qemu.git
9 months agocontrib/plugins/hotpages: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:49 +0000 (16:02 +0000)]
contrib/plugins/hotpages: fix 32-bit build

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-11-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-21-alex.bennee@linaro.org>

9 months agocontrib/plugins/hwprofile: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:48 +0000 (16:02 +0000)]
contrib/plugins/hwprofile: fix 32-bit build

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-10-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-20-alex.bennee@linaro.org>

9 months agocontrib/plugins/cflow: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:47 +0000 (16:02 +0000)]
contrib/plugins/cflow: fix 32-bit build

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-9-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-19-alex.bennee@linaro.org>

9 months agocontrib/plugins/hotblocks: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:46 +0000 (16:02 +0000)]
contrib/plugins/hotblocks: fix 32-bit build

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241217224306.2900490-8-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-18-alex.bennee@linaro.org>

9 months agocontrib/plugins/cache: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:45 +0000 (16:02 +0000)]
contrib/plugins/cache: fix 32-bit build

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241217224306.2900490-7-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-17-alex.bennee@linaro.org>

9 months agocontrib/plugins/stoptrigger: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:44 +0000 (16:02 +0000)]
contrib/plugins/stoptrigger: fix 32-bit build

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241217224306.2900490-6-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-16-alex.bennee@linaro.org>

9 months agotests/tcg/plugins/mem: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:43 +0000 (16:02 +0000)]
tests/tcg/plugins/mem: fix 32-bit build

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-5-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-15-alex.bennee@linaro.org>

9 months agotests/tcg/plugins/syscall: fix 32-bit build
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:42 +0000 (16:02 +0000)]
tests/tcg/plugins/syscall: fix 32-bit build

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-4-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-14-alex.bennee@linaro.org>

9 months agocontrib/plugins/howvec: ensure we don't regress if this plugin is extended
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:41 +0000 (16:02 +0000)]
contrib/plugins/howvec: ensure we don't regress if this plugin is extended

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241217224306.2900490-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-13-alex.bennee@linaro.org>

9 months agotests/tcg/plugins/insn: remove unused callback parameter
Pierrick Bouvier [Thu, 16 Jan 2025 16:02:40 +0000 (16:02 +0000)]
tests/tcg/plugins/insn: remove unused callback parameter

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-12-alex.bennee@linaro.org>

9 months agosystem: propagate Error to gdbserver_start (and other device setups)
Alex Bennée [Thu, 16 Jan 2025 16:02:39 +0000 (16:02 +0000)]
system: propagate Error to gdbserver_start (and other device setups)

This started as a clean-up to properly pass a Error handler to the
gdbserver_start so we could do the right thing for command line and
HMP invocations.

Now that we have cleaned up foreach_device_config_or_exit() in earlier
patches we can further simplify by it by passing &error_fatal instead
of checking the return value. Having a return value is still useful
for HMP though so tweak the return to use a simple bool instead.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-11-alex.bennee@linaro.org>

9 months agosystem: squash usb_parse into a single function
Alex Bennée [Thu, 16 Jan 2025 16:02:38 +0000 (16:02 +0000)]
system: squash usb_parse into a single function

We don't need to wrap usb_device_add as usb_parse is already gated
with an if (machine_usb(current_machine)) check. Instead just assert
and directly fail if usbdevice_create returns NULL.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-10-alex.bennee@linaro.org>

9 months agosystem/vl: more error exit into config enumeration code
Alex Bennée [Thu, 16 Jan 2025 16:02:37 +0000 (16:02 +0000)]
system/vl: more error exit into config enumeration code

All of the failures to configure devices will result in QEMU exiting
with an error code. In preparation for passing Error * down the chain
re-name the iterator to foreach_device_config_or_exit and exit using
&error_fatal instead of returning a failure indication.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-9-alex.bennee@linaro.org>

9 months agosemihosting/meson: Build config.o and console.o once
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:36 +0000 (16:02 +0000)]
semihosting/meson: Build config.o and console.o once

config.c and console.c don't use any target specific
headers anymore, move them from specific_ss[] to
system_ss[] so they are built once, but will also be
linked once, removing global symbol clash in a single
QEMU binary.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250103171037.11265-6-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-8-alex.bennee@linaro.org>

9 months agosemihosting/console: Avoid including 'cpu.h'
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:35 +0000 (16:02 +0000)]
semihosting/console: Avoid including 'cpu.h'

The CPUState structure is declared in "hw/core/cpu.h",
the EXCP_HALTED definition in "exec/cpu-common.h".
Both headers are indirectly include by "cpu.h". In
order to remove "cpu.h" from "semihosting/console.h",
explicitly include them in console.c, otherwise we'd
get:

  ../semihosting/console.c:88:11: error: incomplete definition of type 'struct CPUState'
     88 |         cs->exception_index = EXCP_HALTED;
        |         ~~^
  ../semihosting/console.c:88:31: error: use of undeclared identifier 'EXCP_HALTED'
     88 |         cs->exception_index = EXCP_HALTED;
        |                               ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250103171037.11265-5-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-7-alex.bennee@linaro.org>

9 months agosemihosting/arm-compat: Include missing 'cpu.h' header
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:34 +0000 (16:02 +0000)]
semihosting/arm-compat: Include missing 'cpu.h' header

ARM semihosting implementations in "common-semi-target.h"
must de-reference the target CPUArchState, which is declared
in each target "cpu.h" header. Include it in order to avoid
when refactoring:

  In file included from ../../semihosting/arm-compat-semi.c:169:
  ../target/riscv/common-semi-target.h:16:5: error: use of undeclared identifier 'RISCVCPU'
     16 |     RISCVCPU *cpu = RISCV_CPU(cs);
        |     ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250103171037.11265-4-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-6-alex.bennee@linaro.org>

9 months agosemihosting/uaccess: Include missing 'exec/cpu-all.h' header
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:33 +0000 (16:02 +0000)]
semihosting/uaccess: Include missing 'exec/cpu-all.h' header

TLB_INVALID_MASK is defined in "exec/cpu-all.h".
Include it in order to avoid when refactoring:

  ../semihosting/uaccess.c:41:21: error: use of undeclared identifier 'TLB_INVALID_MASK'
     41 |         if (flags & TLB_INVALID_MASK) {
        |                     ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250103171037.11265-3-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-5-alex.bennee@linaro.org>

9 months agosemihosting/syscalls: Include missing 'exec/cpu-defs.h' header
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:32 +0000 (16:02 +0000)]
semihosting/syscalls: Include missing 'exec/cpu-defs.h' header

target_ulong is defined in each target "cpu-param.h",
itself included by "exec/cpu-defs.h".
Include the latter in order to avoid when refactoring:

  include/semihosting/syscalls.h:26:24: error: unknown type name 'target_ulong'
     26 |                        target_ulong fname, target_ulong fname_len,
        |                        ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250103171037.11265-2-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-4-alex.bennee@linaro.org>

9 months agosemihosting/uaccess: Briefly document returned values
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 16:02:31 +0000 (16:02 +0000)]
semihosting/uaccess: Briefly document returned values

Since it is not obvious the get/put_user*() methods
can return an error, add brief docstrings about it.
Also remind to use *unlock_user() when appropriate.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241212115413.42109-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-3-alex.bennee@linaro.org>

9 months agosemihosting: add guest_error logging for failed opens
Alex Bennée [Thu, 16 Jan 2025 16:02:30 +0000 (16:02 +0000)]
semihosting: add guest_error logging for failed opens

This usually indicates the semihosting call was expecting to find
something but didn't.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250116160306.1709518-2-alex.bennee@linaro.org>

9 months agoMerge tag 'pull-xenfv-20250116' of git://git.infradead.org/users/dwmw2/qemu into...
Stefan Hajnoczi [Thu, 16 Jan 2025 14:03:43 +0000 (09:03 -0500)]
Merge tag 'pull-xenfv-20250116' of git://git.infradead.org/users/dwmw2/qemu into staging

