio-dmabuf library, with opposite
semantics (true if everything is correct,
false otherwise). Therefore, current
implementation violates the specification.
Revert the logic so that the implementation
of the vhost-user handling methods matches
the specification.
Fixes: 043e127a126bb3ceb5fc753deee27d261fd0c5ce
Fixes: 160947666276c5b7f6bca4d746bcac2966635d79
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Albert Esteve <aesteve@redhat.com>
Message-Id: <
20241022124615.585596-1-aesteve@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 14 Oct 2024 12:19:02 +0000 (13:19 +0100)]
hw/pci-bridge: Make pxb_dev_realize_common() return if it succeeded
For the CXL PXB there is additional code after pxb_dev_realize_common()
is called. If that realize failed (e.g. due to an out of range numa_node)
we will get a segfault. Return a bool so the caller can check if the
pxb_dev_realize_common() succeeded or not without having to poke around
in the errp.
Fixes: 4f8db8711cbd ("hw/pxb: Allow creation of a CXL PXB (host bridge)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-8-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 14 Oct 2024 12:19:01 +0000 (13:19 +0100)]
hw/cxl: Fix indent of structure member
Add missing 4 spaces of indent to structure element.
Reported-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-7-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Shiju Jose [Mon, 14 Oct 2024 12:19:00 +0000 (13:19 +0100)]
hw/cxl/cxl-mailbox-utils: Fix for device DDR5 ECS control feature tables
CXL spec 3.1 section 8.2.9.9.11.2 describes the DDR5 Error Check Scrub (ECS)
control feature.
ECS log capabilities field in following ECS tables, which is common for all
memory media FRUs in a CXL device.
Fix struct CXLMemECSReadAttrs and struct CXLMemECSWriteAttrs to make
log entry type field common.
Fixes: 2d41ce38fb9a ("hw/cxl/cxl-mailbox-utils: Add device DDR5 ECS control feature")
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-6-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fan Ni [Mon, 14 Oct 2024 12:18:59 +0000 (13:18 +0100)]
hw/mem/cxl_type3: Fix More flag setting for dynamic capacity event records
Per cxl spec r3.1, for multiple dynamic capacity event records grouped via
the More flag, the last record in the sequence should clear the More flag.
Before the change, the More flag of the event record is cleared before
the loop of inserting records into the event log, which will leave the flag
always set once it is set in the loop.
Fixes: d0b9b28a5b9f ("hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents")
Signed-off-by: Fan Ni <fan.ni@samsung.com>
Link: https://lore.kernel.org/r/20240827164304.88876-2-nifan.cxl@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-5-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Yao Xingtao [Mon, 14 Oct 2024 12:18:58 +0000 (13:18 +0100)]
mem/cxl_type3: Fix overlapping region validation error
When injecting a new poisoned region through qmp_cxl_inject_poison(),
the newly injected region should not overlap with existing poisoned
regions.
The current validation method does not consider the following
overlapping region:
┌───┬───────┬───┐
│a │ b(a) │a │
└───┴───────┴───┘
(a is a newly added region, b is an existing region, and b is a
subregion of a)
Fixes: 9547754f40ee ("hw/cxl: QMP based poison injection support")
Signed-off-by: Yao Xingtao <yaoxt.fnst@fujitsu.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ajay Joshi [Mon, 14 Oct 2024 12:18:57 +0000 (13:18 +0100)]
hw/cxl: Fix background completion percentage calculation
The current completion percentage calculation does not account for the
relative time since the start of the background activity, this leads to
showing incorrect start percentage vs what has actually been completed.
This patch calculates the percentage based on the actual elapsed time since
the start of the operation.
