For the following events (ARM IHI 0070 F.b - 7.3 Event records):
- F_TRANSLATION
- F_ACCESS
- F_PERMISSION
- F_ADDR_SIZE
If fault occurs at stage 2, S2 == 1 and:
- If translating an IPA for a transaction (whether by input to
stage 2-only configuration, or after successful stage 1 translation),
CLASS == IN, and IPA is provided.
At the moment only CLASS == IN is used which indicates input
translation.
However, this was not implemented correctly, as for stage 2, the code
only sets the S2 bit but not the IPA.
This field has the same bits as FetchAddr in F_WALK_EABT which is
populated correctly, so we don’t change that.
The setting of this field should be done from the walker as the IPA address
wouldn't be known in case of nesting.
For stage 1, the spec says:
If fault occurs at stage 1, S2 == 0 and:
CLASS == IN, IPA is UNKNOWN.
So, no need to set it to for stage 1, as ptw_info is initialised by zero in
smmuv3_translate().
Fixes: e703f7076a “hw/arm/smmuv3: Add page table walk for stage-2” Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Mostafa Saleh <smostafa@google.com>
Message-id: 20240715084519.1189624-3-smostafa@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/smmu-common: Add missing size check for stage-1
According to the SMMU architecture specification (ARM IHI 0070 F.b),
in “3.4 Address sizes”
The address output from the translation causes a stage 1 Address Size
fault if it exceeds the range of the effective IPA size for the given CD.
However, this check was missing.
There is already a similar check for stage-2 against effective PA.
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Mostafa Saleh <smostafa@google.com>
Message-id: 20240715084519.1189624-2-smostafa@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It is common practice when implementing double-buffering on VideoCore
to do so by multiplying the height of the virtual buffer by the
number of virtual screens desired (i.e., two - in the case of
double-bufferring).
At present, this won't work in QEMU because the logic in
fb_use_offsets require that both the virtual width and height exceed
their physical counterparts.
This appears to be unintentional/a typo and indeed the comment
states; "Experimentally, the hardware seems to do this only if the
viewport size is larger than the physical screen". The
viewport/virtual size would be larger than the physical size if
either virtual dimension were larger than their physical counterparts
and not necessarily both.
Signed-off-by: SamJakob <me@samjakob.com>
Message-id: 20240713160353.62410-1-me@samjakob.com Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 16 Jul 2024 10:30:32 +0000 (11:30 +0100)]
target/arm: LDAPR should honour SCTLR_ELx.nAA
In commit c1a1f80518d360b when we added the FEAT_LSE2 relaxations to
the alignment requirements for atomic and ordered loads and stores,
we didn't quite get it right for LDAPR/LDAPRH/LDAPRB with no
immediate offset. These instructions were handled in the old decoder
as part of disas_ldst_atomic(), but unlike all the other insns that
function decoded (LDADD, LDCLR, etc) these insns are "ordered", not
"atomic", so they should be using check_ordered_align() rather than
check_atomic_align(). Commit c1a1f80518d360b used
check_atomic_align() regardless for everything in
disas_ldst_atomic(). We then carried that incorrect check over in
the decodetree conversion, where LDAPR/LDAPRH/LDAPRB are now handled
by trans_LDAPR().
The effect is that when FEAT_LSE2 is implemented, these instructions
don't honour the SCTLR_ELx.nAA bit and will generate alignment
faults when they should not.
(The LDAPR insns with an immediate offset were in disas_ldst_ldapr_stlr()
and then in trans_LDAPR_i() and trans_STLR_i(), and have always used
the correct check_ordered_align().)
Use check_ordered_align() in trans_LDAPR().
Cc: qemu-stable@nongnu.org Fixes: c1a1f80518d360b ("target/arm: Relax ordered/atomic alignment checks for LSE2") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240709134504.3500007-3-peter.maydell@linaro.org
Peter Maydell [Tue, 16 Jul 2024 10:30:32 +0000 (11:30 +0100)]
target/arm: Fix handling of LDAPR/STLR with negative offset
When we converted the LDAPR/STLR instructions to decodetree we
accidentally introduced a regression where the offset is negative.
The 9-bit immediate field is signed, and the old hand decoder
correctly used sextract32() to get it out of the insn word,
but the ldapr_stlr_i pattern in the decode file used "imm:9"
instead of "imm:s9", so it treated the field as unsigned.
Fix the pattern to treat the field as a signed immediate.
Cc: qemu-stable@nongnu.org Fixes: 2521b6073b7 ("target/arm: Convert LDAPR/STLR (imm) to decodetree")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2419 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240709134504.3500007-2-peter.maydell@linaro.org
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
meson: Update meson-buildoptions.sh
backends/rng-random: Get rid of qemu_open_old()
backends/iommufd: Get rid of qemu_open_old()
backends/hostmem-epc: Get rid of qemu_open_old()
hw/vfio/container: Get rid of qemu_open_old()
hw/usb/u2f-passthru: Get rid of qemu_open_old()
hw/usb/host-libusb: Get rid of qemu_open_old()
hw/i386/sgx: Get rid of qemu_open_old()
tests/avocado: Remove the non-working virtio_check_params test
doc/net/l2tpv3: Update boolean fields' description to avoid short-form use
target/hexagon/imported/mmvec: Fix superfluous trailing semicolon
util/oslib-posix: Fix superfluous trailing semicolon
hw/i386/x86: Fix superfluous trailing semicolon
accel/kvm/kvm-all: Fix superfluous trailing semicolon
README.rst: add the missing punctuations
block/curl: rewrite http header parsing function
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tag 'pull-qapi-2024-07-17' of https://repo.or.cz/qemu/armbru:
qapi: remove "Example" doc section
qapi: convert "Example" sections with longer prose
qapi: convert "Example" sections with titles
qapi: convert "Example" sections without titles
docs/sphinx: add CSS styling for qmp-example directive
docs/qapidoc: add QMP highlighting to annotated qmp-example blocks
docs/qapidoc: create qmp-example directive
docs/qapidoc: factor out do_parse()
qapi/ui: Drop note on naming of SpiceQueryMouseMode
qapi/sockets: Move deprecation note out of SocketAddress doc comment
qapi/machine: Clarify query-uuid value when none has been specified
qapi/machine: Clean up documentation around CpuInstanceProperties
qapi/pci: Clean up documentation around PciDeviceClass
qapi/qom: Document feature unstable of @x-vfio-user-server
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Zhao Liu [Fri, 5 Jul 2024 05:49:03 +0000 (13:49 +0800)]
meson: Update meson-buildoptions.sh
Update meson-buildoptions.sh to stay in sync with meson_options.txt.
