Richard Henderson [Tue, 25 Jun 2024 01:23:47 +0000 (18:23 -0700)]
Merge tag 'sdmmc-
20240624' of https://github.com/philmd/qemu into staging
SD/MMC patches queue
One fix and various cleanups for the SD card model.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmZ5cRUACgkQ4+MsLN6t
# wN59Qw//cUdjD287pB5Ml5aQqr9sOTyVnHUceZtz7AOZ5w8RM2tlPDgOImeLOvU6
# OV7qfWvNaUxtQxhfh5jpe8Pj4eHBtRQzA6a1AWToEvnN4189QWHZpqf5TUa4AlFS
# uAk7k2TkoNv9zbNKca0bP3L1x6sT9l0VPZBLaLbgdXDIX2ycD0r3NVQxXb/bJRgM
# 6pFRcLCF/isKzLQDwqnTa11hB/JDTvOU7xnY0kazGRvyWjbSvE2sOJzLNJXHkW0I
# /FNfRbOKJo2t+47Z5qSXUFFLeIEBTy7VqNBsOQ6sMIgrWzbOSrtBcuxKp0p9NCGH
# fdZHlDVRnNGXewUya4RjbmXiCNuGL4zJ82b2BaQZVd5ZwU2opIr8xO96WCojQ4dZ
# +Dq3uv7su3PUVOh95i38Eo93OG9jXFx642XD4q2uKu5j70IoGXAkIoLUcFkZZdGS
# 9rCsaNUHyHJrN6nXf3Cekvkqxz36p6QXaUF9I1vB0JF6CrexMD35sBUK+RE9k4uW
# LnqL7ZwQDGDGVl3kPS/VCXv1mMim4aRLSEIveq7Ui6dKzaaJMIIodZ8CFMuyTTsD
# cGE+Cd053nf6SzX3+kEZftNdjtJ906O8xIAw+RNdARYx003l4kUxgsPDk7ELyzIP
# Tb+VlZl2P+ROJmeWvRMTW7ZQ49M9IEMrg8zlGF4hLCxB1JndeOA=
# =O5er
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jun 2024 06:13:57 AM PDT
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'sdmmc-
20240624' of https://github.com/philmd/qemu:
hw/sd/sdcard: Add comments around registers and commands
hw/sd/sdcard: Inline BLK_READ_BLOCK / BLK_WRITE_BLOCK macros
hw/sd/sdcard: Add sd_invalid_mode_for_cmd to report invalid mode switch
hw/sd/sdcard: Only call sd_req_get_address() where address is used
hw/sd/sdcard: Factor sd_req_get_address() method out
hw/sd/sdcard: Only call sd_req_get_rca() where RCA is used
hw/sd/sdcard: Factor sd_req_get_rca() method out
hw/sd/sdcard: Have cmd_valid_while_locked() return a boolean value
hw/sd/sdcard: Trace update of block count (CMD23)
hw/sd/sdcard: Remove explicit entries for illegal commands
hw/sd/sdcard: Remove ACMD6 handler for SPI mode
hw/sd/sdcard: Use Load/Store API to fill some CID/CSD registers
hw/sd/sdcard: Use registerfield CSR::CURRENT_STATE definition
hw/sd/sdcard: Use HWBLOCK_SHIFT definition instead of magic values
hw/sd/sdcard: Fix typo in SEND_OP_COND command name
hw/sd/sdcard: Rewrite sd_cmd_ALL_SEND_CID using switch case (CMD2)
hw/sd/sdcard: Correct code indentation
hw/sd/sdcard: Avoid OOB in sd_read_byte() during unexpected CMD switch
bswap: Add st24_be_p() to store 24 bits in big-endian order
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 24 Jun 2024 20:51:11 +0000 (13:51 -0700)]
Merge tag 'pull-maintainer-june24-240624-1' of https://gitlab.com/stsquad/qemu into staging
maintainer updates (plugins, gdbstub):
- add missing include guard comment to gdbstub.h
- move gdbstub enums into separate header
- move qtest_[get|set]_virtual_clock functions
- allow plugins to manipulate the virtual clock
- introduce an Instructions Per Second plugin
- fix inject_mem_cb rw mask tests
- allow qemu_plugin_vcpu_mem_cb to shortcut when no memory cbs
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmZ5OjoACgkQ+9DbCVqe
# KkQPlwf/VK673BAjYktuCLnf3DgWvIkkiHWwzBREP5MmseUloLjK2CQPLY/xWZED
# pbA/1OSzHViD/mvG5wTxwef36b9PIleWj5/YwBxGlrb/rh6hCd9004pZK4EMI3qU
# 53SK8Qron8TIXjey6XfmAY8rcl030GsHr0Zqf5i2pZKE5g0iaGlM3Cwkpo0SxQsu
# kMNqiSs9NzX7LxB+YeuAauIvC1YA2F/MGTXeFCTtO9Beyp5oV7oOI+2zIvLjlG5M
# Z5hKjG/STkNOteoIBGZpe1+QNpoGHSBoGE3nQnGpXb82iLx1KVBcKuQ6GoWGv1Wo
# hqiSh9kJX479l0mLML+IzaDsgSglbg==
# =pvWx
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jun 2024 02:19:54 AM PDT
# gpg: using RSA key
6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
* tag 'pull-maintainer-june24-240624-1' of https://gitlab.com/stsquad/qemu:
accel/tcg: Avoid unnecessary call overhead from qemu_plugin_vcpu_mem_cb
plugins: fix inject_mem_cb rw masking
contrib/plugins: add Instructions Per Second (IPS) example for cost modeling
plugins: add migration blocker
plugins: add time control API
qtest: move qtest_{get, set}_virtual_clock to accel/qtest/qtest.c
sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time
qtest: use cpu interface in qtest_clock_warp
sysemu: add set_virtual_time to accel ops
plugins: Ensure register handles are not NULL
gdbstub: move enums into separate header
include/exec: add missing include guard comment
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 24 Jun 2024 18:57:11 +0000 (11:57 -0700)]
Merge tag 'pull-request-2024-06-24' of https://gitlab.com/thuth/qemu into staging
* s390x error reporting clean ups
* fix memleak in qos_fuzz.c
* use correct byte order for pid field in s390x dumps
* Add a CONFIG switch to disable legacy s390x CPUs
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmZ5NdQRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXMWhAAsdUs0DdnOlCbho9zP/dkx0f/d5SvcunP
# LbymyW0vs5Fgli3PEDDTKaYVirE3x1VW6+xhO3l82akihYjjZk19liNZd+2oF1tI
# N1ZXiSeSNhu/iv09raAdX064oql/uAdiB6Cnd4Gx/rQNp4aHF2ck/r0qdXQXYgJH
# lAYEm0kalwToijoymfGWeO+5ClpupX+s4I/YOe3Vx9mEG6qd4ebxaiqPXg4JeKQY
# 2dRNnxRgWMX0ZQ1SJXu73xMm8hNP5VxD1fVCmJXEzESXrp9e3vTElWgxpkTUUFUF
# 4lTbzvE+9Bx66wHrsB4KGNv2e76vTQK/9bAx4ap+a6Dy18F1qkWUP1w+iIT1nOZO
# o31GXbKXN5gaNrPVPn/SjvLV+hWPg9nqh2LYmc3KvXfeMM/CFZDj8sk+60Dh/C5I
# mYhF0IqFkzM27czn6ggQii8U15khC0ky7jYbKKiPsukht5zX/uM5zb17Z3AwLXt2
# eUhFkCnfw2S0kblxlYOZClkp7LaU+KvyhaugEMZhWX14qbN2uUq1xeJiL0WNzFB6
# 1IAtV7x0yc+dtH9kIq3zuddTIdzsnacELvhFLHEqZf9TpuO8HbwzyyZ45dSE01Km
# 6JdWpF87Gon6UQJ3FJo8TZQLp5PFAV+DFO6wyh05Bwxq9rhLUwX5CNAFIlmZMXW1
# CQ+lZW4eH3U=
# =Oggp
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jun 2024 02:01:08 AM PDT
# gpg: using RSA key
27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
* tag 'pull-request-2024-06-24' of https://gitlab.com/thuth/qemu:
target/s390x: Add a CONFIG switch to disable legacy CPUs
MAINTAINERS: Cover all tests/qtest/migration-* files
target/s390x/arch_dump: use correct byte order for pid
tests/qtest/fuzz: fix memleak in qos_fuzz.c
vfio/{ap, ccw}: Use warn_report_err() for IRQ notifier registration errors
vfio/ccw: Fix the missed unrealize() call in error path
vfio/ccw: Use the 'Error **errp' argument of vfio_ccw_realize()
s390x/css: Make S390CCWDeviceClass::realize return bool
hw/s390x/ccw: Remove local Error variable from s390_ccw_realize()
s390x/css: Make CCWDeviceClass::realize return bool
hw/s390x/ccw: Make s390_ccw_get_dev_info() return a bool
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Philippe Mathieu-Daudé [Sun, 25 Oct 2020 19:17:47 +0000 (20:17 +0100)]
hw/sd/sdcard: Add comments around registers and commands
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-21-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 8 Apr 2024 13:41:56 +0000 (15:41 +0200)]
hw/sd/sdcard: Inline BLK_READ_BLOCK / BLK_WRITE_BLOCK macros
These macros only save 3 chars and make the code harder
to maintain, simply remove them.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-20-philmd@linaro.org>
Max Chou [Thu, 20 Jun 2024 15:22:20 +0000 (16:22 +0100)]
accel/tcg: Avoid unnecessary call overhead from qemu_plugin_vcpu_mem_cb
If there are not any QEMU plugin memory callback functions, checking
before calling the qemu_plugin_vcpu_mem_cb function can reduce the
function call overhead.
