Peter Xu [Thu, 24 Oct 2024 21:30:52 +0000 (17:30 -0400)]
migration: Drop migration_is_setup_or_active()
This helper is mostly the same as migration_is_running(), except that one
has COLO reported as true, the other has CANCELLING reported as true.
Per my past years experience on the state changes, none of them should
matter.
To make it slightly safer, report both COLO || CANCELLING to be true in
migration_is_running(), then drop the other one. We kept the 1st only
because the name is simpler, and clear enough.
Peter Xu [Thu, 24 Oct 2024 21:30:49 +0000 (17:30 -0400)]
migration: Take migration object refcount earlier for threads
Both migration thread or background snapshot thread will take a refcount of
the migration object at the entrace of the thread function.
That makes sense, because it protects the object from being freed by the
main thread in migration_shutdown() later, but it might still race with it
if the thread is scheduled too late. Consider the case right after
pthread_create() happened, VM shuts down with the object released, but
right after that the migration thread finally got created, referencing
MigrationState* in the opaque pointer which is already freed.
The only 100% safe way to make sure it won't get freed is taking the
refcount right before the thread is created, meanwhile when BQL is held.
Per previous discussion [1,2], this patch deprecates query-migrationthreads
command.
To summarize, the major reason of the deprecation is due to no sensible way
to consume the API properly:
(1) The reported list of threads are incomplete (ignoring destination
threads and non-multifd threads).
(2) For CPU pinning, there's no way to properly pin the threads with
the API if the threads will start running right away after migration
threads can be queried, so the threads will always run on the default
cores for a short window.
(3) For VM debugging, one can use "-name $VM,debug-threads=on" instead,
which will provide proper names for all migration threads.
Thomas Huth [Tue, 22 Oct 2024 06:34:02 +0000 (08:34 +0200)]
migration/dirtyrate: Silence warning about strcpy() on OpenBSD
The linker on OpenBSD complains:
ld: warning: dirtyrate.c:447 (../src/migration/dirtyrate.c:447)(...):
warning: strcpy() is almost always misused, please use strlcpy()
It's currently not a real problem in this case since both arrays
have the same size (256 bytes). But just in case somebody changes
the size of the source array in the future, let's better play safe
and use g_strlcpy() here instead, with an additional check that the
string has been copied as a whole.
Hyman Huang [Thu, 17 Oct 2024 06:42:54 +0000 (14:42 +0800)]
migration: Support periodic RAMBlock dirty bitmap sync
When VM is configured with huge memory, the current throttle logic
doesn't look like to scale, because migration_trigger_throttle()
is only called for each iteration, so it won't be invoked for a long
time if one iteration can take a long time.
The periodic dirty sync aims to fix the above issue by synchronizing
the ramblock from remote dirty bitmap and, when necessary, triggering
the CPU throttle multiple times during a long iteration.
This is a trade-off between synchronization overhead and CPU throttle
impact.
Hyman Huang [Thu, 17 Oct 2024 06:42:53 +0000 (14:42 +0800)]
migration: Remove "rs" parameter in migration_bitmap_sync_precopy
The global static variable ram_state in fact is referred to by the
"rs" parameter in migration_bitmap_sync_precopy. For ease of calling
by the callees, use the global variable directly in
migration_bitmap_sync_precopy and remove "rs" parameter.
The migration_bitmap_sync_precopy will be exported in the next commit.
Hyman Huang [Thu, 17 Oct 2024 06:42:52 +0000 (14:42 +0800)]
migration: Move cpu-throttle.c from system to migration
Move cpu-throttle.c from system to migration since it's
only used for migration; this makes us avoid exporting the
util functions and variables in misc.h but export them in
migration.h when implementing the periodic ramblock dirty
sync feature in the upcoming commits.
Since CPU throttle timers are only used in migration, move
their registry to migration_object_init.
Hanna Czenczek [Tue, 15 Oct 2024 17:04:37 +0000 (19:04 +0200)]
migration: Ensure vmstate_save() sets errp
migration/savevm.c contains some calls to vmstate_save() that are
followed by migrate_set_error() if the integer return value indicates an
error. migrate_set_error() requires that the `Error *` object passed to
it is set. Therefore, vmstate_save() is assumed to always set *errp on
error.
Right now, that assumption is not met: vmstate_save_state_v() (called
internally by vmstate_save()) will not set *errp if
vmstate_subsection_save() or vmsd->post_save() fail. Fix that by adding
an *errp parameter to vmstate_subsection_save(), and by generating a
generic error in case post_save() fails (as is already done for
pre_save()).
Without this patch, qemu will crash after vmstate_subsection_save() or
post_save() have failed inside of a vmstate_save() call (unless
migrate_set_error() then happen to discard the new error because
s->error is already set). This happens e.g. when receiving the state
from a virtio-fs back-end (virtiofsd) fails.
Peter Xu [Fri, 11 Oct 2024 15:36:52 +0000 (11:36 -0400)]
migration: Put thread names together with macros
Keep migration thread names together, so it's easier to see a list of all
possible migration threads.
Still two functional changes below besides the macro defintions:
- There's one dirty rate thread that we overlooked before, now we add
that too and name it as "mig/dirtyrate" following the old rules.
- The old name "mig/src/rp-thr" has "-thr" but it may not be useful if
it's a thread name anyway, while "rp" can be slightly hard to read.
Taking this chance to rename it to "mig/src/return", hopefully a better
name.
Peter Xu [Thu, 19 Sep 2024 16:30:42 +0000 (12:30 -0400)]
migration: Cleanup migrate_fd_cleanup() on accessing to_dst_file
The cleanup function can in many cases needs cleanup on its own.
The major thing we want to do here is not referencing to_dst_file when
without the file mutex. When at it, touch things elsewhere too to make it
look slightly better in general.
One thing to mention is, migration_thread has its own "running" boolean, so
it doesn't need to rely on to_dst_file being non-NULL. Multifd has a
dependency so it needs to be skipped if to_dst_file is not yet set; add a
richer comment for such reason.
