Stefan Weil [Mon, 9 Sep 2024 20:42:54 +0000 (22:42 +0200)]
Fix calculation of minimum in colo_compare_tcp
GitHub's CodeQL reports a critical error which is fixed by using the MIN macro:
Unsigned difference expression compared to zero
Signed-off-by: Stefan Weil <sw@weilnetz.de> Cc: qemu-stable@nongnu.org Reviewed-by: Zhang Chen <chen.zhang@intel.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Akihiko Odaki [Sat, 17 Aug 2024 07:00:43 +0000 (16:00 +0900)]
net: Check if nc is NULL in qemu_get_vnet_hdr_len()
A netdev may not have a peer specified, resulting in NULL. We should
make it behave like /dev/null in such a case instead of letting it
cause segmentatin fault.
Fixes: 4b52d63249a5 ("tap: Remove qemu_using_vnet_hdr()") Cc: qemu-stable@nongnu.org Reported-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Tested-by; Jonathan Cameron <Jonathan.Cameron@huawei.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Bernhard Beschow [Tue, 8 Oct 2024 20:28:42 +0000 (22:28 +0200)]
net/tap-win32: Fix gcc 14 format truncation errors
The patch fixes the following errors generated by GCC 14.2:
../src/net/tap-win32.c:343:19: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 176 [-Werror=format-truncation=]
343 | "%s\\%s\\Connection",
| ^~
344 | NETWORK_CONNECTIONS_KEY, enum_name);
| ~~~~~~~~~
../src/net/tap-win32.c:341:9: note: 'snprintf' output between 92 and 347 bytes into a destination of size 256
341 | snprintf(connection_string,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
342 | sizeof(connection_string),
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
343 | "%s\\%s\\Connection",
| ~~~~~~~~~~~~~~~~~~~~~
344 | NETWORK_CONNECTIONS_KEY, enum_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/net/tap-win32.c:242:58: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 178 [-Werror=format-truncation=]
242 | snprintf (unit_string, sizeof(unit_string), "%s\\%s",
| ^~
243 | ADAPTER_KEY, enum_name);
| ~~~~~~~~~
../src/net/tap-win32.c:242:9: note: 'snprintf' output between 79 and 334 bytes into a destination of size 256
242 | snprintf (unit_string, sizeof(unit_string), "%s\\%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
243 | ADAPTER_KEY, enum_name);
| ~~~~~~~~~~~~~~~~~~~~~~~
../src/net/tap-win32.c:620:52: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 245 [-Werror=format-truncation=]
620 | snprintf (device_path, sizeof(device_path), "%s%s%s",
| ^~
621 | USERMODEDEVICEDIR,
622 | device_guid,
| ~~~~~~~~~~~
../src/net/tap-win32.c:620:5: note: 'snprintf' output between 16 and 271 bytes into a destination of size 256
620 | snprintf (device_path, sizeof(device_path), "%s%s%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
621 | USERMODEDEVICEDIR,
| ~~~~~~~~~~~~~~~~~~
622 | device_guid,
| ~~~~~~~~~~~~
623 | TAPSUFFIX);
| ~~~~~~~~~~
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2607 Cc: qemu-stable@nongnu.org Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniil Tatianin [Fri, 25 Oct 2024 07:35:24 +0000 (10:35 +0300)]
net/stream: deprecate 'reconnect' in favor of 'reconnect-ms'
Do the same thing we already did for chardev in c8e2b6b4d7e, and
introduce a new 'reconnect-ms' option to make it possible to specify
sub-second timeouts. This also changes the related documentaion and
tests to use reconnect-ms as well.
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:02 +0000 (09:51 +0100)]
ebpf: improve trace event coverage to all key operations
The existing error trace event is renamed to have a name prefix
matching its source file & to remove the redundant first arg that
adds no useful information.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:01 +0000 (09:51 +0100)]
hw/net: report errors from failing to use eBPF RSS FDs
If the user/mgmt app passed in a set of pre-opened FDs for eBPF RSS,
then it is expecting QEMU to use them. Any failure to do so must be
considered a fatal error and propagated back up the stack, otherwise
deployment mistakes will not be detectable in a prompt manner. When
not using pre-opened FDs, then eBPF RSS is tried on a "best effort"
basis only and thus fallback to software RSS is valid.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:51:00 +0000 (09:51 +0100)]
ebpf: add formal error reporting to all APIs
The eBPF code is currently reporting error messages through trace
events. Trace events are fine for debugging, but they are not to be
considered the primary error reporting mechanism, as their output
is inaccessible to callers.
This adds an "Error **errp" parameter to all methods which have
important error scenarios to report to the caller.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:59 +0000 (09:50 +0100)]
ebpf: improve error trace events
A design pattern of
trace_foo_error("descriptive string")
is undesirable because it does not allow for filtering trace events
based on the error scenario. Split eBPF error trace event into three
separate events to address this filtering need.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:58 +0000 (09:50 +0100)]
ebpf: drop redundant parameter checks in static methods
Various static methods have checks on their parameters which were
already checked immediately before the method was invoked. Drop
these redundat checks to simplify the following commit which adds
formal error reporting.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:57 +0000 (09:50 +0100)]
hw/net: fix typo s/epbf/ebpf/ in virtio-net
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Daniel P. Berrangé [Wed, 23 Oct 2024 08:50:56 +0000 (09:50 +0100)]
net: fix build when libbpf is disabled, but libxdp is enabled
The net/af-xdp.c code is enabled when the libxdp library is present,
however, it also has direct API calls to bpf_xdp_query_id &
bpf_xdp_detach which are provided by the libbpf library.
As a result if building with --disable-libbpf, but libxdp gets
auto-detected, we'll fail to link QEMU
/usr/bin/ld: libcommon.a.p/net_af-xdp.c.o: undefined reference to symbol 'bpf_xdp_query_id@@LIBBPF_0.7.0'
There are two bugs here
* Since we have direct libbpf API calls, when building
net/af-xdp.c, we must tell meson that libbpf is a
dependancy, so that we directly link to it, rather
than relying on indirect linkage.
* When must skip probing for libxdp at all, when libbpf
is not found, raising an error if --enable-libxdp was
given explicitly.