Signed-off-by: Max Chou <max.chou@sifive.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <
20240613175122.
1299212-2-max.chou@sifive.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-13-alex.bennee@linaro.org>
Pierrick Bouvier [Thu, 20 Jun 2024 15:22:19 +0000 (16:22 +0100)]
plugins: fix inject_mem_cb rw masking
These are not booleans, but masks.
Issue found by Richard Henderson.
Fixes: f86fd4d8721 ("plugins: distinct types for callbacks")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240612195147.93121-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-12-alex.bennee@linaro.org>
Pierrick Bouvier [Thu, 20 Jun 2024 15:22:18 +0000 (16:22 +0100)]
contrib/plugins: add Instructions Per Second (IPS) example for cost modeling
This plugin uses the new time control interface to make decisions
about the state of time during the emulation. The algorithm is
currently very simple. The user specifies an ips rate which applies
per core. If the core runs ahead of its allocated execution time the
plugin sleeps for a bit to let real time catch up. Either way time is
updated for the emulation as a function of total executed instructions
with some adjustments for cores that idle.
Examples
--------
Slow down execution of /bin/true:
$ num_insn=$(./build/qemu-x86_64 -plugin ./build/tests/plugin/libinsn.so -d plugin /bin/true |& grep total | sed -e 's/.*: //')
$ time ./build/qemu-x86_64 -plugin ./build/contrib/plugins/libips.so,ips=$(($num_insn/4)) /bin/true
real 4.000s
Boot a Linux kernel simulating a 250MHz cpu:
$ /build/qemu-system-x86_64 -kernel /boot/vmlinuz-6.1.0-21-amd64 -append "console=ttyS0" -plugin ./build/contrib/plugins/libips.so,ips=$((250*1000*1000)) -smp 1 -m 512
check time until kernel panic on serial0
Tested in system mode by booting a full debian system, and using:
$ sysbench cpu run
Performance decrease linearly with the given number of ips.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240530220610.
1245424-7-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-11-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:17 +0000 (16:22 +0100)]
plugins: add migration blocker
If the plugin in controlling time there is some state that might be
missing from the plugin tracking it. Migration is unlikely to work in
this case so lets put a migration blocker in to let the user know if
they try.
Suggested-by: Dr. David Alan Gilbert <dave@treblig.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-10-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:16 +0000 (16:22 +0100)]
plugins: add time control API
Expose the ability to control time through the plugin API. Only one
plugin can control time so it has to request control when loaded.
There are probably more corner cases to catch here.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
[AJB: tweaked user-mode handling, merged QEMU_PLUGIN_API fix]
Message-Id: <
20240530220610.
1245424-6-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-9-alex.bennee@linaro.org>
Pierrick Bouvier [Thu, 20 Jun 2024 15:22:15 +0000 (16:22 +0100)]
qtest: move qtest_{get, set}_virtual_clock to accel/qtest/qtest.c
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240530220610.
1245424-5-pierrick.bouvier@linaro.org>
Message-Id: <
20240620152220.
2192768-8-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:14 +0000 (16:22 +0100)]
sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time
Move the key functionality of moving time forward into the clock
sub-system itself. This will allow us to plumb in time control into
plugins.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-7-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:13 +0000 (16:22 +0100)]
qtest: use cpu interface in qtest_clock_warp
This generalises the qtest_clock_warp code to use the AccelOps
handlers for updating its own sense of time. This will make the next
patch which moves the warp code closer to pure code motion.
From: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240530220610.
1245424-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-6-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:12 +0000 (16:22 +0100)]
sysemu: add set_virtual_time to accel ops
We are about to remove direct calls to individual accelerators for
this information and will need a central point for plugins to hook
into time changes.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240530220610.
1245424-2-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240620152220.
2192768-5-alex.bennee@linaro.org>
Akihiko Odaki [Thu, 20 Jun 2024 15:22:11 +0000 (16:22 +0100)]
plugins: Ensure register handles are not NULL
Ensure register handles are not NULL so that a plugin can assume NULL is
invalid as a register handle.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240229-null-v1-1-
e716501d981e@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240620152220.
2192768-4-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:10 +0000 (16:22 +0100)]
gdbstub: move enums into separate header
This is an experiment to further reduce the amount we throw into the
exec headers. It might not be as useful as I initially thought because
just under half of the users also need gdbserver_start().
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240620152220.
2192768-3-alex.bennee@linaro.org>
Alex Bennée [Thu, 20 Jun 2024 15:22:09 +0000 (16:22 +0100)]
include/exec: add missing include guard comment
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240620152220.
2192768-2-alex.bennee@linaro.org>
Philippe Mathieu-Daudé [Thu, 13 Jun 2024 20:45:43 +0000 (22:45 +0200)]
hw/sd/sdcard: Add sd_invalid_mode_for_cmd to report invalid mode switch
Having the mode switch displayed help to track incomplete
command implementations.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-19-philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 20 Jun 2024 12:29:46 +0000 (14:29 +0200)]
hw/sd/sdcard: Only call sd_req_get_address() where address is used
It will be useful later to assert only ADTC commands
(Addressed point-to-point Data Transfer Commands, defined
as the 'sd_adtc' enum) extract the address value from the
command argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-18-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 11 Jun 2024 14:50:30 +0000 (16:50 +0200)]
hw/sd/sdcard: Factor sd_req_get_address() method out
Extract sd_cmd_get_address() so we can re-use it
in various SDProto handlers. Use CARD_CAPACITY and
HWBLOCK_SHIFT definitions instead of magic values.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-17-philmd@linaro.org>
Philippe Mathieu-Daudé [Wed, 19 Jun 2024 20:12:35 +0000 (22:12 +0200)]
hw/sd/sdcard: Only call sd_req_get_rca() where RCA is used
It will be useful later to assert only AC commands
(Addressed point-to-point Commands, defined as the
'sd_ac' enum) extract the RCA value from the command
argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-16-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 11 Jun 2024 14:38:01 +0000 (16:38 +0200)]
hw/sd/sdcard: Factor sd_req_get_rca() method out
Extract sd_req_get_rca() so we can re-use it in various
SDProto handlers. Return a 16-bit value since RCA is 16-bit.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-15-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 03:28:51 +0000 (05:28 +0200)]
hw/sd/sdcard: Have cmd_valid_while_locked() return a boolean value
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-14-philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 13 Jun 2024 23:20:22 +0000 (01:20 +0200)]
hw/sd/sdcard: Trace update of block count (CMD23)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-12-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 03:14:05 +0000 (05:14 +0200)]
hw/sd/sdcard: Remove explicit entries for illegal commands
NULL handler is already handled as illegal, no need to
duplicate (that keeps this array simpler to maintain).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-9-philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 20 Jun 2024 12:43:13 +0000 (14:43 +0200)]
hw/sd/sdcard: Remove ACMD6 handler for SPI mode
There is no ACMD6 command in SPI mode, remove the pointless
handler introduced in commit
946897ce18 ("sdcard: handles
more commands in SPI mode"). Keep sd_cmd_unimplemented()
since we'll reuse it later.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-8-philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 20 Jun 2024 16:47:27 +0000 (18:47 +0200)]
hw/sd/sdcard: Use Load/Store API to fill some CID/CSD registers
The ld/st API helps noticing CID or CSD bytes refer
to the same field. Multi-bytes fields are stored MSB
first in CID / CSD.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-7-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 11:03:56 +0000 (13:03 +0200)]
hw/sd/sdcard: Use registerfield CSR::CURRENT_STATE definition
Use registerfield-generated definitions to update card_status.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-6-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 25 Oct 2020 18:36:59 +0000 (19:36 +0100)]
hw/sd/sdcard: Use HWBLOCK_SHIFT definition instead of magic values
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-5-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 03:11:12 +0000 (05:11 +0200)]
hw/sd/sdcard: Fix typo in SEND_OP_COND command name
There is no SEND_OP_CMD but SEND_OP_COND.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 14:58:29 +0000 (16:58 +0200)]
hw/sd/sdcard: Rewrite sd_cmd_ALL_SEND_CID using switch case (CMD2)
Keep this handler style in sync with other handlers by
using a switch() case, which might become handy to
handle other states.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 11 Jun 2024 14:19:41 +0000 (16:19 +0200)]
hw/sd/sdcard: Correct code indentation
Fix mis-alignment from commits
793d04f495 and
6380cd2052
("Add sd_cmd_SEND_TUNING_BLOCK" and "Add sd_cmd_SET_BLOCK_COUNT").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <
20240621080554.18986-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 8 Apr 2024 13:38:11 +0000 (15:38 +0200)]
hw/sd/sdcard: Avoid OOB in sd_read_byte() during unexpected CMD switch
For multi-bytes commands, our implementation uses the @data_start
and @data_offset fields to track byte access. We initialize the
command start/offset in buffer once. Malicious guest might abuse
by switching command while staying in the 'transfer' state, switching
command buffer size, and our implementation can access out of buffer
boundary. For example, CMD17 (READ_SINGLE_BLOCK) allows to read up to
512 bytes, and CMD13 (SEND_STATUS) up to 64 bytes. By switching from
CMD17 to CMD13 (see reproducer below), bytes [64-511] are out of the
'status' buffer.
Our implementation return R0 status code for unexpected commands.
