Add support for FEAT_SSBS. SSBS (Speculative Store Bypass Safe) is an
optional feature in ARMv8.0, and mandatory in ARMv8.5.
Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210216224543.16142-2-rebecca@nuviainc.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Let add 'max' cpu while work goes on adding newer CPU types than
Cortex-A72. This allows us to check SVE etc support.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Acked-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210216150122.3830863-3-marcin.juszkiewicz@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 9d55380b5a "qapi: Remove null from schema language" (v4.2.0)
neglected to update two error messages. Do that now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210224101442.1837475-1-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
We removed the QMP loop in user-mode builds in commit 1935e0e4e0
("qapi/meson: Remove QMP from user-mode emulation"), now commands
and events code is unreachable.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210224171642.3242293-1-philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
I found another spot that can benefit from using our macros instead of
open-coding qapi list creation.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210205171634.1491258-1-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Setting errp = NULL is wrong: the automatic error propagation still
propagates the dangling pointer _auto_errp_prop.local_err. We need to
set *errp = NULL to clear the dangling pointer.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210125132635.1253219-1-armbru@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
This PR is a collection of RISC-V patches:
- Improvements to SiFive U OTP
- Upgrade OpenSBI to v0.9
- Support the QMP dump-guest-memory
- Add support for the SiFive SPI controller (sifive_u)
- Initial RISC-V system documentation
- A fix for the Goldfish RTC
- MAINTAINERS updates
- Support for high PCIe memory in the virt machine
-----BEGIN PGP SIGNATURE-----
iQEyBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmBA8k8ACgkQIeENKd+X
cFRRMgf41R7Zn1ZSB9GHL3WgLDTPqpT4FAMpTnYRD7wPdspawl1SsHWBgaLNmJWk
dwSLhvHMM44pOVCQRqdkiRrp5t5fDEm6gdRKyNn5uzWFMn7ibYIjmg7OE+79onbN
VES4yTJwuskD/7JRNcrW6RytKRgzKs2au8NxxgtgXprSF0nM9wCu70z4T9XkLfjQ
cpJUUaUCw628uUic/nObTxMnaiEmq/C0qU9SRRKPYVRp7jceCsHMVRazqOgdM6uf
foNHi/uCNKy6I841+D8Po7h57s51LtT78JDRRVRPfWY+SRQyC5l8Eq3UtRPyg39p
7hhkiAKhG4rs8iCXKvMvTz0S//Cx
=BVLq
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20210304' into staging
RISC-V PR for 6.0
This PR is a collection of RISC-V patches:
- Improvements to SiFive U OTP
- Upgrade OpenSBI to v0.9
- Support the QMP dump-guest-memory
- Add support for the SiFive SPI controller (sifive_u)
- Initial RISC-V system documentation
- A fix for the Goldfish RTC
- MAINTAINERS updates
- Support for high PCIe memory in the virt machine
# gpg: Signature made Thu 04 Mar 2021 14:44:31 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20210304:
hw/riscv: virt: Map high mmio for PCIe
hw/riscv: virt: Limit RAM size in a 32-bit system
hw/riscv: virt: Drop the 'link_up' parameter of gpex_pcie_init()
hw/riscv: Drop 'struct MemmapEntry'
MAINTAINERS: Add a SiFive machine section
goldfish_rtc: re-arm the alarm after migration
docs/system: riscv: Add documentation for sifive_u machine
docs/system: Add RISC-V documentation
docs/system: Sort targets in alphabetical order
hw/riscv: sifive_u: Change SIFIVE_U_GEM_IRQ to decimal value
hw/riscv: sifive_u: Add QSPI2 controller and connect an SD card
hw/riscv: sifive_u: Add QSPI0 controller and connect a flash
hw/ssi: Add SiFive SPI controller support
hw/block: m25p80: Add various ISSI flash information
hw/block: m25p80: Add ISSI SPI flash support
target-riscv: support QMP dump-guest-memory
roms/opensbi: Upgrade from v0.8 to v0.9
hw/misc: sifive_u_otp: Use error_report() when block operation fails
target/riscv: Declare csr_ops[] with a known size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some peripherals require 64-bit PCI address, so let's map the high
mmio space for PCIe.
