Song Gao [Tue, 22 Aug 2023 07:19:51 +0000 (09:19 +0200)]
target/loongarch: Add a check parameter to the TRANS macro
The default check parmeter is ALL.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20230822032724.1353391-8-gaosong@loongson.cn>
Message-Id: <20230822071959.35620-2-philmd@linaro.org>
Philippe Mathieu-Daudé [Mon, 21 Aug 2023 12:59:56 +0000 (14:59 +0200)]
target/loongarch: Extract 64-bit specifics to loongarch64_cpu_class_init
Extract loongarch64 specific code from loongarch_cpu_class_init()
to a new loongarch64_cpu_class_init().
In preparation of supporting loongarch32 cores, rename these
functions using the '64' suffix.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230821125959.28666-6-philmd@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
In preparation of introducing TYPE_LOONGARCH32_CPU, introduce
an abstract TYPE_LOONGARCH64_CPU.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230821125959.28666-5-philmd@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230817093121.1053890-11-gaosong@loongson.cn> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230821125959.28666-4-philmd@linaro.org>
Commit 228021f05e ("target/loongarch: Add core definition") sets
disas_set_info to loongarch_cpu_disas_set_info. Probably due to
a failed git-rebase, commit ca61e75071 ("target/loongarch: Add gdb
support") also sets it to the same value. Remove the duplication.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20230821125959.28666-3-philmd@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
Philippe Mathieu-Daudé [Mon, 21 Aug 2023 12:59:52 +0000 (14:59 +0200)]
target/loongarch: Log I/O write accesses to CSR registers
Various CSR registers have Read/Write fields. We might
want to see guest trying to change such registers.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20230821125959.28666-2-philmd@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
Daniel Henrique Barboza [Fri, 11 Aug 2023 16:02:24 +0000 (13:02 -0300)]
hw/riscv/virt.c: change 'aclint' TCG check
The 'aclint' property is being conditioned with tcg acceleration in
virt_machine_class_init(). But acceleration code starts later than the
class init of the board, meaning that tcg_enabled() will be always be
false during class_init(), and the option is never being declared even
when declaring TCG accel:
$ ./build/qemu-system-riscv64 -M virt,accel=tcg,aclint=on
qemu-system-riscv64: Property 'virt-machine.aclint' not found
Fix it by moving the check from class_init() to machine_init(). Tune the
description to mention that the option is TCG only.
Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Fixes: c0716c81b ("hw/riscv/virt: Restrict ACLINT to TCG")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1823 Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230811160224.440697-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 2 Aug 2023 18:00:58 +0000 (15:00 -0300)]
target/riscv/kvm.c: fix mvendorid size in vcpu_set_machine_ids()
cpu->cfg.mvendorid is a 32 bit field and kvm_set_one_reg() always write
a target_ulong val, i.e. a 64 bit field in a 64 bit host.
Given that we're passing a pointer to the mvendorid field, the reg is
reading 64 bits starting from mvendorid and going 32 bits in the next
field, marchid. Here's an example:
'mvendorid' was written as a combination of 0xab (the value from the
adjacent field, marchid) and its intended value 0xcd.
Fix it by assigning cpu->cfg.mvendorid to a target_ulong var 'reg' and
use it as input for kvm_set_one_reg(). Here's the result with this patch
applied and using the same QEMU command line:
This bug affects only the generic (rv64) CPUs when running with KVM in a
64 bit env since the 'host' CPU does not allow the machine IDs to be
changed via command line.
Fixes: 1fb5a622f7 ("target/riscv: handle mvendorid/marchid/mimpid for KVM CPUs") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20230802180058.281385-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Richard Henderson [Fri, 11 Aug 2023 17:28:23 +0000 (10:28 -0700)]
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
pci: last minute bugfixes
two fixes that seem very safe and important enough to sneak
in before the release.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmTWXvIPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpe7sH/0KteOBt324LUYZ+4NR6EQE5KDsCANGiySBK
# r0B6lhcFHvNd2ej0g2hW7lL6nVVCQBkJLLzfNIR/aHkeCmOttfbhv4eF4S6Ho27d
# DpkXCPZRT6F11gY7G1swFapNS/f0P7F5LGRjq4sbuw3FpyHBz0DqCQ0GOab2Qorq
# VfuOfA01nYGNzHOKrEL7k9Io55oqPVcAe+5TaipNCQ4nW82i32ItTyFjQFdLIAay
# qY4HEwP9vPuVwWNdQjXJNfirLMO5GQfEbyKDAjap2sL25zAV2w+mgn7xg/xkTfM6
# iMX2m14lKRMy2hr8dEVh/XdLf7loAN1jSE8/Wdt+PEaexolqxCM=
# =1GLE
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 11 Aug 2023 09:16:50 AM PDT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
pci: Fix the update of interrupt disable bit in PCI_COMMAND register
hw/pci-host: Allow extended config space access for Designware PCIe host
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Guoyi Tu [Fri, 11 Aug 2023 14:46:51 +0000 (22:46 +0800)]
pci: Fix the update of interrupt disable bit in PCI_COMMAND register
The PCI_COMMAND register is located at offset 4 within
the PCI configuration space and occupies 2 bytes. The
interrupt disable bit is at the 10th bit, which corresponds
to the byte at offset 5 in the PCI configuration space.