Xen regression fixes and cleanups

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEMUsIrNDeSBEzpfKGm+mA/QrAFUQFAmeIxhcSHGR3bXdAYW1h
# em9uLmNvLnVrAAoJEJvpgP0KwBVEbKoP/iqQ+PhbwT9+xz6lxW+g1Dx+YGrT/ugp
# d3xHn9AEkR0EHC42J6RB/llyWbKVD/IIhYwUk5GDm+4InGrtuQDhG6UqWxqvIRht
# 0JuZvVm7x5akmKv73igxNqZHVg0ZEAS+EllBUaBYWj0pvpMbBK93Sdz9PXKxA7Nm
# dPeFrOpL2TAmnDCH1UuBbXypHEjAghmv7WFphMtk6qLX+wYVaK3F2J/ed2TNyT0V
# LliOdQH0Pxt445SSVJIZRe9bW3FH7qyvZV1gCnxSnqPUlN7vBhpjzgl4hWEzVYcp
# 7X21ZAD9kPc81DJjYucbLjAbrqSmlDrJqL05qtRigfPcnqz2NoKrYxhj8B0F8mgt
# 1IbymPyeab5gk5Hi1QgMmG5eobDDaglDSxpq6gRfJBiJW+1adif00z/HVvt5onS0
# uQ6i6w5NzQciBX77muAb2ZDEMysjk+3wSJMMpkfl90D0kjlMqeWWs4FH9ThasjC+
# EhQioUD0euedgnzOSfQjNNtAW4gzv9rcShkcV84bjxP/0Es+Pgx9f6wtCUTzdeqy
# Cid8/72lHIgrkZGfpv8BBZkA1XP09vgtUGKyAWm4yHOcB57l8cNiL1nKtqoCLwkQ
# 8JWFWzFeEY19KoiRGY5saH6ExeOx8fmc/lYwqImZqFqvuFX4Vf2RJdTIRIYr7g05
# 2QffxFmskg+A
# =Wz0V
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 16 Jan 2025 03:40:55 EST
# gpg:                using RSA key 314B08ACD0DE481133A5F2869BE980FD0AC01544
# gpg:                issuer "dwmw@amazon.co.uk"
# gpg: Good signature from "David Woodhouse <dwmw@amazon.co.uk>" [unknown]
# gpg:                 aka "David Woodhouse <dwmw@amazon.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 314B 08AC D0DE 4811 33A5  F286 9BE9 80FD 0AC0 1544

* tag 'pull-xenfv-20250116' of git://git.infradead.org/users/dwmw2/qemu:
  system/runstate: Fix regression, clarify BQL status of exit notifiers
  hw/xen: Fix errp handling in xen_console
  hw/xen: Use xs_node_read() from xenstore_read_str() instead of open-coding it
  hw/xen: Use xs_node_read() from xen_netdev_get_name()
  hw/xen: Use xs_node_read() from xen_console_get_name()
  hw/xen: Use xs_node_read() from xs_node_vscanf()
  xen: do not use '%ms' scanf specifier
  hw/xen: Add xs_node_read() helper function

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoMerge tag 'pull-loongarch-20250116' of https://gitlab.com/bibo-mao/qemu into staging
Stefan Hajnoczi [Thu, 16 Jan 2025 14:02:39 +0000 (09:02 -0500)]
Merge tag 'pull-loongarch-20250116' of https://gitlab.com/bibo-mao/qemu into staging

loongarch queue

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCZ4hk/QAKCRAfewwSUazn
# 0WagAQDgJaWBLQxZkyQR2FQm3WHg3Uf/qolab9nDGo3b2BpixgD/RdvZf+mZpAwf
# 2ipAQ7g5GqGTKtTAdqO/aBAqTCZCqQU=
# =7KKt
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 15 Jan 2025 20:46:37 EST
# gpg:                using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7  13C4 8E86 8FB7 A176 9D4C
#      Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3  D1A4 1F7B 0C12 51AC E7D1

* tag 'pull-loongarch-20250116' of https://gitlab.com/bibo-mao/qemu:
  hw/intc/loongarch_ipi: Use alternative implemation for cpu_by_arch_id
  hw/intc/loongson_ipi: Add more input parameter for cpu_by_arch_id
  hw/intc/loongarch_ipi: Remove property num-cpu
  hw/intc/loongarch_ipi: Get cpu number from possible_cpu_arch_ids
  hw/intc/loongson_ipi: Remove property num_cpu from loongson_ipi_common
  hw/intc/loongson_ipi: Remove num_cpu from loongson_ipi_common
  hw/intc/loongarch_ipi: Implement realize interface
  target/loongarch: Add page table walker support for debugger usage

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoMerge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into...
Stefan Hajnoczi [Thu, 16 Jan 2025 14:02:17 +0000 (09:02 -0500)]
Merge tag 'for_upstream' of https://git./virt/kvm/mst/qemu into staging

virtio,pc,pci: features, fixes, cleanups

The big thing here are:
stage-1 translation in vtd
internal migration in vhost-user
ghes driver preparation for error injection
new resource uuid feature in virtio gpu
new vmclock device

And as usual, fixes and cleanups.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmeIOiIPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpORgIAL0clwZxQL7PIPJ91FwXc1bo6Do/HYquAzvH
# eA+ryCG5S5ewh/e2R8SdIUG7nYesEMWJGVL1gb3BFu7wgGh1aLaaTxQ1LIo5HpRF
# P0Ak3QO7TKIsSEcZIz9h3eMEpg6X9d8i2h7llp7H3qqXBbduO+cGfeNH/fZD5IEl
# 7DFvXuJUgUtZb38I+qtcO+9EQFKGHjgdQAN5P/I4vawWJdxN9sBfT4YVEgpVhiq/
# ALxdSeaEiXA4EXexdHVZhXiQzEBsCQ78RZIIDiRE8I34cVY7rolTodKRfr4bip3P
# 6Llu11yvzNi1gppOzkny3QFsRza3hV0RisWYjAMTwLhNCdi/mHQ=
# =GjDq
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 15 Jan 2025 17:43:46 EST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (49 commits)
  hw/acpi: Add vmclock device
  virtio-net: vhost-user: Implement internal migration
  vhost: Add stubs for the migration state transfer interface
  hw/cxl: Fix msix_notify: Assertion `vector < dev->msix_entries_nr`
  tests: acpi: update expected blobs
  pci: acpi: Windows 'PCI Label Id' bug workaround
  tests: acpi: whitelist expected blobs
  docs: acpi_hest_ghes: fix documentation for CPER size
  acpi/ghes: Change ghes fill logic to work with only one source
  acpi/ghes: move offset calculus to a separate function
  acpi/ghes: better name the offset of the hardware error firmware
  acpi/ghes: rename etc/hardware_error file macros
  acpi/ghes: don't crash QEMU if ghes GED is not found
  acpi/ghes: better name GHES memory error function
  acpi/ghes: make the GHES record generation more generic
  acpi/ghes: don't check if physical_address is not zero
  acpi/ghes: Change the type for source_id
  acpi/ghes: Remove a duplicated out of bounds check
  acpi/ghes: Fix acpi_ghes_record_errors() argument
  acpi/ghes: better handle source_id and notification
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agohw/acpi: Add vmclock device
David Woodhouse [Tue, 7 Jan 2025 16:28:16 +0000 (16:28 +0000)]
hw/acpi: Add vmclock device

The vmclock device addresses the problem of live migration with
precision clocks. The tolerances of a hardware counter (e.g. TSC) are
typically around ±50PPM. A guest will use NTP/PTP/PPS to discipline that
counter against an external source of 'real' time, and track the precise
frequency of the counter as it changes with environmental conditions.

When a guest is live migrated, anything it knows about the frequency of
the underlying counter becomes invalid. It may move from a host where
the counter running at -50PPM of its nominal frequency, to a host where
it runs at +50PPM. There will also be a step change in the value of the
counter, as the correctness of its absolute value at migration is
limited by the accuracy of the source and destination host's time
synchronization.

The device exposes a shared memory region to guests, which can be mapped
all the way to userspace. In the first phase, this merely advertises a
'disruption_marker', which indicates that the guest should throw away any
NTP synchronization it thinks it has, and start again.

