Helge Deller [Tue, 26 Mar 2024 17:39:40 +0000 (07:39 -1000)]
target/hppa: Add diag instructions to set/restore shadow registers
The 32-bit PA-7300LC (PCX-L2) CPU and the 64-bit PA8700 (PCX-W2) CPU
use different diag instructions to save or restore the CPU registers
to/from the shadow registers.
Implement those per-CPU architecture diag instructions to fix those
parts of the HP ODE testcases (L2DIAG and WDIAG, section 1) which test
the shadow registers.
Signed-off-by: Helge Deller <deller@gmx.de>
[rth: Use decodetree to distinguish cases] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Helge Deller <deller@gmx.de> Tested-by: Helge Deller <deller@gmx.de>
Richard Henderson [Tue, 26 Mar 2024 02:33:50 +0000 (16:33 -1000)]
target/hppa: Squash d for pa1.x during decode
The cond_need_ext predicate was created while we still had a
32-bit compilation mode. It now makes more sense to treat D
as an absolute indicator of a 64-bit operation.
Richard Henderson [Mon, 25 Mar 2024 01:59:37 +0000 (15:59 -1000)]
target/hppa: Fix unit carry conditions
Split do_unit_cond to do_unit_zero_cond to only handle conditions
versus zero. These are the only ones that are legal for UXOR.
Simplify trans_uxor accordingly.
Rename do_unit to do_unit_addsub, since xor has been split.
Properly compute carry-out bits for add and subtract, mirroring
the code in do_add and do_sub.
Richard Henderson [Mon, 25 Mar 2024 02:26:41 +0000 (16:26 -1000)]
target/hppa: Optimize UADDCM with no condition
With r1 as zero is by far the most common usage of UADDCM, as the
easiest way to invert a register. The compiler does occasionally
use the addition step as well, and we can simplify that to avoid
a temp and write directly into the destination.
Richard Henderson [Mon, 25 Mar 2024 00:03:05 +0000 (14:03 -1000)]
target/hppa: Fix DCOR reconstruction of carry bits
The carry bits for each nibble N are located in bit (N+1)*4,
so the shift by 3 was off by one. Furthermore, the carry bit
for the most significant carry bit is indeed located in bit 64,
which is located in a different storage word.
Use a double-word shift-right to reassemble into a single word
and place them all at bit 0 of their respective nibbles.
Richard Henderson [Sat, 23 Mar 2024 00:45:06 +0000 (14:45 -1000)]
target/hppa: Fix EIRR, EIEM versus icount
Call translator_io_start before write to EIRR.
Move evaluation of EIRR vs EIEM to hppa_cpu_exec_interrupt.
Exit TB after write to EIEM, but otherwise use a straight store.
Sven Schnelle [Thu, 21 Mar 2024 18:42:26 +0000 (19:42 +0100)]
target/hppa: Handle unit conditions for wide mode
Wide mode provides two more conditions, add them.
Fixes: 59963d8fdf42 ("target/hppa: Pass d to do_unit_cond") Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240321184228.611897-1-svens@stackframe.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 26 Mar 2024 15:50:29 +0000 (15:50 +0000)]
Merge tag 'hw-misc-20240326' of https://github.com/philmd/qemu into staging
Misc HW patch queue
[hw]
- Do not silently overwrite 'io_timeout' property in scsi-generic (Lorenz)
- Propagate period when enabling a clock in stm32l4x5 mux (Arnaud, Phil)
- Add missing smbios_get_table_legacy() stub (Igor)
- Append a space in gpa2hva() HMP error message (Yao)
- Fix compiler warning in 'execlog' plugin (Yao)
[target]
- i386: Enable page walking from MMIO memory (Gregory, Jonathan)
- tricore: Use correct string format in cpu_tlb_fill (Phil)
[docs]
- Fix formatting in amigang.rst (Zoltan)
[ui]
- Fix cocoa regression in platform fullscreen toggling (Akihiko)
* tag 'hw-misc-20240326' of https://github.com/philmd/qemu:
ui/cocoa: Use NSTrackingInVisibleRect
ui/cocoa: Resize window after toggling zoom-to-fit
ui/cocoa: Fix aspect ratio
hw/smbios: add stub for smbios_get_table_legacy()
contrib/plugins/execlog: Fix compiler warning
docs/system/ppc/amigang.rst: Fix formatting
hw/misc/stm32l4x5_rcc: Propagate period when enabling a clock
hw/misc/stm32l4x5_rcc: Inline clock_update() in clock_mux_update()
hw/clock: Let clock_set_mul_div() return a boolean value
target/tricore/helper: Use correct string format in cpu_tlb_fill()
monitor/hmp-cmds-target: Append a space in error message in gpa2hva()
hw/scsi/scsi-generic: Fix io_timeout property not applying
target/i386/tcg: Enable page walking from MMIO memory
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
iotests: add test for stream job with an unaligned prefetch read
block-backend: fix edge case in bdrv_next_cleanup() where BDS associated to BB changes
block-backend: fix edge case in bdrv_next() where BDS associated to BB changes
block/io: accept NULL qiov in bdrv_pad_request
vdpa-dev: Fix initialisation order to restore VDUSE compatibility
tests/qemu-iotests: Test 157 and 227 require virtio-blk
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Akihiko Odaki [Sat, 23 Mar 2024 06:20:03 +0000 (15:20 +0900)]
ui/cocoa: Use NSTrackingInVisibleRect
I observed [NSTrackingArea rect] becomes de-synchronized with the view
frame with some unknown condition, and fails to track mouse movement on
some area of the view. Specify NSTrackingInVisibleRect option to let
Cocoa automatically update NSTrackingArea, which also saves code for
synchronization.
Fixes: 91aa508d0274 ("ui/cocoa: Let the platform toggle fullscreen") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20240323-fixes-v2-3-18651a2b0394@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Akihiko Odaki [Sat, 23 Mar 2024 06:20:01 +0000 (15:20 +0900)]
ui/cocoa: Fix aspect ratio
[NSWindow setContentAspectRatio:] does not trigger window resize itself,
so the wrong aspect ratio will persist if nothing resizes the window.
