migration/ram.c: Fix migration with compress enabled
Since ec6f3ab9, migration with compress enabled was broken, because
the compress threads use a dummy QEMUFile which just acts as a
buffer and that commit accidentally changed it to use the outgoing
migration channel instead.
Fix this by using the dummy file again in the compress threads.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Peter Xu [Sun, 26 Mar 2023 17:25:40 +0000 (13:25 -0400)]
migration: Recover behavior of preempt channel creation for pre-7.2
In 8.0 devel window we reworked preempt channel creation, so that there'll
be no race condition when the migration channel and preempt channel got
established in the wrong order in commit 5655aab079.
However no one noticed that the change will also be not compatible with
older qemus, majorly 7.1/7.2 versions where preempt mode started to be
supported.
Leverage the same pre-7.2 flag introduced in the previous patch to recover
the behavior hopefully before 8.0 releases, so we don't break migration
when we migrate from 8.0 to older qemu binaries.
Fixes: 5655aab079 ("migration: Postpone postcopy preempt channel to be after main") Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Peter Xu [Sun, 26 Mar 2023 17:25:39 +0000 (13:25 -0400)]
migration: Fix potential race on postcopy_qemufile_src
postcopy_qemufile_src object should be owned by one thread, either the main
thread (e.g. when at the beginning, or at the end of migration), or by the
return path thread (when during a preempt enabled postcopy migration). If
that's not the case the access to the object might be racy.
postcopy_preempt_shutdown_file() can be potentially racy, because it's
called at the end phase of migration on the main thread, however during
which the return path thread hasn't yet been recycled; the recycle happens
in await_return_path_close_on_source() which is after this point.
It means, logically it's posslbe the main thread and the return path thread
are both operating on the same qemufile. While I don't think qemufile is
thread safe at all.
postcopy_preempt_shutdown_file() used to be needed because that's where we
send EOS to dest so that dest can safely shutdown the preempt thread.
To avoid the possible race, remove this only place that a race can happen.
Instead we figure out another way to safely close the preempt thread on
dest.
The core idea during postcopy on deciding "when to stop" is that dest will
send a postcopy SHUT message to src, telling src that all data is there.
Hence to shut the dest preempt thread maybe better to do it directly on
dest node.
This patch proposed such a way that we change postcopy_prio_thread_created
into PreemptThreadStatus, so that we kick the preempt thread on dest qemu
by a sequence of:
While here shutdown() is probably so far the easiest way to kick preempt
thread from a blocked qemu_get_be64(). Then it reads preempt_thread_status
to make sure it's not a network failure but a willingness to quit the
thread.
We could have avoided that extra status but just rely on migration status.
The problem is postcopy_ram_incoming_cleanup() is just called early enough
so we're still during POSTCOPY_ACTIVE no matter what.. So just make it
simple to have the status introduced.
One flag x-preempt-pre-7-2 is added to keep old pre-7.2 behaviors of
postcopy preempt.
Fixes: 9358982744 ("migration: Send requested page directly in rp-return thread") Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Peter Xu [Sun, 26 Mar 2023 17:25:38 +0000 (13:25 -0400)]
io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side
TLS iochannel will inherit io_shutdown() from the master ioc, however we
missed to do that on the server side.
This will e.g. allow qemu_file_shutdown() to work on dest QEMU too for
migration.
Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
block, block-backend: write some hot coroutine wrappers by hand
block-backend: ignore inserted state in blk_co_nb_sectors
block-backend: inline bdrv_co_get_geometry
migration/block: replace uses of blk_nb_sectors that do not check result
block: remove has_variable_length from BlockDriver
block: refresh bs->total_sectors on reopen
block: remove has_variable_length from filters
block: move has_variable_length to BlockLimits
iotests: Regression test for vhdx log corruption
block/vhdx: fix dynamic VHDX BAT corruption
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Fri, 7 Apr 2023 15:33:03 +0000 (17:33 +0200)]
block, block-backend: write some hot coroutine wrappers by hand
The introduction of the graph lock is causing blk_get_geometry, a hot function
used in the I/O path, to create a coroutine. However, the only part that really
needs to run in coroutine context is the call to bdrv_co_refresh_total_sectors,
which in turn only happens in the rare case of host CD-ROM devices.
So, write by hand the three wrappers on the path from blk_co_get_geometry to
bdrv_co_refresh_total_sectors, so that the coroutine wrapper is only created
if bdrv_nb_sectors actually calls bdrv_refresh_total_sectors.
Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-9-pbonzini@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:33:02 +0000 (17:33 +0200)]
block-backend: ignore inserted state in blk_co_nb_sectors
All callers of blk_co_nb_sectors (and blk_nb_sectors) are able to
handle a non-inserted CD-ROM as a zero-length file, they do not need
to raise an error.