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:55 +0000 (16:21 +0800)]
backends/rng-random: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open(). And considering
rng_random_opened() will lose its obvious error handling case after
removing error_setg_file_open(), add comment to remind here.
Cc: Laurent Vivier <lvivier@redhat.com> Cc: Amit Shah <amit@kernel.org> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(mjt: drop superfluous commit as suggested by philmd) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:54 +0000 (16:21 +0800)]
backends/iommufd: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open().
Cc: Yi Liu <yi.l.liu@intel.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Zhenzhong Duan <zhenzhong.duan@intel.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:53 +0000 (16:21 +0800)]
backends/hostmem-epc: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open().
Cc: David Hildenbrand <david@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:52 +0000 (16:21 +0800)]
hw/vfio/container: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open().
Cc: Alex Williamson <alex.williamson@redhat.com> Cc: "Cédric Le Goater" <clg@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:51 +0000 (16:21 +0800)]
hw/usb/u2f-passthru: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open().
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 15 Jul 2024 08:21:50 +0000 (16:21 +0800)]
hw/usb/host-libusb: Get rid of qemu_open_old()
For qemu_open_old(), osdep.h said:
> Don't introduce new usage of this function, prefer the following
> qemu_open/qemu_create that take an "Error **errp".
So replace qemu_open_old() with qemu_open().
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Wed, 10 Jul 2024 12:03:30 +0000 (14:03 +0200)]
tests/avocado: Remove the non-working virtio_check_params test
The test has been marked as broken more than 4 years ago [*],
and so far nobody ever cared to fix it. Thus let's simply remove
it now ... if somebody ever needs it again, they can restore the
file from an older version of QEMU.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(mjt: add reference as suggested by philm) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Mon, 8 Jul 2024 09:26:30 +0000 (17:26 +0800)]
doc/net/l2tpv3: Update boolean fields' description to avoid short-form use
The short-form boolean options has been deprecated since v6.0 (refer
to docs/about/deprecated.rst).
Update the description and example of boolean fields in l2tpv3 option to
avoid deprecation warning.
Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix the superfluous trailing semicolon in target/hexagon/imported/mmvec/
ext.idef.
Cc: Brian Cain <bcain@quicinc.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Brian Cain <bcain@quicinc.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Thu, 4 Jul 2024 08:47:57 +0000 (16:47 +0800)]
hw/i386/x86: Fix superfluous trailing semicolon
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Michael Tokarev [Sat, 29 Jun 2024 13:27:00 +0000 (16:27 +0300)]
block/curl: rewrite http header parsing function
Existing code was long, unclear and twisty.
This also relaxes the rules a tiny bit: allows to have
whitespace before header name and colon and makes the
header value match to be case-insensitive.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
John Snow [Wed, 17 Jul 2024 02:13:11 +0000 (22:13 -0400)]
qapi: remove "Example" doc section
Fully eliminate the "Example" sections in QAPI doc blocks now that they
have all been converted to arbitrary rST syntax using the
".. qmp-example::" directive. Update tests to match.
Migrating to the new syntax
---------------------------
The old "Example:" or "Examples:" section syntax is now caught as an
error, but "Example::" is stil permitted as explicit rST syntax for an
un-lexed, generic preformatted text block.
('Example' is not special in this case, any sentence that ends with "::"
will start an indented code block in rST.)
Arbitrary rST for Examples is now possible, but it's strongly
recommended that documentation authors use the ".. qmp-example::"
directive for consistent visual formatting in rendered HTML docs. The
":title:" directive option may be used to add extra information into the
title bar for the example. The ":annotated:" option can be used to write
arbitrary rST instead, with nested "::" blocks applying QMP formatting
where desired.
Other choices available are ".. code-block:: QMP" which will not create
an "Example:" box, or the short-form "::" code-block syntax which will
not apply QMP highlighting when used outside of the qmp-example
directive.
Why?
----
This patch has several benefits:
1. Example sections can now be written more arbitrarily, mixing
explanatory paragraphs and code blocks however desired.
2. Example sections can now use fully arbitrary rST.
3. All code blocks are now lexed and validated as QMP; increasing
usability of the docs and ensuring validity of example snippets.
(To some extent - This patch only gaurantees it lexes correctly, not
that it's valid under the JSON or QMP grammars. It will catch most
small mistakes, however.)
4. Each qmp-example can be titled or annotated independently without
bypassing the QMP lexer/validator.
(i.e. code blocks are now for *code* only, so we don't have to
sacrifice exposition for having lexically valid examples.)
NOTE: As with the "Notes" conversion (d461c279737), this patch (and the
three preceding) may change the rendering order for Examples in
the current generator. The forthcoming qapidoc rewrite will fix
this by always generating documentation in source order.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20240717021312.606116-10-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:10 +0000 (22:13 -0400)]
qapi: convert "Example" sections with longer prose
These examples require longer explanations or have explanations that
require markup to look reasonable when rendered and so use the longer
form of the ".. qmp-example::" directive.
By using the :annotated: option, the content in the example block is
assumed *not* to be a code block literal and is instead parsed as normal
rST - with the exception that any code literal blocks after `::` will
assumed to be a QMP code literal block.
Note: There's one title-less conversion in this patch that comes along
for the ride because it's part of a larger "Examples" block that was
better to convert all at once.
See commit-5: "docs/qapidoc: create qmp-example directive", for a
detailed explanation of this custom directive syntax.
See commit+1: "qapi: remove "Example" doc section" for a detailed
explanation of why.
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240717021312.606116-9-jsnow@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:09 +0000 (22:13 -0400)]
qapi: convert "Example" sections with titles
When an Example section has a brief explanation, convert it to a
qmp-example:: section using the :title: option.
Rule of thumb: If the title can fit on a single line and requires no rST
markup, it's a good candidate for using the :title: option of
qmp-example.
In this patch, trailing punctuation is removed from the title section
for consistent headline aesthetics. In just one case, specifics of the
example are removed to make the title read better.
See commit-4: "docs/qapidoc: create qmp-example directive", for a
detailed explanation of this custom directive syntax.
See commit+2: "qapi: remove "Example" doc section" for a detailed
explanation of why.
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240717021312.606116-8-jsnow@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:08 +0000 (22:13 -0400)]
qapi: convert "Example" sections without titles
Use the no-option form of ".. qmp-example::" to convert any Examples
that do not have any form of caption or explanation whatsoever. Note
that in a few cases, example sections are split into two or more
separate example blocks. This is only done stylistically to create a
delineation between two or more logically independent examples.