Such in-transaction command switch is unexpected and returns R0.
This is a good place to reset the start/offset fields to avoid
malicious accesses.
Can be reproduced running:
$ export UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1
$ cat << EOF | qemu-system-i386 \
-display none -nographic \
-machine accel=qtest -m 512M \
-nodefaults \
-device sdhci-pci,sd-spec-version=3 \
-device sd-card,drive=mydrive \
-drive if=none,index=0,file=null-co://,format=raw,id=mydrive \
-qtest stdio -trace sd\* -trace -sdbus_read
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001004
outw 0xcfc 0x02
write 0xe000002c 0x1 0x05
write 0xe000000f 0x1 0x37
write 0xe000000a 0x1 0x01
write 0xe000000f 0x1 0x29
write 0xe000000f 0x1 0x02
write 0xe000000f 0x1 0x03
write 0xe000000c 0x1 0x32
write 0xe000000f 0x1 0x06
write 0xe0000005 0x1 0x01
write 0xe0000007 0x1 0x01
write 0xe0000003 0x1 0x00
write 0xe000000f 0x1 0x11
write 0xe000002a 0x1 0x01
write 0xe000002a 0x1 0x02
write 0xe000000f 0x1 0x0d
write 0xe000002a 0x1 0x01
write 0xe000002a 0x1 0x02
EOF
hw/sd/sd.c:1984:15: runtime error: index 256 out of bounds for type 'uint8_t [64]'
#0 sd_read_byte hw/sd/sd.c:1984:15
#1 sdbus_read_data hw/sd/core.c:157:23
#2 sdhci_read_block_from_card hw/sd/sdhci.c:423:9
#3 sdhci_blkgap_write hw/sd/sdhci.c:1074:13
#4 sdhci_write hw/sd/sdhci.c:1195:13
#5 memory_region_write_accessor softmmu/memory.c:492:5
#6 access_with_adjusted_size softmmu/memory.c:554:18
#7 memory_region_dispatch_write softmmu/memory.c
#8 flatview_write_continue softmmu/physmem.c:2778:23
#9 flatview_write softmmu/physmem.c:2818:14
#10 address_space_write softmmu/physmem.c:2910:18
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior hw/sd/sd.c:1984:15
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/487
Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36240
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20240408141717.66154-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 20 Jun 2024 16:51:01 +0000 (18:51 +0200)]
bswap: Add st24_be_p() to store 24 bits in big-endian order
Commit
14180d6221 ("bswap: Add the ability to store to an
unaligned 24 bit field") added st24_le_p() for little
endianness, add st24_be_p() equivalent for bit one.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240621075607.17902-1-philmd@linaro.org>
Thomas Huth [Thu, 13 Jun 2024 14:14:22 +0000 (16:14 +0200)]
target/s390x: Add a CONFIG switch to disable legacy CPUs
The oldest model that IBM still supports is the z13. Considering
that each generation can "emulate" the previous two generations
in hardware (via the "IBC" feature of the CPUs), this means that
everything that is older than z114/196 is not an officially supported
CPU model anymore. The Linux kernel still support the z10, so if
we also take this into account, everything older than that can
definitely be considered as a legacy CPU model.
For downstream builds of QEMU, we would like to be able to disable
these legacy CPUs in the build. Thus add a CONFIG switch that can be
used to disable them (and old machine types that use them by default).
Message-Id: <
20240614125019.588928-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 19 Jun 2024 05:54:47 +0000 (07:54 +0200)]
MAINTAINERS: Cover all tests/qtest/migration-* files
Beside migration-test.c, there is nowadays migration-helpers.[ch],
too, so update the entry in the migration section to also cover these
files now.
While we're at it, exclude these files in the common qtest section,
since the migration test is well covered by the migration maintainers
already. Since the test is under very active development, it was causing
a lot of distraction to the generic qtest maintainers with regards to
the patches that need to be reviewed by the migration maintainers anyway.
Message-ID: <
20240619055447.129943-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Omar Sandoval [Wed, 19 Jun 2024 05:00:12 +0000 (22:00 -0700)]
target/s390x/arch_dump: use correct byte order for pid
The pid field of prstatus needs to be big endian like all of the other
fields.
Fixes: f738f296eaae ("s390x/arch_dump: pass cpuid into notes sections")
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
5929f76d536d355afd04af51bf293695a1065118.
1718771802.git.osandov@osandov.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Dmitry Frolov [Tue, 21 May 2024 10:31:08 +0000 (13:31 +0300)]
tests/qtest/fuzz: fix memleak in qos_fuzz.c
Found with fuzzing for qemu-8.2, but also relevant for master
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-ID: <
20240521103106.119021-3-frolov@swemel.ru>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:07 +0000 (19:01 +0200)]
vfio/{ap, ccw}: Use warn_report_err() for IRQ notifier registration errors
vfio_ccw_register_irq_notifier() and vfio_ap_register_irq_notifier()
errors are currently reported using error_report_err(). Since they are
not considered as failing conditions, using warn_report_err() is more
appropriate.
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-8-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Zhenzhong Duan [Wed, 22 May 2024 17:01:06 +0000 (19:01 +0200)]
vfio/ccw: Fix the missed unrealize() call in error path
When get name failed, we should call unrealize() so that
vfio_ccw_realize() is self contained.
Fixes: 909a6254eda ("vfio/ccw: Make vfio cdev pre-openable by passing a file handle")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-7-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:05 +0000 (19:01 +0200)]
vfio/ccw: Use the 'Error **errp' argument of vfio_ccw_realize()
The local error variable is kept for vfio_ccw_register_irq_notifier()
because it is not considered as a failing condition. We will change
how error reporting is done in following changes.
Remove the error_propagate() call.
Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-6-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:04 +0000 (19:01 +0200)]
s390x/css: Make S390CCWDeviceClass::realize return bool
Since the realize() handler of S390CCWDeviceClass takes an 'Error **'
argument, best practices suggest to return a bool. See the api/error.h
Rules section. While at it, modify the call in vfio_ccw_realize().
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-5-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:03 +0000 (19:01 +0200)]
hw/s390x/ccw: Remove local Error variable from s390_ccw_realize()
Use the 'Error **errp' argument of s390_ccw_realize() instead and
remove the error_propagate() call.
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-4-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:02 +0000 (19:01 +0200)]
s390x/css: Make CCWDeviceClass::realize return bool
Since the realize() handler of CCWDeviceClass takes an 'Error **'
argument, best practices suggest to return a bool. See the api/error.h
Rules section. While at it, modify the call in s390_ccw_realize().
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-3-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Wed, 22 May 2024 17:01:01 +0000 (19:01 +0200)]
hw/s390x/ccw: Make s390_ccw_get_dev_info() return a bool
Since s390_ccw_get_dev_info() takes an 'Error **' argument, best
practices suggest to return a bool. See the qapi/error.h Rules
section. While at it, modify the call in s390_ccw_realize().