In our testing environment, the guest driver may directly
updates the byte at offset 5 in the PCI configuration space.
The backtrace looks like as following:
at hw/pci/pci.c:1442
at hw/virtio/virtio-pci.c:605
val=5, len=1) at hw/pci/pci_host.c:81
In this situation, the range_covers_byte function called
by the pci_default_write_config function will return false,
resulting in the inability to handle the interrupt disable
update event.
To fix this issue, we can use the ranges_overlap function
instead of range_covers_byte to determine whether the interrupt
bit has been updated.
Signed-off-by: Guoyi Tu <tugy@chinatelecom.cn> Signed-off-by: yuanminghao <yuanmh12@chinatelecom.cn>
Message-Id: <ce2d0437-8faa-4d61-b536-4668f645a959@chinatelecom.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Fixes: b6981cb57be5 ("pci: interrupt disable bit support")
Jason Chien [Wed, 9 Aug 2023 10:22:50 +0000 (10:22 +0000)]
hw/pci-host: Allow extended config space access for Designware PCIe host
In pcie_bus_realize(), a root bus is realized as a PCIe bus and a non-root
bus is realized as a PCIe bus if its parent bus is a PCIe bus. However,
the child bus "dw-pcie" is realized before the parent bus "pcie" which is
the root PCIe bus. Thus, the extended configuration space is not accessible
on "dw-pcie". The issue can be resolved by adding the
PCI_BUS_EXTENDED_CONFIG_SPACE flag to "pcie" before "dw-pcie" is realized.
Signed-off-by: Jason Chien <jason.chien@sifive.com>
Message-Id: <20230809102257.25121-1-jason.chien@sifive.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Jason Chien <<a href="mailto:jason.chien@sifive.com" target="_blank">jason.chien@sifive.com</a>><br>
Richard Henderson [Thu, 10 Aug 2023 18:10:01 +0000 (11:10 -0700)]
Merge tag 'pull-tcg-20230810' of https://gitlab.com/rth7680/qemu into staging
accel/tcg: Avoid reading too much in load_atom_{2,4}
tests/tcg: ensure system-mode gdb tests start stopped
gdbstub: more fixes for client Ctrl-C handling
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTVJ4EdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+/iAf9EUojONGO1FQCUokR
# +8kfHFaGH5R5U4v6Zd6xlwHt94iagW8s+DdpM/YdmgZFxQ5jglCCsLOXQYtJ/HPu
# McKRv86Yr264ysrwYzTuyOLIC585UU0KzYbGBQvjCSeQ43Au5bR/3ec35Lwgm7OO
# eukLdpmuD4QoSgBmVgkbziKH1zaX8NjgPoWGfFqxfzzWUZBfU4VfyLgGKw2gtqoz
# fMTORiqbnzSvQfYINNJ0qBTyXWm0YmydDzaK6zfBrsCzdMk3JYksxgneItvqgRar
# A5UAYUPhBPftIyTAnI3PQo+siyuaDhFRU9BwHb25a/pkuOUg8PBFO2HruseLmmdl
# bPcnhQ==
# =7c0w
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 10 Aug 2023 11:08:01 AM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20230810' of https://gitlab.com/rth7680/qemu:
gdbstub: don't complain about preemptive ACK chars
gdbstub: more fixes for client Ctrl-C handling
tests/tcg: ensure system-mode gdb tests start stopped
accel/tcg: Avoid reading too much in load_atom_{2,4}
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Alex Bennée [Thu, 10 Aug 2023 15:36:40 +0000 (16:36 +0100)]
gdbstub: don't complain about preemptive ACK chars
When starting a remote connection GDB sends an '+':
/* Ack any packet which the remote side has already sent. */
remote_serial_write ("+", 1);
which gets flagged as a garbage character in the gdbstub state
machine. As gdb does send it out lets be permissive about the handling
so we can better see real issues.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: gdb-patches@sourceware.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230810153640.1879717-9-alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Without -S we run into potential races with tests starting before the
gdbstub attaches. We don't need to worry about user-mode as enabling
the gdbstub implies we wait for the initial connection.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230810153640.1879717-7-alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 10 Aug 2023 15:37:14 +0000 (08:37 -0700)]
accel/tcg: Avoid reading too much in load_atom_{2,4}
When load_atom_extract_al16_or_al8 is inexpensive, we want to use
it early, in order to avoid the overhead of required_atomicity.