Call [NSWindow setContentSize:] in such a case.
Fixes: 91aa508d0274 ("ui/cocoa: Let the platform toggle fullscreen") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20240323-fixes-v2-1-18651a2b0394@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
It happens because I've fogotten/lost smbios_get_table_legacy() stub.
Fix it by adding missing stub as Philippe suggested.
Fixes: b42b0e4daaa5 "smbios: build legacy mode code only for 'pc' machine" Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-ID: <20240326122630.85989-1-imammedo@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Yao Xingtao [Tue, 26 Mar 2024 01:52:57 +0000 (21:52 -0400)]
contrib/plugins/execlog: Fix compiler warning
1. The g_pattern_match_string() is deprecated when glib2 version >= 2.70.
Use g_pattern_spec_match_string() instead to avoid this problem.
2. The type of second parameter in g_ptr_array_add() is
'gpointer' {aka 'void *'}, but the type of reg->name is 'const char*'.
Cast the type of reg->name to 'gpointer' to avoid this problem.
compiler warning message:
contrib/plugins/execlog.c:330:17: warning: ‘g_pattern_match_string’
is deprecated: Use 'g_pattern_spec_match_string' instead [-Wdeprecated-declarations]
330 | if (g_pattern_match_string(pat, rd->name) ||
| ^~
In file included from /usr/include/glib-2.0/glib.h:67,
from contrib/plugins/execlog.c:9:
/usr/include/glib-2.0/glib/gpattern.h:57:15: note: declared here
57 | gboolean g_pattern_match_string (GPatternSpec *pspec,
| ^~~~~~~~~~~~~~~~~~~~~~
contrib/plugins/execlog.c:331:21: warning: ‘g_pattern_match_string’
is deprecated: Use 'g_pattern_spec_match_string' instead [-Wdeprecated-declarations]
331 | g_pattern_match_string(pat, rd_lower)) {
| ^~~~~~~~~~~~~~~~~~~~~~
/usr/include/glib-2.0/glib/gpattern.h:57:15: note: declared here
57 | gboolean g_pattern_match_string (GPatternSpec *pspec,
| ^~~~~~~~~~~~~~~~~~~~~~
contrib/plugins/execlog.c:339:63: warning: passing argument 2 of
‘g_ptr_array_add’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
339 | g_ptr_array_add(all_reg_names, reg->name);
| ~~~^~~~~~
In file included from /usr/include/glib-2.0/glib.h:33:
/usr/include/glib-2.0/glib/garray.h:198:62: note: expected
‘gpointer’ {aka ‘void *’} but argument is of type ‘const char *’
198 | gpointer data);
| ~~~~~~~~~~~~~~~~~~^~~~
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2210 Signed-off-by: Yao Xingtao <yaoxt.fnst@fujitsu.com>
Message-ID: <20240326015257.21516-1-yaoxt.fnst@fujitsu.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Arnaud Minier [Sun, 17 Mar 2024 10:39:12 +0000 (11:39 +0100)]
hw/misc/stm32l4x5_rcc: Propagate period when enabling a clock
The "clock_set_mul_div" function doesn't propagate the clock period
to the children if it is changed (e.g. by enabling/disabling a clock
multiplexer).
This was overlooked during the implementation due to late changes.
This commit propagates the change if the multiplier or divider changes.
Philippe Mathieu-Daudé [Mon, 25 Mar 2024 11:30:12 +0000 (12:30 +0100)]
hw/misc/stm32l4x5_rcc: Inline clock_update() in clock_mux_update()
Trivial inlining in preliminary patch to make the next
one easier to review.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20240325152827.73817-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Fri, 22 Mar 2024 15:48:17 +0000 (16:48 +0100)]
hw/clock: Let clock_set_mul_div() return a boolean value
Let clock_set_mul_div() return a boolean value whether the
clock has been updated or not, similarly to clock_set().
Return early when clock_set_mul_div() is called with
same mul/div values the clock has.
Acked-by: Luc Michel <luc@lmichel.fr> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20240325152827.73817-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 19 Mar 2024 05:00:46 +0000 (06:00 +0100)]
target/tricore/helper: Use correct string format in cpu_tlb_fill()
'address' got converted from target_ulong to vaddr in commit 68d6eee73c ("target/tricore: Convert to CPUClass::tlb_fill").
Use the corresponding format string to avoid casting.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240319051413.6956-1-philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Yao Xingtao [Tue, 19 Mar 2024 02:16:10 +0000 (10:16 +0800)]
monitor/hmp-cmds-target: Append a space in error message in gpa2hva()
In qemu monitor mode, when we use gpa2hva command to print the host
virtual address corresponding to a guest physical address, if the gpa is
not in RAM, the error message is below:
(qemu) gpa2hva 0x750000000
Memory at address 0x750000000is not RAM
A space is missed between '0x750000000' and 'is'.
Signed-off-by: Yao Xingtao <yaoxt.fnst@fujitsu.com> Fixes: e9628441df ("hmp: gpa2hva and gpa2hpa hostaddr command") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dave@treblig.org>
Message-ID: <20240319021610.2423844-1-ruansy.fnst@fujitsu.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Lorenz Brun [Fri, 15 Mar 2024 14:58:31 +0000 (15:58 +0100)]
hw/scsi/scsi-generic: Fix io_timeout property not applying
The io_timeout property, introduced in c9b6609 (part of 6.0) is
silently overwritten by the hardcoded default value of 30 seconds
(DEFAULT_IO_TIMEOUT) in scsi_generic_realize because that function is
being called after the properties have already been applied.
The property definition already has a default value which is applied
correctly when no value is explicitly set, so we can just remove the
code which overrides the io_timeout completely.
This has been tested by stracing SG_IO operations with the io_timeout
property set and unset and now sets the timeout field in the ioctl
request to the proper value.
Fixes: c9b6609b69facad ("scsi: make io_timeout configurable") Signed-off-by: Lorenz Brun <lorenz@brun.one>
Message-ID: <20240315145831.2531695-1-lorenz@brun.one> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Gregory Price [Thu, 7 Mar 2024 15:53:04 +0000 (15:53 +0000)]
target/i386/tcg: Enable page walking from MMIO memory
CXL emulation of interleave requires read and write hooks due to
requirement for subpage granularity. The Linux kernel stack now enables
using this memory as conventional memory in a separate NUMA node. If a
process is deliberately forced to run from that node
$ numactl --membind=1 ls
the page table walk on i386 fails.