Fixes: cb039ef3d9e3112da01e1ecd9b136ac9809ef733 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Fri, 25 Oct 2024 12:35:22 +0000 (13:35 +0100)]
Merge tag 'pull-aspeed-20241024' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fixed GPIO interrupt status when in index mode
* Added GPIO support for the AST2700 SoC and specific test cases
* Fixed crypto controller (HACE) Accumulative hash function
* Converted Aspeed machine avocado tests to the new functional
framework. SDK tests still to be addressed.
* Fixed issue in the SSI controller when doing writes in user mode
* Added support for the WRSR2 register of Winbond flash devices
* Added SFDP table for the Windbond w25q80bl flash device
* Changed flash device models for the ast1030-a1 EVB
* tag 'pull-aspeed-20241024' of https://github.com/legoater/qemu:
test/qtest/aspeed_smc-test: Fix coding style
hw/arm/aspeed: Correct fmc_model w25q80bl for ast1030-a1 EVB
hw/arm/aspeed: Correct spi_model w25q256 for ast1030-a1 EVB.
hw/block/m25p80: Add SFDP table for w25q80bl flash
hw/block:m25p80: Support write status register 2 command (0x31) for w25q01jvq
hw/block:m25p80: Fix coding style
aspeed/smc: Fix write incorrect data into flash in user mode
tests/functional: Convert most Aspeed machine tests
hw/misc/aspeed_hace: Fix SG Accumulative hashing
tests/qtest:ast2700-gpio-test: Add GPIO test case for AST2700
aspeed/soc: Support GPIO for AST2700
aspeed/soc: Correct GPIO irq 130 for AST2700
hw/gpio/aspeed: Add AST2700 support
hw/gpio/aspeed: Fix clear incorrect interrupt status for GPIO index mode
hw/gpio/aspeed: Support different memory region ops
hw/gpio/aspeed: Support to set the different memory size
hw/gpio/aspeed: Fix coding style
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-vfio-20241024' of https://github.com/legoater/qemu:
vfio/helpers: Align mmaps
vfio/helpers: Refactor vfio_region_mmap() error handling
vfio/migration: Change trace formats from hex to decimal
vfio/migration: Report only stop-copy size in vfio_state_pending_exact()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-request-2024-10-23' of https://gitlab.com/thuth/qemu: (23 commits)
pc-bios/s390-ccw: Update s390-ccw.img with the full boot order support feature
pc-bios/s390-ccw: Introduce `EXTRA_LDFLAGS`
pc-bios/s390-ccw: Don't generate TEXTRELs
pc-bios/s390-ccw: Clarify alignment is in bytes
tests/qtest: Add s390x boot order tests to cdrom-test.c
docs/system: Update documentation for s390x IPL
pc-bios/s390x: Enable multi-device boot loop
s390x: Rebuild IPLB for SCSI device directly from DIAG308
hw/s390x: Build an IPLB for each boot device
s390x: Add individual loadparm assignment to CCW device
include/hw/s390x: Add include files for common IPL structs
pc-bios/s390-ccw: Enable failed IPL to return after error
pc-bios/s390-ccw: Remove panics from Netboot IPL path
pc-bios/s390-ccw: Remove panics from DASD IPL path
pc-bios/s390-ccw: Remove panics from SCSI IPL path
pc-bios/s390-ccw: Remove panics from ECKD IPL path
pc-bios/s390-ccw: Remove panics from ISO IPL path
docs/system/s390x/bootdevices: Update the documentation about network booting
pc-bios/s390-ccw: Merge netboot.mak into the main Makefile
hw/s390x: Remove the possibility to load the s390-netboot.img binary
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 24 Oct 2024 14:21:42 +0000 (15:21 +0100)]
Merge tag 'pull-tcg-20241022' of https://gitlab.com/rth7680/qemu into staging
tcg: Reset data_gen_ptr correctly
tcg/riscv: Implement host vector support
tcg/ppc: Fix tcg_out_rlw_rc
target/i386: Walk NPT in guest real mode
target/i386: Use probe_access_full_mmu in ptw_translate
linux-user: Fix build failure caused by missing __u64 on musl
linux-user: Emulate /proc/self/maps under mmap_lock
linux-user/riscv: Fix definition of RISCV_HWPROBE_EXT_ZVFHMIN
linux-user/ppc: Fix sigmask endianness issue in sigreturn
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
raw-format: Fix error message for invalid offset/size
block-backend: per-device throttling of BLOCK_IO_ERROR reports
qapi: add qom-path to BLOCK_IO_ERROR event
iotests/backup-discard-source: don't use actual-size
iotests/backup-discard-source: convert size variable to be int
block/vdi.c: Make SECTOR_SIZE constant 64-bits
tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field
block/ssh.c: Don't double-check that characters are hex digits
block/gluster: Use g_autofree for string in qemu_gluster_parse_json()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 24 Oct 2024 10:23:38 +0000 (11:23 +0100)]
Merge tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc sockets, crypto and VNC fixes
* Fix rare EADDRINUSE failures on OpenBSD platforms seen
with migration
* Fix & test overwriting of hash output buffer
* Close connection instead of returning empty SASL mechlist to
VNC clients
* Fix handling of SASL SSF on VNC server UNIX sockets
* Fix handling of NULL SASL server data in VNC server
* Validate trailing NUL padding byte from SASL client
* Fix & test AF_ALG crypto backend build
* Remove unused code in sockets and crypto subsystems
* tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu:
gitlab: enable afalg tests in fedora system test
ui: validate NUL byte padding in SASL client data more strictly
ui: fix handling of NULL SASL server data
ui/vnc: don't check for SSF after SASL authentication on UNIX sockets
ui/vnc: fix skipping SASL SSF on UNIX sockets
ui/vnc: don't raise error formatting socket address for non-inet
ui/vnc: don't return an empty SASL mechlist to the client
crypto/hash-afalg: Fix broken build
include/crypto: clarify @result/@result_len for hash/hmac APIs
tests: correctly validate result buffer in hash/hmac tests
crypto/hash: avoid overwriting user supplied result pointer
util: don't set SO_REUSEADDR on client sockets
sockets: Remove deadcode
crypto: Remove unused DER string functions
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jamin Lin [Tue, 22 Oct 2024 09:40:58 +0000 (17:40 +0800)]
hw/arm/aspeed: Correct fmc_model w25q80bl for ast1030-a1 EVB
Currently, the default fmc_model was "sst25vf032b" whose size was 4MB for
ast1030-a1 EVB. However, according to the schematic of ast1030-a1 EVB,
ASPEED shipped default flash of fmc_cs0 and fmc_cs1 were "w25q80bl" and
"w25q256", respectively. The size of w25q80bl is 1MB and the size of w25q256
is 32MB.