For RV32, the address is hardcoded to below 4 GiB from the highest
accessible physical address. For RV64, the base address depends on
top of RAM and is aligned to its size which is using 16 GiB for now.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210220144807.819-5-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
RV32 supports 34-bit physical address hence the maximum RAM size
should be limited. Limit the RAM size to 10 GiB, which leaves
some room for PCIe high mmio space.
For 32-bit host, this is not needed as machine->ram_size cannot
represent a RAM size that big. Use a #if size test to only do
the size limitation for the 64-bit host.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210220144807.819-4-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
`link_up` is never used in gpex_pcie_init(). Drop it.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210220144807.819-3-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
There is already a MemMapEntry type defined in hwaddr.h. Let's drop
the RISC-V defined `struct MemmapEntry` and use the existing one.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210220144807.819-2-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
After a migration the clock offset is updated, but we also
need to re-arm the alarm if needed.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201220112615.933036-7-laurent@vivier.eu
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds detailed documentation for RISC-V `sifive_u` machine,
including the following information:
- Supported devices
- Hardware configuration information
- Boot options
- Machine-specific options
- Running Linux kernel
- Running VxWorks kernel
- Running U-Boot, and with an alternate configuration
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Message-id: 20210126060007.12904-10-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add RISC-V system emulator documentation for generic information.
`Board-specific documentation` and `RISC-V CPU features` are only
a placeholder and will be added in the future.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-9-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-8-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All other peripherals' IRQs are in the format of decimal value.
Change SIFIVE_U_GEM_IRQ to be consistent.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-7-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds the QSPI2 controller to the SoC, and connects an SD
card to it. The generation of corresponding device tree source
fragment is also added.
Specify machine property `msel` to 11 to boot the same upstream
U-Boot SPL and payload image for the SiFive HiFive Unleashed board.
Note subsequent payload is stored in the SD card image.
$ qemu-system-riscv64 -nographic -M sifive_u,msel=11 -smp 5 -m 8G \
-bios u-boot-spl.bin -drive file=sdcard.img,if=sd
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-6-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds the QSPI0 controller to the SoC, and connects an ISSI
25WP256 flash to it. The generation of corresponding device tree
source fragment is also added.
Since the direct memory-mapped mode is not supported by the SiFive
SPI model, the <reg> property does not populate the second group
which represents the memory mapped address of the SPI flash.
With this commit, upstream U-Boot for the SiFive HiFive Unleashed
board can boot on QEMU 'sifive_u' out of the box. This allows users
to develop and test the recommended RISC-V boot flow with a real
world use case: ZSBL (in QEMU) loads U-Boot SPL from SPI flash to
L2LIM, then U-Boot SPL loads the payload from SPI flash that is
combined with OpenSBI fw_dynamic firmware and U-Boot proper.
Specify machine property `msel` to 6 to allow booting from the SPI
flash. U-Boot spl is directly loaded via `-bios`, and subsequent
payload is stored in the SPI flash image. Example command line:
$ qemu-system-riscv64 -nographic -M sifive_u,msel=6 -smp 5 -m 8G \
-bios u-boot-spl.bin -drive file=spi-nor.img,if=mtd
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-5-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds the SiFive SPI controller model for the FU540 SoC.
The direct memory-mapped SPI flash mode is unsupported.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-4-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This updates the flash information table to include various ISSI
flashes that are supported by upstream U-Boot and Linux kernel.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-3-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds the ISSI SPI flash support. The number of dummy cycles in
fast read, fast read dual output and fast read quad output commands
is currently using the default 8. Likewise, the same default value
is used for fast read dual/quad I/O command. Per the datasheet [1],
the number of dummy cycles is configurable, but this is not modeled
at present.