However, we must not read past the end of the page.
If there are more than 8 bytes remaining, then both the "aligned 16"
and "aligned 8" paths align down so that the read has at least
16 bytes remaining on the page.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 9 Aug 2023 17:48:46 +0000 (10:48 -0700)]
Merge tag 'pull-lu-20230809' of https://gitlab.com/rth7680/qemu into staging
linux-user: Fixes for mmap syscall emulation
linux-user: Correctly detect access to /proc in openat
util/interval-tree: Check root for null in interval_tree_iter_first
tests/tcg: Disable filename test for info proc mappings
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTT0O4dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9NeQf/SGtJsvcMdPPcOt1P
# ZK9fBK+gS9XzWvkquSL2wehs0ZY61u2IHznIqsFxhhmPqNTZPKb27u6Cg8DCxYdw
# Hc+YMtjx2MOBv2pXTCc14XWkTsclP2jJaf2VUFIR/MowBJb7Xcgbv53PvRnCn3xT
# KC80Pm6eJZFT0EkQZwHbT8doakkjyIx8JIapdNFvD6Ne0CWCKOwDK9sF5ob1Tf5g
# BXyCw5ZtnCiToYw+RpBnhZ1wsInV+o/MV7FwcgrxGWB+4ovwRLknBzAggHvhz3ZO
# pdCqvobBtUk88+txMX6ewIDYU9BsuOnWDR+j99MD9/kPtbgSLlRYzxJ0PAjCMG6m
# xu0Tyg==
# =n1TD
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 09 Aug 2023 10:46:22 AM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-lu-20230809' of https://gitlab.com/rth7680/qemu:
linux-user: Fix openat() emulation to correctly detect accesses to /proc
util/interval-tree: Check root for null in interval_tree_iter_first
tests/tcg: Disable filename test for info proc mappings
linux-user: Use ARRAY_SIZE with bitmask_transtbl
linux-user: Split out do_mmap
qemu/osdep: Remove fallback for MAP_FIXED_NOREPLACE
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 9 Aug 2023 17:48:30 +0000 (10:48 -0700)]
Merge tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme: fixes
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTTlmcACgkQTeGvMW1P
# DemjjggAnhEvaJ4fgS9rsvtxCwtzLNc405xMpNxh6rPaxa+sL3RXPIrW6vWG13+W
# VcHw8DI8EV4DzAFP919ZmTUq9/boRbgxx84bStlILUPHWol8+eGYVVfT75wFKszx
# d4Vi3nyPSGlrxieSrosARqimcUDtFtDGGAxjvEcKgzhkcU3a8DVYAOmx/hdlWJJQ
# KSk4h/E1pKItFbvv+w9yszsbToeZN65oIy7kQtFgx0JOULyWvEYSVygotw/AruF3
# FPQ0nrJuZ115w3cJWDszznVJ6+3EcWbD3luQc3zE1FOPp76EkAOkcnPh1XbBJrE2
# 2BsCX/XnXcZT7BWSJbEzGXLsHjqsPg==
# =Zy0+
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 09 Aug 2023 06:36:39 AM PDT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix null pointer access in ruh update
hw/nvme: fix null pointer access in directive receive
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Thu, 3 Aug 2023 21:44:47 +0000 (23:44 +0200)]
linux-user: Fix openat() emulation to correctly detect accesses to /proc
In qemu we catch accesses to files like /proc/cpuinfo or /proc/net/route
and return to the guest contents which would be visible on a real system
(instead what the host would show).
This patch fixes a bug, where for example the accesses
cat /proc////cpuinfo
or
cd /proc && cat cpuinfo
will not be recognized by qemu and where qemu will wrongly show
the contents of the host's /proc/cpuinfo file.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230803214450.647040-2-deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Wed, 9 Aug 2023 15:11:39 +0000 (17:11 +0200)]
util/interval-tree: Check root for null in interval_tree_iter_first
Fix a crash in qemu-user when running
cat /proc/self/maps
in a chroot, where /proc isn't mounted.
The problem was introduced by commit 3ce3dd8ca965 ("util/selfmap:
Rewrite using qemu/interval-tree.h") where in open_self_maps_1() the
function read_self_maps() is called and which returns NULL if it can't
read the hosts /proc/self/maps file. Afterwards that NULL is fed into
interval_tree_iter_first() which doesn't check if the root node is NULL.
Fix it by adding a check if root is NULL and return NULL in that case.
Signed-off-by: Helge Deller <deller@gmx.de> Fixes: 3ce3dd8ca965 ("util/selfmap: Rewrite using qemu/interval-tree.h")
Message-Id: <ZNOsq6Z7t/eyIG/9@p100> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 23:41:20 +0000 (23:41 +0000)]
tests/tcg: Disable filename test for info proc mappings
This test fails when host page size != guest page size,
because qemu may not be able to directly map the file.