Not using blk_co_is_available() aligns the function with
blk_co_get_geometry(), which becomes a simple wrapper for
blk_co_nb_sectors(). It will also make it possible to skip the creation
of a coroutine in the (common) case where bs->bl.has_variable_length
is false.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-8-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:33:01 +0000 (17:33 +0200)]
block-backend: inline bdrv_co_get_geometry
bdrv_co_get_geometry is only used in blk_co_get_geometry. Inline it in
there, to reduce the number of wrappers for bs->total_sectors.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-7-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:33:00 +0000 (17:33 +0200)]
migration/block: replace uses of blk_nb_sectors that do not check result
Uses of blk_nb_sectors must check whether the result is negative.
Otherwise, underflow can happen. Fortunately, alloc_aio_bitmap()
and bmds_aio_inflight() both have an alternative way to retrieve the
number of sectors in the file.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-6-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:32:59 +0000 (17:32 +0200)]
block: remove has_variable_length from BlockDriver
Fill in the field in BlockLimits directly for host devices, and
copy it from there for the raw format.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-5-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:32:58 +0000 (17:32 +0200)]
block: refresh bs->total_sectors on reopen
After reopening a BlockDriverState, it's possible that the size of the
underlying file has changed. This for example is covered by test 171.
Right now, this is handled by the raw driver's has_variable_length = true
setting. Since this will be removed by the next patch, handle it on
reopen instead, together with the existing bdrv_refresh_limits.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-4-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:32:57 +0000 (17:32 +0200)]
block: remove has_variable_length from filters
Filters automatically get has_variable_length from their underlying
BlockDriverState. There is no need to mark them as variable-length
in the BlockDriver.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-3-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 7 Apr 2023 15:32:56 +0000 (17:32 +0200)]
block: move has_variable_length to BlockLimits
At the protocol level, has_variable_length only needs to be true in the
very special case of host CD-ROM drives, so that they do not need an
explicit monitor command to read the new size when a disc is loaded
in the tray.
However, at the format level has_variable_length has to be true for all
raw blockdevs and for all filters, even though in practice the length
depends on the underlying file and thus will not change except in the
case of host CD-ROM drives.
As a first step towards computing an accurate value of has_variable_length,
add the value into the BlockLimits structure and initialize the field
from the BlockDriver.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-2-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Tue, 11 Apr 2023 10:31:06 +0000 (11:31 +0100)]
hw/i2c/allwinner-i2c: Fix subclassing of TYPE_AW_I2C_SUN6I
In commit 8461bfdca9c we added the TYPE_AW_I2C_SUN6I, which is a
minor variant of the TYPE_AW_I2C device. However, we didn't quite
get the class hierarchy right. We made the new TYPE_AW_I2C_SUN6I a
subclass of TYPE_SYS_BUS_DEVICE, which means that you can't validly
use a pointer to this object via the AW_I2C() cast macro, which
insists on having something that is an instance of TYPE_AW_I2C or
some subclass of that type.
This only causes a problem if QOM cast macro debugging is enabled;
that is supposed to be on by default, but a mistake in the meson
conversion in commit c55cf6ab03f4c meant that it ended up disabled by
default, and we didn't catch this bug.
Fix the problem by arranging the classes in the same way we do for
TYPE_PL011 and TYPE_PL011_LUMINARY in hw/char/pl011.c -- make the
variant class be a subclass of the "normal" version of the device.
This was reported in
https://gitlab.com/qemu-project/qemu/-/issues/1586 but this fix alone
isn't sufficient, as there is a separate cast-related issue in the
CXL code in pci_expander_bridge.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
The corruption occurs when a BAT entry aligned to 4096 bytes is changed.
Specifically, the corruption occurs during the creation of the LOG Data
Descriptor. The incorrect behavior involves copying 4088 bytes from the
original 4096 bytes aligned offset to `tmp[8..4096]` and then copying
the new value for the first BAT entry to the beginning `tmp[0..8]`.
This results in all existing BAT entries inside the 4K region being
incorrectly moved by 8 bytes and the last entry being lost.
This bug did not cause noticeable corruption when only sequentially
writing once to an empty dynamic VHDX (e.g.
using `qemu-img convert -O vhdx -o subformat=dynamic ...`), but it
still resulted in invalid values for the (unused) Sector Bitmap BAT
entries.
Importantly, this corruption would only become noticeable after the
corrupted BAT is re-read from the file.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/727 Cc: qemu-stable@nongnu.org Signed-off-by: Lukas Tschoke <lukts330@gmail.com>
Message-Id: <6cfb6d6b-adc5-7772-c8a5-6bae9a0ad668@gmail.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* tag 'pull-tcg-20230410' of https://gitlab.com/rth7680/qemu:
tcg/ppc: Fix TCG_TARGET_CALL_{ARG,RET}_I128 for ppc32
tcg/mips: Fix TCG_TARGET_CALL_RET_I128 for o32 abi
tcg/i386: Adjust assert in tcg_out_addi_ptr
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We can arrive here on _WIN64 because Int128 is passed by reference.
Change the assert to check that the immediate is in range,
instead of attempting to check the host ABI.
* tag 'pull-target-arm-20230410' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: Copy guarded bit in combine_cacheattrs
target/arm: PTE bit GP only applies to stage1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Only perform the extract of GP during the stage1 walk.
Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 10 Apr 2023 10:47:40 +0000 (11:47 +0100)]
Merge tag 'pull_error_handle_fix_use_after_free.v1' of https://github.com/stefanberger/qemu-tpm into staging
Fix use-after-free in util/error.c
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmQu9xYACgkQda1lgCoL
# QhFX2ggAnZZF2KgvVSRh67X+3VdVsg+ifFc/k7kMq74UhTr4lXojPCcgSPu8PaRZ
# Mv0I+xNv9pjEU7frwi6vc9DXyhWrVTLgW4TugVBgsB75CnjvFN3lw3T9goCc1h4m
# eO7c6SMdUpyQG7ar1mqt2m0bjVz85OAsNYBiAjxfyrKzX6B/mHyru5re/8VC3Hho
# IJWGlS51IxrVq44qjB8Lh3voXiEru7dX/y86fWqAiy61pON6+A43rBDIb9JOVv8q
# QiHqXVjs9/ax9ZNRudlgJ7bAlUFp6vD9xBm6ztlABI9MCYZeibU6jPMLCBYnGiJq
# f//Sqqd4WsqnhOJOLYeMNfFMElIXEw==
# =uu4l
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Apr 2023 17:45:10 BST
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* tag 'pull_error_handle_fix_use_after_free.v1' of https://github.com/stefanberger/qemu-tpm:
util/error: Fix use-after-free errors reported by Coverity
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Berger [Thu, 6 Apr 2023 15:43:47 +0000 (11:43 -0400)]
util/error: Fix use-after-free errors reported by Coverity
Fix use-after-free errors in the code path that called error_handle(). A
call to error_handle() will now either free the passed Error 'err' or
assign it to '*errp' if '*errp' is currently NULL. This ensures that 'err'
either has been freed or is assigned to '*errp' if this function returns.
Adjust the two callers of this function to not assign the 'err' to '*errp'
themselves, since this is now handled by error_handle().
Fixes: commit 3ffef1a55ca3 ("error: add global &error_warn destination") Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20230406154347.4100700-1-stefanb@linux.ibm.com
This is because tcg_register_iommu_notifier() registers
an IOMMU notifier which covers the entire address space,
so the assertion added in this commit is not correct.
For the 8.0 release, just revert this commit as it is
only an optimization.
Fixes: 6da24341866f ("memory: Optimize replay of guest mapping") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 917c1c552b2d1b732f9a86c6a90684c3a5e4cada.1680640587.git.mst@redhat.com
Peter Xu [Thu, 16 Feb 2023 16:18:32 +0000 (00:18 +0800)]
kvm: dirty-ring: Fix race with vcpu creation
It's possible that we want to reap a dirty ring on a vcpu that is during
creation, because the vcpu is put onto list (CPU_FOREACH visible) before
initialization of the structures. In this case:
qemu_init_vcpu
x86_cpu_realizefn
cpu_exec_realizefn
cpu_list_add <---- can be probed by CPU_FOREACH
qemu_init_vcpu
cpus_accel->create_vcpu_thread(cpu);
kvm_init_vcpu
map kvm_dirty_gfns <--- kvm_dirty_gfns valid
Don't try to reap dirty ring on vcpus during creation or it'll crash.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2124756 Reported-by: Xiaohui Li <xiaohli@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1d14deb6684bcb7de1c9633c5bd21113988cc698.1676563222.git.huangy81@chinatelecom.cn> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 4 Apr 2023 16:02:14 +0000 (17:02 +0100)]
Merge tag 'pull-tcg-20230404' of https://gitlab.com/rth7680/qemu into staging
Revert "linux-user/arm: Take more care allocating commpage"
accel/tcg: Fix jump cache set in cpu_exec_loop
accel/tcg: Fix initialization of CF_PCREL in tcg_cflags
tcg/sparc64: Disable direct jumps from goto_tb
* tag 'pull-tcg-20230404' of https://gitlab.com/rth7680/qemu:
tcg/sparc64: Disable direct linking for goto_tb
accel/tcg: Fix jump cache set in cpu_exec_loop
accel/tcg: Fix overwrite problems of tcg_cflags
Revert "linux-user/arm: Take more care allocating commpage"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 4 Apr 2023 16:02:01 +0000 (17:02 +0100)]
Merge tag 'pull-for-8.0-040423-2' of https://gitlab.com/stsquad/qemu into staging
Final test and misc fixes:
- add basic coverage analysis script
- gdbstub only build one of libgdb_user/softmmu
- don't break BSD gdb by advertising AUXV feature
- add MAINTAINERS section for policy docs
- update hexagon toolchain
- explicitly invoke iotests with python for BSDs benefit
- use system python on NetBSD
- add some tests for the new KVM Xen guest support
* tag 'pull-for-8.0-040423-2' of https://gitlab.com/stsquad/qemu:
tests/avocado: Test Xen guest support under KVM
gitlab: fix typo
tests/vm: use the default system python for NetBSD
tests/qemu-iotests: explicitly invoke 'check' via 'python'
Use hexagon toolchain version 16.0.0
metadata: add .git-blame-ignore-revs
MAINTAINERS: add a section for policy documents
gdbstub: don't report auxv feature unless on Linux
gdbstub: Only build libgdb_user.fa / libgdb_softmmu.fa if necessary
scripts/coverage: initial coverage comparison script
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Something is wrong with this code, and also wrong with gdb on the
sparc systems to which I have access, so I cannot debug it either.