The fmc_cs0 was connected to AST1030 A1 internal flash and the fmc_cs1 was
connected to external flash. The internal flash could not be changed because
it was placed into AST1030 A1 chip. Users only can change fmc_cs1 external
flash.
So far, only supports to set the default fmc_model for all chip select pins.
In other words, users cannot set the different default flash model for
fmc_cs0 and fmc_cs1, respectively.
Correct fmc_model default flash to w25q80bl the same as AST1030 A1
internal flash for ast1030-a1 EVB.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:57 +0000 (17:40 +0800)]
hw/arm/aspeed: Correct spi_model w25q256 for ast1030-a1 EVB.
Currently, the default spi_model was "sst25vf032b" whose size was 4MB for
ast1030-a1 EVB. However, according to the schematic of ast1030-a1 EVB,
ASPEED shipped default flash of spi1 and spi2 were w25q256 whose size
was 32MB.
Correct spi_model default flash to w25q256 for ast1030-a1 EVB.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:55 +0000 (17:40 +0800)]
hw/block:m25p80: Support write status register 2 command (0x31) for w25q01jvq
According to the w25q01jv datasheet at page 16, it is required to set QE bit
in "Status Register 2" to enable quad mode.
Currently, m25p80 support users utilize "Write Status Register 1(0x01)" command
to set QE bit in "Status Register 2" and utilize "Read Status Register 2(0x35)"
command to get the QE bit status.
However, some firmware directly utilize "Status Register 2(0x31)" command to
set QE bit. To fully support quad mode for w25q01jvq, adds WRSR2 command.
Update collecting data needed 1 byte for WRSR2 command in decode_new_cmd
function and verify QE bit at the first byte of collecting data bit 2 in
complete_collecting_data.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 22 Oct 2024 09:40:53 +0000 (17:40 +0800)]
aspeed/smc: Fix write incorrect data into flash in user mode
According to the design of ASPEED SPI controllers user mode, users write the
data to flash, the SPI drivers set the Control Register(0x10) bit 0 and 1
enter user mode. Then, SPI drivers send flash commands for writing data.
Finally, SPI drivers set the Control Register (0x10) bit 2 to stop
active control and restore bit 0 and 1.
According to the design of ASPEED SMC model, firmware writes the
Control Register and the "aspeed_smc_flash_update_ctrl" function is called.
Then, this function verify Control Register(0x10) bit 0 and 1. If it set user
mode, the value of s->snoop_index is SNOOP_START else SNOOP_OFF.
If s->snoop_index is SNOOP_START, the "aspeed_smc_do_snoop" function verify
the first incomming data is a new flash command and writes the corresponding
dummy bytes if need.
However, it did not check the current unselect status. If current unselect
status is "false" and firmware set the IO MODE by Control Register bit 31:28,
the value of s->snoop_index will be changed to SNOOP_START again and
"aspeed_smc_do_snoop" misunderstand that the incomming data is the new flash
command and it causes writing unexpected data into flash.
Example:
1. Firmware set user mode by Control Register bit 0 and 1(0x03)
2. SMC model set s->snoop SNOOP_START
3. Firmware set Quad Page Program with 4-Byte Address command (0x34)
4. SMC model verify this flash command and it needs 4 dummy bytes.
5. Firmware send 4 bytes address.
6. SMC model receives 4 bytes address
7. Firmware set QPI IO MODE by Control Register bit 31. (0x80000003)
8. SMC model verify new user mode by Control Register bit 0 and 1.
Then, set s->snoop SNOOP_START again. (It is the wrong behavior.)
9. Firmware send 0xebd8c134 data and it should be written into flash.
However, SMC model misunderstand that the first incoming data, 0x34,
is the new command because the value of s->snoop is changed to SNOOP_START.
Finally, SMC sned the incorrect data to flash model.
Introduce a new unselect attribute in AspeedSMCState to save the current
unselect status for user mode and set it "true" by default.
Update "aspeed_smc_flash_update_ctrl" function to check the previous unselect
status. If both new unselect status and previous unselect status is different,
update s->snoop_index value and call "aspeed_smc_flash_do_select".
Increase VMStateDescription version.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
[ clg: - Replaced VMSTATE_BOOL -> VMSTATE_BOOL_V ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
Cédric Le Goater [Wed, 16 Oct 2024 08:47:34 +0000 (10:47 +0200)]
tests/functional: Convert most Aspeed machine tests
This is a simple conversion of the tests with some cleanups and
adjustments to match the new test framework. Replace the zephyr image
MD5 hashes with SHA256 hashes while at it.
The SDK tests depend on a ssh class from avocado.utils which is
difficult to replace. To be addressed separately.
Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com>
Alejandro Zeise [Wed, 7 Aug 2024 19:51:22 +0000 (19:51 +0000)]
hw/misc/aspeed_hace: Fix SG Accumulative hashing
Make the Aspeed HACE module use the new qcrypto accumulative hashing functions
when in scatter-gather accumulative mode. A hash context will maintain a
"running-hash" as each scatter-gather chunk is received.
Previously each scatter-gather "chunk" was cached
so the hash could be computed once the final chunk was received.
However, the cache was a shallow copy, so once the guest overwrote the
memory provided to HACE the final hash would not be correct.
Possibly related to: https://gitlab.com/qemu-project/qemu/-/issues/1121 Buglink: https://github.com/openbmc/qemu/issues/36 Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Checkpatch fixes
- Reworked qcrypto_hash*() error reports in do_hash_operation() ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Acked-by: Andrew Jeffery <andrew@codeconstruct.com.au> Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Joel Stanley <joel@jms.id.au>
Jamin Lin [Tue, 1 Oct 2024 02:43:32 +0000 (10:43 +0800)]
aspeed/soc: Correct GPIO irq 130 for AST2700
The register set of GPIO have a significant change since AST2700.