See commit-3: "docs/qapidoc: create qmp-example directive", for a
detailed explanation of this custom directive syntax.
See commit+3: "qapi: remove "Example" doc section" for a detailed
explanation of why.
Note: an empty "TODO" line was added to announce-self to keep the
example from floating up into the body; this will be addressed more
rigorously in the new qapidoc generator.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20240717021312.606116-7-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Markup fixed in one place] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:06 +0000 (22:13 -0400)]
docs/qapidoc: add QMP highlighting to annotated qmp-example blocks
For any code literal blocks inside of a qmp-example directive, apply and
enforce the QMP lexer/highlighter to those blocks.
This way, you won't need to write:
```
.. qmp-example::
:annotated:
Blah blah
.. code-block:: QMP
-> { "lorem": "ipsum" }
```
But instead, simply:
```
.. qmp-example::
:annotated:
Blah blah::
-> { "lorem": "ipsum" }
```
Once the directive block is exited, whatever the previous default
highlight language was will be restored; localizing the forced QMP
lexing to exclusively this directive.
Note, if the default language is *already* QMP, this directive will not
generate and restore redundant highlight configuration nodes. We may
well decide that the default language ought to be QMP for any QAPI
reference pages, but this way the directive behaves consistently no
matter where it is used.
Signed-off-by: John Snow <jsnow@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240717021312.606116-5-jsnow@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:05 +0000 (22:13 -0400)]
docs/qapidoc: create qmp-example directive
This is a directive that creates a syntactic sugar for creating
"Example" boxes very similar to the ones already used in the bitmaps.rst
document, please see e.g.
https://www.qemu.org/docs/master/interop/bitmaps.html#creation-block-dirty-bitmap-add
In its simplest form, when a custom title is not needed or wanted, and
the example body is *solely* a QMP example:
```
.. qmp-example::
{body}
```
is syntactic sugar for:
```
.. admonition:: Example:
.. code-block:: QMP
{body}
```
When a custom, plaintext title that describes the example is desired,
this form:
```
.. qmp-example::
:title: Defrobnification
{body}
```
Is syntactic sugar for:
```
.. admonition:: Example: Defrobnification
.. code-block:: QMP
{body}
```
Lastly, when Examples are multi-step processes that require non-QMP
exposition, have lengthy titles, or otherwise involve prose with rST
markup (lists, cross-references, etc), the most complex form:
```
.. qmp-example::
:annotated:
This example shows how to use `foo-command`::
{body}
For more information, please see `frobnozz`.
```
Is desugared to:
```
.. admonition:: Example:
This example shows how to use `foo-command`::
{body}
For more information, please see `frobnozz`.
```
Note that :annotated: and :title: options can be combined together, if
desired.
The primary benefit here being documentation source consistently using
the same directive for all forms of examples to ensure consistent visual
styling, and ensuring all relevant prose is visually grouped alongside
the code literal block.
Note that as of this commit, the code-block rST syntax "::" does not
apply QMP highlighting; you would need to use ".. code-block:: QMP". The
very next commit changes this behavior to assume all "::" code blocks
within this directive are QMP blocks.
Signed-off-by: John Snow <jsnow@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240717021312.606116-4-jsnow@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Wed, 17 Jul 2024 02:13:04 +0000 (22:13 -0400)]
docs/qapidoc: factor out do_parse()
Factor out the compatibility parser helper into a base class, so it can
be shared by other directives.
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240717021312.606116-3-jsnow@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Thu, 11 Jul 2024 11:22:28 +0000 (13:22 +0200)]
qapi/ui: Drop note on naming of SpiceQueryMouseMode
Doc comments are reference documentation for users of QMP.
SpiceQueryMouseMode's doc comment contains a note explaining why it's
not named SpiceMouseMode: spice/enums.h has it already. Irrelevant
for users of QMP; delete the note.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240711112228.2140606-6-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Thu, 11 Jul 2024 11:22:27 +0000 (13:22 +0200)]
qapi/sockets: Move deprecation note out of SocketAddress doc comment
Doc comments are reference documentation for users of QMP.
SocketAddress's doc comment contains a deprecation note advising
developers to use SocketAddress for new code. Irrelevant for users of
QMP. Move the note out of the doc comment.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240711112228.2140606-5-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The doc comment calls this "a null UUID", which I find less than
clear. RFC 9562 calls it "the nil UUID (all zeroes)", so use that
instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240711112228.2140606-4-armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
[Wording improved, commit message adjusted] Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Markus Armbruster [Thu, 11 Jul 2024 11:22:25 +0000 (13:22 +0200)]
qapi/machine: Clean up documentation around CpuInstanceProperties
CpuInstanceProperties' doc comment describes its members as properties
to be passed to device_add when hot-plugging a CPU.
This was in fact the initial use of this type, with
query-hotpluggable-cpus: letting management applications find out what
properties need to be passed with device_add to hot-plug a CPU.
We've since added other uses: set-numa-node (commit 419fcdec3c1 and f3be67812c2), and query-cpus-fast (commit ce74ee3dea6). These are not
about device-add.
query-hotpluggable-cpus uses CpuInstanceProperties within
HotpluggableCPU. Lift the documentation related to device-add from
CpuInstanceProperties to HotpluggableCPU.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240711112228.2140606-3-armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Markus Armbruster [Thu, 11 Jul 2024 11:22:24 +0000 (13:22 +0200)]
qapi/pci: Clean up documentation around PciDeviceClass
PciDeviceInfo's doc comment has a note on PciDeviceClass member @desc.