* tag 'pull-target-arm-20241029' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: kvm: require KVM_CAP_DEVICE_CTRL
docs/devel/reset: Fix minor grammatical error
target/arm: Fix arithmetic underflow in SETM instruction
docs/system/target-arm.rst: Remove "many boards are undocumented" note
docs/system/arm: Add placeholder docs for mcimx6ul-evk and mcimx7d-sabre
docs/system/arm: Add placeholder doc for xlnx-zcu102 board
docs/system/arm: Add placeholder doc for exynos4 boards
docs/system/arm: Split fby35 out from aspeed.rst
docs/system/arm: Don't use wildcard '*-bmc' in doc titles
docs/system/arm/stm32: List olimex-stm32-h405 in document title
scripts/symlink-install-tree.py: Fix MESONINTROSPECT parsing
tests/functional: Add a functional test for the sx1 board
tests/functional: Add a functional test for the collie board
hw/sd/omap_mmc: Don't use sd_cmd_type_t
target/arm: Don't assert in regime_is_user() for E10 mmuidx values
target/arm: Store FPSR cumulative exception bits in env->vfp.fpsr
docs/system/cpu-hotplug: Update example's socket-id/core-id
arm/kvm: add support for MTE
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 29 Oct 2024 17:05:54 +0000 (17:05 +0000)]
Merge tag 'pull-virtio-gpu-vulkan-291024-1' of https://gitlab.com/stsquad/qemu into staging
virtio-gpu: add venus/vulkan capability
We are currently lacking a declared maintainer for the sub-system so
while we look for one I'm merging after testing locally.
- convert some fprintfs to proper trace events
- move timers used by GL devices into GL structures
- handle virtio_gpu_virgl_init() failure better
- implement unrealize for GL devices
- use virgl version numbering to gate features
- support context-init feature
- don't require udmabuf for virgl only
- add virgl resource tracker
- allow command submission to be suspended
- handle resource blob commands
- dynamically handle capabilit sets
- add venus context support for passing vulkan
* tag 'pull-virtio-gpu-vulkan-291024-1' of https://gitlab.com/stsquad/qemu:
virtio-gpu: Support Venus context
virtio-gpu: Register capsets dynamically
virtio-gpu: Handle resource blob commands
virtio-gpu: Support suspension of commands processing
virtio-gpu: Add virgl resource management
virtio-gpu: Don't require udmabuf when blobs and virgl are enabled
virtio-gpu: Support context-init feature with virglrenderer
virtio-gpu: Use pkgconfig version to decide which virgl features are available
virtio-gpu: Unrealize GL device
virtio-gpu: Handle virtio_gpu_virgl_init() failure
virtio-gpu: Move print_stats timer to VirtIOGPUGL
virtio-gpu: Move fence_poll timer to VirtIOGPUGL
virtio-gpu: Use trace events for tracking number of in-flight fences
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Tue, 29 Oct 2024 12:54:46 +0000 (12:54 +0000)]
target/arm: kvm: require KVM_CAP_DEVICE_CTRL
The device control API was added in 2013, assume that it is present.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20241024113126.44343-1-pbonzini@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 29 Oct 2024 12:54:45 +0000 (12:54 +0000)]
docs/devel/reset: Fix minor grammatical error
Fix a minor grammatical error in the reset documentation:
a couple of missing words and a singular/plural swap.
Signed-off-by: Axel Heider <axel.heider@codasip.com>
Message-id: 173006362760.28451.11319467059840843945-1@git.sr.ht
[PMM: squashed two patches into one, tweaked commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ido Plat [Tue, 29 Oct 2024 12:54:45 +0000 (12:54 +0000)]
target/arm: Fix arithmetic underflow in SETM instruction
Pass the stage size to step function callback, otherwise do_setm
would hang when size is larger then page size because stage size
would underflow. This fix changes do_setm to be more inline with
do_setp.
Cc: qemu-stable@nongnu.org Fixes: 0e92818887dee ("target/arm: Implement the SET* instructions") Signed-off-by: Ido Plat <ido.plat1@ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241025024909.799989-1-ido.plat1@ibm.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 29 Oct 2024 12:54:45 +0000 (12:54 +0000)]
docs/system/target-arm.rst: Remove "many boards are undocumented" note
We now have at least placeholder documentation for every Arm board,
so we can remove the apologetic note that says that there are
undocumented ones which you can only find out about via the
``--machine help`` option.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20241018141332.942844-8-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:44 +0000 (12:54 +0000)]
docs/system/arm: Add placeholder docs for mcimx6ul-evk and mcimx7d-sabre
Add placeholder docs for the mcimx6ul-evk and mcimx7d-sabre boards.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20241018141332.942844-7-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:44 +0000 (12:54 +0000)]
docs/system/arm: Add placeholder doc for xlnx-zcu102 board
Add a placeholder doc for the xlnx-zcu102 board.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20241018141332.942844-6-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:44 +0000 (12:54 +0000)]
docs/system/arm: Add placeholder doc for exynos4 boards
Add a placeholder doc for the exynos4 boards nuri and smdkc210.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-id: 20241018141332.942844-5-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:44 +0000 (12:54 +0000)]
docs/system/arm: Split fby35 out from aspeed.rst
The fby35 machine is not implemented in hw/arm/aspeed.c,
but its documentation is currently stuck at the end of aspeed.rst,
formatted in a way that it gets its own heading in the top-level
list of boards in target-arm.html.
We don't have any other boards that we document like this; split it
out into its own rst file. This improves consistency with other
board docs and means we can have the entry in the target-arm
list be in the correct alphabetical order.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-id: 20241018141332.942844-4-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:43 +0000 (12:54 +0000)]
docs/system/arm: Don't use wildcard '*-bmc' in doc titles
We have two Arm board doc files which both use '*-bmc' in their
documentation title. The result is that when you read the
table of contents in system/target-arm.html you don't know
which boards are covered by which file.
Expand out the board names entirely in the document titles.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-id: 20241018141332.942844-3-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:43 +0000 (12:54 +0000)]
docs/system/arm/stm32: List olimex-stm32-h405 in document title
List the olimex-stm32-h405 board in the document title, so that the
board name appears in the table of contents in system/target-arm.rst.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-id: 20241018141332.942844-2-peter.maydell@linaro.org
The arguments in MESONINTROSPECT are quoted with shlex.quote() so it
must be parsed with shlex.split(). Otherwise the script will fail if
the build directory has a character like "~" in it.
Note: this fix cannot be backported directly to any stable branch
that doesn't require Meson version 1.4.0 or better; otherwise it will
work OK on Linux but will break on Windows hosts.
(Unfortunately, Meson prior to version 1.4.0 was inconsistent between
host OSes about how it quoted arguments, and used a different quoting
process on Windows hosts. Our current git trunk already requires
1.5.0 as of commit 07f0d32641e ("Require meson version 1.5.0"), but
the stable branches are still on older Meson.)