Because the region can be exposed all the way to userspace, applications
can still use time from a fast vDSO 'system call', and check the
disruption marker to be sure that their timestamp is indeed truthful.

The structure also allows for the precise time, as known by the host, to
be exposed directly to guests so that they don't have to wait for NTP to
resync from scratch.

The values and fields are based on the nascent virtio-rtc specification,
and the intent is that a version (hopefully precisely this version) of
this structure will be included as an optional part of that spec. In the
meantime, a simple ACPI device along the lines of VMGENID is perfectly
sufficient and is compatible with what's being shipped in certain
commercial hypervisors.

Linux guest support was merged into the 6.13-rc1 kernel:
https://git.kernel.org/torvalds/c/205032724226

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <07fd5e2f529098ad4d7cab1423fe9f4a03a9cc14.camel@infradead.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agovirtio-net: vhost-user: Implement internal migration
Laurent Vivier [Wed, 15 Jan 2025 13:50:44 +0000 (14:50 +0100)]
virtio-net: vhost-user: Implement internal migration

Add support of VHOST_USER_PROTOCOL_F_DEVICE_STATE in virtio-net
with vhost-user backend.

Cc: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20250115135044.799698-3-lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agovhost: Add stubs for the migration state transfer interface
Laurent Vivier [Wed, 15 Jan 2025 13:50:43 +0000 (14:50 +0100)]
vhost: Add stubs for the migration state transfer interface

Migration state transfer interface is only used by vhost-user-fs,
so the interface needs to be defined only when vhost is built.

But I need to use this interface with virtio-net and vhost is not always
enabled, and to avoid undefined reference error during build, define stub
functions for vhost_supports_device_state(), vhost_save_backend_state() and
vhost_load_backend_state().

Cc: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20250115135044.799698-2-lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agohw/cxl: Fix msix_notify: Assertion `vector < dev->msix_entries_nr`
Li Zhijian [Wed, 15 Jan 2025 07:58:34 +0000 (15:58 +0800)]
hw/cxl: Fix msix_notify: Assertion `vector < dev->msix_entries_nr`

This assertion always happens when we sanitize the CXL memory device.
$ echo 1 > /sys/bus/cxl/devices/mem0/security/sanitize

It is incorrect to register an MSIX number beyond the device's capability.

Increase the device's MSIX number to cover the mailbox msix number(9).

Fixes: 43efb0bfad2b ("hw/cxl/mbox: Wire up interrupts for background completion")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Message-Id: <20250115075834.167504-1-lizhijian@fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests: acpi: update expected blobs
Igor Mammedov [Wed, 15 Jan 2025 12:53:42 +0000 (13:53 +0100)]
tests: acpi: update expected blobs

_DSM function 7 AML should have followig change:

               If ((Arg2 == 0x07))
               {
  -                Local0 = Package (0x02)
  -                    {
  -                        Zero,
  -                        ""
  -                    }
                   Local2 = AIDX (DerefOf (Arg4 [Zero]), DerefOf (Arg4 [One]
                       ))
  -                Local0 [Zero] = Local2
  +                Local0 = Package (0x02) {}
  +                If (!((Local2 == Zero) || (Local2 == 0xFFFFFFFF)))
  +                {
  +                    Local0 [Zero] = Local2
  +                    Local0 [One] = ""
  +                }
  +
                   Return (Local0)
               }
           }

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20250115125342.3883374-4-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agopci: acpi: Windows 'PCI Label Id' bug workaround
Igor Mammedov [Wed, 15 Jan 2025 12:53:41 +0000 (13:53 +0100)]
pci: acpi: Windows 'PCI Label Id' bug workaround

Current versions of Windows call _DSM(func=7) regardless
of whether it is supported or not. It leads to NICs having bogus
'PCI Label Id = 0', where none should be set at all.

Also presence of 'PCI Label Id' triggers another Windows bug
on localized versions that leads to hangs. The later bug is fixed
in latest updates for 'Windows Server' but not in consumer
versions of Windows (and there is no plans to fix it
as far as I'm aware).

Given it's easy, implement Microsoft suggested workaround
(return invalid Package) so that affected Windows versions
could boot on QEMU.
This would effectvely remove bogus 'PCI Label Id's on NICs,
but MS teem confirmed that flipping 'PCI Label Id' should not
change 'Network Connection' ennumeration, so it should be safe
for QEMU to change _DSM without any compat code.

Smoke tested with WinXP and WS2022
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/774
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20250115125342.3883374-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests: acpi: whitelist expected blobs
Igor Mammedov [Wed, 15 Jan 2025 12:53:40 +0000 (13:53 +0100)]
tests: acpi: whitelist expected blobs

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20250115125342.3883374-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agodocs: acpi_hest_ghes: fix documentation for CPER size
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:32 +0000 (13:50 +0100)]
docs: acpi_hest_ghes: fix documentation for CPER size

While the spec defines a CPER size of 4KiB for each record,
currently it is set to 1KiB. Fix the documentation and add
a pointer to the macro name there, as this may help to keep
it updated.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <f7e94433bec19a9d6b23ecccc24b5fe3a6f7f52b.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: Change ghes fill logic to work with only one source
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:31 +0000 (13:50 +0100)]
acpi/ghes: Change ghes fill logic to work with only one source

Extending to multiple sources require a BIOS pointer to the
beginning of the HEST table, which in turn requires a backward-compatible
code.

So, the current code supports only one source. Ensure that and simplify
the code.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <66bddd42a64c8515ad98b9975d953b4a70ffcc6d.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: move offset calculus to a separate function
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:30 +0000 (13:50 +0100)]
acpi/ghes: move offset calculus to a separate function

Currently, CPER address location is calculated as an offset of
the hardware_errors table. It is also badly named, as the
offset actually used is the address where the CPER data starts,
and not the beginning of the error source.

Move the logic which calculates such offset to a separate
function, in preparation for a patch that will be changing the
logic to calculate it from the HEST table.

While here, properly name the variable which stores the cper
address.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <60fdd1bf379ba1db3099710868802aa49a27febb.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: better name the offset of the hardware error firmware
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:29 +0000 (13:50 +0100)]
acpi/ghes: better name the offset of the hardware error firmware

The hardware error firmware is where HEST error structures are
stored. Those can be GHESv2, but they can also be other types.

Better name the location of the hardware error.

No functional changes.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <ddbb94294bafee998f12fede3ba0b05dae5ee45f.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: rename etc/hardware_error file macros
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:28 +0000 (13:50 +0100)]
acpi/ghes: rename etc/hardware_error file macros

Now that we have also have a file to store HEST data location,
which is part of GHES, better name the file where CPER records
are stored.

No functional changes.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <e79a013bcd9f634b46ff6b34756d1b1403713af3.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: don't crash QEMU if ghes GED is not found
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:27 +0000 (13:50 +0100)]
acpi/ghes: don't crash QEMU if ghes GED is not found

Make error handling within ghes_record_cper_errors() consistent,
i.e. instead abort just print a error in case ghes GED is not found.

Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <c7e1665ba46df321f0ce161d60dfd681ab827535.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: better name GHES memory error function
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:26 +0000 (13:50 +0100)]
acpi/ghes: better name GHES memory error function

The current function used to generate GHES data is specific for
memory errors. Give a better name for it, as we now have a generic
function as well.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-Id: <35b59121129d5e99cb5062cc3d775594bbb0905b.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: make the GHES record generation more generic
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:25 +0000 (13:50 +0100)]
acpi/ghes: make the GHES record generation more generic

Split the code into separate functions to allow using the
common CPER filling code by different error sources.

The generic code was moved to ghes_record_cper_errors(),
and ghes_gen_err_data_uncorrectable_recoverable() now contains
only a logic to fill the Generic Error Data part of the record,
as described at:

ACPI 6.2: 18.3.2.7.1 Generic Error Data

The remaining code to generate a memory error now belongs to
acpi_ghes_record_errors() function.