Fixes: a6341482695 ("tests/tcg: Add a test for info proc mappings") Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 01:26:54 +0000 (18:26 -0700)]
linux-user: Use ARRAY_SIZE with bitmask_transtbl
Rather than using a zero tuple to end the table, use a macro
to apply ARRAY_SIZE and pass that on to the convert functions.
This fixes two bugs in which the conversion functions required
that both the target and host masks be non-zero in order to
continue, rather than require both target and host masks be
zero in order to terminate.
This affected mmap_flags_tbl when the host does not support
all of the flags we wish to convert (e.g. MAP_UNINITIALIZED).
Mapping these flags to zero is good enough, and matches how
the kernel ignores bits that are unknown.
Fixes: 4b840f96 ("linux-user: Populate more bits in mmap_flags_tbl") Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 01:22:35 +0000 (18:22 -0700)]
linux-user: Split out do_mmap
New function that rejects unsupported map types and flags.
In 4b840f96 we should not have accepted MAP_SHARED_VALIDATE
without actually validating the rest of the flags.
Fixes: 4b840f96 ("linux-user: Populate more bits in mmap_flags_tbl") Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 16:44:18 +0000 (09:44 -0700)]
qemu/osdep: Remove fallback for MAP_FIXED_NOREPLACE
In order for our emulation of MAP_FIXED_NOREPLACE to succeed within
linux-user target_mmap, we require a non-zero value. This does not
require host kernel support, merely the bit being defined.
MAP_FIXED_NOREPLACE was added with glibc 2.28. From repology.org:
Richard Henderson [Tue, 8 Aug 2023 23:39:20 +0000 (16:39 -0700)]
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme fixes
- fix for invalid protection information calculation
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTSREoACgkQTeGvMW1P
# DekH6Qf/e3gi0KloAUpbTQvGmBA6XmkJFAtOdZn7IJXVCowjYTIKU84DrdPyT1c1
# rofL4w0klKG5c4Or/Cs4dH/ASxTWaQZRlFAYxsTW3nUX74MnaFDRZcN2geb30ws7
# ryejVEKeHNWH/YYY4Ny55wO3tmy2ILAKnbiadiXhj4dQfCK1GzZnrx10PWxLNlkZ
# KRhiXLNBHpPnDlrLq7/nLs+/0cMrrqEz6ISm/Ju4iUczAH/wmqEbR/yD3pAwmH07
# PCaSeegOpwscovI5TWRelOJlzIXb6D8Xk9d3dGL5x/eeN7GlkgERX4MAcNYKwe8T
# JNR8y2ErTEj2nLU/juES1EpiR2gYKw==
# =vJlA
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 08 Aug 2023 06:34:02 AM PDT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu:
docs: update hw/nvme documentation for protection information
hw/nvme: fix CRC64 for guard tag
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 21:10:06 +0000 (14:10 -0700)]
Merge tag 'pull-lu-20230808' of https://gitlab.com/rth7680/qemu into staging
linux-user: Adjust guest image layout vs reserved_va
linux-user: Do not adjust image mapping for host page size
linux-user: Adjust initial brk when interpreter is close to executable
util/selfmap: Rewrite using qemu/interval-tree.h
linux-user: Rewrite probe_guest_base
* tag 'pull-lu-20230808' of https://gitlab.com/rth7680/qemu:
linux-user: Rewrite non-fixed probe_guest_base
linux-user: Rewrite fixed probe_guest_base
linux-user: Consolidate guest bounds check in probe_guest_base
linux-user: Remove duplicate CPU_LOG_PAGE from probe_guest_base
util/selfmap: Rewrite using qemu/interval-tree.h
linux-user: Use zero_bss for PT_LOAD with no file contents too
linux-user: Do not adjust zero_bss for host page size
linux-user: Do not adjust image mapping for host page size
linux-user: Adjust initial brk when interpreter is close to executable
linux-user: Use elf_et_dyn_base for ET_DYN with interpreter
linux-user: Use MAP_FIXED_NOREPLACE for initial image mmap
linux-user: Define ELF_ET_DYN_BASE in $guest/target_mman.h
linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h
linux-user: Adjust task_unmapped_base for reserved_va
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 8 Aug 2023 21:09:48 +0000 (14:09 -0700)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* cleanup architecture canonicalization once and for all
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmTSjQAUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPc8Qf/XjwCmHzRm6VSengi5OywjeanKpO6
# yJ8mbA0tqx7DxH+ke3y0kH7QGbScnV7mh/s5SnjHDR38K0z604E773UVEk5JwtMb
# b64jsaCiq0XhiPKHA0xtYo2F4W17LxIIcyG2d1Fgmngvnat3LpswXGEXJbKCnIV9
# KzgKNpCf6o+o1f/U6LaxInHbYRaDW03HSFfCHgNyYOBxgbPC/UYRuslqC8pIdp/5
# mGLhloJh/WKi8iL0Xsjl1GN/0d9UHC6bUAW+f1JjET5IjeOtdxh6hgDr9hAc3ZC+
# stTTri7pM6VeCv+lT5tSN+o7IdzpGjMXb0kozjkinoafhDfp8EvJyOdfrg==
# =5Z/e
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 08 Aug 2023 11:44:16 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
configure: unify case statements for CPU canonicalization
linux-user: cleanup unused linux-user/include/host directories
configure: fix detection for x32 linux-user
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 7 Aug 2023 05:26:10 +0000 (22:26 -0700)]
linux-user: Rewrite non-fixed probe_guest_base
Use pgb_addr_set to probe for all of the guest addresses,
not just the main executable. Handle the identity map
specially and separately from the search.