Since the note applies always, not just within PciDeviceInfo, merge it
into PciDeviceClass's description of member @desc.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20240711112228.2140606-2-armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Richard Henderson [Wed, 17 Jul 2024 05:40:28 +0000 (15:40 +1000)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* target/i386/tcg: fixes for seg_helper.c
* SEV: Don't allow automatic fallback to legacy KVM_SEV_INIT,
but also don't use it by default
* scsi: honor bootindex again for legacy drives
* hpet, utils, scsi, build, cpu: miscellaneous bugfixes
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
target/i386/tcg: save current task state before loading new one
target/i386/tcg: use X86Access for TSS access
target/i386/tcg: check for correct busy state before switching to a new task
target/i386/tcg: Compute MMU index once
target/i386/tcg: Introduce x86_mmu_index_{kernel_,}pl
target/i386/tcg: Reorg push/pop within seg_helper.c
target/i386/tcg: use PUSHL/PUSHW for error code
target/i386/tcg: Allow IRET from user mode to user mode with SMAP
target/i386/tcg: Remove SEG_ADDL
target/i386/tcg: fix POP to memory in long mode
hpet: fix HPET_TN_SETVAL for high 32-bits of the comparator
hpet: fix clamping of period
docs: Update description of 'user=username' for '-run-with'
qemu/timer: Add host ticks function for LoongArch
scsi: fix regression and honor bootindex again for legacy drives
hw/scsi/lsi53c895a: bump instruction limit in scripts processing to fix regression
disas: Fix build against Capstone v6
cpu: Free queued CPU work
Revert "qemu-char: do not operate on sources from finalize callbacks"
i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tag 'hw-misc-20240716' of https://github.com/philmd/qemu:
system/physmem: use return value of ram_block_discard_require() as errno
vl: fix "type is NULL" in -vga help
ui/console: Remove dpy_cursor_define_supported()
ui/cocoa: Add cursor composition
ui/console: Convert mouse visibility parameter into bool
ui/cocoa: Release CGColorSpace
esp: remove transfer size check from DMA DATA IN and DATA OUT transfers
system/cpus: Add cpu_pause() function
accel/tcg: Make cpu_exec_interrupt hook mandatory
loader: remove load_image_gzipped function as its not used anywhere
include/hw/qdev-core.h: Correct and clarify gpio doc comments
hw/isa/vt82c686: Turn "intr" irq into a named gpio
hw/core/loader: allow loading larger ROMs
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240712162719.88165-12-philmd@linaro.org>
Sai Pavan Boddu [Wed, 25 May 2022 07:21:22 +0000 (09:21 +0200)]
hw/sd/sdcard: Add mmc SWITCH function support (CMD6)
switch operation in mmc cards, updated the ext_csd register to
request changes in card operations. Here we implement similar
sequence but requests are mostly dummy and make no change.
Implement SWITCH_ERROR if the write operation offset goes beyond
length of ext_csd.
Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMD: Convert to SDProto handlers, add trace events] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-11-philmd@linaro.org>
The parameters mimick a real 4GB eMMC, but it can be set to various
sizes.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
EXT_CSD values from Vincent's patch simplivied for Spec v4.3:
- Set some keys to not defined / implemented:
. EXT_CSD_HPI_FEATURES
. EXT_CSD_BKOPS_SUPPORT
. EXT_CSD_SEC_FEATURE_SUPPORT
. EXT_CSD_ERASE_TIMEOUT_MULT
. EXT_CSD_PART_SWITCH_TIME
. EXT_CSD_OUT_OF_INTERRUPT_TIME
- Update:
. EXT_CSD_CARD_TYPE (7 -> 3)
High-Speed MultiMediaCard @ 26MHz & 52MHz
. Performances (0xa -> 0x46)
Class B at 3MB/s. -> Class J at 21MB/s
. EXT_CSD_REV (5 -> 3)
Rev 1.5 (spec v4.41) -> Rev 1.3 (spec v4.3)
- Use load/store API to set EXT_CSD_SEC_CNT
- Remove R/W keys, normally zeroed at reset
. EXT_CSD_BOOT_INFO
Migrate the Modes segment (192 lower bytes) but not the
full EXT_CSD register, see Spec v4.3, chapter 8.4
"Extended CSD register":
The Extended CSD register defines the card properties
and selected modes. It is 512 bytes long. The most
significant 320 bytes are the Properties segment, which
defines the card capabilities and cannot be modified by
the host. The lower 192 bytes are the Modes segment,
which defines the configuration the card is working in.
These modes can be changed by the host by means of the
SWITCH command.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-9-philmd@linaro.org>
Luc Michel [Tue, 20 Feb 2024 11:17:18 +0000 (12:17 +0100)]
hw/sd/sdcard: Implement eMMC sleep state (CMD5)
The JEDEC standards specifies a sleep state where the eMMC won't
answer any command appart from RESET and WAKEUP and go to low power
state. Implement this state and the corresponding command number 5.
Signed-off-by: Luc Michel <luc.michel@amd.com> Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-8-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Message-Id: <20240712162719.88165-7-philmd@linaro.org>
Cédric Le Goater [Tue, 11 May 2021 11:58:47 +0000 (13:58 +0200)]
hw/sd/sdcard: Fix SET_BLOCK_COUNT command argument on eMMC (CMD23)
The number of blocks is defined in the lower bits [15:0].
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-6-philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-5-philmd@linaro.org>
Per the spec v4.3 these commands are mandatory,
but we don't implement them.
Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 17 Jun 2024 06:51:27 +0000 (08:51 +0200)]
hw/sd/sdcard: Register generic command handlers
Tested-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 30 May 2022 18:06:20 +0000 (20:06 +0200)]
hw/sd/sdcard: Basis for eMMC support
Since eMMC are soldered on boards, it is not user-creatable.
RCA register is initialized to 0x0001, per spec v4.3,
chapter 8.5 "RCA register":
The default value of the RCA register is 0x0001.
The value 0x0000 is reserved to set all cards into
the Stand-by State with CMD7.
The CSD register is very similar to SD one, except
the version announced is v4.3.
eMMC CID register is slightly different from SD:
- One extra PNM (5 -> 6)
- MDT is only 1 byte (2 -> 1).
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Cédric Le Goater <clg@redhat.com>
Message-Id: <20240712162719.88165-2-philmd@linaro.org>
system/physmem: use return value of ram_block_discard_require() as errno
When ram_block_discard_require() fails, errno is passed to error_setg_errno().
It's a stale value or 0 which is unrelated to ram_block_discard_require().
As ram_block_discard_require() already returns -EBUSY in failure case,
use it as errno for error_setg_errno().
Fixes: 852f0048f3ea ("make guest_memfd require uncoordinated discard") Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20240716064213.290696-1-zhenzhong.duan@intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Remove dpy_cursor_define_supported() as it brings no benefit today and
it has a few inherent problems.
All graphical displays except egl-headless support cursor composition
without DMA-BUF, and egl-headless is meant to be used in conjunction
with another graphical display, so dpy_cursor_define_supported()
always returns true and meaningless.
Even if we add a new display without cursor composition in the future,
dpy_cursor_define_supported() will be problematic as a cursor display
fix for it because some display devices like virtio-gpu cannot tell the
lack of cursor composition capability to the guest and are unable to
utilize the value the function returns. Therefore, all non-headless
graphical displays must actually implement cursor composition for
correct cursor display.