For flash whose size is larger than 16 MiB, the sequence of 3-byte
address along with EXTADD bit in the bank address register (BAR) is
not supported. We assume that guest software always uses op codes
with 4-byte address sequence. Fortunately, this is the case for both
U-Boot and Linux spi-nor drivers.
QPI (Quad Peripheral Interface) that supports 2-cycle instruction
has different default values for dummy cycles of fast read family
commands, and is unsupported at the time being.
[1] http://www.issi.com/WW/pdf/25LP-WP256.pdf
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210126060007.12904-2-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add the support needed for creating prstatus elf notes. This allows
us to use QMP dump-guest-memory.
Now ELF notes of RISC-V only contain prstatus elf notes.
Signed-off-by: Yifei Jiang <jiangyifei@huawei.com>
Signed-off-by: Mingwang Li <limingwang@huawei.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Message-id: 20210201124458.1248-2-jiangyifei@huawei.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
At present when blk_pread() / blk_pwrite() fails, a guest error
is logged, but this is not really a guest error. Change to use
error_report() instead.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1611026585-29971-1-git-send-email-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
csr_ops[] is currently declared with an unknown size in cpu.h.
Since the array size is known, let's do a complete declaration.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1611024723-14293-1-git-send-email-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We already have the 'run' variable holding 'cs->kvm_run' value.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210303182219.1631042-3-philmd@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Fix xattrmap to drop remapped security.capability capabilities.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAmBAuD0ACgkQBRYzHrxb
/edxcQ//avZY516ghAcUvnEaihk+87FUB/29Z5gjemqVjWuQbIO62jjsveTgB/QP
GPBeTiFxZQIDGzF0XENYsoNJwMjlGwfHHniI46nHtZ1UN3wKjIbp2/ogytUvJrI4
p0ntXjZ6F3IxFdSY6A3IKaEm6iSmPhJdHy409ZDiphJY8LUVezpEa/Oa6ZuUQTUE
MsPo6KMSOikwFThE/yb4YGen0sLE4nK4uXYWRAMa4UeM9L5bGF4bwXiaeWZqAcNm
y+VWgWuxonLH3RENHRBvtvoLXW5gtakAX4t1MfsNFEB5seoyiscBu5Ya3tX1wIbr
xXxlJo0WFQtNy4veG30P/YfxcAQQbFpuTCJ6sz1dwgdcV8Ciq3vSOGqCI3q1gL2G
GPPQtXLTXznGUWId9OkqBCcj4OQgbTCBDnD6Cp1f9QszDwe6xB2U82hMpniSqVbc
/xAC72nObKRzdZKnX4NloFmKwM+x3oQe+7BiqROJhJmhN9bDRsl2dvZ0L38YR5gO
ff6WROqUCdZ9yaMvNf3KdZkP+tagJxj/PVMBZYmG3R2wYnf1NbOl+mkX9Phb8i3t
gcMCKTuORVeRphPAA48zMqhJnvHvqPKMVNnxsfzlOwFZIViu2PVT+MS4MPNIGM61
Kiu9M97LXLWHlzBdTnO0Z8agFgYT+u8cDYNOyGrck/cbrAJKzug=
=jN7p
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20210304' into staging
virtiofs minor security fix
Fix xattrmap to drop remapped security.capability capabilities.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Thu 04 Mar 2021 10:36:45 GMT
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-20210304:
virtiofs: drop remapped security.capability xattr as needed
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
On Linux, the 'security.capability' xattr holds a set of
capabilities that can change when an executable is run, giving
a limited form of privilege escalation to those programs that
the writer of the file deemed worthy.
Any write causes the 'security.capability' xattr to be dropped,
stopping anyone from gaining privilege by modifying a blessed
file.