If /proc/self/maps is available, utilize the full power
of the interval tree search, rather than a linear search
through the address list.
If /proc/self/maps is not available, increase the skip
between probes so that we do not probe every single page
of the host address space. Choose 1 MiB for 32-bit hosts
(max 4k probes) and 1 GiB for 64-bit hosts (possibly a
large number of probes, but the large step makes it more
likely to find empty space quicker).
Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 7 Aug 2023 04:03:27 +0000 (21:03 -0700)]
linux-user: Rewrite fixed probe_guest_base
Create a set of subroutines to collect a set of guest addresses,
all of which must be mappable on the host. Use this within the
renamed pgb_fixed subroutine to validate the user's choice of
guest_base specified by the -B command-line option.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 3 Aug 2023 20:13:03 +0000 (20:13 +0000)]
linux-user: Do not adjust image mapping for host page size
Remove TARGET_ELF_EXEC_PAGESIZE, and 3 other TARGET_ELF_PAGE* macros
based off of that. Rely on target_mmap to handle guest vs host page
size mismatch.
Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Wed, 2 Aug 2023 23:14:01 +0000 (16:14 -0700)]
linux-user: Adjust initial brk when interpreter is close to executable
While we attempt to load a ET_DYN executable far away from
TASK_UNMAPPED_BASE, we are not completely in control of the
address space layout. If the interpreter lands close to
the executable, leaving insufficient heap space, move brk.
Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Helge Deller <deller@gmx.de>
[rth: Re-order after ELF_ET_DYN_BASE patch so that we do not
"temporarily break" tsan, and also to minimize the changes required.
Remove image_info.reserve_brk as unused.] Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 2 Aug 2023 22:58:07 +0000 (15:58 -0700)]
linux-user: Use elf_et_dyn_base for ET_DYN with interpreter
Follow the lead of the linux kernel in fs/binfmt_elf.c,
in which an ET_DYN executable which uses an interpreter
(usually a PIE executable) is loaded away from where the
interpreter itself will be loaded.
Paolo Bonzini [Tue, 8 Aug 2023 12:03:03 +0000 (14:03 +0200)]
configure: unify case statements for CPU canonicalization
The CPU model has to be canonicalized to what Meson wants in the cross
file, to what Linux uses for its asm-$ARCH directories, and to what
QEMU uses for its user-mode emulation host/$ARCH directories. Do
all three in a single case statement, and check that the Linux and
QEMU directories actually exist.
At a small cost in repeated lines, this ensures that there are no hidden
ordering requirements between the case statements. In particular, commit 89e5b7935e9 ("configure: Fix linux-user host detection for riscv64",
2023-08-06) broke ppc64le because it assigned host_arch based on a
non-canonicalized version of $cpu.
Reported-by: Joel Stanley <joel@jms.id.au> Fixes: 89e5b7935e9 ("configure: Fix linux-user host detection for riscv64", 2023-08-06) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230808120303.585509-4-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alpha and 31-bit s390 lack the assembly fragment to handle signals
occurring at the same time as system calls, so they cannot run
linux-user emulation anymore. Drop the host-signal.h files for
them.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230808120303.585509-3-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 8 Aug 2023 12:03:01 +0000 (14:03 +0200)]
configure: fix detection for x32 linux-user
x32 uses the same signal handling fragments as x86_64, since host_arch
is set to x86_64 when Meson runs. Remove the unnecessary forwarder and
set the host_arch variable properly in configure.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20230808120303.585509-2-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Ankit Kumar [Mon, 7 Aug 2023 21:27:45 +0000 (02:57 +0530)]
docs: update hw/nvme documentation for protection information
Add missing entry for pif ("protection information format").
Protection information size can be 8 or 16 bytes, Update the pil entry
as per the NVM command set specification.