Another problem with dpy_cursor_define_supported() is that it returns
true even if only some of the display listeners support cursor
composition, which is wrong unless all display listeners that lack
cursor composition is headless.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Phil Dennis-Jordan <phil@philjordan.eu> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20240715-cursor-v3-4-afa5b9492dbf@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add accelerated cursor composition to ui/cocoa. This does not only
improve performance for display devices that exposes the capability to
the guest according to dpy_cursor_define_supported(), but fixes the
cursor display for devices that unconditionally expects the availability
of the capability (e.g., virtio-gpu).
The common pattern to implement accelerated cursor composition is to
replace the cursor and warp it so that the replaced cursor is shown at
the correct position on the guest display for relative pointer devices.
Unfortunately, ui/cocoa cannot do the same because warping the cursor
position interfers with the mouse input so it uses CALayer instead;
although it is not specialized for cursor composition, it still can
compose images with hardware acceleration.
Co-authored-by: Phil Dennis-Jordan <phil@philjordan.eu> Tested-by: Phil Dennis-Jordan <phil@philjordan.eu> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20240715-cursor-v3-3-afa5b9492dbf@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
CGImageCreate | Apple Developer Documentation
https://developer.apple.com/documentation/coregraphics/1455149-cgimagecreate
> The color space is retained; on return, you may safely release it.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Tested-by: Phil Dennis-Jordan <phil@philjordan.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240715-cursor-v3-1-afa5b9492dbf@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Mark Cave-Ayland [Sat, 13 Jul 2024 22:42:49 +0000 (23:42 +0100)]
esp: remove transfer size check from DMA DATA IN and DATA OUT transfers
The transfer size check was originally added to prevent consecutive DMA TI
commands from causing an assert() due to an existing SCSI request being in
progress, but since the last set of updates [*] this is no longer required.
Remove the transfer size check from DMA DATA IN and DATA OUT transfers so
that issuing a DMA TI command when there is no data left to transfer does
not cause an assert() due to an existing SCSI request being in progress.
Nicholas Piggin [Fri, 12 Jul 2024 12:02:43 +0000 (22:02 +1000)]
system/cpus: Add cpu_pause() function
This factors the CPU pause function from pause_all_vcpus() into a
new cpu_pause() function, similarly to cpu_resume(). cpu_resume()
is moved to keep it next to cpu_pause().
Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: Peter Xu <peterx@redhat.com> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20240712120247.477133-17-npiggin@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Fri, 12 Jul 2024 11:39:49 +0000 (12:39 +0100)]
accel/tcg: Make cpu_exec_interrupt hook mandatory
The TCGCPUOps::cpu_exec_interrupt hook is currently not mandatory; if
it is left NULL then we treat it as if it had returned false. However
since pretty much every architecture needs to handle interrupts,
almost every target we have provides the hook. The one exception is
Tricore, which doesn't currently implement the architectural
interrupt handling.
Add a "do nothing" implementation of cpu_exec_hook for Tricore,
assert on startup that the CPU does provide the hook, and remove
the runtime NULL check before calling it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240712113949.4146855-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Ani Sinha [Thu, 11 Jul 2024 07:24:47 +0000 (12:54 +0530)]
loader: remove load_image_gzipped function as its not used anywhere
load_image_gzipped() does not seem to be used anywhere. Remove it.
Signed-off-by: Ani Sinha <anisinha@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240711072448.32673-1-anisinha@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Mon, 8 Jul 2024 15:33:12 +0000 (16:33 +0100)]
include/hw/qdev-core.h: Correct and clarify gpio doc comments
The doc comments for the functions for named GPIO inputs and
outputs had a couple of problems:
* some copy-and-paste errors meant the qdev_connect_gpio_out_named()
doc comment had references to input GPIOs that should be to
output GPIOs
* it wasn't very clear that named GPIOs are arrays and so the
connect functions specify a single GPIO line by giving both
the name of the array and the index within that array
Fix the copy-and-paste errors and slightly expand the text
to say that functions are connecting one line in a named GPIO
array, not a single named GPIO line.
Reported-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240708153312.3109380-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Gregor Haas [Fri, 28 Jun 2024 18:27:06 +0000 (11:27 -0700)]
hw/core/loader: allow loading larger ROMs
The read() syscall is not guaranteed to return all data from a file. The
default ROM loader implementation currently does not take this into account,
instead failing if all bytes are not read at once. This change loads the ROM
using g_file_get_contents() instead, which correctly reads all data using
multiple calls to read() while also returning the loaded ROM size.
Signed-off-by: Gregor Haas <gregorhaas1997@gmail.com> Reviewed-by: Xingtao Yao <yaoxt.fnst@fujitsu.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240628182706.99525-1-gregorhaas1997@gmail.com>
[PMD: Use gsize with g_file_get_contents()] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Paolo Bonzini [Tue, 18 Jun 2024 07:13:49 +0000 (09:13 +0200)]
target/i386/tcg: use X86Access for TSS access
This takes care of probing the vaddr range in advance, and is also faster
because it avoids repeated TLB lookups. It also matches the Intel manual
better, as it says "Checks that the current (old) TSS, new TSS, and all
segment descriptors used in the task switch are paged into system memory";
note however that it's not clear how the processor checks for segment
descriptors, and this check is not included in the AMD manual.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 19 Jun 2024 12:24:09 +0000 (14:24 +0200)]
target/i386/tcg: check for correct busy state before switching to a new task
This step is listed in the Intel manual: "Checks that the new task is available
(call, jump, exception, or interrupt) or busy (IRET return)".
The AMD manual lists the same operation under the "Preventing recursion"
paragraph of "12.3.4 Nesting Tasks", though it is not clear if the processor
checks the busy bit in the IRET case.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 18 Jun 2024 07:21:52 +0000 (09:21 +0200)]
target/i386/tcg: Compute MMU index once
Add the MMU index to the StackAccess struct, so that it can be cached
or (in the next patch) computed from information that is not in
CPUX86State.
Co-developed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Richard Henderson [Mon, 17 Jun 2024 16:12:10 +0000 (09:12 -0700)]
target/i386/tcg: Reorg push/pop within seg_helper.c
Interrupts and call gates should use accesses with the DPL as
the privilege level. While computing the applicable MMU index
is easy, the harder thing is how to plumb it in the code.
One possibility could be to add a single argument to the PUSH* macros
for the privilege level, but this is repetitive and risks confusion
between the involved privilege levels.