Fixes: 221d2cfbdb53 ("hw/cxl/mbox: Add support for background operations")
Signed-off-by: Ajay Joshi <ajay.opensrc@micron.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Link: https://lore.kernel.org/r/20240729102338.22337-1-ajay.opensrc@micron.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Dmitry Frolov [Mon, 14 Oct 2024 12:18:56 +0000 (13:18 +0100)]
hw/cxl: Fix uint32 overflow cxl-mailbox-utils.c
The sum offset + length may overflow uint32. Since this sum is
compared with uint64_t return value of get_lsa_size(), it makes
sense to choose uint64_t type for offset and length.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 3ebe676a3463 ("hw/cxl/device: Implement get/set Label Storage Area (LSA)")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Link: https://lore.kernel.org/r/20240917080925.270597-2-frolov@swemel.ru
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20241014121902.
2146424-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
yaozhenguo [Fri, 11 Oct 2024 10:29:13 +0000 (18:29 +0800)]
virtio/vhost-user: fix qemu abort when hotunplug vhost-user-net device
During the hot-unplugging of vhost-user-net type network cards,
the vhost_user_cleanup function may add the same rcu node to
the rcu linked list. The function call in this case is as follows:
vhost_user_cleanup
->vhost_user_host_notifier_remove
->call_rcu(n, vhost_user_host_notifier_free, rcu);
->g_free_rcu(n, rcu);
When this happens, QEMU will abort in try_dequeue:
if (head == &dummy && qatomic_mb_read(&tail) == &dummy.next) {
abort();
}
backtrace is as follows:
0 __pthread_kill_implementation () at /usr/lib64/libc.so.6
1 raise () at /usr/lib64/libc.so.6
2 abort () at /usr/lib64/libc.so.6
3 try_dequeue () at ../util/rcu.c:235
4 call_rcu_thread (0) at ../util/rcu.c:288
5 qemu_thread_start (0) at ../util/qemu-thread-posix.c:541
6 start_thread () at /usr/lib64/libc.so.6
7 clone3 () at /usr/lib64/libc.so.6
The reason for the abort is that adding two identical nodes to
the rcu linked list will cause the rcu linked list to become a ring,
but when the dummy node is added after the two identical nodes,
the ring is opened. But only one node is added to list with
rcu_call_count added twice. This will cause rcu try_dequeue abort.
This happens when n->addr != 0. In some scenarios, this does happen.
For example, this situation will occur when using a 32-queue DPU
vhost-user-net type network card for hot-unplug testing, because
VhostUserHostNotifier->addr will be cleared during the processing of
VHOST_USER_BACKEND_VRING_HOST_NOTIFIER_MSG. However,it is asynchronous,
so we cannot guarantee that VhostUserHostNotifier->addr is zero in
vhost_user_cleanup. Therefore, it is necessary to merge g_free_rcu
and vhost_user_host_notifier_free into one rcu node.
Fixes: 503e355465 ("virtio/vhost-user: dynamically assign VhostUserHostNotifiers")
Signed-off-by: yaozhenguo <yaozhenguo@jd.com>
Message-Id: <
20241011102913.45582-1-yaozhenguo@jd.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gao Shiyuan [Wed, 30 Oct 2024 13:13:24 +0000 (21:13 +0800)]
virtio-pci: fix memory_region_find for VirtIOPCIRegion's MR
As shown below, if a virtio PCI device is attached under a pci-bridge, the MR
of VirtIOPCIRegion does not belong to any address space. So memory_region_find
cannot be used to search for this MR.
Introduce the virtio-pci and pci_bridge address spaces to solve this problem.