Fixes: cf60ccc330 ("cutils: Introduce bundle mechanism") Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Tested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20241018130852.931509-1-peter.maydell@linaro.org
[PMM: Updated commit message to give all the detail about the
Meson version compability requirements.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 29 Oct 2024 12:54:42 +0000 (12:54 +0000)]
tests/functional: Add a functional test for the sx1 board
Add a functional test for the sx1 board that uses the kernel and
rootfs provided by Guenter Roeck in the linux-test-downloads repo:
https://github.com/groeck/linux-test-downloads/
We have three variants of the test for this board:
* just boot initrd
* boot with filesystem on SD card
* boot from flash
In all cases these images have a userspace that is configured to
immediately reboot the system on successful boot, and the board
itself supports telling QEMU to do the reboot, so we only need to
wait for QEMU to exit (via -no-reboot).
Since there are three subtests, the test as a whole takes about
80s on my local machine. That's about the same as the aarch64_virt
test, so give it the same overall test timeout as that one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20241017163247.711244-3-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:42 +0000 (12:54 +0000)]
tests/functional: Add a functional test for the collie board
Add a functional test for the collie board that uses the kernel and
rootfs provided by Guenter Roeck in the linux-test-downloads repo:
https://github.com/groeck/linux-test-downloads/
This just boots Linux with a userspace that immediately reboots
the board, so we wait for the reboot log line.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20241017163247.711244-2-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:42 +0000 (12:54 +0000)]
hw/sd/omap_mmc: Don't use sd_cmd_type_t
In commit 1ab08790bb75e4 we did some refactoring of the SD card
implementation, which included a rearrangement of the sd_cmd_type_t
enum values. Unfortunately we didn't notice that this enum is not
used solely inside the SD card model itself, but is also used by the
OMAP MMC controller device. In the OMAP MMC controller, it is used
to implement the handling of the Type field of the MMC_CMD register,
so changing the enum values so that they no longer lined up with the
bit definitions for that register field broke the controller model.
The effect is that Linux fails to boot from an SD card on the "sx1"
machine.
Give omap-mmc its own enum which we can document as needing to match
the encoding used in this device's register, so it isn't sharing
sd_cmd_type_t with the SD card model any more. We can then move
sd_cmd_type_t's definition out of sd.h and into sd.c, which is the
only place that uses it.
Cc: qemu-stable@nongnu.org Fixes: 1ab08790bb75 ("hw/sd/sdcard: Store command type in SDProto") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241017162755.710698-1-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:42 +0000 (12:54 +0000)]
target/arm: Don't assert in regime_is_user() for E10 mmuidx values
In regime_is_user() we assert if we're passed an ARMMMUIdx_E10_*
mmuidx value. This used to make sense because we only used this
function in ptw.c and would never use it on this kind of stage 1+2
mmuidx, only for an individual stage 1 or stage 2 mmuidx.
However, when we implemented FEAT_E0PD we added a callsite in
aa64_va_parameters(), which means this can now be called for
stage 1+2 mmuidx values if the guest sets the TCG_ELX.{E0PD0,E0PD1}
bits to enable use of the feature. This will then result in
an assertion failure later, for instance on a TLBI operation:
#6 0x00007ffff6d0e70f in g_assertion_message_expr
(domain=0x0, file=0x55555676eeba "../../target/arm/internals.h", line=978, func=0x555556771d48 <__func__.5> "regime_is_user", expr=<optimised out>)
at ../../../glib/gtestutils.c:3279
#7 0x0000555555f286d2 in regime_is_user (env=0x555557f2fe00, mmu_idx=ARMMMUIdx_E10_0) at ../../target/arm/internals.h:978
#8 0x0000555555f3e31c in aa64_va_parameters (env=0x555557f2fe00, va=18446744073709551615, mmu_idx=ARMMMUIdx_E10_0, data=true, el1_is_aa32=false)
at ../../target/arm/helper.c:12048
#9 0x0000555555f3163b in tlbi_aa64_get_range (env=0x555557f2fe00, mmuidx=ARMMMUIdx_E10_0, value=106721347371041) at ../../target/arm/helper.c:5214
#10 0x0000555555f317e8 in do_rvae_write (env=0x555557f2fe00, value=106721347371041, idxmap=21, synced=true) at ../../target/arm/helper.c:5260
#11 0x0000555555f31925 in tlbi_aa64_rvae1is_write (env=0x555557f2fe00, ri=0x555557fbeae0, value=106721347371041) at ../../target/arm/helper.c:5302
#12 0x0000555556036f8f in helper_set_cp_reg64 (env=0x555557f2fe00, rip=0x555557fbeae0, value=106721347371041) at ../../target/arm/tcg/op_helper.c:965
Since we do know whether these mmuidx values are for usermode
or not, we can easily make regime_is_user() handle them:
ARMMMUIdx_E10_0 is user, and the other two are not.
Cc: qemu-stable@nongnu.org Fixes: e4c93e44ab103f ("target/arm: Implement FEAT_E0PD") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20241017172331.822587-1-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 12:54:41 +0000 (12:54 +0000)]
target/arm: Store FPSR cumulative exception bits in env->vfp.fpsr
Currently we store the FPSR cumulative exception bits in the
float_status fields, and use env->vfp.fpsr only for the NZCV bits.
(The QC bit is stored in env->vfp.qc[].)
This works for TCG, but if QEMU was built without CONFIG_TCG (i.e.
with KVM support only) then we use the stub versions of
vfp_get_fpsr_from_host() and vfp_set_fpsr_to_host() which do nothing,
throwing away the cumulative exception bit state. The effect is that
if the FPSR state is round-tripped from KVM to QEMU then we lose the
cumulative exception bits. In particular, this will happen if the VM
is migrated. There is no user-visible bug when using KVM with a QEMU
binary that was built with CONFIG_TCG.
Fix this by always storing the cumulative exception bits in
env->vfp.fpsr. If we are using TCG then we may also keep pending
cumulative exception information in the float_status fields, so we
continue to fold that in on reads.
This change will also be helpful for implementing FEAT_AFP later,
because that includes a feature where in some situations we want to
cause input denormals to be flushed to zero without affecting the
existing state of the FPSR.IDC bit, so we need a place to store IDC
which is distinct from the various float_status fields.
(Note for stable backports: the bug goes back to 4a15527c9fee but
this code was refactored in commits ea8618382aba..a8ab8706d4cc461, so
fixing it in branches without those refactorings will mean either
backporting the refactor or else implementing a conceptually similar
fix for the old code.)
