Philippe Mathieu-Daudé [Thu, 30 Jan 2025 10:37:28 +0000 (11:37 +0100)]
tests/qtest: Make qtest_has_accel() generic
Since commit b14a0b7469f ("accel: Use QOM classes for accel types")
accelerators are registered as QOM objects. Use QOM as a generic
API to query for available accelerators. This is in particular
useful to query hardware accelerators such HFV, Xen or WHPX which
otherwise have their definitions poisoned in "exec/poison.h".
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250130103728.536-3-philmd@linaro.org> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Ani Sinha [Mon, 20 Jan 2025 04:38:34 +0000 (10:08 +0530)]
tests/qtest/vmcoreinfo: add a unit test to exercize basic vmcoreinfo function
A new qtest is written that exercizes the fw-cfg DMA based read and write ops
to write values into vmcoreinfo fw-cfg file and read them back and verify that
they are the same.
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-ID: <20250120043847.954881-4-anisinha@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Ani Sinha [Mon, 20 Jan 2025 04:38:33 +0000 (10:08 +0530)]
tests/qtest/libqos: add DMA support for writing and reading fw_cfg files
At present, the libqos/fw_cfg.c library does not support the modern DMA
interface which is required to write to the fw_cfg files. It only uses the IO
interface. Implement read and write methods based on DMA. This will enable
developers to add tests that writes to the fw_cfg file(s). The structure of
the code is taken from edk2 fw_cfg implementation. It has been tested by
writing a qtest that writes to a fw_cfg file.
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-ID: <20250120043847.954881-3-anisinha@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Ani Sinha [Mon, 20 Jan 2025 04:38:32 +0000 (10:08 +0530)]
libqos/fw_cfg: refactor file directory iteraton to make it more reusable
fw-cfg file directory iteration code can be used by other functions that may
want to implement fw-cfg file operations. Refactor it into a smaller helper
so that it can be reused.
Stefan Hajnoczi [Sun, 2 Feb 2025 16:09:02 +0000 (11:09 -0500)]
Merge tag 'hw-misc-20250131' of https://github.com/philmd/qemu into staging
Misc HW patches
- Remove uses of &first_cpu in rx-gdbsim and loongson3_virt machines (Philippe)
- Convert few legacy qemu_allocate_irqs to qemu_init_irqs (Philippe)
- Add tracing events in i2c-echo device (Titus)
- Fix debug format string in USB EHCI (Zoltan)
- Rework loader API to remove its target_words_bigendian() call (Philippe)
- QOMify OMAP MMC device (Peter)
- Remove legacy SD Card APIs (Peter)
* tag 'hw-misc-20250131' of https://github.com/philmd/qemu: (36 commits)
hw/sd: Remove unused SDState::enable
hw/sd: Remove unused legacy functions, stop killing mammoths
hw/sd: Remove unused 'enable' method from SDCardClass
hw/sd/omap_mmc: Untabify
hw/sd/omap_mmc: Remove unused coverswitch qemu_irq
hw/arm/omap1: Inline creation of MMC
hw/sd/omap_mmc: Use similar API for "wire up omap_clk" to other OMAP devices
hw/sd/omap_mmc: Convert to SDBus API
hw/sd/omap_mmc: Convert output qemu_irqs to gpio and sysbus IRQ APIs
hw/sd/omap_mmc: Convert remaining 'struct omap_mmc_s' uses to OMAPMMCState
hw/sd/omap_mmc: Do a minimal conversion to QDev
hw/loader: Pass ELFDATA endian order argument to load_elf()
hw/loader: Pass ELFDATA endian order argument to load_elf_as()
hw/loader: Pass ELFDATA endian order argument to load_elf_ram_sym()
hw/loader: Clarify local variable name in load_elf_ram_sym()
hw/loader: Remove unused load_elf_ram()
hw/avr/boot: Replace load_elf_ram_sym() -> load_elf_as()
hw/usb/hcd-ehci: Fix debug printf format string
hw/misc/i2c-echo: add tracing
hw/char/pci-multi: Convert legacy qemu_allocate_irqs to qemu_init_irq
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sun, 2 Feb 2025 16:08:48 +0000 (11:08 -0500)]
Merge tag 'hppa-system-mfdiag-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa into staging
hppa 64-bit mfdiag improvements
The 64-bit hppa qemu emulation still fails to boot 64-bit HP-UX.
This patch series improves the emulation a lot, since it enables us to boot
64-bit HP-UX installer silently up until an endless loop where the machine
reports that it's up an running (it crashed before). This still needs further
analysis, but it's a big step forward.
Main changes to archieve this includes:
- Implementing diagnose registers (especially %dr2 for space-register hashing)
- a new SeaBIOS-hppa version 18, which includes those fixes and enhancements:
- Fix IRT table entries to use slot number
- Increase PCI alignment for memory bars to 64k
- Fix PDC_CACHE/PDC_CACHE_RET_SPID return value
- Allow up to 256 GB RAM on 64-bit machines
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZ5yWTwAKCRD3ErUQojoP
# X1p5AP4iSfKlBsUZrww2/M1ArqB9jZuJBO1kdZ7OcCN2Jn0yxgEAx0CPUof7NnZV
# EY7u3Qq4E8ZnOk4XgHt06bsdNcJN+gc=
# =RoAh
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Jan 2025 04:22:23 EST
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'hppa-system-mfdiag-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Update SeaBIOS-hppa to version 18
target/hppa: Implement space register hashing for 64-bit HP-UX
target/hppa: 64-bit CPUs start with space register hashing enabled
target/hppa: Add instruction decoding for mfdiag and mtdiag
target/hppa: Drop diag_getshadowregs_pa2 and diag_putshadowregs_pa2
target/hppa: Add CPU diagnose registers
disas/hppa: implement mfdiag/mtdiag disassembly
hppa: Sync contents of hppa_hardware.h header file with SeaBIOS-hppa
MAINTAINERS: Add myself as HPPA maintainer
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Tue, 28 Jan 2025 10:45:19 +0000 (10:45 +0000)]
hw/sd: Remove unused SDState::enable
Now that sd_enable() has been removed, SD::enable is set to true in
sd_instance_init() and then never changed. So we can remove it.