Signed-off-by: Ankit Kumar <ankit.kumar@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
* tag 'fixes-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture
hw/i386/vmmouse:add relative packet flag for button status
dump: kdump-zlib data pages not dumped with pvtime/aarch64
virtio-gpu: reset gfx resources in main thread
virtio-gpu: free BHs, by implementing unrealize
chardev: report the handshake error
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 7 Aug 2023 20:54:43 +0000 (13:54 -0700)]
Merge tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu into staging
trivial-patches for 2023-08-07
there are 3 trivial bugfixes in there, for 8.1
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTQzUsPHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5Z438H/3MEc7pR3UllQ/9OFHR9JU8V14sCANgkEWMo
# fYNoVPDli24Y5oxFnmC249YdbaO2PtLwxnarxRAXESi9r2PYjVfTMyJvkMYv0fMm
# VNK2LE6Cs4pGivBhAFHvdceWlpLXVaea6jTGfoctSqXa0lMKy6ae44SbsJ8vOnPs
# 9XXn+rrAtxRoaN10AKE8hRFDHaS4LIxVNhU3Y2aRijlzFRIf9kr8PGRtes56aZS1
# IOZ5YlmibgCh3ZLofj+/4NcT/l4ViKIKmUXv0mSY55VsfmVaANM98biQ55f+4lt7
# BlgI749QMuB7q+5eELOaZsDt7YTXp3Y0LLvGi7kBZIGIzUkSnXI=
# =7luP
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Aug 2023 03:54:03 AM PDT
# gpg: using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg: issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [undefined]
# gpg: aka "Michael Tokarev <mjt@debian.org>" [undefined]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59
* tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu:
Fixed incorrect LLONG alignment for openrisc and cris
stubs/colo.c: spelling
hw/i2c: Fix bitbang_i2c_data trace event
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 7 Aug 2023 14:50:54 +0000 (07:50 -0700)]
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme fixes
- two fixes for hw/nvme
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTQ2y4ACgkQTeGvMW1P
# DenpWQf/WFgEljzgTcgxlfZhCyzWGwVNgKqRxlTuF6ELqm8BajCuCeA5ias6AXOr
# x/gZ0VqrL91L5tRIH5Q0sdC+HBFC1yMs66jopdzc1oL1eYu1HTrLIqMDtkXp/K/P
# PyGah2t4qEMtacSkad+hmB68ViUkkmhkxrWYIeufUQTfLNF5pBqNvB1kQON3jmXE
# a1jI/PabYxi8Km0rfFJD6SUGmL9+m7MY/SyZAy+4EZZ1OEnp5jb3o9lbdwbhIU5e
# dRX4NW4BEDiOJeIcNVDiQkXv2/Lna1B51RVMvM4owpk0eRvRXMSqs2DQ5/jp/nGb
# 8uChUJ0QW68I4e9ptTfxmBsr4pSktg==
# =0nwp
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Aug 2023 04:53:18 AM PDT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix compliance issue wrt. iosqes/iocqes
hw/nvme: fix oob memory read in fdp events log
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Dongwon Kim [Tue, 25 Jul 2023 00:11:31 +0000 (17:11 -0700)]
ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture
Fixing a regression (black screen) caused by a commit 92b58156e7
("ui/gtk: set scanout-mode right before scheduling draw").
The commit 92b58156e7 was made with an assumption that the scanout
mode needs to be set only if the guest scanout is a dmabuf but there
are cases (e.g. virtio-gpu-virgl) where the scanout is still processed
in a form of a texture but is not backed by dmabuf. So it is needed
to put back the line that sets scanout mode in gd_egl_scanout_texture
and gd_gl_area_scanout_texture.
Fixes: 92b58156e7 ("ui/gtk: set scanout-mode right before scheduling draw) Reported-by: Volker Rümelin <vr_qemu@t-online.de> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Vivek Kasireddy <vivek.kasireddy@intel.com> Signed-off-by: Dongwon Kim <dongwon.kim@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230725001131.24017-1-dongwon.kim@intel.com>
hw/i386/vmmouse:add relative packet flag for button status
The buttons value use macros instead of direct numbers.
If request relative mode, have to add this for
guest vmmouse driver to judge this is a relative packet.
otherwise,vmmouse driver will not match
the condition 'status & VMMOUSE_RELATIVE_PACKET',
and can't report events on the correct(relative) input device,
result to relative mode unuseful.
dump: kdump-zlib data pages not dumped with pvtime/aarch64
The kdump-zlib data pages are not dumped from aarch64 host when the
'pvtime' is involved, that is, when the block->target_end is not aligned to
page_size. In the below example, it is expected to dump two blocks.
However, there is an issue with get_next_page() so that the pages for
"mach-virt.ram" will not be dumped.