Useful part of backtrace:
(cpu=cpu@entry=0x555556fd9000, fmt=fmt@entry=0x555555fe3378 "cpu_io_recompile: could not find TB for pc=%p")
at ../../cpu-target.c:359
(retaddr=0, addr=19595792376, attrs=..., xlat=<optimized out>, cpu=0x555556fd9000, out_offset=<synthetic pointer>)
at ../../accel/tcg/cputlb.c:1339
(cpu=0x555556fd9000, full=0x7fffee0d96e0, ret_be=ret_be@entry=0, addr=19595792376, size=size@entry=8, mmu_idx=4, type=MMU_DATA_LOAD, ra=0) at ../../accel/tcg/cputlb.c:2030
(cpu=cpu@entry=0x555556fd9000, p=p@entry=0x7ffff56fddc0, mmu_idx=<optimized out>, type=type@entry=MMU_DATA_LOAD, memop=<optimized out>, ra=ra@entry=0) at ../../accel/tcg/cputlb.c:2356
(cpu=cpu@entry=0x555556fd9000, addr=addr@entry=19595792376, oi=oi@entry=52, ra=ra@entry=0, access_type=access_type@entry=MMU_DATA_LOAD) at ../../accel/tcg/cputlb.c:2439
at ../../accel/tcg/ldst_common.c.inc:301
at ../../target/i386/tcg/sysemu/excp_helper.c:173
(err=0x7ffff56fdf80, out=0x7ffff56fdf70, mmu_idx=0, access_type=MMU_INST_FETCH, addr=18446744072116178925, env=0x555556fdb7c0)
at ../../target/i386/tcg/sysemu/excp_helper.c:578
(cs=0x555556fd9000, addr=18446744072116178925, size=<optimized out>, access_type=MMU_INST_FETCH, mmu_idx=0, probe=<optimized out>, retaddr=0) at ../../target/i386/tcg/sysemu/excp_helper.c:604
Avoid this by plumbing the address all the way down from
x86_cpu_tlb_fill() where is available as retaddr to the actual accessors
which provide it to probe_access_full() which already handles MMIO accesses.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2180
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2220 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-ID: <20240307155304.31241-2-Jonathan.Cameron@huawei.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Fiona Ebner [Fri, 22 Mar 2024 09:50:09 +0000 (10:50 +0100)]
iotests: add test for stream job with an unaligned prefetch read
Previously, bdrv_pad_request() could not deal with a NULL qiov when
a read needed to be aligned. During prefetch, a stream job will pass a
NULL qiov. Add a test case to cover this scenario.
By accident, also covers a previous race during shutdown, where block
graph changes during iteration in bdrv_flush_all() could lead to
unreferencing the wrong block driver state and an assertion failure
later.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20240322095009.346989-5-f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fiona Ebner [Fri, 22 Mar 2024 09:50:08 +0000 (10:50 +0100)]
block-backend: fix edge case in bdrv_next_cleanup() where BDS associated to BB changes
Same rationale as for commit "block-backend: fix edge case in
bdrv_next() where BDS associated to BB changes". The block graph might
change between the bdrv_next() call and the bdrv_next_cleanup() call,
so it could be that the associated BDS is not the same that was
referenced previously anymore. Instead, rely on bdrv_next() to set
it->bs to the BDS it referenced and unreference that one in any case.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20240322095009.346989-4-f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fiona Ebner [Fri, 22 Mar 2024 09:50:07 +0000 (10:50 +0100)]
block-backend: fix edge case in bdrv_next() where BDS associated to BB changes
The old_bs variable in bdrv_next() is currently determined by looking
at the old block backend. However, if the block graph changes before
the next bdrv_next() call, it might be that the associated BDS is not
the same that was referenced previously. In that case, the wrong BDS
is unreferenced, leading to an assertion failure later:
> bdrv_unref: Assertion `bs->refcnt > 0' failed.
In particular, this can happen in the context of bdrv_flush_all(),
when polling for bdrv_co_flush() in the generated co-wrapper leads to
a graph change (for example with a stream block job [0]).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20240322095009.346989-3-f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Reiter [Fri, 22 Mar 2024 09:50:06 +0000 (10:50 +0100)]
block/io: accept NULL qiov in bdrv_pad_request
Some operations, e.g. block-stream, perform reads while discarding the
results (only copy-on-read matters). In this case, they will pass NULL
as the target QEMUIOVector, which will however trip bdrv_pad_request,
since it wants to extend its passed vector. In particular, this is the
case for the blk_co_preadv() call in stream_populate().
If there is no qiov, no operation can be done with it, but the bytes
and offset still need to be updated, so the subsequent aligned read
will actually be aligned and not run into an assertion failure.
In particular, this can happen when the request alignment of the top
node is larger than the allocated part of the bottom node, in which
case padding becomes necessary. For example:
Originally-by: Stefan Reiter <s.reiter@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
[FE: do update bytes and offset in any case
add reproducer to commit message] Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20240322095009.346989-2-f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Fri, 15 Mar 2024 15:59:49 +0000 (16:59 +0100)]
vdpa-dev: Fix initialisation order to restore VDUSE compatibility
VDUSE requires that virtqueues are first enabled before the DRIVER_OK
status flag is set; with the current API of the kernel module, it is
impossible to enable the opposite order in our block export code because
userspace is not notified when a virtqueue is enabled.
This requirement also mathces the normal initialisation order as done by
the generic vhost code in QEMU. However, commit 6c482547 accidentally
changed the order for vdpa-dev and broke access to VDUSE devices with
this.
This changes vdpa-dev to use the normal order again and use the standard
vhost callback .vhost_set_vring_enable for this. VDUSE devices can be
used with vdpa-dev again after this fix.
vhost_net intentionally avoided enabling the vrings for vdpa and does
this manually later while it does enable them for other vhost backends.
Reflect this in the vhost_net code and return early for vdpa, so that
the behaviour doesn't change for this device.