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Anthony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240522170107.289532-2-clg@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Richard Henderson [Sat, 22 Jun 2024 16:56:49 +0000 (09:56 -0700)]
Merge tag 'pull-target-arm-
20240622' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* hw/net/can/xlnx-versal-canfd: Fix sorting of the tx queue
* hw/arm/xilinx_zynq: Fix IRQ/FIQ routing
* hw/intc/arm_gic: Fix deactivation of SPI lines
* hw/timer/a9gtimer: Handle QTest mode in a9_gtimer_get_current_cpu
* hw/misc: Set valid access size for Exynos4210 RNG
* hw/arm/sbsa-ref: switch to 1GHz timer frequency
* hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa machine
* hw/arm/virt: allow creation of a second NonSecure UART
* hw/arm/virt: Avoid unexpected warning from Linux guest on host with Fujitsu CPUs
* scripts/coverity-scan/COMPONENTS.md: update component regexes
* hw/usb/hcd-dwc2: Handle invalid address access in read and write functions
* hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmZ2vigZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3mRzD/9+Upo0E9GoNE8FaZYk+xw9
# tB7V0C5RxZCW74ggjsoRSs2Mq45X+jzjT5cmlo3bCyj9z146eyOovcqroJHlggy7
# W3nqE7Yg6tUz6MEbrDq54BVNGmBdwY4kpYr5MvXrhtb9A+/QjaW8MqlmT5NCvUb+
# KZ+i4PTAF5dALCZblnqL5+9RYfwMOeR8R03ZbV2H0OCvO16N1rWsgoRzReVbpmy2
# LEXGber13O7HnSRiMjvxTn92yZBO+tgmLB5w6V4aaYKEhj3B0wTO+GVEUMz0Rmzw
# LunrZhtQql9MOrdJIvgPrrFRmGHamnNu3IV0750xrRPQ1mJlVevaaCpl1IlaVeXG
# /PnY8HWaDJgwlPMDZVga38KSVQavdC8/Uvdw816a0rBzbclAAUZSNf8cuNeJ7qmk
# 2CQp/C8vuarWH0Ut0Qav8uuepd5jDt5TT3crBPhxMRwxsNTsSgjXxe7s3jdVWe2C
# +z1sC/KnSmmFUwyu14GA4WsUdz05m4Mmixz4unXemMeexibUA3n4RSTiUYzTNcb4
# NmhEY4WbhuDtnSqqeSFyKtS5WCIG9A8YmcEzHWNsbaZAIEdS5QlxCSocbzG2mO6G
# zD/kWMn0nmYWejYgaT3LcL5BvkwmePV6u3jQNmVL8aQgG+OPZh7tvCR2gSMPWpml
# Y2pVvKZ+Tcx3GqZOUqKsrA==
# =oPnm
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 22 Jun 2024 05:06:00 AM PDT
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
* tag 'pull-target-arm-
20240622' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa machine
hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1
hw/misc: Set valid access size for Exynos4210 RNG
hw/arm/virt: Avoid unexpected warning from Linux guest on host with Fujitsu CPUs
hw/arm/virt: allow creation of a second NonSecure UART
hw/arm/virt: Rename VIRT_UART and VIRT_SECURE_UART to VIRT_UART[01]
hw/arm/virt: Add serial aliases in DTB
hw/usb/hcd-dwc2: Handle invalid address access in read and write functions
hw/timer/a9gtimer: Handle QTest mode in a9_gtimer_get_current_cpu
scripts/coverity-scan/COMPONENTS.md: Include libqmp in testlibs
scripts/coverity-scan/COMPONENTS.md: Fix monitor component
scripts/coverity-scan/COMPONENTS.md: Add crypto headers in host/include to the crypto component
scripts/coverity-scan/COMPONENTS.md: Fix 'char' component
scripts/coverity-scan/COMPONENTS.md: Update paths to match gitlab CI
hw/arm/xilinx_zynq: Fix IRQ/FIQ routing
hw/intc/arm_gic: Fix deactivation of SPI lines
hw/arm/sbsa-ref: switch to 1GHz timer frequency
hw/net/can/xlnx-versal-canfd: Fix sorting of the tx queue
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Fri, 21 Jun 2024 18:19:25 +0000 (11:19 -0700)]
Merge tag 'migration-
20240621-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Fabiano's fix for fdset + file migration truncating the migration
file
- Fabiano's fdset + direct-io support for mapped-ram
- Peter's various cleanups (multifd sync, thread names, migration
states, tests)
- Peter's new migration state postcopy-recover-setup
- Philippe's unused vmstate macro cleanup
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmZ1vIsQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnVZTEACdFIsQ/PJw2C9eeLNor5B5MNSEqUjxX0KN
# 6s/uTkJ/dcv+2PI92SzRCZ1dpR5e9AyjTFYbLc9tPRBIROEhlUaoc84iyEy0jCFU
# eJ65/RQbH5QHRpOZwbN5RmGwnapfOWHGTn3bpdrmSQTOAy8R2TPGY4SVYR+gamTn
# bAv1cAsrOOBUfCi8aqvSlmvuliOW0lzJdF4XHa3mAaigLoF14JdwUZdyIMP1mLDp
# /fllbHCKCvJ1vprE9hQmptBR9PzveJZOZamIVt96djJr5+C869+9PMCn3a5vxqNW
# b+/LhOZjac37Ecg5kgbq+cO1E4EXKC3zWOmDTw8kHUwp9oYNi1upwLdpHbAAZaQD
# /JmHKsExx9QuV8mrVyGBXMI92E6RrT54b1Bjcuo63gAP8p9JRRxGT22U3LghNbTm
# 1XcGPR3rswjT1yTgE6qAqAIMR+7X5MrJVWop9ub/lF5DQ1VYIwmlKSNdwDHFDhRq
# 0F1k2+EksNpcZ0BH2+3iFml7qKHLVupLQKTWcLdrlnQnTfSG3+yW7eyA5Mte79Qp
# nJPcHt8qBqUVQ9Uf/4490TM4Lrp+T+m16exIi0tISLaDXSVkFJnlowipSm+tQ7U3
# Sm68JWdWWEsXZVaMqJeBE8nA/hCoQDpo4hVdwftStI+NayXbRX/EgvPqrNAvwh+c
# i4AdHdn6hQ==
# =ZX0p
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Jun 2024 10:46:51 AM PDT
# gpg: using RSA key
AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-
20240621-pull-request' of https://gitlab.com/farosas/qemu: (28 commits)
migration: Remove unused VMSTATE_ARRAY_TEST() macro
tests/migration-tests: Cover postcopy failure on reconnect
tests/migration-tests: Verify postcopy-recover-setup status
tests/migration-tests: migration_event_wait()
tests/migration-tests: Always enable migration events
tests/migration-tests: Drop most WIN32 ifdefs for postcopy failure tests
migration/docs: Update postcopy recover session for SETUP phase
migration/postcopy: Add postcopy-recover-setup phase
migration: Cleanup incoming migration setup state change
migration: Use MigrationStatus instead of int
migration: Rename thread debug names
migration/multifd: Avoid the final FLUSH in complete()
tests/qtest/migration: Add a test for mapped-ram with passing of fds
migration: Add documentation for fdset with multifd + file
monitor: fdset: Match against O_DIRECT
tests/qtest/migration: Add tests for file migration with direct-io
migration/multifd: Add direct-io support
migration: Add direct-io parameter
io: Stop using qemu_open_old in channel-file
monitor: Report errors from monitor_fdset_dup_fd_add
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Philippe Mathieu-Daudé [Fri, 21 Jun 2024 07:03:17 +0000 (09:03 +0200)]
migration: Remove unused VMSTATE_ARRAY_TEST() macro
Last use of VMSTATE_ARRAY_TEST() was removed in commit
46baa9007f
("migration/i386: Remove old non-softfloat 64bit FP support"), we
can safely get rid of it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:46 +0000 (18:30 -0400)]
tests/migration-tests: Cover postcopy failure on reconnect
Make sure there will be an event for postcopy recovery, irrelevant of
whether the reconnect will success, or when the failure happens.
The added new case is to fail early in postcopy recovery, in which case it
didn't even reach RECOVER stage on src (and in real life it'll be the same
to dest, but the test case is just slightly more involved due to the dual
socketpair setup).
To do that, rename the postcopy_recovery_test_fail to reflect either stage
to fail, instead of a boolean.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:45 +0000 (18:30 -0400)]
tests/migration-tests: Verify postcopy-recover-setup status
Making sure the postcopy-recover-setup status is present in the postcopy
failure unit test. Note that it only applies to src QEMU not dest.
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Xiong Yining [Fri, 7 Jun 2024 10:38:25 +0000 (10:38 +0000)]
hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa machine
Enable CPU cluster support on SbsaQemu platform, so that users can
specify a 4-level CPU hierarchy sockets/clusters/cores/threads. And
this topology can be passed to the firmware through /cpus/topology
Device Tree.
Signed-off-by: Xiong Yining <xiongyining1480@phytium.com.cn>
Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
Message-id:
20240607103825.
1295328-2-xiongyining1480@phytium.com.cn
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
David Hubbard [Mon, 20 May 2024 23:26:34 +0000 (18:26 -0500)]
hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1
This changes the way the ohci emulation handles a Transfer Descriptor
with "Buffer End" set to "Current Buffer Pointer" - 1, specifically
in the case of a zero-length packet.
The OHCI spec 4.3.1.2 Table 4-2 specifies td.cbp to be zero for a
zero-length packet. Peter Maydell tracked down commit
1328fe0c32
(hw: usb: hcd-ohci: check len and frame_number variables) where qemu
started checking this according to the spec.
What this patch does is loosen the qemu ohci implementation to allow a
zero-length packet if td.be (Buffer End) is set to td.cbp - 1, and with a
non-zero td.cbp value.
The spec is unclear whether this is valid or not -- it is not the
clearly documented way to send a zero length TD (which is CBP=BE=0),
but it isn't specifically forbidden. Actual hw seems to be ok with it.
Does any OS rely on this behavior? There have been no reports to
qemu-devel of this problem.
This is attempting to have qemu behave like actual hardware,
but this is just a minor change.