Note that the VMSTATE_UNUSED() size argument should be '1', not
'sizeof(bool)', as noted in the CAUTION comment in vmstate.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-12-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The sdcard_legacy.h header defines function prototypes for the "legacy"
SD card API, which was used by non-qdevified SD controller models.
We've now converted the only remaining non-qdev SD controller, so
we can drop the legacy API.
Functions which now become static inside sd.c (they are the
underlying implementations of methods on SDCardClass):
sd_do_command(), sd_write_byte(), sd_read_byte()
Removal of sd_init() means that we can also remove the
me_no_qdev_me_kill_mammoth_with_rocks flag, the codepaths that were
only reachable when it was set, and the inserted_cb and readonly_cb
qemu_irq lines that went with that.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250128104519.3981448-11-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:17 +0000 (10:45 +0000)]
hw/sd: Remove unused 'enable' method from SDCardClass
The SDCardClass has an 'enable' method, but nothing actually invokes it.
The underlying implementation is sd_enable(), which is documented
in sdcard_legacy.h as something that should not be used and was only
present for the benefit of the now-removed nseries boards. Unlike
all the other method pointers in SDCardClass, this one doesn't have
an sdbus_foo() function wrapper in hw/sd/core.c.
Remove the unused method.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-10-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:16 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Untabify
This is a very old source file, and still has some lingering
hard-coded tabs; untabify it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-9-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:14 +0000 (10:45 +0000)]
hw/arm/omap1: Inline creation of MMC
Our style for other conversions of OMAP devices to qdev has been to
inline the creation and wiring into omap310_mpu_init() -- see for
instance the handling of omap-intc, omap-gpio and omap_i2c. Do
the same for omap-mmc.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-7-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:13 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Use similar API for "wire up omap_clk" to other OMAP devices
The approach we've settled on for handling the omap_clk wiring for
OMAP devices converted to QDev is to have a function omap_foo_set_clk()
whose implementation just sets the field directly in the device's
state struct. (See the "TODO" comment near the top of omap.h.)
Make omap_mmc do the same.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-6-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:12 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Convert to SDBus API
Convert the OMAP MMC controller to the new SDBus API:
* the controller creates an SDBus bus
* instead of sd_foo functions on the SDState object, call
sdbus_foo functions on the SDBus
* the board code creates a proper TYPE_SD_CARD object and attaches
it to the controller's SDBus, instead of the controller creating
a card directly via sd_init() that never gets attached to any bus
* because the SD card object is on a bus, it gets reset automatically
by the "traverse the qbus tree resetting things" code, and we don't
need to manually reset the card from the controller reset function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-5-peter.maydell@linaro.org>
[PMD: Include "hw/sd/sd.h" instead of "hw/sd/sdcard_legacy.h",
create bus in omap_mmc_initfn() instead of omap_mmc_realize()] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:11 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Convert output qemu_irqs to gpio and sysbus IRQ APIs
The omap_mmc device has three outbound qemu_irq lines:
* one actual interrupt line
* two which connect to the DMA controller and are signalled for
TX and RX DMA
Convert these to a sysbus IRQ and two named GPIO outputs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-4-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:10 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Convert remaining 'struct omap_mmc_s' uses to OMAPMMCState
Mechanically convert the remaining uses of 'struct omap_mmc_s' to
'OMAPMMCState'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-3-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 28 Jan 2025 10:45:09 +0000 (10:45 +0000)]
hw/sd/omap_mmc: Do a minimal conversion to QDev
Do a minimal conversion of the omap_mmc device model to QDev.
In this commit we do the bare minimum to produce a working device:
* add the SysBusDevice parent_obj and the usual type boilerplate
* omap_mmc_init() now returns a DeviceState*
* reset is handled by sysbus reset, so the SoC reset function
doesn't need to call omap_mmc_reset() any more
* code that should obviously be in init/realize is moved there
from omap_mmc_init()
We leave various pieces of cleanup to later commits:
* rationalizing 'struct omap_mmc_s *' to 'OMAPMMCState *'
* using gpio lines rather than having omap_mmc_init() directly
set s->irq, s->dma
* switching away from the legacy SD API and instead having
the SD card plugged into a bus
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250128104519.3981448-2-peter.maydell@linaro.org>
[PMD: Do not add omap_mmc_realize()] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 26 Jan 2025 14:09:52 +0000 (15:09 +0100)]
hw/loader: Pass ELFDATA endian order argument to load_elf_as()
Rather than passing a boolean 'is_big_endian' argument,
directly pass the ELFDATA, which can be unspecified using
the ELFDATANONE value.
Update the call sites:
0 -> ELFDATA2LSB
1 -> ELFDATA2MSB
Note, this allow removing the target_words_bigendian() call
in the GENERIC_LOADER device, where we pass ELFDATANONE.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250127113824.50177-6-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 26 Jan 2025 14:03:04 +0000 (15:03 +0100)]
hw/loader: Pass ELFDATA endian order argument to load_elf_ram_sym()
Rather than passing a boolean 'is_big_endian' argument,
directly pass the ELFDATA, which can be unspecified using
the ELFDATANONE value.
Update the call sites:
0 -> ELFDATA2LSB
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250127113824.50177-5-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 27 Jan 2025 07:28:02 +0000 (08:28 +0100)]
hw/loader: Remove unused load_elf_ram()
Last use of load_elf_ram() was removed in commit 188e255bf8e
("hw/s390x: Remove the possibility to load the s390-netboot.img
binary"), remove it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20250127113824.50177-3-philmd@linaro.org>
load_elf_ram_sym() with load_rom=true, sym_cb=NULL is
equivalent to load_elf_as(). Replace by the latter to
simplify.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250127113824.50177-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Jan 2025 07:07:21 +0000 (08:07 +0100)]
hw/char/pci-multi: Convert legacy qemu_allocate_irqs to qemu_init_irq
There are a fixed number of PCI IRQs, known beforehand.
Allocate them within PCIMultiSerialState, and initialize
using qemu_init_irq(), allowing to remove the legacy
qemu_allocate_irqs() and qemu_free_irqs() calls.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121182828.45088-1-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Jan 2025 07:51:25 +0000 (08:51 +0100)]
hw/sh4/r2d: Convert legacy qemu_allocate_irqs() to qemu_init_irqs()
The FPGA exposes a fixed set of IRQs. Hold them in the FPGA
state and initialize them in place calling qemu_init_irqs().