Fuse relies on the daemon to do this dropping, and in turn the
daemon relies on the host kernel to drop the xattr for it. However,
with the addition of -o xattrmap, the xattr that the guest
stores its capabilities in is now not the same as the one that
the host kernel automatically clears.
Where the mapping changes 'security.capability', explicitly clear
the remapped name to preserve the same behaviour.
This bug is assigned CVE-2021-20263.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
A pwrite() call returns the number of bytes written (or -1 on error),
and vfio-ccw compares this number with the size of the region to
determine if an error had occurred or not.
If they are not equal, this is a failure and the errno is used to
determine exactly how things failed. An errno of zero is possible
(though unlikely) in this situation and would be translated to a
successful operation.
If they ARE equal, the ret_code field is read from the region to
determine how to proceed. While the kernel sets the ret_code field
as necessary, the region and thus this field is not "written back"
to the user. So the value can only be what it was initialized to,
which is zero.
So, let's convert an unexpected length with errno of zero to a
return code of -EFAULT, and explicitly set an expected length to
a return code of zero. This will be a little safer and clearer.
Suggested-by: Matthew Rosato <mjrosato@linux.ibm.com>
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210303160739.2179378-1-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The Measurement Block Origin inside the SCHIB is used when
Measurement Block format 1 is in used and must be aligned
on 64 bytes otherwise an operand exception is recognized
when issuing the Modify Sub CHannel (MSCH) instruction.
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1613741973-3711-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The virtio standard specifies that any non-transitional device must
reject commands prior to revision setting (which we do). Devices
that are transitional need to assume revision 0 (legacy) if the
driver sends a non-revision-setting command first in order to
support legacy drivers. We neglected to do the latter.
Fortunately, nearly everything worked as intended anyway; the only
problem was not properly rejecting revision setting after some other
command had been issued. Easy to fix by setting revision to 0 if
we see a non-revision command on a legacy-capable revision-less
device.
Found by code inspection, not observed in the wild.
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210216111830.1087847-1-cohuck@redhat.com>
Some CLP response data was accidentally dropped when fixing endianness
issues with the Query PCI Function CLP response. All of these values are
sent as 0s to the guest for emulated devices, so the impact is only
observed on passthrough devices.
Fixes: a4e2fff1b1 ("s390x/pci: fix endianness issues")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <1613681609-9349-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Commit 2c44220d05 ("meson: convert hw/arch*"), which migrated the old
Makefile.objs to meson.build accidentally excluded virtio-ccw-9p.c and
thus the virtio-9p-ccw device from the build (and potentially also
included the file virtio-ccw-blk.c twice in the source set). And since
CONFIG_VIRTFS can't be used the way it was used here (see commit
2c9dce0196 ("meson: do not use CONFIG_VIRTFS")), the preconditions have
to be written differently.
Let's fix this!
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 2c44220d05 ("meson: convert hw/arch*")
Reported-by: Jakob Naucke <jakob.naucke@ibm.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210218034059.1096078-1-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
There is a compiler warning with GCC 9.3 when compiling with
the -fsanitize=thread compiler flag:
In function 'strncpy',
inlined from 's390x_write_elf64_notes' at ../target/s390x/arch_dump.c:219:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error:
'__builtin_strncpy' specified bound 8 equals destination size
[-Werror=stringop-truncation]
Since the name should always be NUL-terminated, let's use g_strlcpy() to
silence this warning. And while we're at it, also add an assert() to make
sure that the provided names always fit the size field (which is fine for
the current callers, the function is called once with "CORE" and once with
"LINUX" as a name).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20210205093921.848260-1-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Secure execution (aka protected virtualization) guests cannot be
migrated at the moment. If the unpack facility is provided in the cpu
model, a guest may choose to transition to secure mode, making the
guest unmigratable at that point in time. If the machine was explicitly
started with --only-migratable, we would get a failure only when the
guest actually tries to transition; instead, explicitly disallow the
unpack facility if --only-migratable was specified to avoid late
surprises.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210125135332.181324-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
In the past, virtio-gpu set NULL as the surface for the secondary
consoles to hide its window. The distinction is now handled in
ui/console and the display backends and virtio-gpu does no longer
have to do that.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-3-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ui/console used to accept NULL as graphic console surface, but its
semantics was inconsistent among displays:
- cocoa and gtk-egl perform NULL dereference.