Another possibility is to pass both CPL and DPL, and adjusting both
PUSH* and POP* to use specific privilege levels (instead of using
cpu_{ld,st}*_data). This makes the code more symmetric.
However, a more complicated but much nicer approach is to use a structure
to contain the stack parameters, env, unwind return address, and rewrite
the macros into functions. The struct provides an easy home for the MMU
index as well.
Paolo Bonzini [Tue, 11 Jun 2024 20:04:56 +0000 (22:04 +0200)]
target/i386/tcg: Allow IRET from user mode to user mode with SMAP
This fixes a bug wherein i386/tcg assumed an interrupt return using
the IRET instruction was always returning from kernel mode to either
kernel mode or user mode. This assumption is violated when IRET is used
as a clever way to restore thread state, as for example in the dotnet
runtime. There, IRET returns from user mode to user mode.
This bug is that stack accesses from IRET and RETF, as well as accesses
to the parameters in a call gate, are normal data accesses using the
current CPL. This manifested itself as a page fault in the guest Linux
kernel due to SMAP preventing the access.
This bug appears to have been in QEMU since the beginning.
Analyzed-by: Robert R. Henry <rrh.henry@gmail.com> Co-developed-by: Robert R. Henry <rrh.henry@gmail.com> Signed-off-by: Robert R. Henry <rrh.henry@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Richard Henderson [Mon, 17 Jun 2024 16:12:09 +0000 (09:12 -0700)]
target/i386/tcg: Remove SEG_ADDL
This truncation is now handled by MMU_*32_IDX. The introduction of
MMU_*32_IDX in fact applied correct 32-bit wraparound to 16-bit accesses
with a high segment base (e.g. big real mode or vm86 mode), which did
not use SEG_ADDL.
Paolo Bonzini [Wed, 10 Jul 2024 10:40:24 +0000 (12:40 +0200)]
target/i386/tcg: fix POP to memory in long mode
In long mode, POP to memory will write a full 64-bit value. However,
the call to gen_writeback() in gen_POP will use MO_32 because the
decoding table is incorrect.
The bug was latent until commit aea49fbb01a ("target/i386: use gen_writeback()
within gen_POP()", 2024-06-08), and then became visible because gen_op_st_v
now receives op->ot instead of the "ot" returned by gen_pop_T0.
Analyzed-by: Clément Chigot <chigot@adacore.com> Fixes: 5e9e21bcc4d ("target/i386: move 60-BF opcodes to new decoder", 2024-05-07) Tested-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 10 Jul 2024 09:27:28 +0000 (11:27 +0200)]
hpet: fix HPET_TN_SETVAL for high 32-bits of the comparator
Commit 3787324101b ("hpet: Fix emulation of HPET_TN_SETVAL (Jan Kiszka)",
2009-04-17) applied the fix only to the low 32-bits of the comparator, but
it should be done for the high bits as well. Otherwise, the high 32-bits
of the comparator cannot be written and they remain fixed to 0xffffffff.
Co-developed-by: TaiseiIto <taisei1212@outlook.jp> Signed-off-by: TaiseiIto <taisei1212@outlook.jp> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 10 Jul 2024 09:56:35 +0000 (11:56 +0200)]
hpet: fix clamping of period
When writing a new period, the clamping should use a maximum value
rather tyhan a bit mask. Also, when writing the high bits new_val
is shifted right by 32, so the maximum allowed period should also
be shifted right.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Boqiao Fu [Mon, 15 Jul 2024 09:04:32 +0000 (17:04 +0800)]
docs: Update description of 'user=username' for '-run-with'
The description of '-runas' and '-run-with' didn't explain that QEMU
will use setuid/setgid to implement the option, so the user might get
confused if using 'elevateprivileges=deny' as well.
Since '-runas' is going to be deprecated and replaced by '-run-with'
in the coming qemu9.1, add the message there.
scsi: fix regression and honor bootindex again for legacy drives
Commit 3089637461 ("scsi: Don't ignore most usb-storage properties")
removed the call to object_property_set_int() and thus the 'set'
method for the bootindex property was also not called anymore. Here
that method is device_set_bootindex() (as configured by
scsi_dev_instance_init() -> device_add_bootindex_property()) which as
a side effect registers the device via add_boot_device_path().
As reported by a downstream user [0], the bootindex property did not
have the desired effect anymore for legacy drives. Fix the regression
by explicitly calling the add_boot_device_path() function after
checking that the bootindex is not yet used (to avoid
add_boot_device_path() calling exit()).
hw/scsi/lsi53c895a: bump instruction limit in scripts processing to fix regression
Commit 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts
processing") reduced the maximum allowed instruction count by
a factor of 100 all the way down to 100.
This causes the "Check Point R81.20 Gaia" appliance [0] to fail to
boot after fully finishing the installation via the appliance's web
interface (there is already one reboot before that).
With a limit of 150, the appliance still fails to boot, while with a
limit of 200, it works. Bump to 500 to fix the regression and be on
the safe side.
Originally reported in the Proxmox community forum[1].
Capstone v6 made major changes, such as renaming for AArch64, which
broke programs using the old headers, like QEMU. However, Capstone v6
provides the CAPSTONE_AARCH64_COMPAT_HEADER compatibility definition
allowing to build against v6 with the old definitions, so fix the QEMU
build using it.