With a tiny OS[1] that boots and executes a test, the issue can be seen:
* OS that sends USB requests to a USB mass storage device
but sends td.cbp = td.be + 1
* qemu 4.2
* qemu HEAD (
4e66a0854)
* Actual OHCI controller (hardware)
Command line:
qemu-system-x86_64 -m 20 \
-device pci-ohci,id=ohci \
-drive if=none,format=raw,id=d,file=testmbr.raw \
-device usb-storage,bus=ohci.0,drive=d \
--trace "usb_*" --trace "ohci_*" -D qemu.log
Results are:
qemu 4.2 | qemu HEAD | actual HW
-----------+------------+-----------
works fine | ohci_die() | works fine
Tip: if the flags "-serial pty -serial stdio" are added to the command line
the test will output USB requests like this:
Testing qemu HEAD:
> Free mem 2M ohci port2 conn FS
> setup { 80 6 0 1 0 0 8 0 }
> ED info=80000 { mps=8 en=0 d=0 } tail=c20920
> td0 c20880 nxt=c20960
f2000000 setup cbp=c20900 be=c20907
> td1 c20960 nxt=c20980
f3140000 in cbp=c20908 be=c2090f
> td2 c20980 nxt=c20920
f3080000 out cbp=c20910 be=c2090f ohci20 host err
> usb stopped
And in qemu.log:
usb_ohci_iso_td_bad_cc_overrun ISO_TD start_offset=0x00c20910 > next_offset=0x00c2090f
Testing qemu 4.2:
> Free mem 2M ohci port2 conn FS
> setup { 80 6 0 1 0 0 8 0 }
> ED info=80000 { mps=8 en=0 d=0 } tail=620920
> td0 620880 nxt=620960
f2000000 setup cbp=620900 be=620907 cbp=0 be=620907
> td1 620960 nxt=620980
f3140000 in cbp=620908 be=62090f cbp=0 be=62090f
> td2 620980 nxt=620920
f3080000 out cbp=620910 be=62090f cbp=0 be=62090f
> rx { 12 1 0 2 0 0 0 8 }
> setup { 0 5 1 0 0 0 0 0 } tx {}
> ED info=80000 { mps=8 en=0 d=0 } tail=620880
> td0 620920 nxt=620960
f2000000 setup cbp=620900 be=620907 cbp=0 be=620907
> td1 620960 nxt=620880
f3100000 in cbp=620908 be=620907 cbp=0 be=620907
> setup { 80 6 0 1 0 0 12 0 }
> ED info=80001 { mps=8 en=0 d=1 } tail=620960
> td0 620880 nxt=6209c0
f2000000 setup cbp=620920 be=620927 cbp=0 be=620927
> td1 6209c0 nxt=6209e0
f3140000 in cbp=620928 be=620939 cbp=0 be=620939
> td2 6209e0 nxt=620960
f3080000 out cbp=62093a be=620939 cbp=0 be=620939
> rx { 12 1 0 2 0 0 0 8 f4 46 1 0 0 0 1 2 3 1 }
> setup { 80 6 0 2 0 0 0 1 }
> ED info=80001 { mps=8 en=0 d=1 } tail=620880
> td0 620960 nxt=6209a0
f2000000 setup cbp=620a20 be=620a27 cbp=0 be=620a27
> td1 6209a0 nxt=6209c0
f3140004 in cbp=620a28 be=620b27 cbp=620a48 be=620b27
> td2 6209c0 nxt=620880
f3080000 out cbp=620b28 be=620b27 cbp=0 be=620b27
> rx { 9 2 20 0 1 1 4 c0 0 9 4 0 0 2 8 6 50 0 7 5 81 2 40 0 0 7 5 2 2 40 0 0 }
> setup { 0 9 1 0 0 0 0 0 } tx {}
> ED info=80001 { mps=8 en=0 d=1 } tail=620900
> td0 620880 nxt=620940
f2000000 setup cbp=620a00 be=620a07 cbp=0 be=620a07
> td1 620940 nxt=620900
f3100000 in cbp=620a08 be=620a07 cbp=0 be=620a07
[1] The OS disk image has been emailed to philmd@linaro.org, mjt@tls.msk.ru,
and kraxel@redhat.com:
* testCbpOffBy1.img.xz
* sha256:
f87baddcb86de845de12f002c698670a426affb40946025cc32694f9daa3abed
Signed-off-by: David Hubbard <dmamfmgm@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Zheyu Ma [Tue, 18 Jun 2024 16:37:01 +0000 (18:37 +0200)]
hw/misc: Set valid access size for Exynos4210 RNG
The Exynos4210 RNG module requires 32-bit (4-byte) accesses to its registers.
According to the User Manual Section 25.3[1], the registers for RNG operations
are 32-bit. This change ensures that the memory region operations for the
RNG module enforce the correct access sizes, preventing invalid memory accesses.
[1] http://www.mediafire.com/view/8ly2fqls3c9c31c/Exynos_4412_SCP_Users_Manual_Ver.0.10.00_Preliminary0.pdf
Reproducer:
cat << EOF | qemu-system-aarch64 -display none \
-machine accel=qtest, -m 512M -machine smdkc210 -qtest stdio
readb 0x10830454
EOF
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Message-id:
20240618163701.
3204975-1-zheyuma97@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Zhenyu Zhang [Wed, 12 Jun 2024 02:05:06 +0000 (22:05 -0400)]
hw/arm/virt: Avoid unexpected warning from Linux guest on host with Fujitsu CPUs
Multiple warning messages and corresponding backtraces are observed when Linux
guest is booted on the host with Fujitsu CPUs. One of them is shown as below.
[ 0.032443] ------------[ cut here ]------------
[ 0.032446] uart-pl011
9000000.pl011: ARCH_DMA_MINALIGN smaller than
CTR_EL0.CWG (128 < 256)
[ 0.032454] WARNING: CPU: 0 PID: 1 at arch/arm64/mm/dma-mapping.c:54
arch_setup_dma_ops+0xbc/0xcc
[ 0.032470] Modules linked in:
[ 0.032475] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.14.0-452.el9.aarch64
[ 0.032481] Hardware name: linux,dummy-virt (DT)
[ 0.032484] pstate:
60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.032490] pc : arch_setup_dma_ops+0xbc/0xcc
[ 0.032496] lr : arch_setup_dma_ops+0xbc/0xcc
[ 0.032501] sp :
ffff80008003b860
[ 0.032503] x29:
ffff80008003b860 x28:
0000000000000000 x27:
ffffaae4b949049c
[ 0.032510] x26:
0000000000000000 x25:
0000000000000000 x24:
0000000000000000
[ 0.032517] x23:
0000000000000100 x22:
0000000000000000 x21:
0000000000000000
[ 0.032523] x20:
0000000100000000 x19:
ffff2f06c02ea400 x18:
ffffffffffffffff
[ 0.032529] x17:
00000000208a5f76 x16:
000000006589dbcb x15:
ffffaae4ba071c89
[ 0.032535] x14:
0000000000000000 x13:
ffffaae4ba071c84 x12:
455f525443206e61
[ 0.032541] x11:
68742072656c6c61 x10:
0000000000000029 x9 :
ffffaae4b7d21da4
[ 0.032547] x8 :
0000000000000029 x7 :
4c414e494d5f414d x6 :
0000000000000029
[ 0.032553] x5 :
000000000000000f x4 :
ffffaae4b9617a00 x3 :
0000000000000001
[ 0.032558] x2 :
0000000000000000 x1 :
0000000000000000 x0 :
ffff2f06c029be40
[ 0.032564] Call trace:
[ 0.032566] arch_setup_dma_ops+0xbc/0xcc
[ 0.032572] of_dma_configure_id+0x138/0x300
[ 0.032591] amba_dma_configure+0x34/0xc0
[ 0.032600] really_probe+0x78/0x3dc
[ 0.032614] __driver_probe_device+0x108/0x160
[ 0.032619] driver_probe_device+0x44/0x114
[ 0.032624] __device_attach_driver+0xb8/0x14c
[ 0.032629] bus_for_each_drv+0x88/0xe4
[ 0.032634] __device_attach+0xb0/0x1e0
[ 0.032638] device_initial_probe+0x18/0x20
[ 0.032643] bus_probe_device+0xa8/0xb0
[ 0.032648] device_add+0x4b4/0x6c0
[ 0.032652] amba_device_try_add.part.0+0x48/0x360
[ 0.032657] amba_device_add+0x104/0x144
[ 0.032662] of_amba_device_create.isra.0+0x100/0x1c4
[ 0.032666] of_platform_bus_create+0x294/0x35c
[ 0.032669] of_platform_populate+0x5c/0x150
[ 0.032672] of_platform_default_populate_init+0xd0/0xec
[ 0.032697] do_one_initcall+0x4c/0x2e0
[ 0.032701] do_initcalls+0x100/0x13c
[ 0.032707] kernel_init_freeable+0x1c8/0x21c
[ 0.032712] kernel_init+0x28/0x140
[ 0.032731] ret_from_fork+0x10/0x20
[ 0.032735] ---[ end trace
0000000000000000 ]---
In Linux, a check is applied to every device which is exposed through
device-tree node. The warning message is raised when the device isn't
DMA coherent and the cache line size is larger than ARCH_DMA_MINALIGN
(128 bytes). The cache line is sorted from CTR_EL0[CWG], which corresponds
to 256 bytes on the guest CPUs. The DMA coherent capability is claimed
through 'dma-coherent' in their device-tree nodes or parent nodes.
This happens even when the device doesn't implement or use DMA at all,
for legacy reasons.
Fix the issue by adding 'dma-coherent' property to the device-tree root
node, meaning all devices are capable of DMA coherent by default.
This both suppresses the spurious kernel warnings and also guards
against possible future QEMU bugs where we add a DMA-capable device
and forget to mark it as dma-coherent.
Signed-off-by: Zhenyu Zhang <zhenyzha@redhat.com>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Donald Dutile <ddutile@redhat.com
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-id:
20240612020506.307793-1-zhenyzha@redhat.com
[PMM: tweaked commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 10 Jun 2024 16:23:43 +0000 (17:23 +0100)]
hw/arm/virt: allow creation of a second NonSecure UART
For some use-cases, it is helpful to have more than one UART
available to the guest. If the second UART slot is not already used
for a TrustZone Secure-World-only UART, create it as a NonSecure UART
only when the user provides a serial backend (e.g. via a second
-serial command line option).
This avoids problems where existing guest software only expects a
single UART, and gets confused by the second UART in the DTB. The
major example of this is older EDK2 firmware, which will send the
GRUB bootloader output to UART1 and the guest serial output to UART0.
Users who want to use both UARTs with a guest setup including EDK2
are advised to update to EDK2 release edk2-stable202311 or newer.
(The prebuilt EDK2 blobs QEMU upstream provides are new enough.)
The relevant EDK2 changes are the ones described here:
https://bugzilla.tianocore.org/show_bug.cgi?id=4577
Inspired-by: Axel Heider <axel.heider@hensoldt.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240610162343.
2131524-4-peter.maydell@linaro.org
Peter Maydell [Mon, 10 Jun 2024 16:23:42 +0000 (17:23 +0100)]
hw/arm/virt: Rename VIRT_UART and VIRT_SECURE_UART to VIRT_UART[01]
We're going to make the second UART not always a secure-only device.
Rename the constants VIRT_UART and VIRT_SECURE_UART to VIRT_UART0
and VIRT_UART1 accordingly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240610162343.