Cc: qemu-stable@nongnu.org Fixes: 6c4825476a43 ('vdpa: move vhost_vdpa_set_vring_ready to the caller') Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20240315155949.86066-1-kwolf@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Thomas Huth [Mon, 25 Mar 2024 15:47:37 +0000 (16:47 +0100)]
tests/qemu-iotests: Test 157 and 227 require virtio-blk
Tests 157 and 227 use the virtio-blk device, so we have to mark these
tests accordingly to be skipped if this devices is not available (e.g.
when running the tests with qemu-system-avr only).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20240325154737.1305063-1-thuth@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* tag 'pull-qapi-2024-03-26' of https://repo.or.cz/qemu/armbru:
qapi: document parameters of query-cpu-model-* QAPI commands
qapi/block-core: improve Qcow2OverlapCheckFlags documentation
qapi: document leftover members in qapi/stats.json
qapi: document leftover members in qapi/run-state.json
qapi: document InputMultiTouchType
qga/qapi-schema: Refill doc comments to conform to current conventions
qapi: Correct documentation indentation and whitespace
qapi: Refill doc comments to conform to current conventions
qapi: Don't repeat member type in its documentation text
qapi: Start sentences with a capital letter, end them with a period
qapi: Fix abbreviation punctuation in doc comments
qapi: Fix typo in request-ebpf documentation
qapi: Fix argument markup in drive-mirror documentation
qapi: Tidy up indentation of add_client's example
qapi: Tidy up block-latency-histogram-set documentation some more
qapi: Expand a few awkward abbreviations in documentation
qapi: Drop stray Arguments: line from qmp_capabilities docs
qapi: Fix bogus documentation of query-migrationthreads
qapi: Resync MigrationParameter and MigrateSetParameters
qapi: Improve migration TLS documentation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
David Hildenbrand [Mon, 25 Mar 2024 15:01:41 +0000 (16:01 +0100)]
qapi: document parameters of query-cpu-model-* QAPI commands
Let's document the parameters of these commands, so we can remove them
from the "documentation-exceptions" list.
While at it, extend the "Returns:" documentation as well, fixing a wrong
use of CpuModelBaselineInfo vs. CpuModelCompareInfo for
query-cpu-model-comparison.
Cc: Markus Armbruster <armbru@redhat.com> Cc: Eric Blake <eblake@redhat.com> Cc: Eduardo Habkost <eduardo@habkost.net> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org> Cc: Yanan Wang <wangyanan55@huawei.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-ID: <20240325150141.342720-1-david@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Punctuation tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Most of fields have no description at all. Let's fix that. Still, no
reason to place here more detailed descriptions of what these
structures are, as we have public Qcow2 format specification.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20240325120054.2693236-1-vsementsov@yandex-team.ru> Acked-by: Markus Armbruster <armbru@redhat.com>
[Capitalize "QEMU", update qapi/pragma.json] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Paolo Bonzini [Mon, 25 Mar 2024 10:45:04 +0000 (11:45 +0100)]
qapi: document leftover members in qapi/stats.json
Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240325104504.1358734-1-pbonzini@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Update qapi/pragma.json] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Fri, 22 Mar 2024 14:09:10 +0000 (15:09 +0100)]
qga/qapi-schema: Refill doc comments to conform to current conventions
For legibility, wrap text paragraphs so every line is at most 70
characters long.
To check the generated documentation does not change, I compared the
generated HTML before and after this commit with "wdiff -3". Finds no
differences. Comparing with diff is not useful, as the refilled
paragraphs are visible there.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322140910.328840-13-armbru@redhat.com>
Markus Armbruster [Fri, 22 Mar 2024 14:09:08 +0000 (15:09 +0100)]
qapi: Refill doc comments to conform to current conventions
For legibility, wrap text paragraphs so every line is at most 70
characters long.
To check the generated documentation does not change, I compared the
generated HTML before and after this commit with "wdiff -3". Finds no
differences. Comparing with diff is not useful, as the refilled
paragraphs are visible there.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322140910.328840-11-armbru@redhat.com>
Markus Armbruster [Fri, 22 Mar 2024 14:09:02 +0000 (15:09 +0100)]
qapi: Tidy up indentation of add_client's example
Commit d23055b8db8 (qapi: Require descriptions and tagged sections to
be indented) indented add_client's example too much. Revert that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322140910.328840-5-armbru@redhat.com>
[Move a stray hunk to the later patch it belongs to]
Markus Armbruster [Fri, 22 Mar 2024 14:08:59 +0000 (15:08 +0100)]
qapi: Drop stray Arguments: line from qmp_capabilities docs
Reported-by: John Snow <jsnow@redhat.com> Fixes: 119ebac1feb2 (qapi-schema: use generated marshaller for 'qmp_capabilities') Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322140910.328840-2-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Fri, 22 Mar 2024 13:51:16 +0000 (14:51 +0100)]
qapi: Resync MigrationParameter and MigrateSetParameters
Enum MigrationParameter mirrors the members of struct
MigrateSetParameters. Differences to MigrateSetParameters's member
documentation are pointless. Clean them up:
* @compress-level, @compress-threads, @decompress-threads, and
x-checkpoint-delay are more thoroughly documented for
MigrationParameter, so use that version for both.
* @max-cpu-throttle is almost the same. Use MigrationParameter's
version for both.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322135117.195489-3-armbru@redhat.com> Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Peter Xu <peterx@redhat.com>
Markus Armbruster [Fri, 22 Mar 2024 13:51:15 +0000 (14:51 +0100)]
qapi: Improve migration TLS documentation
MigrateSetParameters is about setting parameters, and
MigrationParameters is about querying them. Their documentation of
@tls-creds and @tls-hostname has residual damage from a failed attempt
at de-duplicating them (see commit de63ab61241 "migrate: Share common
MigrationParameters struct" and commit 1bda8b3c695 "migration: Unshare
MigrationParameters struct for now").
MigrateSetParameters documentation issues:
* It claims plain text mode "was reported by omitting tls-creds"
before 2.9. MigrateSetParameters is not used for reporting, so this
is misleading. Delete.