Cc: qemu-stable@nongnu.org Fixes: 4a15527c9fee ("target/arm/vfp_helper: Restrict the SoftFloat use to TCG") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241011162401.3672735-1-peter.maydell@linaro.org
The example of how to do vCPU hotplug and hot-unlpug in the
cpu-hotplug documentation no longer works, because the way we
allocate socket-id and core-id to CPUs by default has changed at some
point. The output also no longer matches what current QEMU produces
in some more cosmetic ways.
Update the example to match current QEMU. The differences are:
* the second CPU is now socket-id=0 core-id=1,
not socket-id=1 core-id=0
* the order of fields in QMP responses is now in alphabetical order
* the "arch" member is no longer present in the query-cpus-fast
output (it was removed in QEMU 6.0)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20241010131800.3210161-1-peter.maydell@linaro.org
Message-id: 20240819144303.37852-1-peter.maydell@linaro.org
Peter Maydell [Tue, 29 Oct 2024 14:00:43 +0000 (14:00 +0000)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmcglKYACgkQ7wSWWzmN
# YhEm/wf/cYA7i3asKMUoYqlff5mBiY3aFCWzTR5qHLBcWfnB33f9FYpAW6RgDwMa
# 3aFAJm1VZAynmUWgz+f537+e+7900M+P54zbD7kHCthAy7l/E7t9SkKNpe6jZHEA
# P4hB09CSKm/TY1XtsFMvO5tkF9IgY51VEO+mZJesO1H2X2+3ulJYusx9fh/P6yST
# bG8sbXr55v23R3z4UOovqfkuskPETwRh3qoiOLPPBy8CWkBVze8J+siC7HC+eFIo
# KrQ+jhUYpIK8CAgHV09ZnlurLo6UZ0+vlo9IcJN+GQp/gsmg8OErjvzPdKKbynC/
# 1zjvkgyW27aHsei+baTMXGCE0P8dIw==
# =6+yo
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 29 Oct 2024 07:54:14 GMT
# gpg: using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
virtio-net: Avoid indirection_table_mask overflow
Fix calculation of minimum in colo_compare_tcp
net: Check if nc is NULL in qemu_get_vnet_hdr_len()
net/tap-win32: Fix gcc 14 format truncation errors
chardev: finalize 'reconnect' deprecation
net/stream: deprecate 'reconnect' in favor of 'reconnect-ms'
hw/net: improve tracing of eBPF RSS setup
ebpf: improve trace event coverage to all key operations
hw/net: report errors from failing to use eBPF RSS FDs
ebpf: add formal error reporting to all APIs
ebpf: improve error trace events
ebpf: drop redundant parameter checks in static methods
hw/net: fix typo s/epbf/ebpf/ in virtio-net
net: fix build when libbpf is disabled, but libxdp is enabled
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cornelia Huck [Tue, 29 Oct 2024 12:54:40 +0000 (12:54 +0000)]
arm/kvm: add support for MTE
Extend the 'mte' property for the virt machine to cover KVM as
well. For KVM, we don't allocate tag memory, but instead enable
the capability.
If MTE has been enabled, we need to disable migration, as we do not
yet have a way to migrate the tags as well. Therefore, MTE will stay
off with KVM unless requested explicitly.
[gankulkarni: This patch is rework of commit b320e21c48
which broke TCG since it made the TCG -cpu max
report the presence of MTE to the guest even if the board hadn't
enabled MTE by wiring up the tag RAM. This meant that if the guest
then tried to use MTE QEMU would segfault accessing the
non-existent tag RAM.]
Akihiko Odaki [Tue, 8 Oct 2024 06:51:03 +0000 (15:51 +0900)]
virtio-net: Avoid indirection_table_mask overflow
We computes indirections_len by adding 1 to indirection_table_mask, but
it may overflow indirection_table_mask is UINT16_MAX. Check if
indirection_table_mask is small enough before adding 1.
Fixes: 590790297c0d ("virtio-net: implement RSS configuration command") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Stefan Weil [Mon, 9 Sep 2024 20:42:54 +0000 (22:42 +0200)]
Fix calculation of minimum in colo_compare_tcp
GitHub's CodeQL reports a critical error which is fixed by using the MIN macro:
Unsigned difference expression compared to zero
Signed-off-by: Stefan Weil <sw@weilnetz.de> Cc: qemu-stable@nongnu.org Reviewed-by: Zhang Chen <chen.zhang@intel.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Pierre-Eric Pelloux-Prayer [Thu, 24 Oct 2024 21:03:10 +0000 (00:03 +0300)]
virtio-gpu: Register capsets dynamically
virtio_gpu_virgl_get_num_capsets will return "num_capsets", but we can't
assume that capset_index 1 is always VIRGL2 once we'll support more capsets,
like Venus and DRM capsets. Register capsets dynamically to avoid that problem.
Robert Beckett [Thu, 24 Oct 2024 21:03:09 +0000 (00:03 +0300)]
virtio-gpu: Handle resource blob commands
Support BLOB resources creation, mapping, unmapping and set-scanout by
calling the new stable virglrenderer 0.10 interface. Only enabled when
available and via the blob config. E.g. -device virtio-vga-gl,blob=true
Signed-off-by: Antonio Caggiano <antonio.caggiano@collabora.com> Signed-off-by: Robert Beckett <bob.beckett@collabora.com> # added set_scanout_blob Signed-off-by: Xenia Ragiadakou <xenia.ragiadakou@amd.com> Signed-off-by: Huang Rui <ray.huang@amd.com> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-12-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Dmitry Osipenko [Thu, 24 Oct 2024 21:03:08 +0000 (00:03 +0300)]
virtio-gpu: Support suspension of commands processing
Check whether command processing has been finished; otherwise, stop
processing commands and retry the command again next time. This allows
us to support asynchronous execution of non-fenced commands needed for
unmapping host blobs safely.
Huang Rui [Thu, 24 Oct 2024 21:03:07 +0000 (00:03 +0300)]
virtio-gpu: Add virgl resource management
In a preparation to adding host blobs support to virtio-gpu, add virgl
resource management that allows to retrieve resource based on its ID
and virgl resource wrapper on top of simple resource that will be contain
fields specific to virgl.
Signed-off-by: Huang Rui <ray.huang@amd.com> Reviewed-by: Antonio Caggiano <quic_acaggian@quicinc.com> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-10-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Dmitry Osipenko [Thu, 24 Oct 2024 21:03:06 +0000 (00:03 +0300)]
virtio-gpu: Don't require udmabuf when blobs and virgl are enabled
The udmabuf usage is mandatory when virgl is disabled and blobs feature
enabled in the Qemu machine configuration. If virgl and blobs are enabled,
then udmabuf requirement is optional. Since udmabuf isn't widely supported
by a popular Linux distros today, let's relax the udmabuf requirement for
blobs=on,virgl=on. Now, a full-featured virtio-gpu acceleration is
available to Qemu users without a need to have udmabuf available in the
system.