Each GPIO pin has their own individual control register and users are able to
set one GPIO pin’s direction, interrupt enable, input mask and so on in the
same one control register.
AST2700 does not have GPIO18_XXX registers for GPIO 1.8v, removes
ASPEED_DEV_GPIO_1_8V. It is enough to only have ASPEED_DEV_GPIO
device in AST2700.
The AST2700 GPIO controller interrupt is connected to GICINT130_INTC at
bit 18. Therefore, correct GPIO irq 130.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 1 Oct 2024 02:43:31 +0000 (10:43 +0800)]
hw/gpio/aspeed: Add AST2700 support
AST2700 integrates two set of Parallel GPIO Controller with maximum 212
control pins, which are 27 groups. (H, exclude pin: H7 H6 H5 H4)
In the previous design of ASPEED SOCs, one register is used for setting
one function for one set which are 32 pins and 4 groups.
ex: GPIO000 is used for setting data value for GPIO A, B, C and D in AST2600.
ex: GPIO004 is used for setting direction for GPIO A, B, C and D in AST2600.
However, the register set have a significant change since AST2700.
Each GPIO pin has their own individual control register.
In other words, users are able to set one GPIO pin’s direction,
interrupt enable, input mask and so on in the same one register.
Currently, aspeed_gpio_read and aspeed_gpio_write callback functions
are not compatible AST2700.
Introduce new aspeed_gpio_2700_read and aspeed_gpio_2700_write callback
functions and aspeed_gpio_2700_ops memory region operation for AST2700.
Introduce a new ast2700 class to support AST2700.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Jamin Lin [Tue, 1 Oct 2024 02:43:30 +0000 (10:43 +0800)]
hw/gpio/aspeed: Fix clear incorrect interrupt status for GPIO index mode
The interrupt status field is W1C, where a set bit on read indicates an
interrupt is pending. If the bit extracted from data is set it should
clear the corresponding bit in reg_value. However, if the extracted
bit is clear then the value of the corresponding bit in reg_value
should be unchanged.
SHARED_FIELD_EX32() extracts the interrupt status bit from the write
(data). reg_value is set to the set's interrupt status, which means
that for any pin with an interrupt pending, the corresponding bit is
set. The deposit32() call updates the bit at pin_idx in the
reg_value, using the value extracted from the write (data).
The result is that if multiple interrupt status bits
were pending and the write was acknowledging specific one bit,
then the all interrupt status bits will be cleared.
However, it is index mode and should only clear the corresponding bit.
For example, say we have an interrupt pending for GPIOA0, where the
following statements are true:
set->int_status == 0b01
s->pending == 1
Before it is acknowledged, an interrupt becomes pending for GPIOA1:
set->int_status == 0b11
s->pending == 2
A write is issued to acknowledge the interrupt for GPIOA0. This causes
the following sequence:
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Suggested-by: Andrew Jeffery <andrew@codeconstruct.com.au> Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Jamin Lin [Tue, 1 Oct 2024 02:43:29 +0000 (10:43 +0800)]
hw/gpio/aspeed: Support different memory region ops
It set "aspeed_gpio_ops" struct which containing read and write callbacks
to be used when I/O is performed on the GPIO region.
Besides, in the previous design of ASPEED SOCs, one register is used for
setting one function for 32 GPIO pins.
ex: GPIO000 is used for setting data value for GPIO A, B, C and D in AST2600.
ex: GPIO004 is used for setting direction for GPIO A, B, C and D in AST2600.
However, the register set have a significant change in AST2700.
Each GPIO pin has their own control register. In other words, users are able to
set one GPIO pin’s direction, interrupt enable, input mask and so on
in one register. The aspeed_gpio_read/aspeed_gpio_write callback functions
are not compatible AST2700.
Introduce a new "const MemoryRegionOps *" attribute in AspeedGPIOClass and
use it in aspeed_gpio_realize function.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Tue, 1 Oct 2024 02:43:28 +0000 (10:43 +0800)]
hw/gpio/aspeed: Support to set the different memory size
According to the datasheet of ASPEED SOCs, a GPIO controller owns 4KB of
register space for AST2700, AST2500, AST2400 and AST1030; owns 2KB of
register space for AST2600 1.8v and owns 2KB of register space for
AST2600 3.3v.
It set the memory region size 2KB by default and it does not compatible
register space for AST2700.
Introduce a new class attribute to set the GPIO controller memory size
for different ASPEED SOCs.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Alex Williamson [Tue, 22 Oct 2024 20:08:29 +0000 (14:08 -0600)]
vfio/helpers: Align mmaps
Thanks to work by Peter Xu, support is introduced in Linux v6.12 to
allow pfnmap insertions at PMD and PUD levels of the page table. This
means that provided a properly aligned mmap, the vfio driver is able
to map MMIO at significantly larger intervals than PAGE_SIZE. For
example on x86_64 (the only architecture currently supporting huge
pfnmaps for PUD), rather than 4KiB mappings, we can map device MMIO
using 2MiB and even 1GiB page table entries.
Typically mmap will already provide PMD aligned mappings, so devices
with moderately sized MMIO ranges, even GPUs with standard 256MiB BARs,
will already take advantage of this support. However in order to better
support devices exposing multi-GiB MMIO, such as 3D accelerators or GPUs
with resizable BARs enabled, we need to manually align the mmap.
There doesn't seem to be a way for userspace to easily learn about PMD
and PUD mapping level sizes, therefore this takes the simple approach
to align the mapping to the power-of-two size of the region, up to 1GiB,
which is currently the maximum alignment we care about.
Cc: Peter Xu <peterx@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Move error handling code to the end of the function so that it can more
easily be shared by new mmap failure conditions. No functional change
intended.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Avihai Horon [Sun, 20 Oct 2024 13:01:08 +0000 (16:01 +0300)]
vfio/migration: Change trace formats from hex to decimal
Data sizes in VFIO migration trace events are printed in hex format
while in migration core trace events they are printed in decimal format.
This inconsistency makes it less readable when using both trace event
types. Hence, change the data sizes print format to decimal in VFIO
migration trace events.