We can lift that definition and switch to the new naming once our
supported distros have Capstone v6 in place.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Link: https://lore.kernel.org/r/20240715213943.1210355-1-gustavo.romero@linaro.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After 038b4217884c ("Revert "chardev: use a child source for qio input
source"") we've been observing the "iwp->src == NULL" assertion
triggering periodically during the initial capabilities querying by
libvirtd. One of possible backtraces:
Thread 1 (Thread 0x7f16cd4f0700 (LWP 43858)):
0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
1 0x00007f16c6c21e65 in __GI_abort () at abort.c:79
2 0x00007f16c6c21d39 in __assert_fail_base at assert.c:92
3 0x00007f16c6c46e86 in __GI___assert_fail (assertion=assertion@entry=0x562e9bcdaadd "iwp->src == NULL", file=file@entry=0x562e9bcdaac8 "../chardev/char-io.c", line=line@entry=99, function=function@entry=0x562e9bcdab10 <__PRETTY_FUNCTION__.20549> "io_watch_poll_finalize") at assert.c:101
4 0x0000562e9ba20c2c in io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:99
5 io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:88
6 0x00007f16c904aae0 in g_source_unref_internal () from /lib64/libglib-2.0.so.0
7 0x00007f16c904baf9 in g_source_destroy_internal () from /lib64/libglib-2.0.so.0
8 0x0000562e9ba20db0 in io_remove_watch_poll (source=0x562e9d6720b0) at ../chardev/char-io.c:147
9 remove_fd_in_watch (chr=chr@entry=0x562e9d5f3800) at ../chardev/char-io.c:153
10 0x0000562e9ba23ffb in update_ioc_handlers (s=0x562e9d5f3800) at ../chardev/char-socket.c:592
11 0x0000562e9ba2072f in qemu_chr_fe_set_handlers_full at ../chardev/char-fe.c:279
12 0x0000562e9ba207a9 in qemu_chr_fe_set_handlers at ../chardev/char-fe.c:304
13 0x0000562e9ba2ca75 in monitor_qmp_setup_handlers_bh (opaque=0x562e9d4c2c60) at ../monitor/qmp.c:509
14 0x0000562e9bb6222e in aio_bh_poll (ctx=ctx@entry=0x562e9d4c2f20) at ../util/async.c:216
15 0x0000562e9bb4de0a in aio_poll (ctx=0x562e9d4c2f20, blocking=blocking@entry=true) at ../util/aio-posix.c:722
16 0x0000562e9b99dfaa in iothread_run (opaque=0x562e9d4c26f0) at ../iothread.c:63
17 0x0000562e9bb505a4 in qemu_thread_start (args=0x562e9d4c7ea0) at ../util/qemu-thread-posix.c:543
18 0x00007f16c70081ca in start_thread (arg=<optimized out>) at pthread_create.c:479
19 0x00007f16c6c398d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
io_remove_watch_poll(), which makes sure that iwp->src is NULL, calls
g_source_destroy() which finds that iwp->src is not NULL in the finalize
callback. This can only happen if another thread has managed to trigger
io_watch_poll_prepare() callback in the meantime.
Move iwp->src destruction back to the finalize callback to prevent the
described race, and also remove the stale comment. The deadlock glib bug
was fixed back in 2010 by b35820285668 ("gmain: move finalization of
GSource outside of context lock").
Michael Roth [Wed, 10 Jul 2024 04:10:05 +0000 (23:10 -0500)]
i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT
Currently if the 'legacy-vm-type' property of the sev-guest object is
'on', QEMU will attempt to use the newer KVM_SEV_INIT2 kernel
interface in conjunction with the newer KVM_X86_SEV_VM and
KVM_X86_SEV_ES_VM KVM VM types.
This can lead to measurement changes if, for instance, an SEV guest was
created on a host that originally had an older kernel that didn't
support KVM_SEV_INIT2, but is booted on the same host later on after the
host kernel was upgraded.
Instead, if legacy-vm-type is 'off', QEMU should fail if the
KVM_SEV_INIT2 interface is not provided by the current host kernel.
Modify the fallback handling accordingly.
In the future, VMSA features and other flags might be added to QEMU
which will require legacy-vm-type to be 'off' because they will rely
on the newer KVM_SEV_INIT2 interface. It may be difficult to convey to
users what values of legacy-vm-type are compatible with which
features/options, so as part of this rework, switch legacy-vm-type to a
tri-state OnOffAuto option. 'auto' in this case will automatically
switch to using the newer KVM_SEV_INIT2, but only if it is required to
make use of new VMSA features or other options only available via
KVM_SEV_INIT2.
Defining 'auto' in this way would avoid inadvertantly breaking
compatibility with older kernels since it would only be used in cases
where users opt into newer features that are only available via
KVM_SEV_INIT2 and newer kernels, and provide better default behavior
than the legacy-vm-type=off behavior that was previously in place, so
make it the default for 9.1+ machine types.
Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com>
cc: kvm@vger.kernel.org Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Link: https://lore.kernel.org/r/20240710041005.83720-1-michael.roth@amd.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Richard Henderson [Mon, 15 Jul 2024 20:45:23 +0000 (06:45 +1000)]
Merge tag 'python-pull-request' of https://gitlab.com/jsnow/qemu into staging
Python: 3.13 compat & sphinx minver bump
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+ber27ys35W+dsvQfe+BBqr8OQ4FAmaVXSsACgkQfe+BBqr8
# OQ6tQw//blMWAbcaijg+GyesMrJGJ2xJx0G68DNfhGgpsTcRu9qnd3Q+s56c2pLq
# iJwxaRtTOaYvUhDdcsjpxKJXUIn2WnoqePb31lxXtB9DMxJW6egOvoEzYVpBqlER
# mFp4Feo8bi4/immHcnB8J05fJqGB5Rthp3Bl0s+QH6s2OKHl4rIKYNZTrxwrqKoF
# 8vLg25MMHVzsojXPMfr6VTfxQ84OWXPvHTKMg5E0/OEK6FxGo3PSVTSpc6MtQJuV
# UPAWVqykfuiXC08xg9QpzEvcJGXhGjNDILWWxI+d/8e1rkTiDqOb0LvLhWsa7paO
# LOwsC863YpEPxH0utwfqNQKdTZx1VcnAss4uxULXBucnZ2J7OZp/xZ3xbJCHIbuN
# XRX7/bGKQl3KJ+d+fw5Nto0ANScU+uGaOMAb4tAT+0ChD3uVmkjS4h8D3BAoCBeO
# 9PNtUkpaNGeRAg+iFrGKLTtEUUVsJNIKTlFLSEHRJUCI+/AvX+UvZeEVnlO+qf1/
# rz1chIbw6YgY60NEc7dy7aDhqa9hPTRSYwT79WoPUh74hIiwE3d4TJfL22n5H2jM
# 0ryVPd+lIC7XqF+1FDx/PMxD0mhX2k++WjEpYldsZ2s3UQP5L8M8APKm6MHdMGhn
# rl0fPyVSveF7CMTvy1Y9BTycZHQAOH/9QMM1fm+6JBFgz52QsYg=
# =PLig
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Jul 2024 03:32:27 AM AEST
# gpg: using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* tag 'python-pull-request' of https://gitlab.com/jsnow/qemu:
docs: remove Sphinx 1.x compatibility code
Python: bump minimum sphinx version to 3.4.3
python: enable testing for 3.13
iotests: Change imports for Python 3.13
python: Do not use pylint 3.2.4 with python 3.8
python: linter changes for pylint 3.x
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Jeuk Kim [Tue, 9 Jul 2024 11:53:49 +0000 (20:53 +0900)]
hw/ufs: Fix mcq register range check logic
The function ufs_is_mcq_reg() and ufs_is_mcq_op_reg() only evaluated
the range of the mcq_reg and mcq_op_reg offset, which is defined as
a constant. Therefore, it was possible for them to return true
even though the ufs device is configured to not support the mcq.