At line 1296, although we have reached at the end of the 'pvtime' block,
since it is not aligned to the page_size (e.g., 0x10000), it will not break
at line 1298.
As a result, get_next_page() will continue to the next
block ("mach-virt.ram"). Finally, when get_next_page() returns to the
caller:
- 'pfnptr' is referring to the 'pvtime'
- but 'blockptr' is referring to the "mach-virt.ram"
When get_next_page() is called the next time, "*pfnptr += 1" still refers
to the prior 'pvtime'. It will exit immediately because it is out of the
range of the current "mach-virt.ram".
The fix is to break when it is time to come to the next block, so that both
'pfnptr' and 'blockptr' refer to the same block.
Fixes: 94d788408d2d ("dump: fix kdump to work over non-aligned blocks") Cc: Joe Jin <joe.jin@oracle.com> Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230713055819.30497-1-dongli.zhang@oracle.com>
Calling OpenGL from different threads can have bad consequences if not
carefully reviewed. It's not generally supported. In my case, I was
debugging a crash in glDeleteTextures from OPENGL32.DLL, where I asked
qemu for gl=es, and thus ANGLE implementation was expected. libepoxy did
resolution of the global pointer for glGenTexture to the GLES version
from the main thread. But it resolved glDeleteTextures to the GL
version, because it was done from a different thread without correct
context. Oops.
Let's stick to the main thread for GL calls by using a BH.
Note: I didn't use atomics for reset_finished check, assuming the BQL
will provide enough of sync, but I might be wrong.
Acked-by: Dongwon Kim <dongwon.kim@intel.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230726173929.690601-3-marcandre.lureau@redhat.com>
Luca Bonissi [Thu, 3 Aug 2023 00:15:57 +0000 (02:15 +0200)]
Fixed incorrect LLONG alignment for openrisc and cris
OpenRISC (or1k) has long long alignment to 4 bytes, but currently not
defined in abitypes.h. This lead to incorrect packing of /epoll_event/
structure and eventually infinite loop while waiting for file
descriptor[s] event[s].
Fixed also CRIS alignments (1 byte for all types).
Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1770 Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Klaus Jensen [Wed, 19 Jul 2023 18:21:58 +0000 (20:21 +0200)]
hw/nvme: fix compliance issue wrt. iosqes/iocqes
As of prior to this patch, the controller checks the value of CC.IOCQES
and CC.IOSQES prior to enabling the controller. As reported by Ben in
GitLab issue #1691, this is not spec compliant. The controller should
only check these values when queues are created.
This patch moves these checks to nvme_create_cq(). We do not need to
check it in nvme_create_sq() since that will error out if the completion
queue is not already created.
Also, since the controller exclusively supports SQEs of size 64 bytes
and CQEs of size 16 bytes, hard code that.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1691 Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Thu, 3 Aug 2023 18:44:23 +0000 (20:44 +0200)]
hw/nvme: fix oob memory read in fdp events log
As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.
Fix this.
This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.
Fixes: CVE-2023-4135 Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation") Reported-by: Trend Micro's Zero Day Initiative Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Richard Henderson [Sun, 6 Aug 2023 23:47:48 +0000 (16:47 -0700)]
Merge tag 'pull-tcg-20230806-3' of https://gitlab.com/rth7680/qemu into staging
accel/tcg: Do not issue misaligned i/o
accel/tcg: Call save_iotlb_data from io_readx
gdbstub: use 0 ("any process") on packets with no PID
linux-user: Fixes for MAP_FIXED_NOREPLACE
linux-user: Fixes for brk
linux-user: Set V in ELF_HWCAP for RISC-V
*-user: Remove last_brk as unused
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTQMPsdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/rmQf/az6d6X4iom0Hch19
# U4BkoNP7NQB2Rue/avjP6Vy6yATDEPgIA5vcPcub+jYsCyEasRRCD1d4odxZp7Cr
# MLoeX6dC+iGg0N7i3S1DSpZBqsRv/4+YE5ibPjYnZlv0F7re1L89yw4doj5OPN1w
# 1p8bpTxA2+s/FOxgfKLSyZR4yMJ4jWKeH+em6qjEBXEAMSiE6u0S+Kt3bAO8amdo
# 86e5d16F4sjs4kXMTEp9myNoXN/aRsWd1stzebQK+uV6qQQsdkIkMLZmZ8+o158A
# QEuWpV8yoMxhXUsnjkNGbL5S3r2WDJpM6WbWxtjs1xOAaygYCOicXh+sqRefgyH/
# 0NQQRw==
# =4I5/
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 06 Aug 2023 04:47:07 PM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20230806-3' of https://gitlab.com/rth7680/qemu:
bsd-user: Remove last_brk
linux-user: Remove last_brk
linux-user: Properly set image_info.brk in flatload
linux-user: Do not align brk with host page size
linux-user: Do nothing if too small brk is specified
linux-user: Use MAP_FIXED_NOREPLACE for do_brk()
linux-user: Do not call get_errno() in do_brk()
linux-user: Fix MAP_FIXED_NOREPLACE on old kernels
linux-user: Unset MAP_FIXED_NOREPLACE for host
linux-user/elfload: Set V in ELF_HWCAP for RISC-V
configure: Fix linux-user host detection for riscv64
gdbstub: use 0 ("any process") on packets with no PID
accel/tcg: Call save_iotlb_data from io_readx as well
accel/tcg: Do not issue misaligned i/o
accel/tcg: Issue wider aligned i/o in do_{ld,st}_mmio_*
accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_*
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Akihiko Odaki [Wed, 2 Aug 2023 07:17:52 +0000 (16:17 +0900)]
linux-user: Do not align brk with host page size
do_brk() minimizes calls into target_mmap() by aligning the address
with host page size, which is potentially larger than the target page
size. However, the current implementation of this optimization has two
bugs:
- The start of brk is rounded up with the host page size while brk
advertises an address aligned with the target page size as the
beginning of brk. This makes the beginning of brk unmapped.