Signed-off-by: Avihai Horon <avihaih@nvidia.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Avihai Horon [Sun, 20 Oct 2024 13:01:06 +0000 (16:01 +0300)]
vfio/migration: Report only stop-copy size in vfio_state_pending_exact()
vfio_state_pending_exact() is used to update migration core how much
device data is left for the device migration. Currently, the sum of
pre-copy and stop-copy sizes of the VFIO device are reported.
The pre-copy size is obtained via the VFIO_MIG_GET_PRECOPY_INFO ioctl,
which returns the amount of device data available to be transferred
while the device is in the PRE_COPY states.
The stop-copy size is obtained via the VFIO_DEVICE_FEATURE_MIG_DATA_SIZE
ioctl, which returns the total amount of device data left to be
transferred in order to complete the device migration.
According to the above, current implementation is wrong -- it reports
extra overlapping data because pre-copy size is already contained in
stop-copy size. Fix it by reporting only stop-copy size.
Marc Hartmayer [Tue, 1 Oct 2024 15:36:18 +0000 (17:36 +0200)]
pc-bios/s390-ccw: Introduce `EXTRA_LDFLAGS`
Some packaging tools want to override `LDFLAGS` when building QEMU, this will
result in a build error as most likely no `-nostdlib` flag is passed. Introduce
`EXTRA_LDFLAGS` so that the packager can override `LDFLAGS` without breaking the
build.
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Message-ID: <20241001153618.17791-4-mhartmay@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Drop the hunk to netbook.mak which is not necessary anymore] Signed-off-by: Thomas Huth <thuth@redhat.com>
Jens Remus [Tue, 1 Oct 2024 15:36:17 +0000 (17:36 +0200)]
pc-bios/s390-ccw: Don't generate TEXTRELs
Commit 7cd50cbe4ca3 ("pc-bios/s390-ccw: Don't use __bss_start with the
"larl" instruction") introduced the address constant bss_start_literal
for __bss_start in the .text section, which introduced a relocation in
code (i.e. TEXTREL). The dedicated constant is required, as __bss_start
may not necessarily be aligned on a 2-byte boundary (see subject commit
for details).
Move the constant to the .data section to get rid of the relocation in
the .text section. Add the linker option -z text to prevent TEXTRELs to
get introduced in the future.
Note that the R_390_RELATIVE relocations are taken care of by function
glue() in include/hw/elf_ops.h.inc introduced by commit 5dce07e1cb67
("elf-loader: Provide the possibility to relocate s390 ELF files").
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Jens Remus <jremus@linux.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Message-ID: <20241001153618.17791-3-mhartmay@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jens Remus [Tue, 1 Oct 2024 15:36:16 +0000 (17:36 +0200)]
pc-bios/s390-ccw: Clarify alignment is in bytes
The assembler directive .align [1] has architecture-dependent behavior,
which may be ambiguous for the reader. Some architectures perform the
alignment in bytes, others in power of two. s390 does in bytes.
Use the directive .balign [2] instead, to clarify that the alignment
request is in bytes. No functional change.
Jared Rossi [Sun, 20 Oct 2024 01:29:53 +0000 (21:29 -0400)]
tests/qtest: Add s390x boot order tests to cdrom-test.c
Add two new qtests to verify that a valid IPL device can successfully boot after
failed IPL attempts from one or more invalid devices.
cdrom-test/as-fallback-device: Defines the primary boot target as a device that
is invalid for IPL and a second boot target that is valid for IPL. Ensures that
the valid device will be selected after the initial failed IPL.
cdrom-test/as-last-option: Defines the maximum number of boot devices (8)
where only the final entry in the boot order is valid. Ensures that a valid
device will be selected even after multiple failed IPL attempts from both
virtio-blk and virtio-scsi device types.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-20-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:52 +0000 (21:29 -0400)]
docs/system: Update documentation for s390x IPL
Update docs to show that s390x PC BIOS can support more than one boot device.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-19-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:51 +0000 (21:29 -0400)]
pc-bios/s390x: Enable multi-device boot loop
Allow attempts to boot from multiple IPL devices. If the first device fails to
IPL, select the pre-built IPLB for the next device in the boot order and attempt
to IPL from it. Continue this process until IPL is successful or there are no
devices left to try.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-18-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:50 +0000 (21:29 -0400)]
s390x: Rebuild IPLB for SCSI device directly from DIAG308
Because virtio-scsi type devices use a non-architected IPLB pbt code they cannot
be set and stored normally. Instead, the IPLB must be rebuilt during re-ipl.
As s390x does not natively support multiple boot devices, the devno field is
used to store the position in the boot order for the device.
Handling the rebuild as part of DIAG308 removes the need to check the devices
for invalid IPLBs later in the IPL.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Acked-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-17-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:49 +0000 (21:29 -0400)]
hw/s390x: Build an IPLB for each boot device
Build an IPLB for any device with a bootindex (up to a maximum of 8 devices).
The IPLB chain is placed immediately before the BIOS in memory. Because this
is not a fixed address, the location of the next IPLB and number of remaining
boot devices is stored in the QIPL global variable for possible later access by
the guest during IPL.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-16-jrossi@linux.ibm.com>
[thuth: Fix endianness problem when accessing the qipl structure] Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:48 +0000 (21:29 -0400)]
s390x: Add individual loadparm assignment to CCW device
Add a loadparm property to the VirtioCcwDevice object so that different
loadparms can be defined on a per-device basis for CCW boot devices.
The machine/global loadparm is still supported. If both a global and per-device
loadparm are defined, the per-device value will override the global value for
that device, but any other devices that do not specify a per-device loadparm
will still use the global loadparm.
It is invalid to assign a loadparm to a non-boot device.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-15-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:47 +0000 (21:29 -0400)]
include/hw/s390x: Add include files for common IPL structs
Currently, structures defined in both hw/s390x/ipl.h and pc-bios/s390-ccw/iplb.h
must be kept in sync, which is prone to error. Instead, create a new directory
at include/hw/s390x/ipl/ to contain the definitions that must be shared.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-14-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:46 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Enable failed IPL to return after error
Remove panic-on-error from IPL functions such that a return code is propagated
back to the main IPL calling function (rather than terminating immediately),
which facilitates possible error recovery in the future.