A further patch will give it a better name.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <68d9f787d8c4fc8d1dbc227d6902fe801e42dea9.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: don't check if physical_address is not zero
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:24 +0000 (13:50 +0100)]
acpi/ghes: don't check if physical_address is not zero

The 'physical_address' value is a faulty page. As such, 0 is
as valid as any other value.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <da32536bf4962e5c03471e2a4e6e0ef92be4a1be.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: Change the type for source_id
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:23 +0000 (13:50 +0100)]
acpi/ghes: Change the type for source_id

As described at: ACPI 6.5 spec at:
18.3.2. ACPI Error Source

In particular at GHES/GHESv2 table:
Table 18.10 Generic Hardware Error Source Structure

HEST source ID is actually a 16-bit value.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <0e83ba548c1aedd1299fe387b94db78986590a34.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: Remove a duplicated out of bounds check
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:22 +0000 (13:50 +0100)]
acpi/ghes: Remove a duplicated out of bounds check

acpi_ghes_record_errors() has an assert() at the beginning
to ensure that source_id will be lower than
ACPI_GHES_ERROR_SOURCE_COUNT. Remove a duplicated check.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <df33b004d85b7b9aa388fb2ac530dcdea94b7edc.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: Fix acpi_ghes_record_errors() argument
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:21 +0000 (13:50 +0100)]
acpi/ghes: Fix acpi_ghes_record_errors() argument

Align the header file with the actual implementation of
this function, as the first argument is source ID and not
notification type.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <d55f2a6ede5a168e42a20a228b2c066cb4c60939.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: better handle source_id and notification
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:20 +0000 (13:50 +0100)]
acpi/ghes: better handle source_id and notification

GHES has two fields that are stored on HEST error source
blocks associated with notifications:

- notification type, which is a number defined at the ACPI spec
  containing several arch-specific synchronous and assynchronous
  types;
- source id, which is a HW/FW defined number, used to distinguish
  between different implemented sources.

There could be several sources with the same notification type,
which is dependent of the way each architecture maps notifications.

Right now, build_ghes_v2() hardcodes a 1:1 mapping between such
fields. Move it to two independent parameters, allowing the
caller function to fill both.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <133ff72ea1041fed7dbcf97b7a2b0f4dfacde31a.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: simplify the per-arch caller to build HEST table
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:19 +0000 (13:50 +0100)]
acpi/ghes: simplify the per-arch caller to build HEST table

The GHES driver requires not only a HEST table, but also a
separate firmware file to store Error Structure records.
It can't do one without the other.

Simplify the caller logic for it to require one function.

No functional changes.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <9584bb8953385e165681d5d185c503f8df8ef42f.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: simplify acpi_ghes_record_errors() code
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:18 +0000 (13:50 +0100)]
acpi/ghes: simplify acpi_ghes_record_errors() code

Reduce the ident of the function and prepares it for
the next changes.

No functional changes.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <19af4188535217213486d169e0501e592bc78a95.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agoacpi/ghes: get rid of ACPI_HEST_SRC_ID_RESERVED
Mauro Carvalho Chehab [Wed, 15 Jan 2025 12:50:17 +0000 (13:50 +0100)]
acpi/ghes: get rid of ACPI_HEST_SRC_ID_RESERVED

This is just duplicating ACPI_GHES_ERROR_SOURCE_COUNT, which
has a better name. So, drop the duplication.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <9012bf4c9630adf15a22af3c88fda8270916887b.1736945236.git.mchehab+huawei@kernel.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agopci/msix: Fix msix pba read vector poll end calculation
Nicholas Piggin [Thu, 12 Dec 2024 12:04:02 +0000 (22:04 +1000)]
pci/msix: Fix msix pba read vector poll end calculation

The end vector calculation has a bug that results in polling fewer
than required vectors when reading at a non-zero offset in PBA memory.

Fixes: bbef882cc193 ("msi: add API to get notified about pending bit poll")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20241212120402.1475053-1-npiggin@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests/qtest: Add intel-iommu test
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:57 +0000 (16:37 +0800)]
tests/qtest: Add intel-iommu test

Add the framework to test the intel-iommu device.

Currently only tested cap/ecap bits correctness when x-flts=on in scalable
mode. Also tested cap/ecap bits consistency before and after system reset.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-21-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Introduce a property to control FS1GP cap bit setting
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:56 +0000 (16:37 +0800)]
intel_iommu: Introduce a property to control FS1GP cap bit setting

This gives user flexibility to turn off FS1GP for debug purpose.

It is also useful for future nesting feature. When host IOMMU doesn't
support FS1GP but vIOMMU does, nested page table on host side works
after turning FS1GP off in vIOMMU.

This property has no effect when vIOMMU is in legacy mode or x-flts=off
in scalable modme.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-20-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Introduce a property x-flts for stage-1 translation
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:55 +0000 (16:37 +0800)]
intel_iommu: Introduce a property x-flts for stage-1 translation

Intel VT-d 3.0 introduces scalable mode, and it has a bunch of capabilities
related to scalable mode translation, thus there are multiple combinations.

This vIOMMU implementation wants to simplify it with a new property "x-flts".
When turned on in scalable mode, stage-1 translation is supported. When turned
on in legacy mode, throw out error.

With stage-1 translation support exposed to user, also accurate the pasid entry
check in vtd_pe_type_check().

Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Message-Id: <20241212083757.605022-19-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests/acpi: q35: Update host address width in DMAR
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:54 +0000 (16:37 +0800)]
tests/acpi: q35: Update host address width in DMAR

Differences:

@@ -1,39 +1,39 @@
 /*
  * Intel ACPI Component Architecture
  * AML/ASL+ Disassembler version 20200925 (64-bit version)
  * Copyright (c) 2000 - 2020 Intel Corporation
  *
- * Disassembly of tests/data/acpi/x86/q35/DMAR.dmar, Mon Nov 11 15:31:18 2024
+ * Disassembly of /tmp/aml-SPJ4W2, Mon Nov 11 15:31:18 2024
  *
  * ACPI Data Table [DMAR]
  *
  * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
  */

 [000h 0000   4]                    Signature : "DMAR"    [DMA Remapping table]
 [004h 0004   4]                 Table Length : 00000078
 [008h 0008   1]                     Revision : 01
-[009h 0009   1]                     Checksum : 15
+[009h 0009   1]                     Checksum : 0C
 [00Ah 0010   6]                       Oem ID : "BOCHS "
 [010h 0016   8]                 Oem Table ID : "BXPC    "
 [018h 0024   4]                 Oem Revision : 00000001
 [01Ch 0028   4]              Asl Compiler ID : "BXPC"
 [020h 0032   4]        Asl Compiler Revision : 00000001

-[024h 0036   1]           Host Address Width : 26
+[024h 0036   1]           Host Address Width : 2F
 [025h 0037   1]                        Flags : 01
 [026h 0038  10]                     Reserved : 00 00 00 00 00 00 00 00 00 00

 [030h 0048   2]                Subtable Type : 0000 [Hardware Unit Definition]
 [032h 0050   2]                       Length : 0040

 [034h 0052   1]                        Flags : 00
 [035h 0053   1]                     Reserved : 00
 [036h 0054   2]           PCI Segment Number : 0000
 [038h 0056   8]        Register Base Address : 00000000FED90000

 [040h 0064   1]            Device Scope Type : 03 [IOAPIC Device]
 [041h 0065   1]                 Entry Length : 08
 [042h 0066   2]                     Reserved : 0000
 [044h 0068   1]               Enumeration ID : 00
 [045h 0069   1]               PCI Bus Number : FF

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Message-Id: <20241212083757.605022-18-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Set default aw_bits to 48 starting from QEMU 9.2
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:53 +0000 (16:37 +0800)]
intel_iommu: Set default aw_bits to 48 starting from QEMU 9.2

According to VTD spec, stage-1 page table could support 4-level and
5-level paging.

However, 5-level paging translation emulation is unsupported yet.
That means the only supported value for aw_bits is 48. So default
aw_bits to 48 when stage-1 translation is turned on.