* It similarly claims hostname defaulting to migration URI "was
reported by omitting tls-hostname" before 2.9. Delete as well.
Rephrase the remaining @tls-hostname contents for clarity.
Enum MigrationParameter mirrors the members of struct
MigrateSetParameters. Differences to MigrateSetParameters's member
documentation are pointless. Copy the new text to MigrationParameter.
MigrationParameters documentation issues:
* @tls-creds runs the two last sentences together without punctuation.
Fix that.
* Much of the contents on @tls-hostname only applies to setting
parameters, resulting in confusion. Replace by a suitable abridged
version of the new MigrateSetParameters text, and a note on
@tls-hostname omission in 2.8.
Additional damage is due to flawed doc fix commit 66fcb9d651d (qapi/migration: Add missing tls-authz documentation):
since it copied the missing MigrateSetParameters text from
MigrationParameters instead of MigrationParameter, the part on
recreating @tls-authz on the fly is missing. Copy that, too.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240322135117.195489-2-armbru@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
[Some typos corrected]
Peter Maydell [Mon, 25 Mar 2024 14:19:42 +0000 (14:19 +0000)]
Merge tag 'pull-request-2024-03-25' of https://gitlab.com/thuth/qemu into staging
* Fix timeouts in Travis-CI jobs
* Mark devices with user_creatable = false that can crash QEMU otherwise
* Fix s390x TEST-AND-SET TCG instruction emulation
* Move pc955* devices to hw/gpio/
* tag 'pull-request-2024-03-25' of https://gitlab.com/thuth/qemu:
tests/tcg/s390x: Test TEST AND SET
target/s390x: Use mutable temporary value for op_ts
libqos/virtio.c: Correct 'flags' reading in qvirtqueue_kick
misc/pca955*: Move models under hw/gpio
aspeed: Make the ast1030-a1 SoC not user creatable
aspeed: Make the ast2600-a3 SoC not user creatable
hw/microblaze: Do not allow xlnx-zynqmp-pmu-soc to be created by the user
.travis.yml: Remove the unused xfslib-dev package
.travis.yml: Shorten the runtime of the problematic jobs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 25 Mar 2024 14:17:31 +0000 (14:17 +0000)]
Merge tag 'migration-20240322-pull-request' of https://gitlab.com/peterx/qemu into staging
Migration pull for 9.0-rc1
- Fabiano's patch to revert fd: support on mapped-ram
- Peter's fix on postcopy regression on unnecessary dirty syncs
- Fabiano's fix on mapped-ram rare corrupt on zero page handling
# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZf2uIxIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1waqTgD/RjaWrcUYlHcfFcWlEQGrYqikCtZYI+oW
# YYdbLcCBOlQBAL/ecCbsFyaWyPnB1Eg3YFcj5g8AgogDHdg37HSxydgL
# =aWGi
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 22 Mar 2024 16:13:23 GMT
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [marginal]
# gpg: aka "Peter Xu <peterx@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'migration-20240322-pull-request' of https://gitlab.com/peterx/qemu:
migration/multifd: Fix clearing of mapped-ram zero pages
migration/postcopy: Fix high frequency sync
migration: Revert mapped-ram multifd support to fd: URI
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 25 Mar 2024 10:41:01 +0000 (10:41 +0000)]
tests/qtest/libqtest.c: Check for g_setenv() failure
Coverity points out that g_setenv() can fail and we don't
check for this in qtest_inproc_init(). In practice this will
only fail if a memory allocation failed in setenv() or if
the caller passed an invalid architecture name (e.g. one
with an '=' in it), so rather than requiring the callsite
to check for failure, make g_setenv() failure fatal here,
similarly to what we did in commit aca68d95c515.
Resolves: Coverity CID 1497485 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240312183810.557768-8-peter.maydell@linaro.org
In test_compute_wait() we do
double units = bkt.max / 10;
which does an integer division and then assigns it to a double variable,
and similarly later on in the expression for an assertion.
Use 10.0 so that we do a floating point division and calculate the
exact value, rather than doing an integer division.
Spotted by Coverity.
Resolves: Coverity CID 1432564 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240312183810.557768-7-peter.maydell@linaro.org
Zheyu Ma [Wed, 20 Mar 2024 09:04:42 +0000 (10:04 +0100)]
libqos/virtio.c: Correct 'flags' reading in qvirtqueue_kick
In qvirtqueue_kick(), the 'flags' were previously being incorrectly read from
vq->avail instead of the correct vq->used location. This update ensures 'flags'
are read from the correct location as per the virtio standard.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240320090442.267525-1-zheyuma97@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Mon, 25 Mar 2024 13:48:32 +0000 (14:48 +0100)]
misc/pca955*: Move models under hw/gpio
The PCA9552 and PCA9554 devices are both I2C GPIO controllers and the
PCA9552 also can drive LEDs. Do all the necessary adjustments to move
the models under hw/gpio.
Cc: Glenn Miles <milesg@linux.vnet.ibm.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20240325134833.1484265-1-clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Peter Maydell [Mon, 25 Mar 2024 10:41:01 +0000 (10:41 +0000)]
hw/nvram/mac_nvram: Report failure to write data
There's no way for the macio_nvram device to report failure to write
data, but we can at least report it to the user with error_report()
as we do in other devices like xlnx-efuse.
Spotted by Coverity.
Resolves: Coverity CID 1507628 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240312183810.557768-6-peter.maydell@linaro.org
Peter Maydell [Mon, 25 Mar 2024 10:41:00 +0000 (10:41 +0000)]
hw/misc/pca9554: Correct error check bounds in get/set pin functions
In pca9554_get_pin() and pca9554_set_pin(), we try to detect an
incorrect pin value, but we get the condition wrong, using ">"
when ">=" was intended.
This has no actual effect, because in pca9554_initfn() we
use the correct test when creating the properties and so
we'll never be called with an out of range value. However,
Coverity complains about the mismatch between the check and
the later use of the pin value in a shift operation.
Use the correct condition.