A select few panics remain, which indicate fatal non-devices errors that must
result in termination.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-13-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:45 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Remove panics from Netboot IPL path
Remove panic-on-error from Netboot specific functions so that error recovery
may be possible in the future.
Functions that would previously panic now provide a return code.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-12-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:44 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Remove panics from DASD IPL path
Remove panic-on-error from DASD IPL specific functions so that error recovery
may be possible in the future.
Functions that would previously panic now provide a return code.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-11-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:43 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Remove panics from SCSI IPL path
Remove panic-on-error from virtio-scsi IPL specific functions so that error
recovery may be possible in the future.
Functions that would previously panic now provide a return code.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-10-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:42 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Remove panics from ECKD IPL path
Remove panic-on-error from ECKD block device IPL specific functions so that
error recovery may be possible in the future.
Functions that would previously panic now provide a return code.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-9-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:41 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Remove panics from ISO IPL path
Remove panic-on-error from IPL ISO El Torito specific functions so that error
recovery may be possible in the future.
Functions that would previously panic now provide a return code.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241020012953.1380075-8-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:40 +0000 (21:29 -0400)]
docs/system/s390x/bootdevices: Update the documentation about network booting
Remove the information about the separate s390-netboot.img from
the documentation.
Co-authored by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20241020012953.1380075-7-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 21 Jun 2024 07:40:11 +0000 (09:40 +0200)]
pc-bios/s390-ccw: Merge netboot.mak into the main Makefile
Now that the netboot code has been merged into the main s390-ccw.img,
it also does not make sense to keep the build rules in a separate
file. Thus let's merge netboot.mak into the main Makefile.
Message-Id: <20240621082422.136217-7-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 20 Jun 2024 14:59:28 +0000 (16:59 +0200)]
hw/s390x: Remove the possibility to load the s390-netboot.img binary
Since the netboot code has now been merged into the main s390-ccw.img
binary, we don't need the separate s390-netboot.img anymore. Remove
it and the code that was responsible for loading it.
Message-Id: <20240621082422.136217-6-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:37 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Link the netboot code into the main s390-ccw.img binary
We originally built a separate binary for the netboot code since it
was considered as experimental and we could not be sure that the
necessary SLOF module had been checked out. Time passed, the code
proved its usefulness, and the build system nowadays makes sure that
the SLOF module is checked out if you have a s390x compiler available
for building the s390-ccw bios. So there is no real compelling reason
anymore to keep the netboot code in a separate binary. Linking the
code together with the main s390-ccw.img will make future enhancements
much easier, like supporting more than one boot device.
Co-authored by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20241020012953.1380075-4-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Sun, 20 Oct 2024 01:29:36 +0000 (21:29 -0400)]
pc-bios/s390-ccw: Use the libc from SLOF and remove sclp prints
We are already using the libc from SLOF for the s390-netboot.img, and
this libc implementation is way more complete and accurate than the
simple implementation that we currently use for the s390-ccw.img binary.
Since we are now always assuming that the SLOF submodule is available
when building the s390-ccw bios (see commit bf6903f6944f), we can drop
the simple implementation and use the SLOF libc for the s390-ccw.img
binary, too.
Additionally replace sclp_print calls with puts/printf now that it is
available.
Co-authored by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20241020012953.1380075-3-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Yao Zi [Tue, 22 Oct 2024 16:01:37 +0000 (16:01 +0000)]
linux-user/riscv: Fix definition of RISCV_HWPROBE_EXT_ZVFHMIN
Current definition yields a negative 32bits value, messing up hwprobe
result when Zvfhmin extension presents. Replace it by using a 1ULL bit
shift value as done in kernel upstream.
Link: https://github.com/torvalds/linux/commit/5ea6764d9095e234b024054f75ebbccc4f0eb146 Fixes: a3432cf227 ("linux-user/riscv: Sync hwprobe keys with Linux") Cc: qemu-stable@nongnu.org Signed-off-by: Yao Zi <ziyao@disroot.org>
Message-ID: <20241022160136.21714-2-ziyao@disroot.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Yao Zi [Tue, 22 Oct 2024 12:29:30 +0000 (12:29 +0000)]
linux-user: Fix build failure caused by missing __u64 on musl
Commit 9651cead2f ("linux-user: add openat2 support in linux-user")
ships a definition of struct open_how_ver0 while assuming type __u64 is
available in code, which is not the case when building QEMU on musl.
Let's replaces __u64 with uint64_t.
Fixes: 9651cead2f ("linux-user: add openat2 support in linux-user") Signed-off-by: Yao Zi <ziyao@disroot.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20241022122929.17465-2-ziyao@disroot.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Tue, 22 Oct 2024 10:26:16 +0000 (12:26 +0200)]
linux-user: Trace rt_sigprocmask's sigsets
Add a function for formatting target sigsets. It can be useful for
other syscalls in the future, so put it into the beginning of strace.c.
For simplicity, do not implement the strace's ~[] output syntax.
Ilya Leoshkevich [Thu, 17 Oct 2024 12:54:43 +0000 (14:54 +0200)]
linux-user/ppc: Fix sigmask endianness issue in sigreturn
do_setcontext() copies the target sigmask without endianness handling
and then uses target_to_host_sigset_internal(), which expects a
byte-swapped one. Use target_to_host_sigset() instead.
Fixes: bcd4933a23f1 ("linux-user: ppc signal handling") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241017125811.447961-2-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Mon, 14 Oct 2024 20:34:21 +0000 (22:34 +0200)]
linux-user: Emulate /proc/self/maps under mmap_lock
If one thread modifies the mappings and another thread prints them,
a situation may occur that the printer thread sees a guest mapping
without a corresponding host mapping, leading to a crash in
open_self_maps_2().
Cc: qemu-stable@nongnu.org Fixes: 7b7a3366e142 ("linux-user: Use walk_memory_regions for open_self_maps") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241014203441.387560-1-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Sun, 13 Oct 2024 18:47:33 +0000 (11:47 -0700)]
target/i386: Remove ra parameter from ptw_translate
This argument is no longer used.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241013184733.1423747-4-richard.henderson@linaro.org>
Alexander Graf [Sat, 21 Sep 2024 08:57:12 +0000 (08:57 +0000)]
target/i386: Walk NPT in guest real mode
When translating virtual to physical address with a guest CPU that
supports nested paging (NPT), we need to perform every page table walk
access indirectly through the NPT, which we correctly do.