Before:
memory-region: pci_bridge_pci
0000000000000000-
ffffffffffffffff (prio 0, i/o): pci_bridge_pci
00000000fe840000-
00000000fe840fff (prio 1, i/o): virtio-net-pci-msix
00000000fe840000-
00000000fe84003f (prio 0, i/o): msix-table
00000000fe840800-
00000000fe840807 (prio 0, i/o): msix-pba
0000380000000000-
0000380000003fff (prio 1, i/o): virtio-pci
0000380000000000-
0000380000000fff (prio 0, i/o): virtio-pci-common-virtio-net
0000380000001000-
0000380000001fff (prio 0, i/o): virtio-pci-isr-virtio-net
0000380000002000-
0000380000002fff (prio 0, i/o): virtio-pci-device-virtio-net
0000380000003000-
0000380000003fff (prio 0, i/o): virtio-pci-notify-virtio-net
After:
address-space: virtio-pci-cfg-mem-as
0000380000000000-
0000380000003fff (prio 1, i/o): virtio-pci
0000380000000000-
0000380000000fff (prio 0, i/o): virtio-pci-common-virtio-net
0000380000001000-
0000380000001fff (prio 0, i/o): virtio-pci-isr-virtio-net
0000380000002000-
0000380000002fff (prio 0, i/o): virtio-pci-device-virtio-net
0000380000003000-
0000380000003fff (prio 0, i/o): virtio-pci-notify-virtio-net
address-space: pci_bridge_pci_mem
0000000000000000-
ffffffffffffffff (prio 0, i/o): pci_bridge_pci
00000000fe840000-
00000000fe840fff (prio 1, i/o): virtio-net-pci-msix
00000000fe840000-
00000000fe84003f (prio 0, i/o): msix-table
00000000fe840800-
00000000fe840807 (prio 0, i/o): msix-pba
0000380000000000-
0000380000003fff (prio 1, i/o): virtio-pci
0000380000000000-
0000380000000fff (prio 0, i/o): virtio-pci-common-virtio-net
0000380000001000-
0000380000001fff (prio 0, i/o): virtio-pci-isr-virtio-net
0000380000002000-
0000380000002fff (prio 0, i/o): virtio-pci-device-virtio-net
0000380000003000-
0000380000003fff (prio 0, i/o): virtio-pci-notify-virtio-net
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2576
Fixes: ffa8a3e3b2e6 ("virtio-pci: Add lookup subregion of VirtIOPCIRegion MR")
Co-developed-by: Zuo Boqun <zuoboqun@baidu.com>
Signed-off-by: Zuo Boqun <zuoboqun@baidu.com>
Co-developed-by: Wang Liang <wangliang44@baidu.com>
Signed-off-by: Wang Liang <wangliang44@baidu.com>
Signed-off-by: Gao Shiyuan <gaoshiyuan@baidu.com>
Message-Id: <
20241030131324.34144-1-gaoshiyuan@baidu.com>
Tested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Suravee Suthikulpanit [Fri, 27 Sep 2024 17:29:13 +0000 (12:29 -0500)]
amd_iommu: Check APIC ID > 255 for XTSup
The XTSup mode enables x2APIC support for AMD IOMMU, which is needed
to support vcpu w/ APIC ID > 255.
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
Message-Id: <
20240927172913.121477-6-santosh.shukla@amd.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Suravee Suthikulpanit [Fri, 27 Sep 2024 17:29:12 +0000 (12:29 -0500)]
amd_iommu: Send notification when invalidate interrupt entry cache
In order to support AMD IOMMU interrupt remapping emulation with PCI
pass-through devices, QEMU needs to notify VFIO when guest IOMMU driver
updates and invalidate the guest interrupt remapping table (IRT), and
communicate information so that the host IOMMU driver can update
the shadowed interrupt remapping table in the host IOMMU.
Therefore, send notification when guest IOMMU emulates the IRT
invalidation commands.
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
Message-Id: <
20240927172913.121477-5-santosh.shukla@amd.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Suravee Suthikulpanit [Fri, 27 Sep 2024 17:29:11 +0000 (12:29 -0500)]
amd_iommu: Use shared memory region for Interrupt Remapping
Use shared memory region for interrupt remapping which can be
aliased by all devices.
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
Message-Id: <
20240927172913.121477-4-santosh.shukla@amd.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Suravee Suthikulpanit [Fri, 27 Sep 2024 17:29:10 +0000 (12:29 -0500)]
amd_iommu: Add support for pass though mode
Introduce 'nodma' shared memory region to support PT mode
so that for each device, we only create an alias to shared memory
region when DMA-remapping is disabled.