2131524-3-peter.maydell@linaro.org
Peter Maydell [Mon, 10 Jun 2024 16:23:41 +0000 (17:23 +0100)]
hw/arm/virt: Add serial aliases in DTB
If there is more than one UART in the DTB, then there is no guarantee
on which order a guest is supposed to initialise them. The standard
solution to this is "serialN" entries in the "/aliases" node of the
dtb which give the nodename of the UARTs.
At the moment we only have two UARTs in the DTB when one is for
the Secure world and one for the Non-Secure world, so this isn't
really a problem. However if we want to add a second NS UART we'll
need the aliases to ensure guests pick the right one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240610162343.
2131524-2-peter.maydell@linaro.org
Zheyu Ma [Tue, 18 Jun 2024 13:56:10 +0000 (15:56 +0200)]
hw/usb/hcd-dwc2: Handle invalid address access in read and write functions
This commit modifies the dwc2_hsotg_read() and dwc2_hsotg_write() functions
to handle invalid address access gracefully. Instead of using
g_assert_not_reached(), which causes the program to abort, the functions
now log an error message and return a default value for reads or do
nothing for writes.
This change prevents the program from aborting and provides clear log
messages indicating when an invalid memory address is accessed.
Reproducer:
cat << EOF | qemu-system-aarch64 -display none \
-machine accel=qtest, -m 512M -machine raspi2b -m 1G -nodefaults \
-usb -drive file=null-co://,if=none,format=raw,id=disk0 -device \
usb-storage,port=1,drive=disk0 -qtest stdio
readl 0x3f980dfb
EOF
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id:
20240618135610.
3109175-1-zheyuma97@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Zheyu Ma [Tue, 18 Jun 2024 14:40:09 +0000 (16:40 +0200)]
hw/timer/a9gtimer: Handle QTest mode in a9_gtimer_get_current_cpu
This commit updates the a9_gtimer_get_current_cpu() function to handle
cases where QTest is enabled. When QTest is used, it returns 0 instead
of dereferencing the current_cpu, which can be NULL. This prevents the
program from crashing during QTest runs.
Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine npcm750-evb -qtest stdio
writel 0xf03fe20c 0x26d7468c
EOF
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240618144009.
3137806-1-zheyuma97@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 18 Jun 2024 15:22:22 +0000 (16:22 +0100)]
scripts/coverity-scan/COMPONENTS.md: Include libqmp in testlibs
Add libqmp to the testlibs component.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240604145934.
1230583-6-peter.maydell@linaro.org
Peter Maydell [Tue, 18 Jun 2024 15:22:22 +0000 (16:22 +0100)]
scripts/coverity-scan/COMPONENTS.md: Fix monitor component
Update the 'monitor' component:
* qapi/ and monitor/ are now subdirectories
* add job-qmp.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240604145934.
1230583-5-peter.maydell@linaro.org
Peter Maydell [Tue, 18 Jun 2024 15:22:22 +0000 (16:22 +0100)]
scripts/coverity-scan/COMPONENTS.md: Add crypto headers in host/include to the crypto component
host/include/*/host/crypto/ are relatively new headers; add them
to the crypto component.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240604145934.
1230583-4-peter.maydell@linaro.org
Peter Maydell [Tue, 18 Jun 2024 15:22:21 +0000 (16:22 +0100)]
scripts/coverity-scan/COMPONENTS.md: Fix 'char' component
The 'char' component:
* includes the no-longer-present qemu-char.c, which has been
long since split into the chardev/ backend code
* also includes the hw/char devices
Split it into two components:
* char is the hw/char devices
* chardev is the chardev backends
with regexes matching our current sources.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240604145934.
1230583-3-peter.maydell@linaro.org
Peter Maydell [Tue, 18 Jun 2024 15:22:21 +0000 (16:22 +0100)]
scripts/coverity-scan/COMPONENTS.md: Update paths to match gitlab CI
Since commit
83aa1baa069c we have been running the build for Coverity
Scan as a Gitlab CI job, rather than the old setup where it was run
on a local developer's machine. This is working well, but the
absolute paths of files are different for the Gitlab CI job, which
means that the regexes we use to identify Coverity components no
longer work. With Gitlab CI builds the file paths are of the form
/builds/qemu-project/qemu/accel/kvm/kvm-all.c
rather than the old
/qemu/accel/kvm/kvm-all.c
and our regexes all don't match.
Update all the regexes to start with .*/qemu/ . This will hopefully
avoid the need to change them again in future if the build path
changes again.
This change was made with a search-and-replace of (/qemu)?
to .*/qemu .
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240604145934.
1230583-2-peter.maydell@linaro.org
Sebastian Huber [Tue, 18 Jun 2024 15:22:21 +0000 (16:22 +0100)]
hw/arm/xilinx_zynq: Fix IRQ/FIQ routing
Fix the system bus interrupt line to CPU core assignment.
Fixes: ddcf58e044ce0 ("hw/arm/xilinx_zynq: Support up to two CPU cores")
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240610052906.4432-1-sebastian.huber@embedded-brains.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Edgar E. Iglesias [Tue, 18 Jun 2024 15:22:20 +0000 (16:22 +0100)]
hw/intc/arm_gic: Fix deactivation of SPI lines
Julien reported that he has seen strange behaviour when running
Xen on QEMU using GICv2. When Xen migrates a guest's vCPU from
one pCPU to another while the vCPU is handling an interrupt, the
guest is unable to properly deactivate interrupts.
Looking at it a little closer, our GICv2 model treats
deactivation of SPI lines as if they were PPI's, i.e banked per
CPU core. The state for active interrupts should only be banked
for PPI lines, not for SPI lines.
Make deactivation of SPI lines unbanked, similar to how we
handle writes to GICD_ICACTIVER.
Reported-by: Julien Grall <julien@xen.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-id:
20240605143044.
2029444-2-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Marcin Juszkiewicz [Tue, 18 Jun 2024 15:22:20 +0000 (16:22 +0100)]
hw/arm/sbsa-ref: switch to 1GHz timer frequency
Updated firmware for QEMU CI is already in merge queue so we can move
platform to be future proof.
All supported cpus work fine with 1GHz timer frequency when firmware is
fresh enough.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
Message-id:
20240531093729.220758-2-marcin.juszkiewicz@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shiva sagar Myana [Tue, 18 Jun 2024 15:22:20 +0000 (16:22 +0100)]
hw/net/can/xlnx-versal-canfd: Fix sorting of the tx queue
Returning an uint32_t casted to a gint from g_cmp_ids causes the tx queue to
become wrongly sorted when executing g_slist_sort. Fix this by always
returning -1 or 1 from g_cmp_ids based on the ID comparison instead.
Also, if two message IDs are the same, sort them by using their index and
transmit the message at the lowest index first.
Signed-off-by: Shiva sagar Myana <Shivasagar.Myana@amd.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Message-id:
20240603051732.
3334571-1-Shivasagar.Myana@amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Xu [Wed, 19 Jun 2024 22:30:44 +0000 (18:30 -0400)]
tests/migration-tests: migration_event_wait()
Introduce a small helper to wait for a migration event, generalized from
the incoming migration path. Make the helper easier to use by allowing it
to keep waiting until the expected event is received.
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:43 +0000 (18:30 -0400)]
tests/migration-tests: Always enable migration events
Libvirt should always enable it, so it'll be nice qtest also cover that for
all tests on both sides. migrate_incoming_qmp() used to enable it only on
dst, now we enable them on both, as we'll start to sanity check events even
on the src QEMU.
We'll need to leave the one in migrate_incoming_qmp(), because
virtio-net-failover test uses that one only, and it relies on the events to
work.
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:42 +0000 (18:30 -0400)]
tests/migration-tests: Drop most WIN32 ifdefs for postcopy failure tests
Most of them are not needed, we can stick with one ifdef inside
postcopy_recover_fail() so as to cover the scm right tricks only.
The tests won't run on windows anyway due to has_uffd always false.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:41 +0000 (18:30 -0400)]
migration/docs: Update postcopy recover session for SETUP phase
Firstly, the "Paused" state was added in the wrong place before. The state
machine section was describing PostcopyState, rather than MigrationStatus.
Drop the Paused state descriptions.
Then in the postcopy recover session, add more information on the state
machine for MigrationStatus in the lines. Add the new RECOVER_SETUP phase.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
[fix typo s/reconnects/reconnect]
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:40 +0000 (18:30 -0400)]
migration/postcopy: Add postcopy-recover-setup phase
This patch adds a migration state on src called "postcopy-recover-setup".
The new state will describe the intermediate step starting from when the
src QEMU received a postcopy recovery request, until the migration channels
are properly established, but before the recovery process take place.
The request came from Libvirt where Libvirt currently rely on the migration
state events to detect migration state changes. That works for most of the
migration process but except postcopy recovery failures at the beginning.
Currently postcopy recovery only has two major states:
- postcopy-paused: this is the state that both sides of QEMU will be in
for a long time as long as the migration channel was interrupted.
- postcopy-recover: this is the state where both sides of QEMU handshake
with each other, preparing for a continuation of postcopy which used to
be interrupted.
The issue here is when the recovery port is invalid, the src QEMU will take
the URI/channels, noticing the ports are not valid, and it'll silently keep
in the postcopy-paused state, with no event sent to Libvirt. In this case,
the only thing Libvirt can do is to poll the migration status with a proper
interval, however that's less optimal.