However, we treat real mode (no page table walk) special: In that case,
we currently just skip any walks and translate VA -> PA. With NPT
enabled, we also need to then perform NPT walk to do GVA -> GPA -> HPA
which we fail to do so far.
The net result of that is that TCG VMs with NPT enabled that execute
real mode code (like SeaBIOS) end up with GPA==HPA mappings which means
the guest accesses host code and data. This typically shows as failure
to boot guests.
This patch changes the page walk logic for NPT enabled guests so that we
always perform a GVA -> GPA translation and then skip any logic that
requires an actual PTE.
That way, all remaining logic to walk the NPT stays and we successfully
walk the NPT in real mode.
Cc: qemu-stable@nongnu.org Fixes: fe441054bb3f0 ("target-i386: Add NPT support") Signed-off-by: Alexander Graf <graf@amazon.com> Reported-by: Eduard Vlad <evlad@amazon.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240921085712.28902-1-graf@amazon.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
was translated to `slwi r15, r14, 0` instead of `slwi r14, r14, 0`
due to SH field overflow. SH field is 5 bits, and tcg_out_rlw is called
in some situations with `32-n`, when `n` is 0 it results in an overflow
to RA field.
This commit prevents overflow of that field and adds debug assertions
for the other fields
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Dani Szebenyi <szedani@linux.ibm.com>
Message-ID: <20241022133535.69351-2-szedani@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
TANG Tiancheng [Mon, 7 Oct 2024 02:56:54 +0000 (10:56 +0800)]
tcg/riscv: Implement vector cmp/cmpsel ops
Extend comparison results from mask registers to SEW-width elements,
following recommendations in The RISC-V SPEC Volume I (Version 20240411).
This aligns with TCG's cmp_vec behavior by expanding compare results to
full element width: all 1s for true, all 0s for false.
Signed-off-by: TANG Tiancheng <tangtiancheng.ttc@alibaba-inc.com> Reviewed-by: Liu Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241007025700.47259-7-zhiwei_liu@linux.alibaba.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Huang Shiyuan [Mon, 7 Oct 2024 02:56:50 +0000 (10:56 +0800)]
tcg/riscv: Add basic support for vector
The RISC-V vector instruction set utilizes the LMUL field to group
multiple registers, enabling variable-length vector registers. This
implementation uses only the first register number of each group while
reserving the other register numbers within the group.
In TCG, each VEC_IR can have 3 types (TCG_TYPE_V64/128/256), and the
host runtime needs to adjust LMUL based on the type to use different
register groups.
This presents challenges for TCG's register allocation. Currently, we
avoid modifying the register allocation part of TCG and only expose the
minimum number of vector registers.
For example, when the host vlen is 64 bits and type is TCG_TYPE_V256, with
LMUL equal to 4, we use 4 vector registers as one register group. We can
use a maximum of 8 register groups, but the V0 register number is reserved
as a mask register, so we can effectively use at most 7 register groups.
Moreover, when type is smaller than TCG_TYPE_V256, only 7 registers are
forced to be used. This is because TCG cannot yet dynamically constrain
registers with type; likewise, when the host vlen is 128 bits and
TCG_TYPE_V256, we can use at most 15 registers.
There is not much pressure on vector register allocation in TCG now, so
using 7 registers is feasible and will not have a major impact on code
generation.
This patch:
1. Reserves vector register 0 for use as a mask register.
2. When using register groups, reserves the additional registers within
each group.
Signed-off-by: Huang Shiyuan <swung0x48@outlook.com> Co-authored-by: TANG Tiancheng <tangtiancheng.ttc@alibaba-inc.com> Signed-off-by: TANG Tiancheng <tangtiancheng.ttc@alibaba-inc.com> Reviewed-by: Liu Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241007025700.47259-3-zhiwei_liu@linux.alibaba.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
TANG Tiancheng [Mon, 7 Oct 2024 02:56:49 +0000 (10:56 +0800)]
util: Add RISC-V vector extension probe in cpuinfo
Add support for probing RISC-V vector extension availability in
the backend. This information will be used when deciding whether
to use vector instructions in code generation.
Cache lg2(vlenb) for the backend. The storing of lg2(vlenb) means
we can convert all of the division into subtraction.
While the compiler doesn't support RISCV_HWPROBE_EXT_ZVE64X,
we use RISCV_HWPROBE_IMA_V instead. RISCV_HWPROBE_IMA_V is more
strictly constrainted than RISCV_HWPROBE_EXT_ZVE64X. At least in
current QEMU implemenation, the V vector extension depends on the
zve64d extension.
Signed-off-by: TANG Tiancheng <tangtiancheng.ttc@alibaba-inc.com> Reviewed-by: Liu Zhiwei <zhiwei_liu@linux.alibaba.com> Tested-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20241007025700.47259-2-zhiwei_liu@linux.alibaba.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 16 Oct 2024 16:57:15 +0000 (16:57 +0000)]
disas/riscv: Fix vsetivli disassembly
The first immediate field is unsigned, whereas operand_vimm
extracts a signed value. There is no need to mask the result
with 'u'; just print the immediate with 'i'.
Fixes: 07f4964d178 ("disas/riscv.c: rvv: Add disas support for vector instructions") Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Thomas Huth [Fri, 21 Jun 2024 08:24:17 +0000 (10:24 +0200)]
hw/s390x/ipl: Provide more memory to the s390-ccw.img firmware
We are going to link the SLOF libc into the s390-ccw.img, and this
libc needs more memory for providing space for malloc() and friends.
Thus bump the memory size that we reserve for the bios to 3 MiB
instead of only 2 MiB. While we're at it, add a proper check that
there is really enough memory assigned to the machine before blindly
using it.
Message-ID: <20240621082422.136217-3-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Kevin Wolf [Thu, 29 Aug 2024 18:55:27 +0000 (20:55 +0200)]
raw-format: Fix error message for invalid offset/size
s->offset and s->size are only set at the end of the function and still
contain the old values when formatting the error message. Print the
parameters with the new values that we actually checked instead.