- Content clearing after mapping is flawed. The size to clear is
specified as HOST_PAGE_ALIGN(brk_page) - brk_page, but brk_page is
aligned with the host page size so it is always zero.
This optimization actually has no practical benefit. It makes difference
when brk() is called multiple times with values in a range of the host
page size. However, sophisticated memory allocators try to avoid to
make such frequent brk() calls. For example, glibc 2.37 calls brk() to
shrink the heap only when there is a room more than 128 KiB. It is
rare to have a page size larger than 128 KiB if it happens.
Let's remove the optimization to fix the bugs and make the code simpler.
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1616 Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230802071754.14876-7-akihiko.odaki@daynix.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Akihiko Odaki [Wed, 2 Aug 2023 07:17:48 +0000 (16:17 +0900)]
linux-user: Fix MAP_FIXED_NOREPLACE on old kernels
The man page states:
> Note that older kernels which do not recognize the MAP_FIXED_NOREPLACE
> flag will typically (upon detecting a collision with a preexisting
> mapping) fall back to a “non-MAP_FIXED” type of behavior: they will
> return an address that is different from the requested address.
> Therefore, backward-compatible software should check the returned
> address against the requested address.
https://man7.org/linux/man-pages/man2/mmap.2.html
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230802071754.14876-3-akihiko.odaki@daynix.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
gdbstub: use 0 ("any process") on packets with no PID
Previously, qemu-user would always report PID 1 to GDB. This was changed
at dc14a7a6e9 (gdbstub: Report the actual qemu-user pid, 2023-06-30),
but read_thread_id() still considers GDB packets with "no PID" as "PID
1", which is not the qemu-user PID. Fix that by parsing "no PID" as "0",
which the GDB Remote Protocol defines as "any process".
Note that this should have no effect for system emulation as, in this
case, gdb_create_default_process() will assign PID 1 for the first
process and that is what the gdbstub uses for GDB requests with no PID,
or PID 0.
This issue was found with hexagon-lldb, which sends a "Hg" packet with
only the thread-id, but no process-id, leading to the invalid usage of
"PID 1" by qemu-hexagon and a subsequent "E22" reply.
Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <78a3b06f6ab90a7ff8e73ae14a996eb27ec76c85.1690904195.git.quic_mathbern@quicinc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Mikhail Tyutin [Fri, 4 Aug 2023 11:09:03 +0000 (14:09 +0300)]
accel/tcg: Call save_iotlb_data from io_readx as well
Apply save_iotlb_data() to io_readx() as well as to io_writex().
This fixes SEGFAULT on qemu_plugin_hwaddr_phys_addr() call plugins
for addresses inside of MMIO region.
Signed-off-by: Dmitriy Solovev <d.solovev@yadro.com> Signed-off-by: Mikhail Tyutin <m.tyutin@yadro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230804110903.19968-1-m.tyutin@yadro.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 1 Aug 2023 17:46:03 +0000 (10:46 -0700)]
accel/tcg: Do not issue misaligned i/o
In the single-page case we were issuing misaligned i/o to
the memory subsystem, which does not handle it properly.
Split such accesses via do_{ld,st}_mmio_*.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1800 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 1 Aug 2023 14:55:38 +0000 (07:55 -0700)]
accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_*
Replace MMULookupPageData* with CPUTLBEntryFull, addr, size.
Move QEMU_IOTHREAD_LOCK_GUARD to the caller.
This simplifies the usage from do_ld16_beN and do_st16_leN, where
we weren't locking the entire operation, and required hoop jumping
for passing addr and size.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / users / dwmw2 / qemu.git / log