Reviewed-by: Antonio Caggiano <antonio.caggiano@collabora.com> Signed-off-by: Huang Rui <ray.huang@amd.com> Reviewed-by: Antonio Caggiano <quic_acaggian@quicinc.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-9-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Huang Rui [Thu, 24 Oct 2024 21:03:05 +0000 (00:03 +0300)]
virtio-gpu: Support context-init feature with virglrenderer
Patch "virtio-gpu: CONTEXT_INIT feature" has added the context_init
feature flags. Expose this feature and support creating virglrenderer
context with flags using context_id if libvirglrenderer is new enough.
Originally-by: Antonio Caggiano <antonio.caggiano@collabora.com> Signed-off-by: Huang Rui <ray.huang@amd.com> Reviewed-by: Antonio Caggiano <quic_acaggian@quicinc.com> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-8-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Dmitry Osipenko [Thu, 24 Oct 2024 21:03:04 +0000 (00:03 +0300)]
virtio-gpu: Use pkgconfig version to decide which virgl features are available
New virglrerenderer features were stabilized with release of v1.0.0.
Presence of symbols in virglrenderer.h doesn't guarantee ABI compatibility
with pre-release development versions of libvirglerender. Use virglrenderer
version to decide reliably which virgl features are available.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-7-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
virtio_gpu_virgl_init() may fail, leading to a further Qemu crash
because Qemu assumes it never fails. Check virtio_gpu_virgl_init()
return code and don't execute virtio commands on error. Failed
virtio_gpu_virgl_init() will result in a timed out virtio commands
for a guest OS.
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20241024210311.118220-5-dmitry.osipenko@collabora.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Akihiko Odaki [Sat, 17 Aug 2024 07:00:43 +0000 (16:00 +0900)]
net: Check if nc is NULL in qemu_get_vnet_hdr_len()
A netdev may not have a peer specified, resulting in NULL. We should
make it behave like /dev/null in such a case instead of letting it
cause segmentatin fault.
Fixes: 4b52d63249a5 ("tap: Remove qemu_using_vnet_hdr()") Cc: qemu-stable@nongnu.org Reported-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Tested-by; Jonathan Cameron <Jonathan.Cameron@huawei.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Bernhard Beschow [Tue, 8 Oct 2024 20:28:42 +0000 (22:28 +0200)]
net/tap-win32: Fix gcc 14 format truncation errors
The patch fixes the following errors generated by GCC 14.2:
../src/net/tap-win32.c:343:19: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 176 [-Werror=format-truncation=]
343 | "%s\\%s\\Connection",
| ^~
344 | NETWORK_CONNECTIONS_KEY, enum_name);
| ~~~~~~~~~
../src/net/tap-win32.c:341:9: note: 'snprintf' output between 92 and 347 bytes into a destination of size 256
341 | snprintf(connection_string,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
342 | sizeof(connection_string),
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
343 | "%s\\%s\\Connection",
| ~~~~~~~~~~~~~~~~~~~~~
344 | NETWORK_CONNECTIONS_KEY, enum_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/net/tap-win32.c:242:58: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 178 [-Werror=format-truncation=]
242 | snprintf (unit_string, sizeof(unit_string), "%s\\%s",
| ^~
243 | ADAPTER_KEY, enum_name);
| ~~~~~~~~~
../src/net/tap-win32.c:242:9: note: 'snprintf' output between 79 and 334 bytes into a destination of size 256
242 | snprintf (unit_string, sizeof(unit_string), "%s\\%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
243 | ADAPTER_KEY, enum_name);
| ~~~~~~~~~~~~~~~~~~~~~~~
../src/net/tap-win32.c:620:52: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 245 [-Werror=format-truncation=]
620 | snprintf (device_path, sizeof(device_path), "%s%s%s",
| ^~
621 | USERMODEDEVICEDIR,
622 | device_guid,
| ~~~~~~~~~~~
../src/net/tap-win32.c:620:5: note: 'snprintf' output between 16 and 271 bytes into a destination of size 256
620 | snprintf (device_path, sizeof(device_path), "%s%s%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
621 | USERMODEDEVICEDIR,
| ~~~~~~~~~~~~~~~~~~
622 | device_guid,
| ~~~~~~~~~~~~
623 | TAPSUFFIX);
| ~~~~~~~~~~
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2607 Cc: qemu-stable@nongnu.org Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniil Tatianin [Fri, 25 Oct 2024 07:35:24 +0000 (10:35 +0300)]
net/stream: deprecate 'reconnect' in favor of 'reconnect-ms'
Do the same thing we already did for chardev in c8e2b6b4d7e, and
introduce a new 'reconnect-ms' option to make it possible to specify
sub-second timeouts. This also changes the related documentaion and
tests to use reconnect-ms as well.
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:02 +0000 (09:51 +0100)]
ebpf: improve trace event coverage to all key operations
The existing error trace event is renamed to have a name prefix
matching its source file & to remove the redundant first arg that
adds no useful information.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:01 +0000 (09:51 +0100)]
hw/net: report errors from failing to use eBPF RSS FDs
If the user/mgmt app passed in a set of pre-opened FDs for eBPF RSS,
then it is expecting QEMU to use them. Any failure to do so must be
considered a fatal error and propagated back up the stack, otherwise
deployment mistakes will not be detectable in a prompt manner. When
not using pre-opened FDs, then eBPF RSS is tried on a "best effort"
basis only and thus fallback to software RSS is valid.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:00 +0000 (09:51 +0100)]
ebpf: add formal error reporting to all APIs
The eBPF code is currently reporting error messages through trace
events. Trace events are fine for debugging, but they are not to be
considered the primary error reporting mechanism, as their output
is inaccessible to callers.
This adds an "Error **errp" parameter to all methods which have
important error scenarios to report to the caller.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:59 +0000 (09:50 +0100)]
ebpf: improve error trace events
A design pattern of
trace_foo_error("descriptive string")
is undesirable because it does not allow for filtering trace events
based on the error scenario. Split eBPF error trace event into three
separate events to address this filtering need.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:58 +0000 (09:50 +0100)]
ebpf: drop redundant parameter checks in static methods
Various static methods have checks on their parameters which were
already checked immediately before the method was invoked. Drop
these redundat checks to simplify the following commit which adds
formal error reporting.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:57 +0000 (09:50 +0100)]
hw/net: fix typo s/epbf/ebpf/ in virtio-net
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:56 +0000 (09:50 +0100)]
net: fix build when libbpf is disabled, but libxdp is enabled
The net/af-xdp.c code is enabled when the libxdp library is present,
however, it also has direct API calls to bpf_xdp_query_id &
bpf_xdp_detach which are provided by the libbpf library.