Move r2d_fpga_irq enums earlier so we can use NR_IRQS within
the r2d_fpga_t structure. r2d_fpga_init() returns r2d_fpga_t,
and we dereference irq from it in r2d_init().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121182445.35309-1-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Jan 2025 07:34:55 +0000 (08:34 +0100)]
hw/ipack: Remove legacy qemu_allocate_irqs() use
No need to dynamically allocate IRQ when we know before hands
how many we'll use. Declare the 2 of them in IPackDevice state
and initialize them in the DeviceRealize handler.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121155526.29982-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Jan 2025 15:37:02 +0000 (16:37 +0100)]
hw/irq: Introduce qemu_init_irqs() helper
While qemu_init_irq() initialize a single IRQ,
qemu_init_irqs() initialize an array of them.
Suggested-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121155526.29982-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 21:53:27 +0000 (22:53 +0100)]
hw/mips/loongson3_bootp: Move to common_ss[]
loongson3_bootp.c doesn't contain any target-specific code
and can be build generically, move it to common_ss[].
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-12-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:39:54 +0000 (21:39 +0100)]
hw/mips/loongson3_virt: Propagate %processor_id to init_boot_param()
Propagate %processor_id from mips_loongson3_virt_init() where
we have a reference to the first vCPU, so use it instead of
the &first_cpu global.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-11-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:09:50 +0000 (21:09 +0100)]
hw/mips/loongson3_virt: Propagate processor_id to init_loongson_params()
Remove one &first_cpu use in hw/mips/loongson3_bootp.c.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-10-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:08:06 +0000 (21:08 +0100)]
hw/mips/loongson3_bootp: Propagate processor_id to init_cpu_info()
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-9-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:38:52 +0000 (21:38 +0100)]
hw/mips/loongson3_virt: Propagate cpu_count to init_boot_param()
Remove one use of the 'current_machine' global.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-8-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:15:30 +0000 (21:15 +0100)]
hw/mips/loongson3: Propagate cpu_count to init_loongson_params()
Propagate the %cpu_count from the machine file, allowing
to remove the "hw/boards.h" dependency (which is machine
specific) from loongson3_bootp.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-7-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:14:07 +0000 (21:14 +0100)]
hw/mips/loongson3_bootp: Include missing headers
MemMapEntry is declared in "exec/hwaddr.h", cpu_to_le32() in
"qemu/bswap.h". These headers are indirectly included via "cpu.h".
Include them explicitly in order to avoid when removing "cpu.h":
In file included from ../../hw/mips/loongson3_bootp.c:27:
hw/mips/loongson3_bootp.h:234:14: error: unknown type name 'MemMapEntry'
234 | extern const MemMapEntry virt_memmap[];
| ^
hw/mips/loongson3_bootp.c:33:18: error: call to undeclared function 'cpu_to_le32'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
33 | c->cputype = cpu_to_le32(Loongson_3A);
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-6-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:42:10 +0000 (21:42 +0100)]
hw/mips/loongson3_virt: Pass CPU argument to get_cpu_freq_hz()
Pass the first vCPU as argument, allowing to remove
another &first_cpu global use.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-5-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:46:51 +0000 (21:46 +0100)]
hw/mips/loongson3_virt: Have fw_conf_init() access local loaderparams
'loaderparams' is declared statically. Let fw_conf_init()
access its 'cpu_freq' and 'ram_size' fields.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:01:24 +0000 (21:01 +0100)]
hw/mips/loongson3_virt: Invert vCPU creation order to remove &first_cpu
Create vCPUs from the last one to the first one.
No need to use the &first_cpu global since we already
have it referenced.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20250115232952.31166-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 20:05:46 +0000 (21:05 +0100)]
hw/mips/loongson3_virt: Factor generic_cpu_reset() out
main_cpu_reset() is misleadingly named "main": it resets
all vCPUs, with a special case for the first vCPU.
Factor generic_cpu_reset() out of main_cpu_reset(),
allowing to remove one &first_cpu use.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250115232952.31166-2-philmd@linaro.org>
Directly use that instead of the &first_cpu global.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250110180442.82687-1-philmd@linaro.org>
Helge Deller [Thu, 30 Jan 2025 13:16:58 +0000 (14:16 +0100)]
target/hppa: Update SeaBIOS-hppa to version 18
This is SeaBIOS for the hppa architecture v18.
It allows us to emulate up to 256 GB RAM on 64-bit
guests and to boot HP-UX 64-bit one step further.
Fixes:
- Fix PDC_CACHE/PDC_CACHE_RET_SPID return value for space
register hashing on 64-bit HP-UX
- Fix IRT table entries to use slot number
- Increase PCI alignment for memory bars to 64k
New PDC functions & general enhancements:
- Allow up to 256 GB RAM on 64-bit machines
Helge Deller [Tue, 28 Jan 2025 22:36:34 +0000 (23:36 +0100)]
target/hppa: Implement space register hashing for 64-bit HP-UX
The Linux kernel turns space-register hashing off unconditionally at
bootup. That code was provided by HP at the beginning of the PA-RISC
Linux porting effort, and I don't know why it was decided then why Linux
should not use space register hashing.
32-bit HP-UX versions seem to not use space register hashing either.
But for 64-bit HP-UX versions, Sven Schnelle noticed that space register
hashing needs to be enabled and is required, otherwise the HP-UX kernel
will crash badly.
On 64-bit CPUs space register hashing is controlled by a bit in diagnose
register %dr2. Since we want to support Linux and 32- and 64-bit HP-UX,
we need to fully emulate the diagnose registers and handle specifically
the bit in %dr2.
This patch adds the code to calculate the gva memory mask based on the
space-register hashing bit in %dr2 and the PSW_W (64-bit) flag.
The value is cached in the gva_offset_mask variable in CPUArchState
and recalculated at every modification of the CPU PSW or %dr2.
Signed-off-by: Helge Deller <deller@gmx.de> Suggested-by: Sven Schnelle <svens@stackframe.org> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Denis Rastyogin [Thu, 12 Dec 2024 10:41:22 +0000 (13:41 +0300)]
parallels: fix ext_off assertion failure due to overflow
This error was discovered by fuzzing qemu-img.
When ph.ext_off has a sufficiently large value, the operation
le64_to_cpu(ph.ext_off) << BDRV_SECTOR_BITS in
parallels_read_format_extension() can cause an overflow in int64_t.