- egl-headless, spice and spice-egl do nothing.
- gtk releases underlying resources.
- sdl2-2d and sdl2-gl destroys the window.
- vnc shows a message, "Display output is not active."
Fortunately, only virtio-gpu and virtio-gpu-3d assign NULL so
we can study them to figure out the desired behavior. They assign
NULL *except* for the primary display when the device is realized,
reset, or its scanout is disabled. This effectively destroys
windows for the (uninitialized) secondary displays.
To implement the consistent behavior of display device
realization/reset, this change embeds it to the operation
switching the surface. When NULL was given as a new surface when
switching, ui/console will instead passes a placeholder down
to each display listeners.
sdl destroys the window for a secondary console if its surface is a
placeholder. The other displays simply shows the placeholder.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-2-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The surfaces created with former qemu_create_message_surface
did not display the content from the guest and always contained
simple messages describing the reason.
A display backend may want to hide the window showing such a
surface. This change renames the function to
qemu_create_placeholder_surface, and adds "placeholder" flag; the
display can check the flag to decide to do anything special like
hiding the window.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This has the following visible changes:
- GBM is required only for OpenGL dma-buf.
- X11 is explicitly required by gtk-egl.
- EGL is now mandatory for the OpenGL displays.
The last one needs some detailed description. Before this change,
EGL was tested only for OpenGL dma-buf with the check of
EGL_MESA_image_dma_buf_export. However, all of the OpenGL
displays depend on EGL and EGL_MESA_image_dma_buf_export is always
defined by epoxy's EGL interface.
Therefore, it makes more sense to always check the presence of EGL
and say the OpenGL displays are available along with OpenGL dma-buf
if it is present.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210223060307.87736-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
A display can receive an image which its stride is greater than its
width. In fact, when a guest requests virtio-gpu to scan out a
smaller part of an image, virtio-gpu passes it to a display as an
image which its width represents the one of the part and its stride
equals to the one of the whole image.
This change makes ui/cocoa to cover such cases.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210222144012.21486-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When using the GTK UI with libvte, multicharacter keystrokes are not
sent correctly (such as arrow keys). gd_vc_in should check the
CharBackend's can_receive instead of assuming multiple characters can be
received. This is not an issue for e.g. the SDL UI because
qemu_chr_be_write is called with len=1 for each character (SDL sends
more than once keystroke).
Modify gd_vc_in to call qemu_chr_be_write multiple times if necessary.