Considering that this is the only case where Libvirt won't get a
notification from QEMU on such events, let's add postcopy-recover-setup
state to mimic what we have with the "setup" state of a newly initialized
migration, describing the phase of connection establishment.
With that, postcopy recovery will have two paths to go now, and either path
will guarantee an event generated. Now the events will look like this
during a recovery process on src QEMU:
- Initially when the recovery is initiated on src, QEMU will go from
"postcopy-paused" -> "postcopy-recover-setup". Old QEMUs don't have
this event.
- Depending on whether the channel re-establishment is succeeded:
- In succeeded case, src QEMU will move from "postcopy-recover-setup"
to "postcopy-recover". Old QEMUs also have this event.
- In failure case, src QEMU will move from "postcopy-recover-setup" to
"postcopy-paused" again. Old QEMUs don't have this event.
This guarantees that Libvirt will always receive a notification for
recovery process properly.
One thing to mention is, such new status is only needed on src QEMU not
both. On dest QEMU, the state machine doesn't change. Hence the events
don't change either. It's done like so because dest QEMU may not have an
explicit point of setup start. E.g., it can happen that when dest QEMUs
doesn't use migrate-recover command to use a new URI/channel, but the old
URI/channels can be reused in recovery, in which case the old ports simply
can work again after the network routes are fixed up.
Add a new helper postcopy_is_paused() detecting whether postcopy is still
paused, taking RECOVER_SETUP into account too. When using it on both
src/dst, a slight change is done altogether to always wait for the
semaphore before checking the status, because for both sides a sem_post()
will be required for a recovery.
Cc: Jiri Denemark <jdenemar@redhat.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Buglink: https://issues.redhat.com/browse/RHEL-38485
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:39 +0000 (18:30 -0400)]
migration: Cleanup incoming migration setup state change
Destination QEMU can setup incoming ports for two purposes: either a fresh
new incoming migration, in which QEMU will switch to SETUP for channel
establishment, or a paused postcopy migration, in which QEMU will stay in
POSTCOPY_PAUSED until kicking off the RECOVER phase.
Now the state machine worked on dest node for the latter, only because
migrate_set_state() implicitly will become a noop if the current state
check failed. It wasn't clear at all.
Clean it up by providing a helper migration_incoming_state_setup() doing
proper checks over current status. Postcopy-paused will be explicitly
checked now, and then we can bail out for unknown states.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:38 +0000 (18:30 -0400)]
migration: Use MigrationStatus instead of int
QEMU uses "int" in most cases even if it stores MigrationStatus. I don't
know why, so let's try to do that right and see what blows up..
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:37 +0000 (18:30 -0400)]
migration: Rename thread debug names
The postcopy thread names on dest QEMU are slightly confusing, partly I'll
need to blame myself on
36f62f11e4 ("migration: Postcopy preemption
preparation on channel creation"). E.g., "fault-fast" reads like a fast
version of "fault-default", but it's actually the fast version of
"postcopy/listen".
Taking this chance, rename all the migration threads with proper rules.
Considering we only have 15 chars usable, prefix all threads with "mig/",
meanwhile identify src/dst threads properly this time. So now most thread
names will look like "mig/DIR/xxx", where DIR will be "src"/"dst", except
the bg-snapshot thread which doesn't have a direction.
For multifd threads, making them "mig/{src|dst}/{send|recv}_%d".
We used to have "live_migration" thread for a very long time, now it's
called "mig/src/main". We may hope to have "mig/dst/main" soon but not
yet.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Zhijian Li (Fujitsu) <lizhijian@fujitsu.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Wed, 19 Jun 2024 22:30:36 +0000 (18:30 -0400)]
migration/multifd: Avoid the final FLUSH in complete()
We always do the flush when finishing one round of scan, and during
complete() phase we should scan one more round making sure no dirty page
existed. In that case we shouldn't need one explicit FLUSH at the end of
complete(), as when reaching there all pages should have been flushed.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Tested-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:31 +0000 (15:57 -0300)]
tests/qtest/migration: Add a test for mapped-ram with passing of fds
Add a multifd test for mapped-ram with passing of fds into QEMU. This
is how libvirt will consume the feature.
There are a couple of details to the fdset mechanism:
- multifd needs two distinct file descriptors (not duplicated with
dup()) so it can enable O_DIRECT only on the channels that do
aligned IO. The dup() system call creates file descriptors that
share status flags, of which O_DIRECT is one.
- the open() access mode flags used for the fds passed into QEMU need
to match the flags QEMU uses to open the file. Currently O_WRONLY
for src and O_RDONLY for dst.
Note that fdset code goes under _WIN32 because fd passing is not
supported on Windows.
Reviewed-by: Peter Xu <peterx@redhat.com>
[brought back the qmp_remove_fd() call at the end of the tests]
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:30 +0000 (15:57 -0300)]
migration: Add documentation for fdset with multifd + file
With the last few changes to the fdset infrastructure, we now allow
multifd to use an fdset when migrating to a file. This is useful for
the scenario where the management layer wants to have control over the
migration file.
By receiving the file descriptors directly, QEMU can delegate some
high level operating system operations to the management layer (such
as mandatory access control). The management layer might also want to
add its own headers before the migration stream.
Document the "file:/dev/fdset/#" syntax for the multifd migration with
mapped-ram. The requirements for the fdset mechanism are:
- the fdset must contain two fds that are not duplicates between
themselves;
- if direct-io is to be used, exactly one of the fds must have the
O_DIRECT flag set;
- the file must be opened with WRONLY on the migration source side;
- the file must be opened with RDONLY on the migration destination
side.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:29 +0000 (15:57 -0300)]
monitor: fdset: Match against O_DIRECT
We're about to enable the use of O_DIRECT in the migration code and
due to the alignment restrictions imposed by filesystems we need to
make sure the flag is only used when doing aligned IO.
The migration will do parallel IO to different regions of a file, so
we need to use more than one file descriptor. Those cannot be obtained
by duplicating (dup()) since duplicated file descriptors share the
file status flags, including O_DIRECT. If one migration channel does
unaligned IO while another sets O_DIRECT to do aligned IO, the
filesystem would fail the unaligned operation.
The add-fd QMP command along with the fdset code are specifically
designed to allow the user to pass a set of file descriptors with
different access flags into QEMU to be later fetched by code that
needs to alternate between those flags when doing IO.
Extend the fdset matching to behave the same with the O_DIRECT flag.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:28 +0000 (15:57 -0300)]
tests/qtest/migration: Add tests for file migration with direct-io
The tests are only allowed to run in systems that know about the
O_DIRECT flag and in filesystems which support it.
Note: this also brings back migrate_set_parameter_bool() which went
away when we removed the compression tests. I copied it verbatim.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:27 +0000 (15:57 -0300)]
migration/multifd: Add direct-io support
When multifd is used along with mapped-ram, we can take benefit of a
filesystem that supports the O_DIRECT flag and perform direct I/O in
the multifd threads. This brings a significant performance improvement
because direct-io writes bypass the page cache which would otherwise
be thrashed by the multifd data which is unlikely to be needed again
in a short period of time.
To be able to use a multifd channel opened with O_DIRECT, we must
ensure that a certain aligment is used. Filesystems usually require a
block-size alignment for direct I/O. The way to achieve this is by
enabling the mapped-ram feature, which already aligns its I/O properly
(see MAPPED_RAM_FILE_OFFSET_ALIGNMENT at ram.c).
By setting O_DIRECT on the multifd channels, all writes to the same
file descriptor need to be aligned as well, even the ones that come
from outside multifd, such as the QEMUFile I/O from the main migration
code. This makes it impossible to use the same file descriptor for the
QEMUFile and for the multifd channels. The various flags and metadata
written by the main migration code will always be unaligned by virtue
of their small size. To workaround this issue, we'll require a second
file descriptor to be used exclusively for direct I/O.
The second file descriptor can be obtained by QEMU by re-opening the
migration file (already possible), or by being provided by the user or
management application (support to be added in future patches).
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:26 +0000 (15:57 -0300)]
migration: Add direct-io parameter
Add the direct-io migration parameter that tells the migration code to
use O_DIRECT when opening the migration stream file whenever possible.
This is currently only used with the mapped-ram migration that has a
clear window guaranteed to perform aligned writes.
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:25 +0000 (15:57 -0300)]
io: Stop using qemu_open_old in channel-file
We want to make use of the Error object to report fdset errors from
qemu_open_internal() and passing the error pointer to qemu_open_old()
would require changing all callers. Move the file channel to the new
API instead.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:24 +0000 (15:57 -0300)]
monitor: Report errors from monitor_fdset_dup_fd_add
I'm keeping the EACCES because callers expect to be able to look at
errno.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:23 +0000 (15:57 -0300)]
monitor: Simplify fdset and fd removal
Remove fds right away instead of setting the ->removed flag. We don't
need the extra complexity of having a cleanup function reap the
removed entries at a later time.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:22 +0000 (15:57 -0300)]
monitor: Stop removing non-duplicated fds
monitor_fdsets_cleanup() currently has three responsibilities:
1- Remove the fds that have been marked for removal(->removed=true) by
qmp_remove_fd(). This is overly complicated, but ok.
2- Remove any file descriptors that have been passed into QEMU and
never duplicated[1,2]. A file descriptor without duplicates
indicates that no part of QEMU has made use of it. This is
problematic because the current implementation does it only if the
guest is not running and the monitor is closed.
3- Remove/free fdsets that have become empty due to the above
removals. This is ok.