This could cause ufs_mmio_read()/ufs_mmio_write() to result in
Null-pointer-dereference.
So fix it.
Resolves: #2428 Fixes: 5c079578d2e4 ("hw/ufs: Add support MCQ of UFSHCI 4.0") Reported-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com> Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
John Snow [Wed, 3 Jul 2024 17:52:35 +0000 (13:52 -0400)]
docs: remove Sphinx 1.x compatibility code
In general, the Use_SSI workaround is no longer needed, and neither is
the pre-1.6 logging shim for kerneldoc.
Signed-off-by: John Snow <jsnow@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240703175235.239004-3-jsnow@redhat.com
[rebased on top of origin/master. --js] Signed-off-by: John Snow <jsnow@redhat.com>
John Snow [Wed, 3 Jul 2024 17:52:34 +0000 (13:52 -0400)]
Python: bump minimum sphinx version to 3.4.3
With RHEL 8 support retired (It's been two years since RHEL9 released),
our very oldest build platform version of Sphinx is now 3.4.3; and
keeping backwards compatibility for versions as old as v1.6 when using
domain extensions is a lot of work we don't need to do.
This patch is motivated by my work creating a new QAPI domain, which
unlike the dbus documentation, cannot be allowed to regress by creating
a "dummy" doc when operating under older sphinx versions. Easier is to
raise our minimum version as far as we can push it forwards, reducing my
burden in creating cross-compatibility hacks and patches.
A sampling of sphinx versions from various distributions, courtesy
https://repology.org/project/python:sphinx/versions
RHEL9 / CentOS Stream 9 becomes the new defining factor in staying at
Sphinx 3.4.3 due to downstream offline build requirements that force us
to use platform Sphinx instead of newer packages from PyPI.
Signed-off-by: John Snow <jsnow@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240703175235.239004-2-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
John Snow [Wed, 26 Jun 2024 23:22:30 +0000 (19:22 -0400)]
python: enable testing for 3.13
Python 3.13 is in beta and Fedora 41 is preparing to make it the default
system interpreter; enable testing for it.
(In the event problems develop prior to release, it should only impact
the check-python-tox job, which is not run by default and is allowed to
fail.)
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240626232230.408004-5-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
John Snow [Wed, 26 Jun 2024 23:22:28 +0000 (19:22 -0400)]
python: Do not use pylint 3.2.4 with python 3.8
There is a bug in this version,
see: https://github.com/pylint-dev/pylint/issues/9751
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240626232230.408004-3-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
John Snow [Wed, 26 Jun 2024 23:22:27 +0000 (19:22 -0400)]
python: linter changes for pylint 3.x
New bleeding edge versions, new nits to iron out. This addresses the
'check-python-tox' optional GitLab test, while 'check-python-minreqs'
saw no regressions, since it's frozen on an older version of pylint.
Fixes:
qemu/machine/machine.py:345:52: E0606: Possibly using variable 'sock' before assignment (possibly-used-before-assignment)
qemu/utils/qemu_ga_client.py:168:4: R1711: Useless return at end of function or method (useless-return)
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240626232230.408004-2-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
* tag 'edgar/xen-queue-2024-07-12.for-upstream' of https://gitlab.com/edgar.iglesias/qemu:
xen: mapcache: Fix unmapping of first entries in buckets
physmem: Bail out qemu_ram_block_from_host() for invalid ram addrs
MAINTAINERS: add Edgar as Xen maintainer
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZpCKgwAKCRBAov/yOSY+
# 3yuEBADmzjhomzzTnTHvOTPcK8Ugrru1QY9gT+5m7+I3cdbSRsYxEZLOdnjDAPBJ
# aVO+ZOkNFHspOOAo5A55QRC0PA4YGDGMg+ZcB7AVhzbdmra7SKdzMzrrVfYJYpk5
# CtcrI+4OPt+U6mh/eTKuaXaWgjuoZ+TOjZqhL+rrpIFjcN78Rw==
# =vhZy
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 11 Jul 2024 06:44:35 PM PDT
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20240712' of https://gitlab.com/gaosong/qemu:
target/loongarch: Fix cpu_reset set wrong CSR_CRMD
target/loongarch: Set CSR_PRCFG1 and CSR_PRCFG2 values
target/loongarch: Remove avail_64 in trans_srai_w() and simplify it
target/loongarch/kvm: Add software breakpoint support
MAINTAINERS: Add myself as a reviewer of LoongArch virt machine
hw/loongarch/virt: Remove unused assignment
hw/loongarch: Change the tpm support by default
hw/loongarch/boot.c: fix out-of-bound reading
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Song Gao [Fri, 5 Jul 2024 02:18:38 +0000 (10:18 +0800)]
target/loongarch: Set CSR_PRCFG1 and CSR_PRCFG2 values
We set the value of register CSR_PRCFG3, but left out CSR_PRCFG1
and CSR_PRCFG2. Set CSR_PRCFG1 and CSR_PRCFG2 according to the
default values of the physical machine.
Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-Id: <20240705021839.1004374-1-gaosong@loongson.cn>
Bibo Mao [Fri, 7 Jun 2024 03:50:16 +0000 (11:50 +0800)]
target/loongarch/kvm: Add software breakpoint support
With KVM virtualization, debug exception is injected to guest kernel
rather than host for normal break intruction. Here hypercall
instruction with special code is used for sw breakpoint usage,
and detailed instruction comes from kvm kernel with user API
KVM_REG_LOONGARCH_DEBUG_INST.
Now only software breakpoint is supported, and it is allowed to
insert/remove software breakpoint. We can debug guest kernel with gdb
method after kernel is loaded, hardware breakpoint will be added in later.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn> Tested-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240607035016.2975799-1-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Jiaxun Yang [Thu, 27 Jun 2024 04:13:28 +0000 (05:13 +0100)]
MAINTAINERS: Add myself as a reviewer of LoongArch virt machine
I would like to be informed on changes made to the LoongArch virt machine.
I'm fairly familiar with Loongson-3 series platform hardware and doing
firmwre (U-Boot) development as hobbyist on LoongArch virt platform,
so I believe I can give positive review input to changes on that machine.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240627-ipi-fixes-v1-2-9b061dc28a3a@flygoat.com> Signed-off-by: Song Gao <gaosong@loongson.cn>
projects / users / dwmw2 / qemu.git / log