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
Message-Id: <
20240927172913.121477-3-santosh.shukla@amd.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Suravee Suthikulpanit [Fri, 27 Sep 2024 17:29:09 +0000 (12:29 -0500)]
amd_iommu: Rename variable mmio to mr_mmio
Rename the MMIO memory region variable 'mmio' to 'mr_mmio'
so to correctly name align with struct AMDVIState::variable type.
No functional change intended.
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
Message-Id: <
20240927172913.121477-2-santosh.shukla@amd.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ricardo Ribalda [Tue, 24 Sep 2024 13:24:12 +0000 (13:24 +0000)]
tests/acpi: pc: update golden masters for DSDT
Note: since all we did is replace VarPackageOp with PackageOP,
and both are represented by Package() in ASL, the AML is
different but ASL is the same.
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Message-Id: <
20240924132417.739809-4-ribalda@chromium.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Ricardo Ribalda [Tue, 24 Sep 2024 13:24:11 +0000 (13:24 +0000)]
hw/i386/acpi-build: return a non-var package from _PRT()
Windows XP seems to have issues when _PRT() returns a variable package.
We know in advance the size, so we can return a fixed package instead.
https://lore.kernel.org/qemu-devel/
c82d9331-a8ce-4bb0-b51f-
2ee789e27c86@ilande.co.uk/T/#m541190c942676bccf7a7f7fbcb450d94a4e2da53
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 99cb2c6c7b ("hw/i386/acpi-build: Return a pre-computed _PRT table")
Closes: https://lore.kernel.org/all/eb11c984-ebe4-4a09-9d71-1e9db7fe7e6f@ilande.co.uk/
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Message-Id: <
20240924132417.739809-3-ribalda@chromium.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ricardo Ribalda [Tue, 24 Sep 2024 13:24:10 +0000 (13:24 +0000)]
tests/acpi: pc: allow DSDT acpi table changes
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Message-Id: <
20240924132417.739809-2-ribalda@chromium.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Michael S. Tsirkin [Mon, 4 Nov 2024 14:11:46 +0000 (09:11 -0500)]
acpi/disassemle-aml.sh: fix up after dir reorg
We moved expected files around, fix up the disassembler script.
Fixes: 7c08eefcaf ("tests/data/acpi: Move x86 ACPI tables under x86/${machine} path")
Fixes: 7434f90467 ("tests/data/acpi/virt: Move ARM64 ACPI tables under aarch64/${machine} path")
Cc: "Sunil V L" <sunilvl@ventanamicro.com>
Message-ID: <
ce456091058734b7f765617ac5dfeebcb366d4a9.
1730729695.git.mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Vladimir Sementsov-Ogievskiy [Fri, 20 Sep 2024 09:49:36 +0000 (12:49 +0300)]
qapi: introduce device-sync-config
Add command to sync config from vhost-user backend to the device. It
may be helpful when VHOST_USER_SLAVE_CONFIG_CHANGE_MSG failed or not
triggered interrupt to the guest or just not available (not supported
by vhost-user server).
Command result is racy if allow it during migration. Let's not allow
that.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Raphael Norwitz <raphael@enfabrica.net>
Message-Id: <
20240920094936.450987-4-vsementsov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Vladimir Sementsov-Ogievskiy [Fri, 20 Sep 2024 09:49:35 +0000 (12:49 +0300)]
vhost-user-blk: split vhost_user_blk_sync_config()
Split vhost_user_blk_sync_config() out from
vhost_user_blk_handle_config_change(), to be reused in the following
commit.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Acked-by: Raphael Norwitz <raphael@enfabrica.net>
Message-Id: <
20240920094936.450987-3-vsementsov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Vladimir Sementsov-Ogievskiy [Fri, 20 Sep 2024 09:49:34 +0000 (12:49 +0300)]
qdev-monitor: add option to report GenericError from find_device_state
Here we just prepare for the following patch, making possible to report
GenericError as recommended.