For legacy and scalable modes, 48 is the default choice for modern
OS when both 48 and 39 are supported. So it makes sense to set
default to 48 for these two modes too starting from QEMU 9.2.
Use pc_compat_9_1 to handle the compatibility for machines before
9.2.

Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-17-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests/acpi: q35: allow DMAR acpi table changes
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:52 +0000 (16:37 +0800)]
tests/acpi: q35: allow DMAR acpi table changes

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-16-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: piotlb invalidation should notify unmap
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:51 +0000 (16:37 +0800)]
intel_iommu: piotlb invalidation should notify unmap

This is used by some emulated devices which caches address
translation result. When piotlb invalidation issued in guest,
those caches should be refreshed.

There is already a similar implementation in iotlb invalidation.
So update vtd_iotlb_page_invalidate_notify() to make it work
also for piotlb invalidation.

For device that does not implement ATS capability or disable
it but still caches the translation result, it is better to
implement ATS cap or enable it if there is need to cache the
translation result.

Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Message-Id: <20241212083757.605022-15-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Add support for PASID-based device IOTLB invalidation
Clément Mathieu--Drif [Thu, 12 Dec 2024 08:37:50 +0000 (16:37 +0800)]
intel_iommu: Add support for PASID-based device IOTLB invalidation

Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-14-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Add an internal API to find an address space with PASID
Clément Mathieu--Drif [Thu, 12 Dec 2024 08:37:49 +0000 (16:37 +0800)]
intel_iommu: Add an internal API to find an address space with PASID

This will be used to implement the device IOTLB invalidation

Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-13-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Process PASID-based iotlb invalidation
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:48 +0000 (16:37 +0800)]
intel_iommu: Process PASID-based iotlb invalidation

PASID-based iotlb (piotlb) is used during walking Intel
VT-d stage-1 page table.

This emulates the stage-1 page table iotlb invalidation requested
by a PASID-based IOTLB Invalidate Descriptor (P_IOTLB).

Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-12-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Flush stage-1 cache in iotlb invalidation
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:47 +0000 (16:37 +0800)]
intel_iommu: Flush stage-1 cache in iotlb invalidation

According to spec, Page-Selective-within-Domain Invalidation (11b):

1. IOTLB entries caching second-stage mappings (PGTT=010b) or pass-through
(PGTT=100b) mappings associated with the specified domain-id and the
input-address range are invalidated.
2. IOTLB entries caching first-stage (PGTT=001b) or nested (PGTT=011b)
mapping associated with specified domain-id are invalidated.

So per spec definition the Page-Selective-within-Domain Invalidation
needs to flush first stage and nested cached IOTLB entries as well.

We don't support nested yet and pass-through mapping is never cached,
so what in iotlb cache are only first-stage and second-stage mappings.

Add a tag pgtt in VTDIOTLBEntry to mark PGTT type of the mapping and
invalidate entries based on PGTT type.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-11-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Set accessed and dirty bits during stage-1 translation
Clément Mathieu--Drif [Thu, 12 Dec 2024 08:37:46 +0000 (16:37 +0800)]
intel_iommu: Set accessed and dirty bits during stage-1 translation

Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-10-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Check stage-1 translation result with interrupt range
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:45 +0000 (16:37 +0800)]
intel_iommu: Check stage-1 translation result with interrupt range

Per VT-d spec 4.1 section 3.15, "Untranslated requests and translation
requests that result in an address in the interrupt range will be
blocked with condition code LGN.4 or SGN.8."

This applies to both stage-1 and stage-2 IOMMU page table, move the
check from vtd_iova_to_slpte() to vtd_do_iommu_translate() so stage-1
page table could also be checked.

By this chance, update the comment with correct section number.

Suggested-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-9-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Check if the input address is canonical
Clément Mathieu--Drif [Thu, 12 Dec 2024 08:37:44 +0000 (16:37 +0800)]
intel_iommu: Check if the input address is canonical

Stage-1 translation must fail if the address to translate is
not canonical.

Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-8-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Implement stage-1 translation
Yi Liu [Thu, 12 Dec 2024 08:37:43 +0000 (16:37 +0800)]
intel_iommu: Implement stage-1 translation

This adds stage-1 page table walking to support stage-1 only
translation in scalable mode.

Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Co-developed-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-7-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Rename slpte to pte
Yi Liu [Thu, 12 Dec 2024 08:37:42 +0000 (16:37 +0800)]
intel_iommu: Rename slpte to pte

Because we will support both FST(a.k.a, FLT) and SST(a.k.a, SLT) translation,
rename variable and functions from slpte to pte whenever possible.

But some are SST only, they are renamed with sl_ prefix.

Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Co-developed-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-6-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Flush stage-2 cache in PASID-selective PASID-based iotlb invalidation
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:41 +0000 (16:37 +0800)]
intel_iommu: Flush stage-2 cache in PASID-selective PASID-based iotlb invalidation

Per VT-d spec 4.1, 6.5.2.4, "Table 21. PASID-based-IOTLB Invalidation",
PADID-selective PASID-based iotlb invalidation will flush stage-2 iotlb
entries with matching domain id and pasid.

With stage-1 translation introduced, guest could send PASID-selective
PASID-based iotlb invalidation to flush either stage-1 or stage-2 entries.

By this chance, remove old IOTLB related definitions which were unused.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-5-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Add a placeholder variable for scalable mode stage-1 translation
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:40 +0000 (16:37 +0800)]
intel_iommu: Add a placeholder variable for scalable mode stage-1 translation

Add an new element flts in IntelIOMMUState to mark stage-1 translation support
in scalable mode, this element will be exposed as an intel_iommu property
x-flts finally.

For now, it's only a placehholder and used for address width compatibility
check and block host device passthrough until nesting is supported.

Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-Id: <20241212083757.605022-4-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Make pasid entry type check accurate
Zhenzhong Duan [Thu, 12 Dec 2024 08:37:39 +0000 (16:37 +0800)]
intel_iommu: Make pasid entry type check accurate

When guest configures Nested Translation(011b) or First-stage Translation only
(001b), type check passed unaccurately.

Fails the type check in those cases as their simulation isn't supported yet.

Fixes: fb43cf739e1 ("intel_iommu: scalable mode emulation")
Suggested-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-3-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agointel_iommu: Use the latest fault reasons defined by spec
Yu Zhang [Thu, 12 Dec 2024 08:37:38 +0000 (16:37 +0800)]
intel_iommu: Use the latest fault reasons defined by spec

Spec revision 3.0 or above defines more detailed fault reasons for
scalable mode. So introduce them into emulation code, see spec
section 7.1.2 for details.

Note spec revision has no relation with VERSION register, Guest
kernel should not use that register to judge what features are
supported. Instead cap/ecap bits should be checked.

Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Clément Mathieu--Drif<clement.mathieu--drif@eviden.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20241212083757.605022-2-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests: acpi: update expected blobs
Igor Mammedov [Tue, 10 Dec 2024 16:39:45 +0000 (17:39 +0100)]
tests: acpi: update expected blobs

previous patch has changed cpu hotplug AML, expected diff:

@@ -2942,6 +2942,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC    ", 0x00000001)
             {
                 Acquire (\_SB.PCI0.PRES.CPLK, 0xFFFF)
                 Name (CNEW, Package (0xFF) {})
+                Name (CEJL, Package (0xFF) {})
                 Local3 = Zero
                 Local4 = One
                 While ((Local4 == One))
@@ -2949,6 +2950,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC    ", 0x00000001)
                     Local4 = Zero
                     Local0 = One
                     Local1 = Zero
+                    Local5 = Zero
                     While (((Local0 == One) && (Local3 < One)))
                     {
                         Local0 = Zero
@@ -2959,7 +2961,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC    ", 0x00000001)
                             Break
                         }