Fixes: 500e2434207d ('raw-format: Split raw_read_options()') Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20240829185527.47152-1-kwolf@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Leonid Kaplan [Wed, 2 Oct 2024 15:18:06 +0000 (18:18 +0300)]
block-backend: per-device throttling of BLOCK_IO_ERROR reports
BLOCK_IO_ERROR events comes from guest, so we must throttle them.
We still want per-device throttling, so let's use device id as a key.
Signed-off-by: Leonid Kaplan <xeor@yandex-team.ru> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20241002151806.592469-3-vsementsov@yandex-team.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Vladimir Sementsov-Ogievskiy [Wed, 2 Oct 2024 15:18:05 +0000 (18:18 +0300)]
qapi: add qom-path to BLOCK_IO_ERROR event
We need something more reliable than "device" (which absent in modern
interfaces) and "node-name" (which may absent, and actually don't
specify the device, which is a source of error) to make a per-device
throttling for the event in the following commit.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20241002151806.592469-2-vsementsov@yandex-team.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Vladimir Sementsov-Ogievskiy [Thu, 20 Jun 2024 14:44:02 +0000 (17:44 +0300)]
iotests/backup-discard-source: don't use actual-size
Relying on disk usage is bad thing, and test just doesn't work on XFS.
Let's instead add a dirty bitmap to track writes to test image.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20240620144402.65896-3-vsementsov@yandex-team.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Tested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Vladimir Sementsov-Ogievskiy [Thu, 20 Jun 2024 14:44:01 +0000 (17:44 +0300)]
iotests/backup-discard-source: convert size variable to be int
Make variable reusable in code for checks. Don't care to change "512 *
1024" invocations as they will be dropped in the next commit.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20240620144402.65896-2-vsementsov@yandex-team.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Tue, 8 Oct 2024 16:47:08 +0000 (17:47 +0100)]
block/vdi.c: Make SECTOR_SIZE constant 64-bits
Make the VDI SECTOR_SIZE define be a 64-bit constant; this matches
how we define BDRV_SECTOR_SIZE. The benefit is that it means that we
don't need to carefully cast to 64-bits when doing operations like
"n_sectors * SECTOR_SIZE" to avoid doing a 32x32->32 multiply, which
might overflow, and which Coverity and other static analysers tend to
warn about.
The specific potential overflow Coverity is highlighting is the one
at the end of vdi_co_pwritev() where we write out n_sectors sectors
to the block map. This is very unlikely to actually overflow, since
the block map has 4 bytes per block and the maximum number of blocks
in the image must fit into a 32-bit integer. So this commit is not
fixing a real-world bug.
An inspection of all the places currently using SECTOR_SIZE in the
file shows none which care about the change in its type, except for
one call to error_setg() which needs the format string adjusting.
Resolves: Coverity CID 1508076 Suggested-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241008164708.2966400-5-peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Tue, 8 Oct 2024 16:47:07 +0000 (17:47 +0100)]
tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field
In commit 52b10c9c0c68e90f in 2023 the QAPI MapEntry struct was
updated to add a 'compressed' field. That commit updated a number
of iotest expected-output files, but missed 211, which is vdi
specific. The result is that
./check -vdi
and more specifically
./check -vdi 211
fails because the expected and actual output don't match.
Update the reference output.
Cc: qemu-stable@nongnu.org Fixes: 52b10c9c0c68e90f ("qemu-img: map: report compressed data blocks") Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20241008164708.2966400-4-peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Tue, 8 Oct 2024 16:47:06 +0000 (17:47 +0100)]
block/ssh.c: Don't double-check that characters are hex digits
In compare_fingerprint() we effectively check whether the characters
in the fingerprint are valid hex digits twice: first we do so with
qemu_isxdigit(), but then the hex2decimal() function also has a code
path where it effectively detects an invalid digit and returns -1.
This causes Coverity to complain because it thinks that we might use
that -1 value in an expression where it would be an integer overflow.
Avoid the double-check of hex digit validity by testing the return
values from hex2decimal() rather than doing separate calls to
qemu_isxdigit().
Since this means we now use the illegal-character return value
from hex2decimal(), rewrite it from "-1" to "UINT_MAX", which
has the same effect since the return type is "unsigned" but
looks less confusing at the callsites when we detect it with
"c0 > 0xf".
Resolves: Coverity CID 1547813 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241008164708.2966400-3-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Coverity correctly complains that the assignment "str = NULL" at the
end of the loop is unnecessary, because we will either go back to the
top of the loop and overwrite it, or else we will exit the loop and
then exit the function without ever reading str again. The assignment
is there as defensive coding to ensure that str is only non-NULL if
it's a live allocation, so this is intentional.
We can make Coverity happier and simplify the code here by using
g_autofree, since we never need 'str' outside the loop.
Resolves: Coverity CID 1527385 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241008164708.2966400-2-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
replace error_setg(&error_fatal, ...) with error_report()
meson.build: Remove ncurses workaround for OpenBSD
configure: Replace literally printed '\n' with newline
ui/console-vc: Silence warning about sprintf() on OpenBSD
linux-user: Clean up unused header
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Daniel P. Berrangé [Mon, 21 Oct 2024 16:27:56 +0000 (17:27 +0100)]
gitlab: enable afalg tests in fedora system test
The AF_ALG crypto integration for Linux is not being tested in
any CI scenario. It always requires an explicit configure time
flag to be passed to turn it on. The Fedora system test is
arbitrarily picked as the place to test it.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Mon, 16 Sep 2024 12:49:11 +0000 (13:49 +0100)]
ui: validate NUL byte padding in SASL client data more strictly
When the SASL data is non-NULL, the SASL protocol spec requires that
it is padded with a trailing NUL byte. QEMU discards the trailing
byte, but does not currently validate that it was in fact a NUL.
Apply strict validation to better detect any broken clients.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Mon, 16 Sep 2024 12:47:11 +0000 (13:47 +0100)]
ui: fix handling of NULL SASL server data
The code is supposed to distinguish between SASL server data that
is NULL, vs non-NULL but zero-length. It was incorrectly checking
the 'serveroutlen' variable, rather than 'serverout' though, so
failing to distinguish the cases.
Fortunately we can fix this without breaking compatibility with
clients, as clients already know how to decode the input data
correctly.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
projects / users / dwmw2 / qemu.git / log