Disable for now, so the release is not broken.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Weiwei Li [Fri, 31 Mar 2023 15:06:06 +0000 (23:06 +0800)]
accel/tcg: Fix overwrite problems of tcg_cflags
CPUs often set CF_PCREL in tcg_cflags before qemu_init_vcpu(), in which
tcg_cflags will be overwrited by tcg_cpu_init_cflags().
Fixes: 4be790263ffc ("accel/tcg: Replace `TARGET_TB_PCREL` with `CF_PCREL`") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Message-Id: <20230331150609.114401-6-liweiwei@iscas.ac.cn> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
David Woodhouse [Mon, 3 Apr 2023 13:49:20 +0000 (14:49 +0100)]
tests/avocado: Test Xen guest support under KVM
Exercise guests with a few different modes for interrupt delivery. In
particular we want to cover:
• Xen event channel delivery via GSI to the I/O APIC
• Xen event channel delivery via GSI to the i8259 PIC
• MSIs routed to PIRQ event channels
• GSIs routed to PIRQ event channels
As well as some variants of normal non-Xen stuff like MSI to vAPIC and
PCI INTx going to the I/O APIC and PIC, which ought to still work even
in Xen mode.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230403134920.2132362-12-alex.bennee@linaro.org>
Alex Bennée [Mon, 3 Apr 2023 13:49:19 +0000 (14:49 +0100)]
gitlab: fix typo
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-11-alex.bennee@linaro.org>
tests/vm: use the default system python for NetBSD
Currently our NetBSD VM recipe requests instal of the python37 package
and explicitly tells QEMU to use that version of python. Since the
NetBSD base ISO was updated to version 9.3 though, the default system
python version is 3.9 which is sufficiently new for QEMU to rely on.
Rather than requesting an older python, just test against the default
system python which is what most users will have.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230329124601.822209-1-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-10-alex.bennee@linaro.org>
tests/qemu-iotests: explicitly invoke 'check' via 'python'
The 'check' script will use "#!/usr/bin/env python3" by default
to locate python, but this doesn't work in distros which lack a
bare 'python3' binary like NetBSD.
We need to explicitly invoke 'check' by referring to the 'python'
variable in meson, which resolves to the detected python binary
that QEMU intends to use.
iotests: register each I/O test separately with meson
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230329124539.822022-1-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230403134920.2132362-9-alex.bennee@linaro.org>
Alex Bennée [Mon, 3 Apr 2023 13:49:15 +0000 (14:49 +0100)]
metadata: add .git-blame-ignore-revs
Someone mentioned this on IRC so I thought I would try it out with a
few commits that are pure code style fixes.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-7-alex.bennee@linaro.org>
Alex Bennée [Mon, 3 Apr 2023 13:49:12 +0000 (14:49 +0100)]
gdbstub: don't report auxv feature unless on Linux
The later handler if conditionally compiled only for Linux but we
forgot to ensure we don't advertise it lest we confuse our BSD
brethren.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Fixes: 51c623b0de ("gdbstub: add support to Xfer:auxv:read: packet") Reported-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com> Tested-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230403134920.2132362-4-alex.bennee@linaro.org>
gdbstub: Only build libgdb_user.fa / libgdb_softmmu.fa if necessary
It is pointless to build libgdb_user.fa in a system-only build
(or libgdb_softmmu.fa in a user-only build). Besides, in some
restricted build configurations, some APIs might be restricted /
not available. Example in a KVM-only builds where TCG is disabled:
$ ninja qemu-system-x86_64
[99/2187] Compiling C object gdbstub/libgdb_user.fa.p/user.c.o
FAILED: gdbstub/libgdb_user.fa.p/user.c.o
../../gdbstub/user.c: In function ‘gdb_breakpoint_insert’:
../../gdbstub/user.c:438:19: error: implicit declaration of function ‘cpu_breakpoint_insert’; did you mean ‘gdb_breakpoint_insert’? [-Werror=implicit-function-declaration]
438 | err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
| ^~~~~~~~~~~~~~~~~~~~~
| gdb_breakpoint_insert
../../gdbstub/user.c:438:19: error: nested extern declaration of ‘cpu_breakpoint_insert’ [-Werror=nested-externs]
../../gdbstub/user.c: In function ‘gdb_breakpoint_remove’:
../../gdbstub/user.c:459:19: error: implicit declaration of function ‘cpu_breakpoint_remove’; did you mean ‘gdb_breakpoint_remove’? [-Werror=implicit-function-declaration]
459 | err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
| ^~~~~~~~~~~~~~~~~~~~~
| gdb_breakpoint_remove
../../gdbstub/user.c:459:19: error: nested extern declaration of ‘cpu_breakpoint_remove’ [-Werror=nested-externs]
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
Fixes: 61b2e136db ("gdbstub: only compile gdbstub twice for whole build") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230329161852.84992-1-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230403134920.2132362-3-alex.bennee@linaro.org>
This exposes bugs in target_mmap et al with respect to overflow
with the final page of the guest address space. To be fixed in
the next development cycle.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This is a very rough and ready first pass at comparing gcovr's json
output between two different runs. At the moment it will give you a
file level diff between two runs but hopefully it wont be too hard to
extend to give better insight.