-                        If ((Local1 == 0xFF))
+                        If (((Local1 == 0xFF) || (Local5 == 0xFF)))
                         {
                             Local4 = One
                             Break
@@ -2972,10 +2974,11 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC    ", 0x00000001)
                             Local1++
                             Local0 = One
                         }
-                        ElseIf ((\_SB.PCI0.PRES.CRMV == One))
+
+                        If ((\_SB.PCI0.PRES.CRMV == One))
                         {
-                            CTFY (Local3, 0x03)
-                            \_SB.PCI0.PRES.CRMV = One
+                            CEJL [Local5] = Local3
+                            Local5++
                             Local0 = One
                         }

@@ -2992,6 +2995,16 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC    ", 0x00000001)
                         \_SB.PCI0.PRES.CINS = One
                         Local2++
                     }
+
+                    Local2 = Zero
+                    While ((Local2 < Local5))
+                    {
+                        Local3 = DerefOf (CEJL [Local2])
+                        CTFY (Local3, 0x03)
+                        \_SB.PCI0.PRES.CSEL = Local3
+                        \_SB.PCI0.PRES.CRMV = One
+                        Local2++
+                    }
                 }

                 Release (\_SB.PCI0.PRES.CPLK)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20241210163945.3422623-4-imammedo@redhat.com>
Tested-by: Eric Mackay <eric.mackay@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agocpuhp: make sure that remove events are handled within the same SCI
Igor Mammedov [Tue, 10 Dec 2024 16:39:44 +0000 (17:39 +0100)]
cpuhp: make sure that remove events are handled within the same SCI

CPU_SCAN_METHOD was processing insert events first and only if insert event was
not present then it would check remove event.

Normally it's not an issue as it doesn't make much sense tho hotplug and
immediately unplug it. In this corner case, which can be reproduced with:

   qemu -smp 1,maxcpus=2 -cpu host -monitor stdio \
        -drive if=pflash,format=raw,readonly,file=edk2-x86_64-code.fd

   * boot till GRUB prompt and pause guest (either via monitor or stop GRUB
     from automatic boot)
   * at monitor prompt add CPU:
         device_add host-x86_64-cpu,socket-id=0,core-id=1,thread-id=0,id=foo
   * let guest OS boot completely, and unplug CPU from monitor prompt:
         device_del foo
     which triggers GPE event that leads to CPU_SCAN_METHOD on guest side

as result of above cpu 'foo' will not be hotunplugged, since QEMU sees
insert event and ignores remove event (leaving it in pending state) for
the GPE event.

Any follow up CPU hotplug/unplug action from QEMU side will handle
previously ignored event, so as workaround user can repeat device_del.

Fix this corner-case by queuing remove events independently from insert
events, aka the same way as we do with insert events. And then go over remove
queue to send eject notify events to OSPM within the same GPE event.

PS:
Process remove queue after the cpu add queue has been processed 1st
to ensure that OSPM gets hotadd evets after hotremove ones.

PS2:
Case where it's still borken happens when guest OS is Linux and
device_del happens before guest OS initializes ACPI subsystem.
Culprit in this case though is the guest kernel, which mangles GPE.sts
(by clearing them up) and thus pending SCI turns to NOP leaving
insert/remove events in pending state.
That is the guest bug and should be fixed there.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Eric Mackay <eric.mackay@oracle.com>
Message-Id: <20241210163945.3422623-3-imammedo@redhat.com>
Tested-by: Eric Mackay <eric.mackay@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agotests: acpi: whitelist expected blobs
Igor Mammedov [Tue, 10 Dec 2024 16:39:43 +0000 (17:39 +0100)]
tests: acpi: whitelist expected blobs

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20241210163945.3422623-2-imammedo@redhat.com>
Tested-by: Eric Mackay <eric.mackay@oracle.com>
Acked-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agopci: ensure valid link status bits for downstream ports
Sebastian Ott [Tue, 3 Dec 2024 12:19:28 +0000 (13:19 +0100)]
pci: ensure valid link status bits for downstream ports

PCI hotplug for downstream endpoints on arm fails because Linux'
PCIe hotplug driver doesn't like the QEMU provided LNKSTA:

  pcieport 0000:08:01.0: pciehp: Slot(2): Card present
  pcieport 0000:08:01.0: pciehp: Slot(2): Link Up
  pcieport 0000:08:01.0: pciehp: Slot(2): Cannot train link: status 0x2000

There's 2 cases where LNKSTA isn't setup properly:
* the downstream device has no express capability
* max link width of the bridge is 0

Move the sanity checks added via 88c869198aa63
("pci: Sanity test minimum downstream LNKSTA") outside of the
branch to make sure downstream ports always have a valid LNKSTA.

Signed-off-by: Sebastian Ott <sebott@redhat.com>
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Message-Id: <20241203121928.14861-1-sebott@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agovirtio-gpu: Add definition for resource_uuid feature
Dorinda Bassey [Mon, 7 Oct 2024 07:00:11 +0000 (09:00 +0200)]
virtio-gpu: Add definition for resource_uuid feature

Add the VIRTIO_GPU_F_RESOURCE_UUID feature to enable the assignment
of resources UUIDs for export to other virtio devices.

Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
Message-Id: <20241007070013.3350752-1-dbassey@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
9 months agosystem/runstate: Fix regression, clarify BQL status of exit notifiers
Phil Dennis-Jordan [Sun, 12 Jan 2025 21:26:09 +0000 (22:26 +0100)]
system/runstate: Fix regression, clarify BQL status of exit notifiers

By changing the way the main QEMU event loop is invoked, I inadvertently
changed the BQL status of exit notifiers: some of them implicitly
assumed they would be called with the BQL held; the BQL is however
not held during the exit(status) call in qemu_default_main().

Instead of attempting to ensuring we always call exit() from the BQL -
including any transitive calls - this change adds a BQL lock guard to
qemu_run_exit_notifiers, ensuring the BQL will always be held in the
exit notifiers.

Additionally, the BQL promise is now documented at the
qemu_{add,remove}_exit_notifier() declarations.

Fixes: f5ab12caba4f ("ui & main loop: Redesign of system-specific main
thread event handling")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2771
Reported-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu>
Tested-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
9 months agohw/xen: Fix errp handling in xen_console
David Woodhouse [Wed, 15 Jan 2025 15:46:06 +0000 (15:46 +0000)]
hw/xen: Fix errp handling in xen_console

When attempting to read the 'output' node, interpret any error *other*
than ENOENT as a fatal error. For ENOENT, fall back to serial_hd() to
find a character device, or create a null device.

Do not attempt to prepend to errp when serial_hd() fails; the error
isn't relevant (and prior to this change, wasn't set anyway).

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
9 months agohw/xen: Use xs_node_read() from xenstore_read_str() instead of open-coding it
David Woodhouse [Fri, 10 Jan 2025 09:18:13 +0000 (09:18 +0000)]
hw/xen: Use xs_node_read() from xenstore_read_str() instead of open-coding it

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
9 months agohw/xen: Use xs_node_read() from xen_netdev_get_name()
David Woodhouse [Fri, 10 Jan 2025 09:12:36 +0000 (09:12 +0000)]
hw/xen: Use xs_node_read() from xen_netdev_get_name()

Now that xs_node_read() can construct a node path, no need to open-code it.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
9 months agohw/xen: Use xs_node_read() from xen_console_get_name()
David Woodhouse [Fri, 10 Jan 2025 09:07:16 +0000 (09:07 +0000)]
hw/xen: Use xs_node_read() from xen_console_get_name()

Now that xs_node_read() can construct a node path, no need to open-code it.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
9 months agohw/xen: Use xs_node_read() from xs_node_vscanf()
David Woodhouse [Fri, 10 Jan 2025 09:37:48 +0000 (09:37 +0000)]
hw/xen: Use xs_node_read() from xs_node_vscanf()

Reduce some duplication.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
9 months agoxen: do not use '%ms' scanf specifier
Roger Pau Monne [Fri, 10 Jan 2025 09:35:31 +0000 (10:35 +0100)]
xen: do not use '%ms' scanf specifier

The 'm' parameter used to request auto-allocation of the destination variable
is not supported on FreeBSD, and as such leads to failures to parse.