As a result if building with --disable-libbpf, but libxdp gets
auto-detected, we'll fail to link QEMU
/usr/bin/ld: libcommon.a.p/net_af-xdp.c.o: undefined reference to symbol 'bpf_xdp_query_id@@LIBBPF_0.7.0'
There are two bugs here
* Since we have direct libbpf API calls, when building
net/af-xdp.c, we must tell meson that libbpf is a
dependancy, so that we directly link to it, rather
than relying on indirect linkage.
* When must skip probing for libxdp at all, when libbpf
is not found, raising an error if --enable-libxdp was
given explicitly.
Fixes: cb039ef3d9e3112da01e1ecd9b136ac9809ef733 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Fri, 25 Oct 2024 18:12:06 +0000 (19:12 +0100)]
Merge tag 'pull-maintainer-oct-misc-241024-1' of https://gitlab.com/stsquad/qemu into staging
testing, gdbstub and plugin updates
- update MAINTAINERS with pointers to foo/next
- add NOFETCH to help test custom docker builds
- update microblaze toolchain with atomic fixes
- update tsan build and documentation
- don't restrict build-environment by arch unless needed
- add cross-modifying code test
- add tracepoints for cpu_step_atomic fallbacks
- fix defaults for loongarch cross build
- make check-[dco|patch] a little more verbose
- fix gdbstub bug preventing aarch64_be-linux-user starting
- add basic test for aarch64_be
- clean up some gdbstub test scripts
- fix qemu_plugin_reset
* tag 'pull-maintainer-oct-misc-241024-1' of https://gitlab.com/stsquad/qemu:
plugins: fix qemu_plugin_reset
MAINTAINERS: mention my plugins/next tree
testing: Enhance gdb probe script
tests/tcg/aarch64: Use raw strings for regexes in test-mte.py
tests/tcg: enable basic testing for aarch64_be-linux-user
config/targets: update aarch64_be-linux-user gdb XML list
MAINTAINERS: mention my gdbstub/next tree
gitlab: make check-[dco|patch] a little more verbose
dockerfiles: fix default targets for debian-loongarch-cross
accel/tcg: add tracepoints for cpu_loop_exit_atomic
tests/tcg/x86_64: Add cross-modifying code test
scripts/ci: remove architecture checks for build-environment updates
docs/devel: update tsan build documentation
meson: hide tsan related warnings
MAINTAINERS: mention my testing/next tree
tests/docker: add NOFETCH env variable for testing
tests/docker: Fix microblaze atomics
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 25 Oct 2024 12:35:22 +0000 (13:35 +0100)]
Merge tag 'pull-aspeed-20241024' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fixed GPIO interrupt status when in index mode
* Added GPIO support for the AST2700 SoC and specific test cases
* Fixed crypto controller (HACE) Accumulative hash function
* Converted Aspeed machine avocado tests to the new functional
framework. SDK tests still to be addressed.
* Fixed issue in the SSI controller when doing writes in user mode
* Added support for the WRSR2 register of Winbond flash devices
* Added SFDP table for the Windbond w25q80bl flash device
* Changed flash device models for the ast1030-a1 EVB
* tag 'pull-aspeed-20241024' of https://github.com/legoater/qemu:
test/qtest/aspeed_smc-test: Fix coding style
hw/arm/aspeed: Correct fmc_model w25q80bl for ast1030-a1 EVB
hw/arm/aspeed: Correct spi_model w25q256 for ast1030-a1 EVB.
hw/block/m25p80: Add SFDP table for w25q80bl flash
hw/block:m25p80: Support write status register 2 command (0x31) for w25q01jvq
hw/block:m25p80: Fix coding style
aspeed/smc: Fix write incorrect data into flash in user mode
tests/functional: Convert most Aspeed machine tests
hw/misc/aspeed_hace: Fix SG Accumulative hashing
tests/qtest:ast2700-gpio-test: Add GPIO test case for AST2700
aspeed/soc: Support GPIO for AST2700
aspeed/soc: Correct GPIO irq 130 for AST2700
hw/gpio/aspeed: Add AST2700 support
hw/gpio/aspeed: Fix clear incorrect interrupt status for GPIO index mode
hw/gpio/aspeed: Support different memory region ops
hw/gpio/aspeed: Support to set the different memory size
hw/gpio/aspeed: Fix coding style
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-vfio-20241024' of https://github.com/legoater/qemu:
vfio/helpers: Align mmaps
vfio/helpers: Refactor vfio_region_mmap() error handling
vfio/migration: Change trace formats from hex to decimal
vfio/migration: Report only stop-copy size in vfio_state_pending_exact()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-request-2024-10-23' of https://gitlab.com/thuth/qemu: (23 commits)
pc-bios/s390-ccw: Update s390-ccw.img with the full boot order support feature
pc-bios/s390-ccw: Introduce `EXTRA_LDFLAGS`
pc-bios/s390-ccw: Don't generate TEXTRELs
pc-bios/s390-ccw: Clarify alignment is in bytes
tests/qtest: Add s390x boot order tests to cdrom-test.c
docs/system: Update documentation for s390x IPL
pc-bios/s390x: Enable multi-device boot loop
s390x: Rebuild IPLB for SCSI device directly from DIAG308
hw/s390x: Build an IPLB for each boot device
s390x: Add individual loadparm assignment to CCW device
include/hw/s390x: Add include files for common IPL structs
pc-bios/s390-ccw: Enable failed IPL to return after error
pc-bios/s390-ccw: Remove panics from Netboot IPL path
pc-bios/s390-ccw: Remove panics from DASD IPL path
pc-bios/s390-ccw: Remove panics from SCSI IPL path
pc-bios/s390-ccw: Remove panics from ECKD IPL path
pc-bios/s390-ccw: Remove panics from ISO IPL path
docs/system/s390x/bootdevices: Update the documentation about network booting
pc-bios/s390-ccw: Merge netboot.mak into the main Makefile
hw/s390x: Remove the possibility to load the s390-netboot.img binary
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 24 Oct 2024 14:21:42 +0000 (15:21 +0100)]
Merge tag 'pull-tcg-20241022' of https://gitlab.com/rth7680/qemu into staging
tcg: Reset data_gen_ptr correctly
tcg/riscv: Implement host vector support
tcg/ppc: Fix tcg_out_rlw_rc
target/i386: Walk NPT in guest real mode
target/i386: Use probe_access_full_mmu in ptw_translate
linux-user: Fix build failure caused by missing __u64 on musl
linux-user: Emulate /proc/self/maps under mmap_lock
linux-user/riscv: Fix definition of RISCV_HWPROBE_EXT_ZVFHMIN
linux-user/ppc: Fix sigmask endianness issue in sigreturn
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
raw-format: Fix error message for invalid offset/size
block-backend: per-device throttling of BLOCK_IO_ERROR reports
qapi: add qom-path to BLOCK_IO_ERROR event
iotests/backup-discard-source: don't use actual-size
iotests/backup-discard-source: convert size variable to be int
block/vdi.c: Make SECTOR_SIZE constant 64-bits
tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field
block/ssh.c: Don't double-check that characters are hex digits