The scenario described in (2) is starting to show some cracks now that
we're trying to consume fds from the migration code:
- Doing cleanup every time the last monitor connection closes works to
reap unused fds, but also has the side effect of forcing the
management layer to pass the file descriptors again in case of a
disconnect/re-connect, if that happened to be the only monitor
connection.
Another side effect is that removing an fd with qmp_remove_fd() is
effectively delayed until the last monitor connection closes.
The usage of mon_refcount is also problematic because it's racy.
- Checking runstate_is_running() skips the cleanup unless the VM is
running and avoids premature cleanup of the fds, but also has the
side effect of blocking the legitimate removal of an fd via
qmp_remove_fd() if the VM happens to be in another state.
This affects qmp_remove_fd() and qmp_query_fdsets() in particular
because requesting a removal at a bad time (guest stopped) might
cause an fd to never be removed, or to be removed at a much later
point in time, causing the query command to continue showing the
supposedly removed fd/fdset.
Note that file descriptors that *have* been duplicated are owned by
the code that uses them and will be removed after qemu_close() is
called. Therefore we've decided that the best course of action to
avoid the undesired side-effects is to stop managing non-duplicated
file descriptors.
1-
efb87c1697 ("monitor: Clean up fd sets on monitor disconnect")
2-
ebe52b592d ("monitor: Prevent removing fd from set during init")
Reviewed-by: Peter Xu <peterx@redhat.com>
[fix logic mistake: s/fdset_free/fdset_free_if_empty]
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:21 +0000 (15:57 -0300)]
monitor: Introduce monitor_fdset_*free
Introduce new functions to remove and free no longer used fds and
fdsets.
We need those to decouple the remove/free routines from
monitor_fdset_cleanup() which will go away in the next patches.
The new functions:
- monitor_fdset_free/_if_empty() will be used when a monitor
connection closes and when an fd is removed to cleanup any fdset
that is now empty.
- monitor_fdset_fd_free() will be used to remove one or more fds that
have been explicitly targeted by qmp_remove_fd().
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Mon, 17 Jun 2024 18:57:20 +0000 (15:57 -0300)]
monitor: Drop monitor_fdset_dup_fd_find/_remove()
Those functions are not needed, one remove function should already
work. Clean it up.
Here the code doesn't really care about whether we need to keep that dupfd
around if close() failed: when that happens something got very wrong,
keeping the dup_fd around the fdsets may not help that situation so far.
Cc: Dr. David Alan Gilbert <dave@treblig.org>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[add missing return statement, removal during traversal is not safe]
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:19 +0000 (15:57 -0300)]
tests/qtest/migration: Add a precopy file test with fdset
Add a test for file migration using fdset. The passing of fds is more
complex than using a file path. This is also the scenario where it's
most important we ensure that the initial migration stream offset is
respected because the fdset interface is the one used by the
management layer when providing a non empty migration file.
Note that fd passing is not available on Windows, so anything that
uses add-fd needs to exclude that platform.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:18 +0000 (15:57 -0300)]
tests/qtest/migration: Fix file migration offset check
When doing file migration, QEMU accepts an offset that should be
skipped when writing the migration stream to the file. The purpose of
the offset is to allow the management layer to put its own metadata at
the start of the file.
We have tests for this in migration-test, but only testing that the
migration stream starts at the correct offset and not that it actually
leaves the data intact. Unsurprisingly, there's been a bug in that
area that the tests didn't catch.
Fix the tests to write some data to the offset region and check that
it's actually there after the migration.
While here, switch to using g_get_file_contents() which is more
portable than mmap().
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:17 +0000 (15:57 -0300)]
migration: Fix file migration with fdset
When the "file:" migration support was added we missed the special
case in the qemu_open_old implementation that allows for a particular
file name format to be used to refer to a set of file descriptors that
have been previously provided to QEMU via the add-fd QMP command.
When using this fdset feature, we should not truncate the migration
file because being given an fd means that the management layer is in
control of the file and will likely already have some data written to
it. This is further indicated by the presence of the 'offset'
argument, which indicates the start of the region where QEMU is
allowed to write.
Fix the issue by replacing the O_TRUNC flag on open by an ftruncate
call, which will take the offset into consideration.
Fixes: 385f510df5 ("migration: file URI offset")
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Mon, 17 Jun 2024 18:57:16 +0000 (15:57 -0300)]
migration: Drop reference to QIOChannel if file seeking fails
We forgot to drop the reference to the QIOChannel in the error path of
the offset adjustment. Do it now.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Richard Henderson [Wed, 19 Jun 2024 21:00:39 +0000 (14:00 -0700)]
Merge tag 'pull-tcg-
20240619' of https://gitlab.com/rth7680/qemu into staging
tcg/loongarch64: Support 64- and 256-bit vectors
tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
util/bufferiszero: Split out host include files
util/bufferiszero: Add loongarch64 vector acceleration
accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded
target/sparc: use signed denominator in sdiv helper
linux-user: Make TARGET_NR_setgroups affect only the current thread
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmZzRoMdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9Y7gf/ZUTGjCUdAO7W7J5e
# Z3JLUNOfUHO6PxoE05963XJc+APwKiuL6Yo2bnJo6km7WM50CoaX9/7L9CXD7STg
# s3eUJ2p7FfvOADZgO373nqRrB/2mhvoywhDbVJBl+NcRvRUDW8rMqrlSKIAwDIsC
# kwwTWlCfpBSlUgm/c6yCVmt815+sGUPD2k/p+pIzAVUG6fGYAosC2fwPzPajiDGX
# Q+obV1fryKq2SRR2dMnhmPRtr3pQBBkISLuTX6xNM2+CYhYqhBrAlQaOEGhp7Dx3
# ucKjvQFpHgPOSdQxb/HaDv81A20ZUQaydiNNmuKQcTtMx3MsQFR8NyVjH7L+fbS8
# JokjaQ==
# =yVKz
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jun 2024 01:58:43 PM PDT
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-
20240619' of https://gitlab.com/rth7680/qemu: (24 commits)
tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
target/sparc: use signed denominator in sdiv helper
linux-user: Make TARGET_NR_setgroups affect only the current thread
accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded
util/bufferiszero: Add loongarch64 vector acceleration
util/bufferiszero: Split out host include files
tcg/loongarch64: Enable v256 with LASX
tcg/loongarch64: Support LASX in tcg_out_vec_op
tcg/loongarch64: Split out vdvjukN in tcg_out_vec_op
tcg/loongarch64: Remove temp_vec from tcg_out_vec_op
tcg/loongarch64: Support LASX in tcg_out_{mov,ld,st}
tcg/loongarch64: Split out vdvjvk in tcg_out_vec_op
tcg/loongarch64: Support LASX in tcg_out_addsub_vec
tcg/loongarch64: Simplify tcg_out_addsub_vec
tcg/loongarch64: Support LASX in tcg_out_dupi_vec
tcg/loongarch64: Use tcg_out_dup_vec in tcg_out_dupi_vec
tcg/loongarch64: Support LASX in tcg_out_dupm_vec
tcg/loongarch64: Support LASX in tcg_out_dup_vec
tcg/loongarch64: Simplify tcg_out_dup_vec
util/loongarch64: Detect LASX vector support
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 19 Jun 2024 05:41:13 +0000 (05:41 +0000)]
tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
Simplify the logic for two-part, 32-bit pc-relative addresses.
Rather than assume all such fit in int32_t, do some arithmetic
and assert a result, do some arithmetic first and then check
to see if the pieces are in range.
Cc: qemu-stable@nongnu.org
Fixes: dacc51720db ("tcg/loongarch64: Implement tcg_out_mov and tcg_out_movi")
Reviewed-by: Song Gao <gaosong@loongson.cn>
Reported-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Chigot [Thu, 6 Jun 2024 14:43:31 +0000 (16:43 +0200)]
target/sparc: use signed denominator in sdiv helper
The result has to be done with the signed denominator (b32) instead of
the unsigned value passed in argument (b).
Cc: qemu-stable@nongnu.org
Fixes: 1326010322d6 ("target/sparc: Remove CC_OP_DIV")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2319
Signed-off-by: Clément Chigot <chigot@adacore.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240606144331.698361-1-chigot@adacore.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Fri, 14 Jun 2024 15:46:40 +0000 (17:46 +0200)]
linux-user: Make TARGET_NR_setgroups affect only the current thread
Like TARGET_NR_setuid, TARGET_NR_setgroups should affect only the
calling thread, and not the entire process. Therefore, implement it
using a syscall, and not a libc call.
Cc: qemu-stable@nongnu.org
Fixes: 19b84f3c35d7 ("added setgroups and getgroups syscalls")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20240614154710.
1078766-1-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 12 Jun 2024 13:30:31 +0000 (15:30 +0200)]
accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded
For TBs crossing page boundaries, the 2nd page will never be
recorded/removed, as the index of the 2nd page is computed from the
address of the 1st page. This is due to a typo, fix it.
Cc: qemu-stable@nongnu.org
Fixes: deba78709a ("accel/tcg: Always lock pages before translation")
Signed-off-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240612133031.15298-1-anjo@rev.ng>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 6 Jun 2024 23:54:52 +0000 (23:54 +0000)]
util/bufferiszero: Add loongarch64 vector acceleration
Use inline assembly because no release compiler allows
per-function selection of the ISA.
Tested-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 6 Jun 2024 03:58:37 +0000 (20:58 -0700)]
util/bufferiszero: Split out host include files
Split out host/bufferiszero.h.inc for x86, aarch64 and generic
in order to avoid an overlong ifdef ladder.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / qemu.git / log