This overflow triggers the assert(ext_off > 0)
check in block/parallels-ext.c: parallels_read_format_extension(),
leading to a crash.
This commit adds a check to prevent overflow when shifting ph.ext_off
by BDRV_SECTOR_BITS, ensuring that the value remains within a valid range.
Reported-by: Leonid Reviakin <L.reviakin@fobos-nt.ru> Signed-off-by: Denis Rastyogin <gerben@altlinux.org> Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-ID: <20241212104212.513947-2-gerben@altlinux.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 30 Jan 2025 20:11:49 +0000 (15:11 -0500)]
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-01-30
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmebf70ACgkQgqpKJDse
# lHgmWw/8DZXr5+Aar9FJZIUZWqxBxRzNjnvKEGQPCKI+Iqi3qkwOHij3Tr06vERM
# upWZ/6Gx6v8SFjlfCv4VvtAHwflLOFqBzDxrCRDiZqNuLDaXuLnTMF1H8teg4ciM
# 7uPjvI17LDgoBEDR27divxcLcP4dDI5RMkAndzyL1U9OGugO4vgmDUAuXkNzqBFS
# tnWQmay3VTDVNtd4YJvhqJM5UR/4mSHlISlZpbzpF2Pxd2Job6IHYEzmre+0iteQ
# TukjKkSQ7os7jEV984zVmwZnqCZrq6iIjX0nY6d1wWeDLjRMzLNqHuZ7jYVYDMWr
# G/HdXp7BfGW1kG67W86MWWVW6O96DsyN5e76pMdlu8DjDs1/hiTA02cUEa2x2Alw
# 3ngblJMC2JhvmuMLZStJf3zTb1GABijQJdfEYjUJ1FEY0dhVuK5teeTRjql7xjnw
# tHtaxn11ahifZ++kRAeZyinkkUlKLOcV8xoGqmv8uRjy6XepFASFkSj/jEbyohKF
# BGGvUVT1cp0Krr9TOAEnrhYEpXgHjxsR0PqTphH1wQojr/AyYTBwSy/wGWPbMvQQ
# u/hHoJ/RgiiSf5HW/PRUbWrTdgYPg8Ej/9n7geAZSk2e9hfGI6Ii88XOmrZefQ+4
# 2GQ+a3I2n4LQ1cyzrGZgUncwLClIpqN/WtRsUNEFQs6zrcvG52U=
# =2d/y
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Jan 2025 08:33:49 EST
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
hw/i386/pc: Remove unused pc_compat_2_3 declarations
licenses: Remove SPDX tags not being license identifier for Linaro
tests/functional/test_mips_malta: Fix comment about endianness of the test
gdbstub/user-target: fix gdbserver int format (%d -> %x)
vvfat: create_long_filename: fix out-of-bounds array access
net/dump: Correctly compute Ethernet packet offset
net: Fix announce_self
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 30 Jan 2025 15:29:40 +0000 (10:29 -0500)]
Merge tag 'pull-request-2025-01-30' of https://gitlab.com/thuth/qemu into staging
* Convert more avocado tests to the functional framework
* Fix the broken aarch64_tcg_plugins test
* Add test for 64-bit mac99 machine
* Add a Linux-based test for the 40p machine
* Fix issues with record/replay of some s390x instructions
* Fix node.js crashes on emulated s390x due to a bug in the MVC instruction
* Enable virtio-balloon-pci and virtio-mem-pci on s390x
* Fix a libslirp v4.9.0 compilation problem
* tag 'pull-request-2025-01-30' of https://gitlab.com/thuth/qemu:
net/slirp: libslirp 4.9.0 compatibility
tests/functional/test_mips_malta: Convert the mips big endian replay tests
tests/functional/test_mips64el_malta: Convert the mips64el replay tests
tests/functional/test_mipsel_malta: Convert the mipsel replay tests
tests/functional: Add the ReplayKernelBase class
tests/functional: Add a decorator for skipping long running tests
tests/functional: Extend PPC 40p test with Linux boot
s390x/s390-virtio-ccw: Support plugging PCI-based virtio memory devices
virtio-mem-pci: Allow setting nvectors, so we can use MSI-X
virtio-balloon-pci: Allow setting nvectors, so we can use MSI-X
hw/s390x/s390-virtio-ccw: Fix a record/replay deadlock
tests/tcg/s390x: Test modifying code using the MVC instruction
target/s390x: Fix MVC not always invalidating translation blocks
target/s390x: Fix PPNO execution with icount
tests/functional/test_mips_malta: Fix comment about endianness of the test
tests/functional: Add a ppc64 mac99 test
tests/functional: Fix the aarch64_tcg_plugins test
tests/functional: Convert the migration avocado test
tests/functional: Fix broken decorators with lamda functions
tests/functional/qemu_test/decorators: Fix bad check for imports
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 30 Jan 2025 15:29:22 +0000 (10:29 -0500)]
Merge tag 'migration-20250129-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Purge of ram_save_target_page_legacy
- Cleanups to postcopy, json writer, migration states
- New migration mode cpr-transfer
- Fix for a -Werror=maybe-uninitialized instance in savevm
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmeaT8EQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxndXrEACTT+rdoEvOsNs4nM2a67GjxUoQZVTAWn+8
# lYhhNZLA4E+qHwpHTDCwyfyvCe615r72+bF7QO1KTrYeXGJg4SPk5kbEhCDqqjEu
# SGqrlPwkC1x3WkTvb228iDddDQ8dccko3Sy6wAyz0o8dtp5p4iK+57qzB/84u94L
# y3zQ+owOo9OLnXgdfMpN99HGQSvPR7CbP/2L293IrMCuPDUo9XhI7ARNS/phbT3Z
# aDl10WGHKz1SJWOkPj137E6+xMKuCmOZDTufTcTaHfyliD04JRWgEZVnKJxKJDxd
# 9e+lzHvXuYfO7YO11fr7DttPRnLEfjipELVTxrudM92eZ95XwdL4+ggfBTGHt76P
# yFUrp7G8qsUjWd+DHPmoo6Gx71zPbE6v9J2NMn2/1k4WdPOYy7HTmDgCkRirRTvV
# irYkHtdSFFsj3c0g4P4mhOzXnvUkGXzgrjteM5hlLy3bjSeZz9VMZADjiGqFGVPb
# 6euPcLLa9oynkoP5UXmFd/9PjWcgnfIbQu2MVlIyWhjvTGZKSGecVZmH5pWTJuBV
# xCbab1jYprRFpUIAMo94rgvRQRosomS1+GjGndFkX5++dTTlFSqpDLSGcEnPSGRx
# o9n+IldNiqh2vjN1bj60pLfmrHN/F+hsGTsDJlW+kfeyBXBkGArg1rDjN5ae7GvD
# UZK0N+OG0g==
# =jwOI
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Jan 2025 10:56:49 EST
# gpg: using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-20250129-pull-request' of https://gitlab.com/farosas/qemu: (42 commits)
migration: refactor ram_save_target_page functions