Resolves: Coverity CID 1534917 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240312183810.557768-5-peter.maydell@linaro.org
Peter Maydell [Mon, 25 Mar 2024 10:41:00 +0000 (10:41 +0000)]
net/af-xdp.c: Don't leak sock_fds array in net_init_af_xdp()
In net_init_af_xdp() we parse the arguments and allocate
a buffer of ints into sock_fds. However, although we
free this in the error exit path, we don't ever free it
in the successful return path. Coverity spots this leak.
Switch to g_autofree so we don't need to manually free the
array.
Resolves: Coverity CID 1534906 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240312183810.557768-4-peter.maydell@linaro.org
Peter Maydell [Mon, 25 Mar 2024 10:41:00 +0000 (10:41 +0000)]
tests/unit/socket-helpers: Don't close(-1)
In socket_check_afunix_support() we call socket(PF_UNIX, SOCK_STREAM, 0)
to see if it works, but we call close() on the result whether it
worked or not. Only close the fd if the socket() call succeeded.
Spotted by Coverity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240312183810.557768-3-peter.maydell@linaro.org
Thomas Huth [Wed, 20 Mar 2024 10:41:40 +0000 (11:41 +0100)]
.travis.yml: Remove the unused xfslib-dev package
Drop the "xfslibs-dev" package which should not be necessary anymore
since commit a5730b8bd3 ("block/file-posix: Simplify the XFS_IOC_DIOINFO
handling").
Message-ID: <20240320104144.823425-3-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 20 Mar 2024 10:41:39 +0000 (11:41 +0100)]
.travis.yml: Shorten the runtime of the problematic jobs
The "[s390x] GCC (other-system)" and the "[s390x] GCC check-tcg"
jobs are hitting the 50 minutes timeout in Travis quite frequently
since a while.
To fix it, we've got to drop a lot of the targets from the target
list in the jobs to make them work again.
With regards to the "check-tcg" test, we can move the check with
"s390x-linux-user" to the "user" job instead which also builds
the s390x-linux-user target.
And while we're at it, remove the "--enable-fdt=system" configure
switch (since this is not required nowadays anymore).
Message-ID: <20240320104144.823425-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Fabiano Rosas [Thu, 21 Mar 2024 20:12:42 +0000 (17:12 -0300)]
migration/multifd: Fix clearing of mapped-ram zero pages
When the zero page detection is done in the multifd threads, we need
to iterate the second part of the pages->offset array and clear the
file bitmap for each zero page. The piece of code we merged to do that
is wrong.
The reason this has passed all the tests is because the bitmap is
initialized with zeroes already, so clearing the bits only really has
an effect during live migration and when a data page goes from having
data to no data.
Fixes: 303e6f54f9 ("migration/multifd: Implement zero page transmission on the multifd thread.") Signed-off-by: Fabiano Rosas <farosas@suse.de> Link: https://lore.kernel.org/r/20240321201242.6009-1-farosas@suse.de Signed-off-by: Peter Xu <peterx@redhat.com>
Peter Xu [Wed, 20 Mar 2024 21:44:53 +0000 (17:44 -0400)]
migration/postcopy: Fix high frequency sync
With current code base I can observe extremely high sync count during
precopy, as long as one enables postcopy-ram=on before switchover to
postcopy.
To provide some context of when QEMU decides to do a full sync: it checks
must_precopy (which implies "data must be sent during precopy phase"), and
as long as it is lower than the threshold size we calculated (out of
bandwidth and expected downtime) QEMU will kick off the slow/exact sync.
However, when postcopy is enabled (even if still during precopy phase), RAM
only reports all pages as can_postcopy, and report must_precopy==0. Then
"must_precopy <= threshold_size" mostly always triggers and enforces a slow
sync for every call to migration_iteration_run() when postcopy is enabled
even if not used. That is insane.
It turns out it was a regress bug introduced in the previous refactoring in
8.0 as reported by Nina [1]:
(a) c8df4a7aef ("migration: Split save_live_pending() into state_pending_*")
Then a workaround patch is applied at the end of release (8.0-rc4) to fix it:
However that "workaround" was overlooked when during the cleanup in this
9.0 release in this commit..
(c) b0504edd40 ("migration: Drop unnecessary check in ram's pending_exact()")
Then the issue was re-exposed as reported by Nina [1].
The problem with (b) is that it only fixed the case for RAM, rather than
all the rest of iterators. Here a slow sync should only be required if all
dirty data (precopy+postcopy) is less than the threshold_size that QEMU
calculated. It is even debatable whether a sync is needed when switched to
postcopy. Currently ram_state_pending_exact() will be mostly noop if
switched to postcopy, and that logic seems to apply too for all the rest of
iterators, as sync dirty bitmap during a postcopy doesn't make much sense.
However let's leave such change for later, as we're in rc phase.
So rather than reusing commit (b), this patch provides the complete fix for
all iterators. When at it, cleanup a little bit on the lines around.
After the addition of the new QAPI-based migration address API in 8.2
we've been converting an "fd:" URI into a SocketAddress, missing the
fact that the "fd:" syntax could also be used for a plain file instead
of a socket. This is a problem because the SocketAddress is part of
the API, so we're effectively asking users to create a "socket"
channel to pass in a plain file.
The easiest way to fix this situation is to deprecate the usage of
both SocketAddress and "fd:" when used with a plain file for
migration. Since this has been possible since 8.2, we can wait until
9.1 to deprecate it.
For 9.0, however, we should avoid adding further support to migration
to a plain file using the old "fd:" syntax or the new SocketAddress
API, and instead require the usage of either the old-style "file:" URI
or the FileMigrationArgs::filename field of the new API with the
"/dev/fdset/NN" syntax, both of which are already supported.