What's more, the current usage of '%ms' with xs_node_scanf() is pointless, as
it just leads to a double allocation of the same string.  Instead use
xs_node_read() to read the whole xenstore node.

Fixes: a783f8ad4ec9 ('xen: add a mechanism to automatically create XenDevice-s...')
Fixes: 9b7737469080 ('hw/xen: update Xen console to XenDevice model')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
9 months agohw/xen: Add xs_node_read() helper function
David Woodhouse [Fri, 10 Jan 2025 09:35:30 +0000 (10:35 +0100)]
hw/xen: Add xs_node_read() helper function

This returns the full contents of the node, having created the node path
from the printf-style format string provided in its arguments.

This will save various callers from having to do so for themselves (and
from using xs_node_scanf() with the non-portable %ms format string.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
[remove double newline and constify trace parameters]
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
9 months agohw/intc/loongarch_ipi: Use alternative implemation for cpu_by_arch_id
Bibo Mao [Tue, 7 Jan 2025 03:08:19 +0000 (11:08 +0800)]
hw/intc/loongarch_ipi: Use alternative implemation for cpu_by_arch_id

There is arch_id and CPUState pointer in IPICore object. With function
cpu_by_arch_id() it can be implemented by parsing IPICore array inside,
rather than possible_cpus array.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongson_ipi: Add more input parameter for cpu_by_arch_id
Bibo Mao [Tue, 7 Jan 2025 03:08:18 +0000 (11:08 +0800)]
hw/intc/loongson_ipi: Add more input parameter for cpu_by_arch_id

Add logic cpu index input parameter for function cpu_by_arch_id,
CPUState::cpu_index is logic cpu slot index for possible_cpus.

At the same time it is logic index with LoongsonIPICommonState::IPICore,
here hide access for CPUState::cpu_index directly, it comes from
function cpu_by_arch_id().

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongarch_ipi: Remove property num-cpu
Bibo Mao [Tue, 7 Jan 2025 03:08:17 +0000 (11:08 +0800)]
hw/intc/loongarch_ipi: Remove property num-cpu

Since cpu number can be acquired from possible_cpu_arch_ids(),
num-cpu property is not necessary. Here remove num-cpu property
for object TYPE_LOONGARCH_IPI object.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongarch_ipi: Get cpu number from possible_cpu_arch_ids
Bibo Mao [Tue, 7 Jan 2025 03:08:16 +0000 (11:08 +0800)]
hw/intc/loongarch_ipi: Get cpu number from possible_cpu_arch_ids

Supported CPU number can be acquired from function
possible_cpu_arch_ids(), cpu-num property is not necessary and can
be removed.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongson_ipi: Remove property num_cpu from loongson_ipi_common
Bibo Mao [Tue, 7 Jan 2025 03:08:15 +0000 (11:08 +0800)]
hw/intc/loongson_ipi: Remove property num_cpu from loongson_ipi_common

With mips64 loongson ipi, num_cpu property is used. With loongarch
ipi, num_cpu can be acquired from possible_cpu_arch_ids.

Here remove property num_cpu from loongson_ipi_common, and put it into
loongson and loongarch ipi separately.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongson_ipi: Remove num_cpu from loongson_ipi_common
Bibo Mao [Tue, 7 Jan 2025 03:08:14 +0000 (11:08 +0800)]
hw/intc/loongson_ipi: Remove num_cpu from loongson_ipi_common

With mips64 loongson ipi, num_cpu property is used. With loongarch
ipi, num_cpu can be acquired from possible_cpu_arch_ids.

Here remove num_cpu setting from loongson_ipi_common, and this piece
of code is put into loongson and loongarch ipi separately.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agohw/intc/loongarch_ipi: Implement realize interface
Bibo Mao [Tue, 7 Jan 2025 03:08:13 +0000 (11:08 +0800)]
hw/intc/loongarch_ipi: Implement realize interface

Add realize interface for loongarch ipi device.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add page table walker support for debugger usage
Miao Hao [Tue, 14 Jan 2025 09:54:44 +0000 (17:54 +0800)]
target/loongarch: Add page table walker support for debugger usage

When dump memory content with gva address, software page table walker is
necessary to get responding gpa address.

Here page table walker is added for debugger usage.

Signed-off-by: Miao Hao <haomiao23s@ict.ac.cn>
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
9 months agoMerge tag 'hw-misc-20250113' of https://github.com/philmd/qemu into staging
Stefan Hajnoczi [Tue, 14 Jan 2025 17:46:56 +0000 (12:46 -0500)]
Merge tag 'hw-misc-20250113' of https://github.com/philmd/qemu into staging

Misc HW patches queue

- Silent unuseful DTC warnings (Philippe)
- Unify QDev hotplug decision logic (Akihiko)
- Rework XilinX EthLite RAM buffers (Philippe)
- Convert vmcoreinfo to 3-phase reset (Philippe)
- Convert HPPA CPUs to 3-phase reset (Helge)
- Fix UFS endianness issue (Keoseong)
- Introduce pci_set_enabled (Akihiko)
- Clarify Enclave and Firecracker relationship (Alexander)
- Set SDHCI DMA interrupt status bit in correct place (Bernhard)
- Fix leak in cryptodev-vhost-user backend (Gabriel)
- Fixes on PCI USB XHCI (Phil)
- Convert DPRINTF to trace events (Nikita, Bernhard)
- Remove &first_cpu in TriCore machine (Philippe)
- Checkpatch style cleanups (Bibo)
- MAINTAINERS updates (Marcin, Gustavo, Akihiko)
- Add default configuration for b4 tool (Jiaxun)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmeFTq0ACgkQ4+MsLN6t
# wN6F2RAA0hhgXYf1BAn0DQI5O/oOzt6WzkwL/yQhKff1piWMcCZbHCOn8JHETE4R
# QTqg+OMGuw4Q55YSwqwHW98JIQI/lRbSUX9Vc3km4QxED5owHiqu9wk//KSLv3TY
# y86CRbibb0Uy6vEM4J1WK6ATiLePWZ6qzePQX59f9YEagTLM2XO2DasRu+wGDbt+
# 96fPnT7Tx2Bu5jU8+sZ36mw3wWSJo/pLQBE9siH4N33v2I5ntmMs1Lbe7QscDDsw
# 1+OOti3lB4q5chNMYNQyPxvz75QIi9et7wREJM9Vt03OpEpj+vWMGzwZFNLfOmeu
# eApgcQP/k6z1+pAGjEo5mwNOZcZtR9I/3Uf/sONvO0N5FlJq9CSOTs7L2EddcFzM
# lVDZjwEHIoU1xCohqNy2A0Q1s20dNfBEjPEUCuh+tIvFk9cy1L8uZtBVFNUCb33J
# Jq8KAkqXAaVj2tHGa27DwFjSTo4olU/G0WO4AQZNwdxvMQwX88gHOGMJkRmJPRVi
# ErKD0/bBfVa6orEAorWYwQSnTP1H/2fGfF6rLtI5GvQtPc/jBG3+KpEOS+vc2nzG
# 1fq+Kty8kWsU4Fpw3EUHvflnzG4Ujhuc/nJ+FyQhn89Erb49jxBlu25lQOLVRVa4
# gP+jsgi46+4goYzj1vrpTpBgFPFWKGCl1gGz17ij5WyvVXroRzA=
# =+uup
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 13 Jan 2025 12:34:37 EST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'hw-misc-20250113' of https://github.com/philmd/qemu: (55 commits)
  Add a b4 configuration file
  MAINTAINERS: Update path to coreaudio.m
  MAINTAINERS: Add me as the maintainer for ivshmem-flat
  MAINTAINERS: remove myself from sbsa-ref
  hw/tricore/triboard: Remove unnecessary use of &first_cpu
  hw/usb/hcd-xhci-pci: Use event ring 0 if mapping unsupported
  hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec
  backends/cryptodev-vhost-user: Fix local_error leaks
  hw/loongarch/virt: Checkpatch cleanup
  target/hppa: Speed up hppa_is_pa20()
  target/hppa: Set PC on vCPU reset
  target/hppa: Only set PSW 'M' bit on reset
  hw/hppa: Reset vCPUs calling resettable_reset()
  target/hppa: Convert hppa_cpu_init() to ResetHold handler
  tests: Add functional tests for HPPA machines
  tests/qtest/boot-serial-test: Correct HPPA machine name
  hw/gpio/imx_gpio: Turn DPRINTF() into trace events
  hw/i2c/imx_i2c: Convert DPRINTF() to trace events
  hw/char/imx_serial: Turn some DPRINTF() statements into trace events
  hw/misc/imx6_src: Convert DPRINTF() to trace events
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoAdd a b4 configuration file
Jiaxun Yang [Sun, 22 Dec 2024 16:53:41 +0000 (16:53 +0000)]
Add a b4 configuration file

b4 [1] is a convenient tool to manage patch series with mailing list
working flow.