migration: Trivial cleanup on JSON writer of vmstate_save()
migration: Merge precopy/postcopy on switchover start
migration: Always set DEVICE state
migration: Cleanup qemu_savevm_state_complete_precopy()
migration: Unwrap qemu_savevm_state_complete_precopy() in postcopy
migration: Notify COMPLETE once for postcopy
migration: Take BQL slightly longer in postcopy_start()
migration: Drop cached migration state in migration_maybe_pause()
migration: Adjust locking in migration_maybe_pause()
migration: Adjust postcopy bandwidth during switchover
migration: Synchronize all CPU states only for non-iterable dump
migration: Drop inactivate_disk param in qemu_savevm_state_complete*
migration: Avoid two src-downtime-end tracepoints for postcopy
migration: Optimize postcopy on downtime by avoiding JSON writer
migration: Do not construct JSON description if suppressed
migration: Remove postcopy implications in should_send_vmdesc()
migration: cpr-transfer documentation
migration-test: cpr-transfer
tests/qtest: assert qmp connected
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Michael Tokarev [Thu, 30 Jan 2025 12:32:53 +0000 (15:32 +0300)]
net/slirp: libslirp 4.9.0 compatibility
Update the code in net/slirp.c to be compatible with
libslirp 4.9.0, which deprecated slirp_pollfds_fill()
and started using slirp_os_socket type for sockets
(which is a 64-bit integer on win64) for all callbacks
starting with version 6 of the interface.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-ID: <20250130123253.864681-1-mjt@tls.msk.ru>
[thuth: Added some spaces to make checkpatch.pl happy] Signed-off-by: Thomas Huth <thuth@redhat.com>
Helge Deller [Wed, 29 Jan 2025 03:27:01 +0000 (04:27 +0100)]
target/hppa: Drop diag_getshadowregs_pa2 and diag_putshadowregs_pa2
diag_getshadowregs_pa2() and diag_putshadowregs_pa2() were added in
commit 3bdf20819e68 based on some analysis of ODE code, but now they
conflict with the generic mfdiag/mtdiag instructions. I believe the
former analysis was wrong, so remove them again. Note that all diag
instructions are badly documented, so most things are based on reverse
engineering and thus may be wrong.
Signed-off-by: Helge Deller <deller@gmx.de> Fixes: 3bdf20819e68 ("target/hppa: Add diag instructions to set/restore shadow registers") Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Tue, 28 Jan 2025 18:47:31 +0000 (19:47 +0100)]
target/hppa: Add CPU diagnose registers
Add the diagnose registers (%dr) to the CPUArchState. Those are mostly
undocumented and control cache behaviour, memory behaviour, reset button
management and many other related internal CPU things.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Tue, 28 Jan 2025 14:37:41 +0000 (15:37 +0100)]
disas/hppa: implement mfdiag/mtdiag disassembly
The various PA-RISC CPUs implement different CPU-specific diag
instructions (mfdiag, mtdiag, mfcpu, mtcpu, ...) to access CPU-internal
diagnose/configuration registers, e.g. for cache control, managing space
register hashing, control front panel LEDs and read status of the
hardware reset button.
Those instructions are mostly undocumented, but are used by ODE, HP-UX
and Linux.
This patch adds some neccessary instructions for PCXL and PCXU CPUs.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Tue, 28 Jan 2025 14:34:30 +0000 (15:34 +0100)]
hppa: Sync contents of hppa_hardware.h header file with SeaBIOS-hppa
The hppa_hardware.h header file holds many constants for addresses and
offsets which are needed while building the firmware (SeaBIOS-hppa) and
while setting up the virtual machine in QEMU.
This patch brings it in sync between both source code repositories.
Signed-off-by: Helge Deller <deller@gmx.de> Acked-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Thu, 30 Jan 2025 12:36:24 +0000 (13:36 +0100)]
MAINTAINERS: Add myself as HPPA maintainer
Since I contribute quite some code to hppa, I'd like to step up and
become the secondary maintainer for HPPA beside Richard.
Additionally change status of hppa machines to maintained as I will
take care of them.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
We removed the implementations in commit 46a2bd52571
("hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine")
but forgot to remove the declarations. Do it now.
Fixes: 46a2bd52571 ("hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Inspired-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Mon, 27 Jan 2025 18:41:10 +0000 (19:41 +0100)]
tests/functional/test_mips_malta: Fix comment about endianness of the test
This test is for the big endian MIPS target, not for the little endian
target.
Signed-off-by: Thomas Huth <thuth@redhat.com> Fixes: 79cb4a14cb6 ("tests/functional: Convert mips32eb 4Kc Malta tests") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
create_long_filename() intentionally uses direntry_t->name[8+3] array
as a larger array. This works, but makes static code analysis tools
unhappy. The problem here is that a directory entry holding long file
name is significantly different from regular directory entry, and the
name is split into several parts within the entry, not just in regular
8+3 name field.
Treat the entry as array of bytes instead. This fixes the OOB access
from the compiler/tools PoV, but does not change the resulting code
in any way.