This patch doesn't aim to prevent further use of DeviceNotFound by
future interfaces:
- find_device_state() is used in blk_by_qdev_id() and qmp_get_blk()
functions, which may lead to spread of DeviceNotFound anyway
- also, nothing prevent simply copy-pasting find_device_state() calls
with false argument
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Raphael Norwitz <raphael@enfabrica.net>
Message-Id: <
20240920094936.450987-2-vsementsov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:18 +0000 (18:35 +0100)]
hw/pci-bridge/cxl-upstream: Add properties to control link speed and width
To establish performance characteristics of a CXL device when used via a
particular CXL topology (root ports, switches, end points) it is necessary
to set the appropriate link speed and width in the PCI Express capability
structure. Provide x-speed and x-link properties for this.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-7-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:17 +0000 (18:35 +0100)]
hw/mem/cxl-type3: Add properties to control link speed and width
To establish performance characteristics of a CXL device when used via a
particular CXL topology (root ports, switches, end points) it is necessary
to set the appropriate link speed and width in the PCI Express capability
structure. Provide x-speed and x-link properties for this.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-6-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:16 +0000 (18:35 +0100)]
hw/pcie: Provide a utility function for control of EP / SW USP link
Whilst similar to existing PCIESlot link configuration a few registers
need to be set differently so that the downstream device presents
a 'configured' state that is then used to 'train' the upstream port
on the link. Basically that means setting the status register to
reflect it succeeding in training up to target settings.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-5-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:15 +0000 (18:35 +0100)]
hw/pcie: Factor out PCI Express link register filling common to EP.
Whilst not all link related registers are common between RP / Switch DSP
and EP / Switch USP many of them are. Factor that group out to save
on duplication when adding EP / Swtich USP configurability.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:14 +0000 (18:35 +0100)]
hw/pci-bridge/cxl_upstream: Provide x-speed and x-width properties.
Copied from gen_pcie_root_port.c
Drop the previous code that ensured a valid value in s->width, s->speed
as now a default is provided so this will always be set.
Note this changes the default settings but it is unlikely to have a negative
effect on software as will only affect ports with now downstream device.
All other ports will use the settings from that device.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:35:13 +0000 (18:35 +0100)]
hw/pci-bridge/cxl_root_port: Provide x-speed and x-width properties.
Approach copied from gen_pcie_root_port.c
Previously the link defaulted to a maximum of 2.5GT/s and 1x. Enable setting
it's maximum values. The actual value after 'training' will depend on the
downstream device configuration.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916173518.
1843023-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:43:21 +0000 (18:43 +0100)]
hw/acpi: Generic Initiator - add missing object class property descriptions.
>From review of the Generic Ports support.
These properties had no description set so add one.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916174321.
1843228-1-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:42:37 +0000 (18:42 +0100)]
hw/acpi: Make storage of node id uint32_t to reduce fragility
>From review of generic port introduction.
The value is handled as a uint32_t so store it in that type.
The value cannot in reality exceed MAX_NODES which is currently
128 but if the types are matched there is no need to rely on that
restriction.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916174237.
1843213-1-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:41:22 +0000 (18:41 +0100)]
hw/acpi: Generic Port Affinity Structure support
These are very similar to the recently added Generic Initiators
but instead of representing an initiator of memory traffic they
represent an edge point beyond which may lie either targets or
initiators. Here we add these ports such that they may
be targets of hmat_lb records to describe the latency and
bandwidth from host side initiators to the port. A discoverable
mechanism such as UEFI CDAT read from CXL devices and switches
is used to discover the remainder of the path, and the OS can build
up full latency and bandwidth numbers as need for work and data
placement decisions.
Acked-by: Markus Armbruster <armbru@redhat.com>
Tested-by: "Huang, Ying" <ying.huang@intel.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916174122.
1843197-1-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Mon, 16 Sep 2024 17:10:14 +0000 (18:10 +0100)]
hw/pci-host/gpex-acpi: Use acpi_uid property.
Reduce the direct use of PCI internals inside ACPI table creation.
Suggested-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <
20240916171017.
1841767-10-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
projects / qemu.git / log