After generating the coverage results you run with something like:
./scripts/coverage/compare_gcov_json.py \
-a ./builds/gcov.config1/coverage.json \
-b ./builds/gcov.config2/coverage.json
My hope is we can use this to remove some redundancy from testing as
well as evaluate if new tests are actually providing additional
coverage or just burning our precious CI time.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Kautuk Consul <kconsul@linux.vnet.ibm.com> Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230403134920.2132362-2-alex.bennee@linaro.org>
Eric Blake [Tue, 4 Apr 2023 00:40:47 +0000 (19:40 -0500)]
nbd/server: Request TCP_NODELAY
Nagle's algorithm adds latency in order to reduce network packet
overhead on small packets. But when we are already using corking to
merge smaller packets into transactional requests, the extra delay
from TCP defaults just gets in the way (see recent commit bd2cd4a4).
For reference, qemu as an NBD client already requests TCP_NODELAY (see
nbd_connect() in nbd/client-connection.c); as does libnbd as a client
[1], and nbdkit as a server [2]. Furthermore, the NBD spec recommends
the use of TCP_NODELAY [3].
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZCwLXQAKCRBAov/yOSY+
# 3zwUA/9d2ddHxGEBTMyF45bzc9JxRF6HoILAwMLsmPWqspPgKdGuviMVewJLt5m8
# V75/BC6Sn9rhdkXALvZMRV6WQ2A16pByUaQtMYAXVsIoV8Mrpvm4GwJD1E0/cy5Q
# TwDTzpDfys9WsTVj0QlCPjp0JW+KA7Y6ArMUUCdCz41L2r7mPA==
# =ovw7
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 12:34:53 BST
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20230404' of https://gitlab.com/gaosong/qemu:
target/loongarch: Enables plugins to get instruction codes
hw/loongarch/virt: Fix virt_to_phys_addr function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MAINTAINERS: Remove and change David Gilbert maintainer entries
I'm leaving Red Hat next week, so clean up the maintainer entries.
'virtiofs' is just the device code now, so is pretty small, and
Stefan is still a maintainer there.
'migration' still has Juan.
For 'HMP' I'll swing that over to my personal email.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Zhang Chen <chen.zhang@intel.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20230330095524.37691-1-dgilbert@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 3 Apr 2023 16:01:47 +0000 (17:01 +0100)]
Merge tag 'pull-target-arm-20230403' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
* target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
* hw/arm: do not free machine->fdt in arm_load_dtb()
* target/arm: Fix generated code for cpreg reads when HSTR is active
* hw/ssi: Fix Linux driver init issue with xilinx_spi
* tag 'pull-target-arm-20230403' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/ssi: Fix Linux driver init issue with xilinx_spi
target/arm: Fix generated code for cpreg reads when HSTR is active
hw/arm: do not free machine->fdt in arm_load_dtb()
target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Chris Rauer [Mon, 3 Apr 2023 15:12:30 +0000 (16:12 +0100)]
hw/ssi: Fix Linux driver init issue with xilinx_spi
The problem is that the Linux driver expects the master transaction inhibit
bit(R_SPICR_MTI) to be set during driver initialization so that it can
detect the fifo size but QEMU defaults it to zero out of reset. The
datasheet indicates this bit is active on reset.
See page 25, SPI Control Register section:
https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf
Signed-off-by: Chris Rauer <crauer@google.com>
Message-id: 20230323182811.2641044-1-crauer@google.com Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 3 Apr 2023 15:12:30 +0000 (16:12 +0100)]
target/arm: Fix generated code for cpreg reads when HSTR is active
In commit 049edada we added some code to handle HSTR_EL2 traps, which
we did as an inline "conditionally branch over a
gen_exception_insn()". Unfortunately this fails to take account of
the fact that gen_exception_insn() will set s->base.is_jmp to
DISAS_NORETURN. That means that at the end of the TB we won't
generate the necessary code to handle the "branched over the trap and
continued normal execution" codepath. The result is that the TCG
main loop thinks that we stopped execution of the TB due to a
situation that only happens when icount is enabled, and hits an
assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate
the correct code for when execution continues past this insn.
Note that this only happens for cpreg reads; writes will call
gen_lookup_tb() which generates a valid end-of-TB.
Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org
hw/arm: do not free machine->fdt in arm_load_dtb()
At this moment, arm_load_dtb() can free machine->fdt when
binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be
retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is
the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to
machine->fdt. And, in that case, the existing g_free(fdt) at the end of
arm_load_dtb() will make machine->fdt point to an invalid memory region.
Since monitor command 'dumpdtb' was introduced a couple of releases
ago, running it with any ARM machine that uses arm_load_dtb() will
crash QEMU.
Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead
of freeing 'fdt', assign it back to ms->fdt.
Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb") Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-id: 20230328165935.1512846-1-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
aarch64_gdb_get_pauth_reg() -- although disabled since commit 5787d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to
gdb") is still compiled in. It calls pauth_ptr_mask() which is
located in target/arm/tcg/pauth_helper.c, a TCG specific helper.
To avoid a linking error when TCG is not enabled:
Undefined symbols for architecture arm64:
"_pauth_ptr_mask", referenced from:
_aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
- Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg()
(this is the single user),
- Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and
inline it in "internals.h",
Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension") Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230328212516.29592-1-philmd@linaro.org
[PMM: reinstated doc comment] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'misc-fixes-20230330' of https://github.com/philmd/qemu:
block/dmg: Ignore C99 prototype declaration mismatch from <lzfse.h>
hw/i2c: pmbus: block uninitialised string reads
tests/avocado: Enable TuxRun/mips64 (big-endian) test
hw/mips/gt64xxx_pci: Don't endian-swap GT_PCI0_CFGADDR
linux-user/mips: Use P5600 as default CPU to run NaN2008 ELF binaries
linux-user/sparc: Don't use 16-bit UIDs on SPARC V9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
block/dmg: Ignore C99 prototype declaration mismatch from <lzfse.h>
When liblzfe (Apple LZFSE compression library) is present
(for example installed via 'brew') on Darwin, QEMU build
fails as:
Has header "lzfse.h" : YES
Library lzfse found: YES
Dependencies
lzo support : NO
snappy support : NO
bzip2 support : YES
lzfse support : YES
zstd support : YES 1.5.2
User defined options
dmg : enabled
lzfse : enabled
[221/903] Compiling C object libblock.fa.p/block_dmg-lzfse.c.o
FAILED: libblock.fa.p/block_dmg-lzfse.c.o
/opt/homebrew/Cellar/lzfse/1.0/include/lzfse.h:56:43: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
LZFSE_API size_t lzfse_encode_scratch_size();
^
void
/opt/homebrew/Cellar/lzfse/1.0/include/lzfse.h:94:43: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
LZFSE_API size_t lzfse_decode_scratch_size();
^
void
2 errors generated.
ninja: build stopped: subcommand failed.
This issue has been reported in the lzfse project in 2016:
https://github.com/lzfse/lzfse/issues/3#issuecomment-226574719
Since the project seems unmaintained, simply ignore the
strict-prototypes warning check for the <lzfse.h> header,
similarly to how we deal with the GtkItemFactoryCallback
prototype from <gtk/gtkitemfactory.h>, indirectly included
by <gtk/gtk.h>.
Cc: Julio Faracco <jcfaracco@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-Id: <20230327151349.97572-1-philmd@linaro.org>
Titus Rwantare [Wed, 22 Mar 2023 17:55:12 +0000 (17:55 +0000)]
hw/i2c: pmbus: block uninitialised string reads
Devices models calling pmbus_send_string can't be relied upon to
send a non-zero pointer. This logs an error and doesn't segfault.
Reviewed-by: Patrick Venture <venture@google.com> Signed-off-by: Titus Rwantare <titusr@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230322175513.1550412-5-titusr@google.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
tests/avocado: Enable TuxRun/mips64 (big-endian) test
Now that the previous commit ("hw/mips/gt64xxx_pci: Don't
endian-swap GT_PCI0_CFGADDR") fixed the issue accessing
the GT64120 PCI config-address register on big-endian
targets, we can enable this TuxRun test.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230223220404.63630-1-philmd@linaro.org>
145e2198d749 ("hw/mips/gt64xxx_pci: Endian-swap using PCI_HOST_BRIDGE
MemoryRegionOps") converted CFGADDR/CFGDATA registers to use
PCI_HOST_BRIDGE's accessor facility and enabled byte swap for both
CFGADDR/CFGDATA register.
However CFGADDR as a ISD internal register is not controlled by
MByteSwap bit, it follows endian of all other ISD register, which
means it ties to little endian.
Move mapping of CFGADDR out of gt64120_update_pci_cfgdata_mapping
to disable endian-swapping.
Fixes: 145e2198d749 ("hw/mips/gt64xxx_pci: Endian-swap using PCI_HOST_BRIDGE MemoryRegionOps") Reported-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Nathan Chancellor <nathan@kernel.org>
Message-Id: <20230223161958.48696-1-jiaxun.yang@flygoat.com>
[PMD: !!! Note this only fixes little-endian hosts !!! ] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
linux-user/mips: Use P5600 as default CPU to run NaN2008 ELF binaries
Per the release 6.06 revision history:
5.03 August 21, 2013
• ABS2008 and NAN2008 fields of Table 5.7 “FCSR RegisterField
Descriptions” were optional in release 3 and could be R/W,
but as of release 5 are required, read-only, and preset by
hardware.
The P5600 core implements the release 5, and has the ABS2008
and NAN2008 bits set in CP1_fcr31. Therefore it is able to run
ELF binaries compiled with EF_MIPS_NAN2008, such the CIP United
Debian NaN2008 distribution:
http://repo.oss.cipunited.com/mipsel-nan2008/README.txt
In order to run such compiled binaries, select by default the
P5600 core when the ELF 'MIPS_NAN2008' flag is set.