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZf1WZgAKCRBAov/yOSY+
# 35zZBADDPLM3130Q/2zsGhol1C538i4+hYRbrX+OsLnlaldyE3NqCPcgaKwVE3xS
# T9aOln91rDyQedz4DVYYSx+Oa1JpRjGko957REmopL50SJOYi6n7YhHJksaUirjJ
# tMDZdPClOegieOpCu8LgJAVhaxTpZvfLedJVPt7O6Fl/uP3pLg==
# =XLqh
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 22 Mar 2024 09:59:02 GMT
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20240322' of https://gitlab.com/gaosong/qemu:
target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 22 Mar 2024 10:59:50 +0000 (10:59 +0000)]
Merge tag 'pull-riscv-to-apply-20240322' of https://github.com/alistair23/qemu into staging
RISC-V PR for 9.0
* Do not enable all named features by default
* A range of Vector fixes
* Update APLIC IDC after claiming iforce register
* Remove the dependency of Zvfbfmin to Zfbfmin
* Fix mode in riscv_tlb_fill
* Fix timebase-frequency when using KVM acceleration
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmX9RscACgkQr3yVEwxT
# gBNaRg/+KUSF6AuY25pS7GawbufBbwWWaWN9G/inPVoCnLbeYrkB3uZw3nBd3iV8
# KiD9Azabl6TLBFC/f7eP9alNDIoSrq5EliayrlFEZIncYvig2Y3CkWUeK6oJqDp2
# Dz1Vah4IB96bU2/M9icyHkh3tnSnbhq0JrbgoAYwWutZy4ERYugTHulOGPxBj64I
# JIfb8wYqaak3Uak+g0mz/YBNHegLEDxIzIRhO4oWPE0MWKSO3t79G9qVAYi7pkFB
# ZQQasZy0h9ZpwKvVajiO8yjwh7COI0IPU+4vZNkNXue0SXQvAvcKA4DdaTwmMTio
# 9UM9HRB371F5LtJLdvAT2TR8FfW26Y7xBe458jheFOnPHKwxEFtUFCQ39UJB3bDN
# k7CYvU3GIqUJHD7PtYZfzTdYkdnIDpr9yKTPP2/nCN53FzXuJs/XTyySphJ6mZ2m
# dsr1bnJn/ncZP7W2vdWGfgQEKt2CHfE5qWM++RwhmQc+IKn2ImMA0hBsg6Gl2imB
# 9WANt3UX784VDmcwcFVgDgr6nftDs7gjVCtHAaRV7Oq2f9hcr17pRxg66mSXs0BX
# fMhcqHBe01LpZQRbaGQ0ImTQksEFyH2KTvt0kjF4SfpVzMfVOi/Zmy9goYNq4iYd
# tfucBbXVhpzbJ/9HeOzKAJQ2Wt0NyLiyDIOkWXj61WquS/0Mr9g=
# =8vP1
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 22 Mar 2024 08:52:23 GMT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20240322' of https://github.com/alistair23/qemu:
target/riscv/kvm: fix timebase-frequency when using KVM acceleration
target/riscv: Fix mode in riscv_tlb_fill
target/riscv: rvv: Remove the dependency of Zvfbfmin to Zfbfmin
hw/intc: Update APLIC IDC after claiming iforce register
target/riscv/vector_helper.c: optimize loops in ldst helpers
target/riscv: enable 'vstart_eq_zero' in the end of insns
trans_rvv.c.inc: remove redundant mark_vs_dirty() calls
target/riscv: remove 'over' brconds from vector trans
target/riscv/vector_helpers: do early exit when vstart >= vl
target/riscv: always clear vstart for ldst_whole insns
target/riscv: always clear vstart in whole vec move insns
target/riscv/vector_helper.c: fix 'vmvr_v' memcpy endianess
trans_rvv.c.inc: set vstart = 0 in int scalar move insns
target/riscv/vector_helper.c: set vstart = 0 in GEN_VEXT_VSLIDEUP_VX()
target/riscv: do not enable all named features by default
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Song Gao [Thu, 21 Mar 2024 12:36:06 +0000 (20:36 +0800)]
target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int'
qemu-system-loongarch64 assert failed with the option '-d int',
the helper_idle() raise an exception EXCP_HLT, but the exception name is undefined.
Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240321123606.1704900-1-gaosong@loongson.cn>
Yong-Xuan Wang [Thu, 14 Mar 2024 06:15:09 +0000 (14:15 +0800)]
target/riscv/kvm: fix timebase-frequency when using KVM acceleration
The timebase-frequency of guest OS should be the same with host
machine. The timebase-frequency value in DTS should be got from
hypervisor when using KVM acceleration.
Signed-off-by: Yong-Xuan Wang <yongxuan.wang@sifive.com>
Message-ID: <20240314061510.9800-1-yongxuan.wang@sifive.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Max Chou [Thu, 21 Mar 2024 17:09:27 +0000 (01:09 +0800)]
target/riscv: rvv: Remove the dependency of Zvfbfmin to Zfbfmin
According to the Zvfbfmin definition in the RISC-V BF16 extensions spec,
the Zvfbfmin extension only requires either the V extension or the
Zve32f extension.
Signed-off-by: Max Chou <max.chou@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240321170929.1162507-1-max.chou@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Thu, 21 Mar 2024 10:49:48 +0000 (18:49 +0800)]
hw/intc: Update APLIC IDC after claiming iforce register
Currently, QEMU only sets the iforce register to 0 and returns early
when claiming the iforce register. However, this may leave mip.meip
remains at 1 if a spurious external interrupt triggered by iforce
register is the only pending interrupt to be claimed, and the interrupt
cannot be lowered as expected.
This commit fixes this issue by calling riscv_aplic_idc_update() to
update the IDC status after the iforce register is claimed.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Jim Shu <jim.shu@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240321104951.12104-1-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:57:04 +0000 (14:57 -0300)]
target/riscv/vector_helper.c: optimize loops in ldst helpers
Change the for loops in ldst helpers to do a single increment in the
counter, and assign it env->vstart, to avoid re-reading from vstart
every time.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240314175704.478276-11-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Ivan Klokov [Thu, 14 Mar 2024 17:57:03 +0000 (14:57 -0300)]
target/riscv: enable 'vstart_eq_zero' in the end of insns
The vstart_eq_zero flag is updated at the beginning of the translation
phase from the env->vstart variable. During the execution phase all
functions will set env->vstart = 0 after a successful execution, but the
vstart_eq_zero flag remains the same as at the start of the block. This
will wrongly cause SIGILLs in translations that requires env->vstart = 0
and might be reading vstart_eq_zero = false.
This patch adds a new finalize_rvv_inst() helper that is called at the
end of each vector instruction that will both update vstart_eq_zero and
do a mark_vs_dirty().