Buglink: https://bugs.launchpad.net/qemu/+bug/1407808
Signed-off-by: Zack Marvel <zpmarvel@gmail.com>
Message-Id: <20210221170613.13183-2-zpmarvel@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fixes all over the place. Specifically this fixes
a bug which made windows guests lose device config
(such as the configured fixed IP) after upgrading
to the new QEMU.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmA+SYcPHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpUAAIALa9WkjdxjZhb4FzP1OLBSTEISLEfrPE4Zk/
s5yY1wEDvH83D6fxTHv1B8tISwJ3RJn8ZhsP0c0Mb6stT7D33m7YfMFtNXBEfENX
gMgwdC2QxGMZXKGR+dIpxtYghjvuzAVN+e9w27C+s855JJ8y+chghtLuDJIbqpAk
QopftjiZix2bPYmrxlVw/A7inXL2jseJyYsgGAzIACmsGC70jK4Rk1vxrAF+2n15
D4qKOG3QLJXrfIVa8iDz/ojlVUmLWl8jnoE+oY+rjtckQHJKqodlJi5yeJxGEa3/
G7db+AIzEBge78dq7LBSJOTjoUFoQ+6Hv1QtKk2GcMKdEnsj0ng=
=NGys
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,virtio,pci: bug fixes
Fixes all over the place. Specifically this fixes
a bug which made windows guests lose device config
(such as the configured fixed IP) after upgrading
to the new QEMU.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 02 Mar 2021 14:19:51 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
vhost: simplify vhost_dev_init() fail_busyloop label
hw/pci: Have safer pcie_bus_realize() by checking error path
virtio-net: handle zero mac for a vdpa peer
i386/acpi: restore device paths for pre-5.1 vms
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The detections of [NSView -enterFullScreen:] and
[NSView -exitFullScreen:] were wrong. A detection is coded as:
[NSView respondsToSelector:@selector(exitFullScreenModeWithOptions:)]
but it should be:
[NSView instancesRespondToSelector:@selector(exitFullScreenModeWithOptions:)]
Because of those APIs were not detected, ui/cocoa always falled
back to a borderless window whose frame matches the screen to
implement fullscreen behavior.
The code using [NSView -enterFullScreen:] and
[NSView -exitFullScreen:] will be used if you fix the detections,
but its behavior is undesirable; the full screen view stretches
the video, changing the aspect ratio, even if zooming is disabled.
This change removes the code as it does nothing good.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210220013138.51437-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmA3tzQUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMsngf+OkbgTDouxq3qnn1K89n6j2wKlAj0
qPP+57o1sv5u5MjX0BkawXCMJfvTKJaOt/Cs8S0FaPTehfR5H0T2tL76KZBEdlEP
/+V3EC0Qmd1S47LKIOuDkV15szvnccyjpgwaL7Osjb0Eh0SxeXd4pBTc3yYtkacu
zb/srZ63U2iJZr93QwGmEJjuW57WNym6QWXF3Mrg9PFXybkXFTGumB2vZMlQc+MN
RWPTUKZKAiIr/HfdvpIETXY+HzJhylvIQ8OVWtM3XDorl48OWcOat/jyeNEVYgG3
o+gxIRnfvIL+42GkmUFbOKLzT5SV6p9EYYGLTuE1kU7nc6HWoD0CdPxA3A==
=UBVO
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* fix --enable-fuzzing linker failures (Alexander)
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)
# gpg: Signature made Thu 25 Feb 2021 14:41:56 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (29 commits)
tcg/i386: rdpmc: fix the the condtions
chardev: do not use short form boolean options in non-QemuOpts character device descriptions
vl: deprecate -writeconfig
target/i386: Add bus lock debug exception support
qom/object.c: Fix typo
target/i386: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -vnc
docs: update to show preferred boolean syntax for -chardev
qemu-options: update to show preferred boolean syntax for -vnc
qemu-options: update to show preferred boolean syntax for -incoming
qemu-options: update to show preferred boolean syntax for -netdev
qemu-options: update to show preferred boolean syntax for -spice
qemu-options: update to show preferred boolean syntax for -chardev
gdbstub: use preferred boolean option syntax
char: don't fail when client is not connected
scsi: drop 'result' argument from command_complete callback
scsi-disk: pass guest recoverable errors through even for rerror=stop
scsi-disk: pass SCSI status to scsi_handle_rw_error
scsi: introduce scsi_sense_from_errno()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Requiring a conditional for every goto is tedious:
if (busyloop_timeout) {
goto fail_busyloop;
} else {
goto fail;
}
Move the conditional to into the fail_busyloop label so that it's safe
to jump to this label unconditionally.
This change makes the migrate_add_blocker() error case more consistent.
It jumped to fail_busyloop unconditionally whereas the memslots limits
error case was conditional.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210222114931.272308-1-stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>