block/gluster: Use g_autofree for string in qemu_gluster_parse_json()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 24 Oct 2024 10:23:38 +0000 (11:23 +0100)]
Merge tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc sockets, crypto and VNC fixes
* Fix rare EADDRINUSE failures on OpenBSD platforms seen
with migration
* Fix & test overwriting of hash output buffer
* Close connection instead of returning empty SASL mechlist to
VNC clients
* Fix handling of SASL SSF on VNC server UNIX sockets
* Fix handling of NULL SASL server data in VNC server
* Validate trailing NUL padding byte from SASL client
* Fix & test AF_ALG crypto backend build
* Remove unused code in sockets and crypto subsystems
* tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu:
gitlab: enable afalg tests in fedora system test
ui: validate NUL byte padding in SASL client data more strictly
ui: fix handling of NULL SASL server data
ui/vnc: don't check for SSF after SASL authentication on UNIX sockets
ui/vnc: fix skipping SASL SSF on UNIX sockets
ui/vnc: don't raise error formatting socket address for non-inet
ui/vnc: don't return an empty SASL mechlist to the client
crypto/hash-afalg: Fix broken build
include/crypto: clarify @result/@result_len for hash/hmac APIs
tests: correctly validate result buffer in hash/hmac tests
crypto/hash: avoid overwriting user supplied result pointer
util: don't set SO_REUSEADDR on client sockets
sockets: Remove deadcode
crypto: Remove unused DER string functions
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pierrick Bouvier [Wed, 23 Oct 2024 11:34:06 +0000 (12:34 +0100)]
plugins: fix qemu_plugin_reset
34e5e1 refactored the plugin context initialization. After this change,
tcg_ctx->plugin_insn is not reset inconditionnally anymore, but only if
one plugin at least is active.
When uninstalling the last plugin active, we stopped reinitializing
tcg_ctx->plugin_insn, which leads to memory callbacks being emitted.
This results in an error as they don't appear in a plugin op sequence as
expected.
The correct fix is to make sure we reset plugin translation variables
after current block translation ends. This way, we can catch any
potential misuse of those after a given block, in more than fixing the
current bug.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2570 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Tested-by: Robbin Ehn <rehn@rivosinc.com>
Message-Id: <20241015003819.984601-1-pierrick.bouvier@linaro.org>
[AJB: trim patch version details from commit msg] Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-19-alex.bennee@linaro.org>
Gustavo Romero [Wed, 23 Oct 2024 11:34:02 +0000 (12:34 +0100)]
tests/tcg/aarch64: Use raw strings for regexes in test-mte.py
Use Python's raw string notation instead of string literals for regex so
it's not necessary to double backslashes when regex special forms are
used. Raw notation is preferred for regex and easier to read.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20241015140806.385449-1-gustavo.romero@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-15-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:34:01 +0000 (12:34 +0100)]
tests/tcg: enable basic testing for aarch64_be-linux-user
We didn't notice breakage of aarch64_be because we don't have any TCG
tests for it. However while the existing aarch64 compiler can target
big-endian builds no one packages a BE libc. Instead we bang some
rocks together to do the most basic of hello world with a nostdlib
syscall test.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-14-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:33:59 +0000 (12:33 +0100)]
MAINTAINERS: mention my gdbstub/next tree
Make it easy for people to see what is already queued.
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-12-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:33:58 +0000 (12:33 +0100)]
gitlab: make check-[dco|patch] a little more verbose
When git fails the rather terse backtrace only indicates it failed
without some useful context. Add some to make the log a little more
useful.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-11-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:33:56 +0000 (12:33 +0100)]
accel/tcg: add tracepoints for cpu_loop_exit_atomic
We try to avoid using cpu_loop_exit_atomic as it brings in an all-core
sync point. However on some cpu/kernel/benchmark combinations it is
starting to show up in the performance profile. To make it easier to
see whats going on add tracepoints for the slow path so we can see
what is triggering the wait.
It seems for a modern CPU it can be quite a bit, for example:
Ilya Leoshkevich [Wed, 23 Oct 2024 11:33:55 +0000 (12:33 +0100)]
tests/tcg/x86_64: Add cross-modifying code test
commit f025692c992c ("accel/tcg: Clear PAGE_WRITE before translation")
fixed cross-modifying code handling, but did not add a test. The
changed code was further improved recently [1], and I was not sure
whether these modifications were safe (spoiler: they were fine).
Alex Bennée [Wed, 23 Oct 2024 11:33:54 +0000 (12:33 +0100)]
scripts/ci: remove architecture checks for build-environment updates
We were missing s390x here. There isn't much point testing for the
architecture here as we will fail anyway if the appropriate package
list is missing.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-7-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:33:51 +0000 (12:33 +0100)]
MAINTAINERS: mention my testing/next tree
I put it under my name as there may be other maintainer testing trees
as well.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-4-alex.bennee@linaro.org>
Alex Bennée [Wed, 23 Oct 2024 11:33:50 +0000 (12:33 +0100)]
tests/docker: add NOFETCH env variable for testing
Testing non-auto built docker containers (i.e. custom built compilers)
is a bit fiddly as you couldn't continue a build with a previously
locally built container. While you can play games with REGISTRY its
simpler to allow a NOFETCH that will go through the cached build
process when you run the tests.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241023113406.1284676-3-alex.bennee@linaro.org>
Jamin Lin [Tue, 22 Oct 2024 09:40:58 +0000 (17:40 +0800)]
hw/arm/aspeed: Correct fmc_model w25q80bl for ast1030-a1 EVB
Currently, the default fmc_model was "sst25vf032b" whose size was 4MB for
ast1030-a1 EVB. However, according to the schematic of ast1030-a1 EVB,
ASPEED shipped default flash of fmc_cs0 and fmc_cs1 were "w25q80bl" and
"w25q256", respectively. The size of w25q80bl is 1MB and the size of w25q256
is 32MB.