Thomas Huth [Tue, 28 Jan 2025 15:28:39 +0000 (16:28 +0100)]
tests/functional/test_mips_malta: Convert the mips big endian replay tests
Move the mips big endian replay tests from tests/avocado/replay_kernel.py
to the functional framework. Since the functional tests should be run per
target, we cannot stick all replay tests in one file. Thus let's add
these tests to a separate file now.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250128152839.184599-6-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 28 Jan 2025 15:28:38 +0000 (16:28 +0100)]
tests/functional/test_mips64el_malta: Convert the mips64el replay tests
Move the mips64el replay tests from tests/avocado/replay_kernel.py to
the functional framework. Since the functional tests should be run per
target, we cannot stick all replay tests in one file. Thus let's add
these tests to a separate file there now.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250128152839.184599-5-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 28 Jan 2025 15:28:37 +0000 (16:28 +0100)]
tests/functional/test_mipsel_malta: Convert the mipsel replay tests
Move the mipsel replay tests from tests/avocado/replay_kernel.py to
the functional framework. Since the functional tests should be run per
target, we cannot stick all replay tests in one file. Thus let's add
these tests to a new, separate file there instead.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250128152839.184599-4-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 28 Jan 2025 15:28:36 +0000 (16:28 +0100)]
tests/functional: Add the ReplayKernelBase class
Copy the ReplayKernelBase class from the avocado tests. We are going
to need it to convert the related replay tests in the following patches.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250128152839.184599-3-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 28 Jan 2025 15:28:35 +0000 (16:28 +0100)]
tests/functional: Add a decorator for skipping long running tests
Some tests have a very long runtime and might run into timeout issues
e.g. when QEMU has been compiled with --enable-debug. Add a decorator
for marking them more easily. Rename the corresponding environment
variable to be more in sync with the other QEMU_TEST_ALLOW_* switches
that we already have, and add a paragraph about it in the documentation.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250128152839.184599-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
When a packet is sent with QEMU_NET_PACKET_FLAG_RAW by QEMU it
never includes virtio-net header even if qemu_get_vnet_hdr_len()
is not 0, and filter-dump is not managing this case.
The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self,
we can show the problem using it and tcpddump:
Laurent Vivier [Fri, 17 Jan 2025 11:17:08 +0000 (12:17 +0100)]
net: Fix announce_self
b9ad513e1876 ("net: Remove receive_raw()") adds an iovec entry
in qemu_deliver_packet_iov() to add the virtio-net header
in the data when QEMU_NET_PACKET_FLAG_RAW is set but forgets
to increase the number of iovec entries in the array, so
receive_iov() will only send the first entry (the virtio-net
entry, full of 0) and no data. The packet will be discarded.
The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self.
Cédric Le Goater [Wed, 29 Jan 2025 10:48:44 +0000 (11:48 +0100)]
tests/functional: Extend PPC 40p test with Linux boot
Fetch the cdrom image for the IBM 6015 PReP PowerPC machine hosted on
the Juneau Linux Users Group site, boot and check Linux version.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20250129104844.1322100-1-clg@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
David Hildenbrand [Tue, 28 Jan 2025 18:57:05 +0000 (19:57 +0100)]
s390x/s390-virtio-ccw: Support plugging PCI-based virtio memory devices
Let's just wire it up, unlocking virtio-mem-pci support on s390x.
While at it, drop the "return;" in s390_machine_device_unplug_request(),
to make it look like the other handlers.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-ID: <20250128185705.1609038-3-david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
David Hildenbrand [Tue, 28 Jan 2025 18:57:04 +0000 (19:57 +0100)]
virtio-mem-pci: Allow setting nvectors, so we can use MSI-X
Let's do it similar as virtio-balloon-pci. With this change, we can
use virtio-mem-pci on s390x, although plugging will still fail until
properly wired up in the machine.
No need to worry about transitional/non_transitional devices, because they
don't exist for virtio-mem.
Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250128185705.1609038-2-david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Reza Arbab [Wed, 15 Jan 2025 16:14:25 +0000 (10:14 -0600)]
virtio-balloon-pci: Allow setting nvectors, so we can use MSI-X
Most virtio-pci devices allow MSI-X. Add it to virtio-balloon-pci, but
only enable it in new machine types, so we don't break migration of
existing machine types between different qemu versions.
This copies what was done for virtio-rng-pci in: 9ea02e8f1306 ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X") bad9c5a5166f ("virtio-rng-pci: fix migration compat for vectors") 62bdb8871512 ("virtio-rng-pci: fix transitional migration compat for vectors")
Acked-by: David Hildenbrand <david@redhat.com> Signed-off-by: Reza Arbab <arbab@linux.ibm.com> Tested-by: Mario Casquero <mcasquer@redhat.com>
Message-ID: <20250115161425.246348-1-arbab@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Fri, 24 Jan 2025 11:25:48 +0000 (12:25 +0100)]
hw/s390x/s390-virtio-ccw: Fix a record/replay deadlock
Booting an s390x VM in record/replay mode hangs due to a deadlock
between rr_cpu_thread_fn() and s390_machine_reset(). The former needs
the record/replay mutex held by the latter, and the latter waits until
the former completes its run_on_cpu() request.
Fix by temporarily dropping the record/replay mutex, like it's done in
pause_all_vcpus().
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <20250124112625.23050-1-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Tue, 28 Jan 2025 00:12:42 +0000 (01:12 +0100)]
target/s390x: Fix MVC not always invalidating translation blocks
Node.js crashes in qemu-system-s390x with random SIGSEGVs / SIGILLs.
The v8 JIT used by Node.js can garbage collect and overwrite unused
code. Overwriting is performed by WritableJitAllocation::CopyCode(),
which ultimately calls memcpy(). For certain sizes, memcpy() uses the
MVC instruction.
QEMU implements MVC and other similar instructions using helpers. While
TCG store ops invalidate affected translation blocks automatically,
helpers must do this manually by calling probe_access_flags(). The MVC
helper does this using the access_prepare() -> access_prepare_nf() ->
s390_probe_access() -> probe_access_flags() call chain.
At the last step of this chain, the store size is replaced with 0. This
causes the probe_access_flags() -> notdirty_write() ->
tb_invalidate_phys_range_fast() chain to miss some translation blocks.
When this happens, QEMU executes a mix of old and new code. This
quickly leads to either a SIGSEGV or a SIGILL in case the old code
ends in the middle of a new instruction.
Fix by passing the true size.
Reported-by: Berthold Gunreben <azouhr@opensuse.org> Cc: Sarah Kriesch <ada.lovelace@gmx.de> Cc: qemu-stable@nongnu.org Closes: https://bugzilla.opensuse.org/show_bug.cgi?id=1235709 Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Fixes: e2faabee78ff ("accel/tcg: Forward probe size on to notdirty_write")
Message-ID: <20250128001338.11474-1-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Thu, 23 Jan 2025 12:37:53 +0000 (13:37 +0100)]
target/s390x: Fix PPNO execution with icount
Executing PERFORM RANDOM NUMBER OPERATION makes QEMU exit with "Bad
icount read" when using record/replay. This is caused by
icount_get_raw_locked() if the current instruction is not the last one
in the respective translation block.