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1976 Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240314175704.478276-10-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
trans_vmv_v_i , trans_vfmv_v_f and the trans_##NAME macro from
GEN_VMV_WHOLE_TRANS() are calling mark_vs_dirty() in both branches of
their 'ifs'. conditionals.
Call it just once in the end like other functions are doing.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240314175704.478276-9-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:57:01 +0000 (14:57 -0300)]
target/riscv: remove 'over' brconds from vector trans
All helpers that rely on vstart >= vl are now doing early exits using
the VSTART_CHECK_EARLY_EXIT() macro. This macro will not only exit the
helper but also clear vstart.
We're still left with brconds that are skipping the helper, which is the
only place where we're clearing vstart. The pattern goes like this:
This means that every time we jump to 'over' we're not clearing vstart,
which is an oversight that we're doing across the board.
Instead of setting vstart = 0 manually after each 'over' jump, remove
those brconds that are skipping helpers. The exception will be
trans_vmv_s_x() and trans_vfmv_s_f(): they don't use a helper and are
already clearing vstart manually in the 'over' label.
While we're at it, remove the (vl == 0) brconds from trans_rvbf16.c.inc
too since they're unneeded.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240314175704.478276-8-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:57:00 +0000 (14:57 -0300)]
target/riscv/vector_helpers: do early exit when vstart >= vl
We're going to make changes that will required each helper to be
responsible for the 'vstart' management, i.e. we will relieve the
'vstart < vl' assumption that helpers have today.
Helpers are usually able to deal with vstart >= vl, i.e. doing nothing
aside from setting vstart = 0 at the end, but the tail update functions
will update the tail regardless of vstart being valid or not. Unifying
the tail update process in a single function that would handle the
vstart >= vl case isn't trivial (see [1] for more info).
This patch takes a blunt approach: do an early exit in every single
vector helper if vstart >= vl, unless the helper is guarded with
vstart_eq_zero in the translation. For those cases the helper is ready
to deal with cases where vl might be zero, i.e. throwing exceptions
based on it like vcpop_m() and first_m().
Helpers that weren't changed:
- vcpop_m(), vfirst_m(), vmsetm(), GEN_VEXT_VIOTA_M(): these are guarded
directly with vstart_eq_zero;
- GEN_VEXT_VCOMPRESS_VM(): guarded with vcompress_vm_check() that checks
vstart_eq_zero;
- GEN_VEXT_RED(): guarded with either reduction_check() or
reduction_widen_check(), both check vstart_eq_zero;
- GEN_VEXT_FRED(): guarded with either freduction_check() or
freduction_widen_check(), both check vstart_eq_zero.
Another exception is vext_ldst_whole(), who operates on effective vector
length regardless of the current settings in vtype and vl.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240314175704.478276-7-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:56:59 +0000 (14:56 -0300)]
target/riscv: always clear vstart for ldst_whole insns
Commit 8ff8ac6329 added a conditional to guard the vext_ldst_whole()
helper if vstart >= evl. But by skipping the helper we're also not
setting vstart = 0 at the end of the insns, which is incorrect.
We'll move the conditional to vext_ldst_whole(), following in line with
the removal of all brconds vstart >= vl that the next patch will do. The
idea is to make the helpers responsible for their own vstart management.
Fix ldst_whole isns by:
- remove the brcond that skips the helper if vstart is >= evl;
- vext_ldst_whole() now does an early exit with the same check, where
evl = (vlenb * nf) >> log2_esz, but the early exit will also clear
vstart.
The 'width' param is now unneeded in ldst_whole_trans() and is also
removed. It was used for the evl calculation for the brcond and has no
other use now. The 'width' is reflected in vext_ldst_whole() via
log2_esz, which is encoded by GEN_VEXT_LD_WHOLE() as
"ctzl(sizeof(ETYPE))".
Suggested-by: Max Chou <max.chou@sifive.com> Fixes: 8ff8ac6329 ("target/riscv: rvv: Add missing early exit condition for whole register load/store") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Max Chou <max.chou@sifive.com>
Message-ID: <20240314175704.478276-6-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:56:58 +0000 (14:56 -0300)]
target/riscv: always clear vstart in whole vec move insns
These insns have 2 paths: we'll either have vstart already cleared if
vstart_eq_zero or we'll do a brcond to check if vstart >= maxsz to call
the 'vmvr_v' helper. The helper will clear vstart if it executes until
the end, or if vstart >= vl.
For starters, the check itself is wrong: we're checking vstart >= maxsz,
when in fact we should use vstart in bytes, or 'startb' like 'vmvr_v' is
calling, to do the comparison. But even after fixing the comparison we'll
still need to clear vstart in the end, which isn't happening too.
We want to make the helpers responsible to manage vstart, including
these corner cases, precisely to avoid these situations:
- remove the wrong vstart >= maxsz cond from the translation;
- add a 'startb >= maxsz' cond in 'vmvr_v', and clear vstart if that
happens.
This way we're now sure that vstart is being cleared in the end of the
execution, regardless of the path taken.
Fixes: f714361ed7 ("target/riscv: rvv-1.0: implement vstart CSR") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240314175704.478276-5-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:56:56 +0000 (14:56 -0300)]
trans_rvv.c.inc: set vstart = 0 in int scalar move insns
trans_vmv_x_s, trans_vmv_s_x, trans_vfmv_f_s and trans_vfmv_s_f aren't
setting vstart = 0 after execution. This is usually done by a helper in
vector_helper.c but these functions don't use helpers.
We'll set vstart after any potential 'over' brconds, and that will also
mandate a mark_vs_dirty() too.
Fixes: dedc53cbc9 ("target/riscv: rvv-1.0: integer scalar move instructions") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240314175704.478276-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Thu, 14 Mar 2024 17:56:55 +0000 (14:56 -0300)]
target/riscv/vector_helper.c: set vstart = 0 in GEN_VEXT_VSLIDEUP_VX()
The helper isn't setting env->vstart = 0 after its execution, as it is
expected from every vector instruction that completes successfully.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-ID: <20240314175704.478276-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
projects / users / dwmw2 / qemu.git / log