The fmc_cs0 was connected to AST1030 A1 internal flash and the fmc_cs1 was
connected to external flash. The internal flash could not be changed because
it was placed into AST1030 A1 chip. Users only can change fmc_cs1 external
flash.
So far, only supports to set the default fmc_model for all chip select pins.
In other words, users cannot set the different default flash model for
fmc_cs0 and fmc_cs1, respectively.
Correct fmc_model default flash to w25q80bl the same as AST1030 A1
internal flash for ast1030-a1 EVB.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:57 +0000 (17:40 +0800)]
hw/arm/aspeed: Correct spi_model w25q256 for ast1030-a1 EVB.
Currently, the default spi_model was "sst25vf032b" whose size was 4MB for
ast1030-a1 EVB. However, according to the schematic of ast1030-a1 EVB,
ASPEED shipped default flash of spi1 and spi2 were w25q256 whose size
was 32MB.
Correct spi_model default flash to w25q256 for ast1030-a1 EVB.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:55 +0000 (17:40 +0800)]
hw/block:m25p80: Support write status register 2 command (0x31) for w25q01jvq
According to the w25q01jv datasheet at page 16, it is required to set QE bit
in "Status Register 2" to enable quad mode.
Currently, m25p80 support users utilize "Write Status Register 1(0x01)" command
to set QE bit in "Status Register 2" and utilize "Read Status Register 2(0x35)"
command to get the QE bit status.
However, some firmware directly utilize "Status Register 2(0x31)" command to
set QE bit. To fully support quad mode for w25q01jvq, adds WRSR2 command.
Update collecting data needed 1 byte for WRSR2 command in decode_new_cmd
function and verify QE bit at the first byte of collecting data bit 2 in
complete_collecting_data.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:53 +0000 (17:40 +0800)]
aspeed/smc: Fix write incorrect data into flash in user mode
According to the design of ASPEED SPI controllers user mode, users write the
data to flash, the SPI drivers set the Control Register(0x10) bit 0 and 1
enter user mode. Then, SPI drivers send flash commands for writing data.
Finally, SPI drivers set the Control Register (0x10) bit 2 to stop
active control and restore bit 0 and 1.
According to the design of ASPEED SMC model, firmware writes the
Control Register and the "aspeed_smc_flash_update_ctrl" function is called.
Then, this function verify Control Register(0x10) bit 0 and 1. If it set user
mode, the value of s->snoop_index is SNOOP_START else SNOOP_OFF.
If s->snoop_index is SNOOP_START, the "aspeed_smc_do_snoop" function verify
the first incomming data is a new flash command and writes the corresponding
dummy bytes if need.
However, it did not check the current unselect status. If current unselect
status is "false" and firmware set the IO MODE by Control Register bit 31:28,
the value of s->snoop_index will be changed to SNOOP_START again and
"aspeed_smc_do_snoop" misunderstand that the incomming data is the new flash
command and it causes writing unexpected data into flash.
Example:
1. Firmware set user mode by Control Register bit 0 and 1(0x03)
2. SMC model set s->snoop SNOOP_START
3. Firmware set Quad Page Program with 4-Byte Address command (0x34)
4. SMC model verify this flash command and it needs 4 dummy bytes.
5. Firmware send 4 bytes address.
6. SMC model receives 4 bytes address
7. Firmware set QPI IO MODE by Control Register bit 31. (0x80000003)
8. SMC model verify new user mode by Control Register bit 0 and 1.
Then, set s->snoop SNOOP_START again. (It is the wrong behavior.)
9. Firmware send 0xebd8c134 data and it should be written into flash.
However, SMC model misunderstand that the first incoming data, 0x34,
is the new command because the value of s->snoop is changed to SNOOP_START.
Finally, SMC sned the incorrect data to flash model.
Introduce a new unselect attribute in AspeedSMCState to save the current
unselect status for user mode and set it "true" by default.
Update "aspeed_smc_flash_update_ctrl" function to check the previous unselect
status. If both new unselect status and previous unselect status is different,
update s->snoop_index value and call "aspeed_smc_flash_do_select".
Increase VMStateDescription version.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
[ clg: - Replaced VMSTATE_BOOL -> VMSTATE_BOOL_V ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
Cédric Le Goater [Wed, 16 Oct 2024 08:47:34 +0000 (10:47 +0200)]
tests/functional: Convert most Aspeed machine tests
This is a simple conversion of the tests with some cleanups and
adjustments to match the new test framework. Replace the zephyr image
MD5 hashes with SHA256 hashes while at it.
The SDK tests depend on a ssh class from avocado.utils which is
difficult to replace. To be addressed separately.
Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com>
Alejandro Zeise [Wed, 7 Aug 2024 19:51:22 +0000 (19:51 +0000)]
hw/misc/aspeed_hace: Fix SG Accumulative hashing
Make the Aspeed HACE module use the new qcrypto accumulative hashing functions
when in scatter-gather accumulative mode. A hash context will maintain a
"running-hash" as each scatter-gather chunk is received.
Previously each scatter-gather "chunk" was cached
so the hash could be computed once the final chunk was received.
However, the cache was a shallow copy, so once the guest overwrote the
memory provided to HACE the final hash would not be correct.
Possibly related to: https://gitlab.com/qemu-project/qemu/-/issues/1121 Buglink: https://github.com/openbmc/qemu/issues/36 Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Checkpatch fixes
- Reworked qcrypto_hash*() error reports in do_hash_operation() ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Acked-by: Andrew Jeffery <andrew@codeconstruct.com.au> Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Joel Stanley <joel@jms.id.au>
Jamin Lin [Tue, 1 Oct 2024 02:43:32 +0000 (10:43 +0800)]
aspeed/soc: Correct GPIO irq 130 for AST2700
The register set of GPIO have a significant change since AST2700.
Each GPIO pin has their own individual control register and users are able to
set one GPIO pin’s direction, interrupt enable, input mask and so on in the
same one control register.
AST2700 does not have GPIO18_XXX registers for GPIO 1.8v, removes
ASPEED_DEV_GPIO_1_8V. It is enough to only have ASPEED_DEV_GPIO
device in AST2700.
The AST2700 GPIO controller interrupt is connected to GICINT130_INTC at
bit 18. Therefore, correct GPIO irq 130.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
projects / users / dwmw2 / qemu.git / log