Add a project default config file to match QEMU's mailing list conventions
as well as adopting differences on scripting.

Examples of b4:

    ```
    $ b4 prep --check
    Checking patches using:
      scripts/checkpatch.pl -q --terse --no-summary --mailback -

    ---
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
    ---
    Changes in v2:
    - Add lore masks (philmd) from:
      https://lore.kernel.org/qemu-devel/20241224135054.10243-1-philmd@linaro.org/
    - Link to v1: https://lore.kernel.org/r/20241222-b4-config-v1-1-b3667beb30a4@flygoat.com
    ---
    ● cc5a4c890fed: Add a b4 configuration file
      ● checkpatch.pl: 27: WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
    ---
    Success: 0, Warning: 1, Error: 0
    ```

    ```
    $ b4 prep -c
    Will collect To: addresses using echo
    Will collect Cc: addresses using get_maintainer.pl
    Collecting To/Cc addresses
        + To: qemu-devel@nongnu.org
    ---
    You can trim/expand this list with: b4 prep --edit-cover
    Invoking git-filter-repo to update the cover letter.
    New history written in 0.02 seconds...
    Completely finished after 0.06 seconds
    ```

[1]: https://b4.docs.kernel.org/

Co-developed-by: Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-ID: <20250102-b4-config-v2-1-cc7299e399bb@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agoMAINTAINERS: Update path to coreaudio.m
Akihiko Odaki [Sat, 11 Jan 2025 06:42:36 +0000 (15:42 +0900)]
MAINTAINERS: Update path to coreaudio.m

Commit 8b46d7e2dc8e ("audio: Rename coreaudio extension to use
Objective-C compiler") renamed coreaudio.c to coreaudio.m.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250111-maintainers-v1-1-faebe6ef0fec@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agoMAINTAINERS: Add me as the maintainer for ivshmem-flat
Gustavo Romero [Tue, 7 Jan 2025 01:56:39 +0000 (01:56 +0000)]
MAINTAINERS: Add me as the maintainer for ivshmem-flat

Add me as the maintainer for the ivshmem-flat device.

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250107015639.27648-1-gustavo.romero@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agoMAINTAINERS: remove myself from sbsa-ref
Marcin Juszkiewicz [Wed, 18 Dec 2024 12:30:55 +0000 (13:30 +0100)]
MAINTAINERS: remove myself from sbsa-ref

I am ending my time with Linaro and do not have plans to continue
working on SBSA Reference Platform anymore.

Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Message-ID: <20241218123055.11220-1-marcin.juszkiewicz@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agohw/tricore/triboard: Remove unnecessary use of &first_cpu
Philippe Mathieu-Daudé [Fri, 10 Jan 2025 18:07:05 +0000 (19:07 +0100)]
hw/tricore/triboard: Remove unnecessary use of &first_cpu

triboard_machine_init() has access to the single CPU via:

  TriBoardMachineState {
    TC27XSoCState {
      TriCoreCPU cpu;
      ...
    } tc27x_soc;
  } ms;

Pass it as argument to tricore_load_kernel() so we can
remove the &first_cpu global use.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20250110180909.83165-1-philmd@linaro.org>

9 months agohw/usb/hcd-xhci-pci: Use event ring 0 if mapping unsupported
Phil Dennis-Jordan [Fri, 27 Dec 2024 12:13:33 +0000 (13:13 +0100)]
hw/usb/hcd-xhci-pci: Use event ring 0 if mapping unsupported

The XHCI specification, section 4.17.1 specifies that "If the
Number of Interrupters (MaxIntrs) field is greater than 1, then
Interrupter Mapping shall be supported." and "If Interrupter
Mapping is not supported, the Interrupter Target field shall be
ignored by the xHC and all Events targeted at Interrupter 0."

QEMU's XHCI device has so far not specially addressed this case,
so we add a check to xhci_event() to redirect to event ring and
interrupt 0 if mapping is disabled.

Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241227121336.25838-4-phil@philjordan.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agohw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec
Phil Dennis-Jordan [Fri, 13 Dec 2024 16:06:14 +0000 (17:06 +0100)]
hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec

QEMU would crash with a failed assertion if the XHCI controller
attempted to raise the interrupt on an interrupter corresponding
to a MSI vector with a higher index than the highest configured
for the device by the guest driver.

This behaviour is correct on the MSI/PCI side: per PCI 3.0 spec,
devices must ensure they do not send MSI notifications for
vectors beyond the range of those allocated by the system/driver
software. Unlike MSI-X, there is no generic way for handling
aliasing in the case of fewer allocated vectors than requested,
so the specifics are up to device implementors. (Section
6.8.3.4. "Sending Messages")

It turns out the XHCI spec (Implementation Note in section 4.17,
"Interrupters") requires that the host controller signal the MSI
vector with the number computed by taking the interrupter number
modulo the number of enabled MSI vectors.

This change introduces that modulo calculation, fixing the
failed assertion. This makes the device work correctly in MSI mode
with macOS's XHCI driver, which only allocates a single vector.

Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250112210056.16658-2-phil@philjordan.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agobackends/cryptodev-vhost-user: Fix local_error leaks
Gabriel Barrantes [Sat, 28 Dec 2024 01:16:57 +0000 (01:16 +0000)]
backends/cryptodev-vhost-user: Fix local_error leaks

Do not propagate error to the upper, directly output the error
to avoid leaks.

Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2714
Signed-off-by: Gabriel Barrantes <gabriel.barrantes.dev@outlook.com>
Reviewed-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <DM8PR13MB50781054A4FDACE6F4FB6469B30F2@DM8PR13MB5078.namprd13.prod.outlook.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agohw/loongarch/virt: Checkpatch cleanup
Bibo Mao [Fri, 3 Jan 2025 06:45:14 +0000 (14:45 +0800)]
hw/loongarch/virt: Checkpatch cleanup

Code cleanup with directory hw/loongarch/, removing errors from
command "scripts/checkpatch.pl hw/loongarch/*"

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250103064514.2660438-1-maobibo@loongson.cn>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9 months agotarget/hppa: Speed up hppa_is_pa20()
Helge Deller [Sun, 29 Dec 2024 23:41:54 +0000 (00:41 +0100)]
target/hppa: Speed up hppa_is_pa20()

Although the hppa_is_pa20() helper is costly due to string comparisons
in object_dynamic_cast(), it is called quite often during memory lookups
and at each start of a block of instruction translations.
Speed hppa_is_pa20() up by calling object_dynamic_cast() only once at
CPU creation and store the result in the is_pa20 of struct CPUArchState.

Signed-off-by: Helge Deller <deller@gmx.de>
Co-developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20241231190620.24442-7-philmd@linaro.org>

9 months agotarget/hppa: Set PC on vCPU reset
Helge Deller [Mon, 30 Dec 2024 11:47:52 +0000 (12:47 +0100)]
target/hppa: Set PC on vCPU reset

On reset:

  "The CPU begins fetching instructions from address 0xf0000004.
   This address is in PDC space."

Switch vCPUs to 32-bit mode (PSW_W bit is not set) and start
execution at address 0xf0000004.

Signed-off-by: Helge Deller <deller@gmx.de>
Co-developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20241231190620.24442-6-philmd@linaro.org>