Reported-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230327162444.388-1-philmd@linaro.org>
linux-user/sparc: Don't use 16-bit UIDs on SPARC V9
The 64-bit SPARC V9 syscall ABI uses 32-bit UIDs. Only enable
the 16-bit UID wrappers for 32-bit SPARC (V7 and V8).
Possibly missed in commit 992f48a036 ("Support for 32 bit
ABI on 64 bit targets (only enabled Sparc64)").
Reported-by: Gregor Riepl <onitake@gmail.com> Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Tested-by: Zach van Rijn <me@zv.io>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1394 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230327131910.78564-1-philmd@linaro.org>
* tag 'pull-tcg-20230328' of https://gitlab.com/rth7680/qemu:
softmmu: Restore use of CPU watchpoint for all accelerators
softmmu/watchpoint: Add missing 'qemu/error-report.h' include
softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel
linux-user/arm: Take more care allocating commpage
include/exec: Change reserved_va semantics to last byte
linux-user: Pass last not end to probe_guest_base
accel/tcg: Pass last not end to tb_invalidate_phys_range
accel/tcg: Pass last not end to tb_invalidate_phys_page_range__locked
accel/tcg: Pass last not end to page_collection_lock
accel/tcg: Pass last not end to PAGE_FOR_EACH_TB
accel/tcg: Pass last not end to page_reset_target_data
accel/tcg: Pass last not end to page_set_flags
linux-user: Diagnose misaligned -R size
tcg: use QTree instead of GTree
util: import GTree as QTree
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
See for example commit e4482ab7e3 ("target-arm: kvm - add support
for HW assisted debug"):
This adds basic support for HW assisted debug. The ioctl interface
to KVM allows us to pass an implementation defined number of break
and watch point registers. [...]
Fixes: 2609ec2868 ("softmmu: Extract watchpoint API from physmem.c") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230328173117.15226-4-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
softmmu/watchpoint: Add missing 'qemu/error-report.h' include
cpu_watchpoint_insert() calls error_report() which is declared
in "qemu/error-report.h". When moving this code in commit 2609ec2868
("softmmu: Extract watchpoint API from physmem.c") we neglected to
include this header. This works so far because it is indirectly
included by TCG headers -> "qemu/plugin.h" -> "qemu/error-report.h".
Currently cpu_watchpoint_insert() is only built with the TCG
accelerator. When building it with other ones (or without TCG)
we get:
softmmu/watchpoint.c:38:9: error: implicit declaration of function 'error_report' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
error_report("tried to set invalid watchpoint at %"
^
Include "qemu/error-report.h" in order to fix this for non-TCG
builds.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230328173117.15226-3-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel
Both cpu_check_watchpoint() and cpu_watchpoint_address_matches()
are specific to TCG system emulation. Declare them in "tcg-cpu-ops.h"
to be sure accessing them from non-TCG code is a compilation error.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230328173117.15226-2-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
linux-user/arm: Take more care allocating commpage
User setting of -R reserved_va can lead to an assertion
failure in page_set_flags. Sanity check the value of
reserved_va and print an error message instead. Do not
allocate a commpage at all for m-profile cpus.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pass the address of the last byte of the image, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Pass last not end to tb_invalidate_phys_range
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Pass last not end to tb_invalidate_phys_page_range__locked
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Properly truncate tb_last to the end of the page; the comment about
tb_end being past the end of the page being ok is not correct,
considering overflow.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Pass last not end to page_collection_lock
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Fixes a bug in the loop comparision where "<= end" would lock
one more page than required.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Pass last not end to page_reset_target_data
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1528 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Emilio Cota [Sun, 5 Feb 2023 16:37:58 +0000 (11:37 -0500)]
tcg: use QTree instead of GTree
qemu-user can hang in a multi-threaded fork. One common
reason is that when creating a TB, between fork and exec
we manipulate a GTree whose memory allocator (GSlice) is
not fork-safe.
Although POSIX does not mandate it, the system's allocator
(e.g. tcmalloc, libc malloc) is probably fork-safe.
Fix some of these hangs by using QTree, which uses the system's
allocator regardless of the Glib version that we used at
configuration time.
Tested with the test program in the original bug report, i.e.:
```
void garble() {
int pid = fork();
if (pid == 0) {
exit(0);
} else {
int wstatus;
waitpid(pid, &wstatus, 0);
}
}
void supragarble(unsigned depth) {
if (depth == 0)
return ;
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/285 Reported-by: Valentin David <me@valentindavid.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Emilio Cota <cota@braap.org>
Message-Id: <20230205163758.416992-3-cota@braap.org>
[rth: Add QEMU_DISABLE_CFI for all callback using functions.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Emilio Cota [Sun, 5 Feb 2023 16:37:57 +0000 (11:37 -0500)]
util: import GTree as QTree
The only reason to add this implementation is to control the memory allocator
used. Some users (e.g. TCG) cannot work reliably in multi-threaded
environments (e.g. forking in user-mode) with GTree's allocator, GSlice.