For the x86_64's rdrand this is resolved by calling
translator_io_start(). On s390x one uses IF_IO in order to make this
call happen automatically.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250123123808.194405-1-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Tue, 28 Jan 2025 21:21:45 +0000 (22:21 +0100)]
tests/functional: Add a ppc64 mac99 test
The test sequence boots from disk a mac99 machine in 64-bit mode, in
which case the CPU is a PPC 970.
The buildroot rootfs is built with config :
BR2_powerpc64=y
BR2_powerpc_970=y
and the kernel with the g5 deconfig.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20250128212145.1186617-1-clg@redhat.com>
[thuth: Adjusted the comment about '-nographic] Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 23 Jan 2025 08:36:25 +0000 (09:36 +0100)]
tests/functional: Fix the aarch64_tcg_plugins test
Unfortunately, this test had not been added to meson.build, so we did
not notice a regression: Looking for 'Kernel panic - not syncing: VFS:'
as the indication for the final boot state of the kernel was a bad
idea since 'Kernel panic - not syncing' is the default failure
message of the LinuxKernelTest class, and since we're now reading
the console input byte by byte instead of linewise (see commit cdad03b74f75), the failure now triggers before we fully read the
success string. Let's fix this by simply looking for the previous
line in the console output instead.
Also, replace the call to cancel() - this was only available in the
Avocado framework. In the functional framework, we must use skipTest()
instead. While we're at it, also fix the TODO here by looking for the
exact error and only skip the test if the plugins are not available.
Fixes: 3abc545e66 ("tests/functional: Convert the tcg_plugins test") Fixes: cdad03b74f ("tests/functional: rewrite console handling to be bytewise")
Message-ID: <20250123083625.1498495-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 3 Jan 2025 07:43:08 +0000 (08:43 +0100)]
tests/functional: Convert the migration avocado test
Now that we've got a find_free_port() function in the functional
test framework, we can convert the migration test, too.
While the original avocado test was only meant to run on aarch64,
ppc64 and x86, we can turn this into a more generic test by now
and run it on all architectures that have a machine which ships
with a working firmware. To avoid overlapping with the migration
qtest, we now also test migration on machines that are not covered
by the migration qtest yet.
Acked-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20250103074308.463860-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 22 Jan 2025 13:43:14 +0000 (14:43 +0100)]
tests/functional: Fix broken decorators with lamda functions
The decorators that use a lambda function are currently broken
and do not properly skip the test if the condition is not met.
Using "return skipUnless(lambda: ...)" does not work as expected.
To fix it, rewrite the decorators without lambda, it's simpler
that way anyway.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250122134315.1448794-3-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 22 Jan 2025 13:43:13 +0000 (14:43 +0100)]
tests/functional/qemu_test/decorators: Fix bad check for imports
skipIfMissingImports should use importlib.import_module() for checking
whether a module with the name stored in the "impname" variable is
available or not, otherwise the code tries to import a module with
the name "impname" instead.
(This bug hasn't been noticed before since there is another issue
with this decorator that will be fixed by the next patch)
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250122134315.1448794-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Refactor ram_save_target_page legacy and multifd
functions into one. Other than simplifying it,
it frees 'migration_ops' object from usage, so it
is expunged.
Peter Xu [Tue, 14 Jan 2025 23:07:46 +0000 (18:07 -0500)]
migration: Trivial cleanup on JSON writer of vmstate_save()
Two small cleanups in the same section of vmstate_save():
- Check vmdesc before the "mixed null/non-null data in array" logic, to
be crystal clear that it's only about the JSON writer, not the vmstate on
its own in the migration stream.
- Since we have is_null variable now, use that to replace a check.
Quote from Dave's cover letter, when the pre-switchover phase was enabled,
the state transition looks like this:
The precopy flow is:
active->pre-switchover->device->completed
The postcopy flow is:
active->pre-switchover->postcopy-active->completed
To supplement above, when the cap is not enabled:
The precopy flow is:
active->completed
The postcopy flow is:
active->postcopy-active->completed
It works for us, though we have some code just to special case these state
transitions, so the DEVICE state currently is special only to precopy, and
only conditionally.
I had a quick discussion with Libvirt developers, it turns out that this
may not be necessary. IOW, it seems okay we can have DEVICE state to be
generic, so that we don't have over-complicated state machines. It not
only helps align all the migration state machine, help cleanup the code
path especially on pre-switchover handling (see the patch itself), another
side benefit is we can unconditionally have a specific state to mark the
switchover phase, which might be helpful for debugging too.
This patch makes the DEVICE state to be present always, marking that source
QEMU is switching over. Then the state machine will be always as simple
as:
After the change, no matter whether pre-switchover or postcopy is enabled
or not, we always have DEVICE state showing the switchover phase. When
pre-switchover enabled, we'll have an extra stage before that. When
postcopy is enabled, we'll have an extra stage after that.
A few qtests need touch up in QEMU tree for this change:
- A few iotest outputs (194, 203, 234, 262, 280)
- Teach libqos's migrate() on "device" state
Cc: Jiri Denemark <jdenemar@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Dr. David Alan Gilbert <dave@treblig.org> Signed-off-by: Peter Xu <peterx@redhat.com> Tested-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Juraj Marcin <jmarcin@redhat.com> Link: https://lore.kernel.org/r/20250114230746.3268797-15-peterx@redhat.com Signed-off-by: Fabiano Rosas <farosas@suse.de>
Peter Xu [Tue, 14 Jan 2025 23:07:42 +0000 (18:07 -0500)]
migration: Unwrap qemu_savevm_state_complete_precopy() in postcopy
Postcopy invokes qemu_savevm_state_complete_precopy() twice for a long
time, and that caused way too much confusions. Let's clean this up and
make postcopy easier to read.
It's actually fairly straightforward: postcopy starts with saving
non-postcopiable iterables, then later it saves again with non-iterable
only. Move these two calls out makes everything much easier to follow.
Otherwise it's very unclear what qemu_savevm_state_complete_precopy() did
in either of the calls.
Peter Xu [Tue, 14 Jan 2025 23:07:41 +0000 (18:07 -0500)]
migration: Notify COMPLETE once for postcopy
Postcopy invokes qemu_savevm_state_complete_precopy() twice, that means
it'll invoke COMPLETE notify twice.. also twice the tracepoints that
marking precopy complete.
Move that notification (along with the tracepoint) out to the caller, so
that postcopy will only notify once right at the start of switchover phase
from precopy. When at it, rename it to suite the file now it locates.
For precopy, there should have no functional change except the tracepoint
has a name change.
For the other two users of qemu_savevm_state_complete_precopy(), namely:
qemu_savevm_state() and qemu_savevm_live_state(): the notifier shouldn't
matter because they're not precopy at all. Now in these two contexts (aka,
"savevm", and "colo") sometimes the precopy notifiers will still be
invoked, but that's outside the scope of this patch.
Peter Xu [Tue, 14 Jan 2025 23:07:40 +0000 (18:07 -0500)]
migration: Take BQL slightly longer in postcopy_start()
This paves way for some follow up patch to modify migration states at the
end of postcopy_start(), which should better be with the BQL so that
there's no way of concurrent cancellation.
So we'll do something slightly more with BQL but they're really trivial,
hopefully nothing will really chance with this.
A side benefit is we can drop another explicit lock() in failure path.
Peter Xu [Tue, 14 Jan 2025 23:07:39 +0000 (18:07 -0500)]
migration: Drop cached migration state in migration_maybe_pause()
I can't see why we must cache the state now after we avoided possible
CANCEL race: that's the only thing I can think of that can modify the
migration state concurrently with the migration thread itself. Make all
the state updates to happen always, then we don't need to cache the state
anymore.
Peter Xu [Tue, 14 Jan 2025 23:07:38 +0000 (18:07 -0500)]
migration: Adjust locking in migration_maybe_pause()
In migration_maybe_pause() QEMU may yield BQL before waiting for a
semaphore. However it yields the BQL too early, which logically gives it
chance for the main thread to quickly take the BQL and modify the state to
CANCELLING.
To avoid such race condition from happening at all, always update the
migration states within the BQL. It'll make sure no concurrent
cancellation can ever happen.
With that, IIUC there's chance we can remove the extra parameter in
migration_maybe_pause() to update active state, but that'll be done
separately later.
Peter Xu [Tue, 14 Jan 2025 23:07:37 +0000 (18:07 -0500)]
migration: Adjust postcopy bandwidth during switchover
Precopy uses unlimited bandwidth always during switchover, it makes sense
because this is so critical and no one would like to throttle bandwidth
during the VM blackout.
OTOH, postcopy surprisingly didn't do that. There's one line that in the
middle of the postcopy switchover it tries to switch to postcopy's
specified max-postcopy-bandwidth, but even so it's somewhere in the middle
which is strange.
This patch brings the two modes to always use unlimited bandwidth for
switchover, meanwhile only apply the postcopy max bandwidth after the
switchover is completed.
Peter Xu [Tue, 14 Jan 2025 23:07:36 +0000 (18:07 -0500)]
migration: Synchronize all CPU states only for non-iterable dump
Do one shot cpu sync at qemu_savevm_state_complete_precopy_non_iterable(),
instead of coding it separately in two places.
Note that in the context of qemu_savevm_state_complete_precopy(), this
patch is also an optimization for postcopy path, in that we can avoid sync
cpu twice during switchover: before this patch, postcopy_start() invokes
twice on qemu_savevm_state_complete_precopy(), each of them will try to
sync CPU info. In reality, only one of them would be enough.
For background snapshot, there's no intended functional change.
Peter Xu [Tue, 14 Jan 2025 23:07:35 +0000 (18:07 -0500)]
migration: Drop inactivate_disk param in qemu_savevm_state_complete*
This parameter is only used by one caller, which is the genuine precopy
complete path (migration_completion_precopy).
The parameter was introduced in a1fbe750fd ("migration: Fix race of image
locking between src and dst") to make sure the inactivate will happen
before EOF to make sure dest will always be able to activate the disk
properly. However there's no limitation on how early we inactivate the
disk. For precopy completion path, we can always do that as long as VM is
stopped.
Move the disk inactivate there, then we can remove this inactivate_disk
parameter in the whole call stack, because all the rest users pass in false
always.
Peter Xu [Tue, 14 Jan 2025 23:07:34 +0000 (18:07 -0500)]
migration: Avoid two src-downtime-end tracepoints for postcopy
Postcopy can trigger this tracepoint twice, while only the 1st one is
valid. Avoid triggering the 2nd tracepoint just like what we do with
recording the total downtime.
Peter Xu [Tue, 14 Jan 2025 23:07:33 +0000 (18:07 -0500)]
migration: Optimize postcopy on downtime by avoiding JSON writer
postcopy_start() is the entry function that postcopy is destined to start.
It also means QEMU source will not dump VM description, aka, the JSON
writer is garbage now.
We can leave that to be cleaned up when migration completes, however when
with the JSON writer object being present, vmstate_save() will still try to
construct the JSON objects for the VM descriptions, even though it'll never
be used later if it's postcopy.
To save those cycles, release the JSON writer earlier for postcopy. Then
vmstate_save() later will be smart enough to skip the JSON object
constructions completely. It can logically reduce downtime because all
such JSON constructions happen during postcopy blackout.
Peter Xu [Tue, 14 Jan 2025 23:07:32 +0000 (18:07 -0500)]
migration: Do not construct JSON description if suppressed
QEMU machine has a property "suppress-vmdesc". When it is enabled, QEMU
will stop attaching JSON VM description at the end of the precopy migration
stream (postcopy is never affected because postcopy never attach that).
However even if it's suppressed by the user, the source QEMU will still
construct the JSON descriptions, which is a complete waste of CPU and
memory resources.
To avoid it, only create the JSON writer object if suppress-vmdesc is not
specified.
Luckily, vmstate_save() already supports vmdesc==NULL, so only a few spots
that are left to be prepared that vmdesc can be NULL now.
When at it, move the init / destroy of the JSON writer object to start /
end of the migration - the JSON writer object is a sub-struct of migration
state, and that looks like the only object that was dynamically allocated /
destroyed within migration process. Make it the same as the rest objects
that migration uses.
projects / users / dwmw2 / qemu.git / log