See https://gitlab.com/qemu-project/qemu/-/issues/285 for details.
Importing GTree is a temporary workaround until GTree migrates away
from GSlice.
This implementation is identical to that in glib v2.75.0, except that
we don't import recent additions to the API nor deprecated API calls,
none of which are used in QEMU.
I've imported tests from glib and added a benchmark just to
make sure that performance is similar. Note: it cannot be identical
because (1) we are not using GSlice, (2) we use different compilation flags
(e.g. -fPIC) and (3) we're linking statically.
$ cat /proc/cpuinfo| grep 'model name' | head -1
model name : AMD Ryzen 7 PRO 5850U with Radeon Graphics
$ echo '0' | sudo tee /sys/devices/system/cpu/cpufreq/boost
$ tests/bench/qtree-bench
Peter Maydell [Tue, 28 Mar 2023 16:01:29 +0000 (17:01 +0100)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- aio-posix: Fix race during epoll upgrade
- vhost-user-blk/VDUSE export: Fix a potential deadlock and an assertion
failure when the export runs in an iothread
- NBD server: Push pending frames after sending reply to fix performance
especially when used with TLS
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
block/export: Fix graph locking in blk_get_geometry() call
aio-posix: fix race between epoll upgrade and aio_set_fd_handler()
block/export: only acquire AioContext once for vhost_user_server_stop()
nbd/server: push pending frames after sending reply
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-target-arm-20230328' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm/gdbstub: Only advertise M-profile features if TCG available
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 28 Mar 2023 12:26:49 +0000 (13:26 +0100)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJkIncaAAoJEO8Ells5jWIR6bgH/icQAN1a0PBHh2lujmob8KvE
# IZ0KYuJMDcA8HFdhnzxPPKj7/77AM1DgmrmVwqLKTr6j64CZYr2Uc0yeyPa0f/0Y
# TtePW70bjoUkRm/dDdFe32xViO4O33pGQia6olR6QwmfdDbBBJjAucmlep8NClrh
# EooQ2WfXPBqrC6ckKZ7vEvgKV2sDl2XxYIr3kU3MiB4j4b1lrGHE+XSv7cXOC+at
# G2vYqbimipZstHZCJYeB5tRz+FXbAI3ZNCGtYpxeVyabrlHS+n+X+gttaswcvVIF
# ln6yidVGg/Ot3bi0qiV1WihpqNCWO0ghhf7wIEubAIIJlnE5hXULF4uFVfz+rRE=
# =HjJv
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Mar 2023 06:11:54 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
igb: respect VMVIR and VMOLR for VLAN
igb: implement VF Tx and Rx stats
igb: respect E1000_VMOLR_RSSE
igb: check oversized packets for VMDq
igb: implement VFRE and VFTE registers
igb: add ICR_RXDW
igb: handle PF/VF reset properly
MAINTAINERS: Add Sriram Yagnaraman as a igb reviewer
hw/net/net_tx_pkt: Align l3_hdr
hw/net/net_tx_pkt: Ignore ECN bit
igb: Fix DMA requester specification for Tx packet
igb: Save more Tx states
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix missing DNR on compare failure
hw/nvme: Change alignment in dma functions for nvme_blk_*
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/gdbstub: Only advertise M-profile features if TCG available
Cortex-M profile is only emulable from TCG accelerator. Restrict
the GDBstub features to its availability in order to avoid a link
error when TCG is not enabled:
Undefined symbols for architecture arm64:
"_arm_v7m_get_sp_ptr", referenced from:
_m_sysreg_get in target_arm_gdbstub.c.o
"_arm_v7m_mrs_control", referenced from:
_arm_gdb_get_m_systemreg in target_arm_gdbstub.c.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Fixes: 7d8b28b8b5 ("target/arm: Implement gdbstub m-profile systemreg and secext") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230322142902.69511-3-philmd@linaro.org
[PMM: add #include since I cherry-picked this patch from the series] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Akihiko Odaki [Fri, 24 Mar 2023 09:54:32 +0000 (18:54 +0900)]
igb: Fix DMA requester specification for Tx packet
igb used to specify the PF as DMA requester when reading Tx packets.
This made Tx requests from VFs to be performed on the address space of
the PF, defeating the purpose of SR-IOV. Add some logic to change the
requester depending on the queue, which can be assigned to a VF.
Fixes: 3a977deebe ("Intrdocue igb device emulation") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Akihiko Odaki [Fri, 24 Mar 2023 09:54:31 +0000 (18:54 +0900)]
igb: Save more Tx states
The current implementation of igb uses only part of a advanced Tx
context descriptor and first data descriptor because it misses some
features and sniffs the trait of the packet instead of respecting the
packet type specified in the descriptor. However, we will certainly
need the entire Tx context descriptor when we update igb to respect
these ignored fields. Save the entire context descriptor and first
data descriptor except the buffer address to prepare for such a change.
This also introduces the distinction of contexts with different
indexes, which was not present in e1000e but in igb.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech> Signed-off-by: Jason Wang <jasowang@redhat.com>
projects / qemu-xen.git / log