Commit Graph

97851 Commits

Author SHA1 Message Date
Xiaojuan Yang
587858ed0d hw/loongarch: Rename file 'loongson3.XXX' to 'virt.XXX'
1. Rename 'loongson3.c' to 'virt.c' and change the meson.build file.
2. Rename 'loongson3.rst' to 'virt.rst'.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Message-Id: <20220729073018.27037-2-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 15:07:55 -07:00
Yonggang Luo
fc2cc19ffa ci: Upgrade msys2 release to 20220603
Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220728200422.1502-1-luoyonggang@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 10:33:29 -07:00
Richard Henderson
9fac07bea8 * Misc build system bugfixes
* Fix CGA 2-color graphics
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLj1BYUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1nQgAoKoT4oiRrHGRPRav5FVHedeVoLgn
 QXqdiB90xB4uoxeCqqEWWdQ/yuGkCrhrBYqlJynM7BLj0ujqsxw5MHsmcN4MKwVH
 9hQQDegpzRcN8yY9/t4vBqxS66Z6Pj8zVTq58FkyTsE5yusayoT2gXINb/Y6iEnm
 sff46kgnXmx0+QiEVkzfuQk4Q4orih554GquOiUUrT0QfVgkTmZr3EIjU0x6urU9
 9Pnr20GB4iK4IdqcDT1y/7viHhRLwzONO/6+7dmod82cxWVwIR3WZlonqOsWBS/F
 Vw6iVWquC7vMm7eS9mh2bZZSkXkczcdegKVE5O4WgpdqXmad4sJtWBgT5g==
 =q27Q
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Misc build system bugfixes
* Fix CGA 2-color graphics

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLj1BYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1nQgAoKoT4oiRrHGRPRav5FVHedeVoLgn
# QXqdiB90xB4uoxeCqqEWWdQ/yuGkCrhrBYqlJynM7BLj0ujqsxw5MHsmcN4MKwVH
# 9hQQDegpzRcN8yY9/t4vBqxS66Z6Pj8zVTq58FkyTsE5yusayoT2gXINb/Y6iEnm
# sff46kgnXmx0+QiEVkzfuQk4Q4orih554GquOiUUrT0QfVgkTmZr3EIjU0x6urU9
# 9Pnr20GB4iK4IdqcDT1y/7viHhRLwzONO/6+7dmod82cxWVwIR3WZlonqOsWBS/F
# Vw6iVWquC7vMm7eS9mh2bZZSkXkczcdegKVE5O4WgpdqXmad4sJtWBgT5g==
# =q27Q
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Jul 2022 05:35:34 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  configure: pass correct cflags to container-based cross compilers
  kvm: don't use perror() without useful errno
  configure: Fix ppc container_cross_cc substitution
  stubs: update replay-tools to match replay.h types
  vga: fix incorrect line height in 640x200x2 mode
  ui: dbus-display requires CONFIG_GBM

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 08:38:45 -07:00
Ilya Leoshkevich
f71fa4e3bb linux-user: Do not treat madvise()'s advice as a bitmask
Advice is enum, not flags. Doing (advice & MADV_DONTNEED) also matches
e.g. MADV_MERGEABLE.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220725134100.128035-1-iii@linux.ibm.com>
Fixes: 892a4f6a75 ("linux-user: Add partial support for MADV_DONTNEED")
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-07-29 15:08:24 +02:00
Richard Henderson
0279d0e6b5 Testing, semihosting and doc fixes:
- update to latest libvirt-ci
   - echo testlog.txt on failed cirrus runs
   - drop containers-layer2 stage
   - update handling of symlinks on windows builds
   - return 0 for failure of semihosting console write
   - don't copy unused buffer after semihost operation
   - check for errors in semihosting args
   - fix buffer handling for semihosting TMPNAM
   - add qapi exit-failure PanicAction
   - add lowcore unaligned access test to s390x
   - fix documentation of OBJECT_DECLARE_SIMPLE_TYPE
   - expand documentation on booting code
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmLjoIQACgkQ+9DbCVqe
 KkSLyAf7Byt1jeIHCYYYqOPj8+Zx+kJXgWr59wMRSDFLwd0wWeFkgQhxriSlSUAl
 oVOTP8fkczeaMKPhp7CJnqpcQuZzD6iaK9hg/hNzKy0gTQbJgFRtTSP7c0E0iak5
 ZfDX5h+BRSAoeDo3I+ulj/bLKlj+KbxRWGf+y4K9rRGHKcTJUbcpkZ7aQlK5J6UD
 nqjkrvgnNWslxhdRSI6+2KPzkYaOmbiyPIVGOiBvmyv0N+NuazPvFMp2mFGH25kB
 XGsU5zxmm8IskxLGHHFvlwIM19SwB/2vArLtyaTVEPbLDhvdENePrPSL1Lr2BA/A
 yStVAvAnyy7Cdr8YmRCAGm3qnY61dg==
 =57ZK
 -----END PGP SIGNATURE-----

Merge tag 'pull-testing-next-290722-1' of https://github.com/stsquad/qemu into staging

Testing, semihosting and doc fixes:

  - update to latest libvirt-ci
  - echo testlog.txt on failed cirrus runs
  - drop containers-layer2 stage
  - update handling of symlinks on windows builds
  - return 0 for failure of semihosting console write
  - don't copy unused buffer after semihost operation
  - check for errors in semihosting args
  - fix buffer handling for semihosting TMPNAM
  - add qapi exit-failure PanicAction
  - add lowcore unaligned access test to s390x
  - fix documentation of OBJECT_DECLARE_SIMPLE_TYPE
  - expand documentation on booting code

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmLjoIQACgkQ+9DbCVqe
# KkSLyAf7Byt1jeIHCYYYqOPj8+Zx+kJXgWr59wMRSDFLwd0wWeFkgQhxriSlSUAl
# oVOTP8fkczeaMKPhp7CJnqpcQuZzD6iaK9hg/hNzKy0gTQbJgFRtTSP7c0E0iak5
# ZfDX5h+BRSAoeDo3I+ulj/bLKlj+KbxRWGf+y4K9rRGHKcTJUbcpkZ7aQlK5J6UD
# nqjkrvgnNWslxhdRSI6+2KPzkYaOmbiyPIVGOiBvmyv0N+NuazPvFMp2mFGH25kB
# XGsU5zxmm8IskxLGHHFvlwIM19SwB/2vArLtyaTVEPbLDhvdENePrPSL1Lr2BA/A
# yStVAvAnyy7Cdr8YmRCAGm3qnY61dg==
# =57ZK
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Jul 2022 01:55:32 AM PDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-testing-next-290722-1' of https://github.com/stsquad/qemu:
  qemu-options: bring the kernel and image options together
  docs/devel: fix description of OBJECT_DECLARE_SIMPLE_TYPE
  tests/tcg/s390x: Test unaligned accesses to lowcore
  qapi: Add exit-failure PanicAction
  semihosting: Fix handling of buffer in TARGET_SYS_TMPNAM
  semihosting: Check for errors on SET_ARG()
  semihosting: Don't copy buffer after console_write()
  semihosting: Don't return negative values on qemu_semihosting_console_write() failure
  .gitlab-ci.d/windows.yml: Enable native Windows symlink
  .cirrus.yml: Change winsymlinks to 'native'
  gitlab: drop 'containers-layer2' stage
  gitlab: show testlog.txt contents when cirrus/custom-runner jobs fail
  tests: refresh to latest libvirt-ci module

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29 05:13:59 -07:00
Alex Bennée
1235cf7d31 qemu-options: bring the kernel and image options together
How to control the booting of QEMU is often a source of confusion for
users. Bring the options that control this together in the manual
pages and add some verbiage to describe when each option is
appropriate. This attempts to codify some of the knowledge expressed
in:

  https://stackoverflow.com/questions/58420670/qemu-bios-vs-kernel-vs-device-loader-file/58434837#58434837

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220725140520.515340-14-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Alex Bennée
28053143ab docs/devel: fix description of OBJECT_DECLARE_SIMPLE_TYPE
Since 30b5707c26 (qom: Remove module_obj_name parameter from
OBJECT_DECLARE* macros) we don't need the additional two parameters.
Fix the documentation.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220725140520.515340-13-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Ilya Leoshkevich
503e549e44 tests/tcg/s390x: Test unaligned accesses to lowcore
Add a small test to avoid regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220725223746.227063-3-iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Ilya Leoshkevich
0882caf4d6 qapi: Add exit-failure PanicAction
Currently QEMU exits with code 0 on both panic an shutdown. For tests
it is useful to return 1 on panic, so that it counts as a test
failure.

Introduce a new exit-failure PanicAction that makes main() return
EXIT_FAILURE. Tests can use -action panic=exit-failure option to
activate this behavior.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220725223746.227063-2-iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Peter Maydell
9b1268f55c semihosting: Fix handling of buffer in TARGET_SYS_TMPNAM
The TARGET_SYS_TMPNAM implementation has two bugs spotted by
Coverity:
 * confusion about whether 'len' has the length of the string
   including or excluding the terminating NUL means we
   lock_user() len bytes of memory but memcpy() len + 1 bytes
 * In the error-exit cases we forget to free() the buffer
   that asprintf() returned to us

Resolves: Coverity CID 1490285, 1490289
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220719121110.225657-5-peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725140520.515340-10-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Peter Maydell
fed49cdf6a semihosting: Check for errors on SET_ARG()
The SET_ARG() macro returns an error indication; we check this in the
TARGET_SYS_GET_CMDLINE case but not when we use it in implementing
TARGET_SYS_ELAPSED.  Check for and handle the errors via the do_fault
codepath, and update the comment documenting the SET_ARG() and
GET_ARG() macros to note how they handle memory access errors.

Resolves: Coverity CID 1490287
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220719121110.225657-4-peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725140520.515340-9-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Peter Maydell
45704e8904 semihosting: Don't copy buffer after console_write()
The console_write() semihosting function outputs guest data from a
buffer; it doesn't update that buffer.  It therefore doesn't need to
pass a length value to unlock_user(), but can pass 0, meaning "do not
copy any data back to the guest memory".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220719121110.225657-3-peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725140520.515340-8-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Peter Maydell
aed04e6357 semihosting: Don't return negative values on qemu_semihosting_console_write() failure
The documentation comment for qemu_semihosting_console_write() says
 * Returns: number of bytes written -- this should only ever be short
 * on some sort of i/o error.

and the callsites rely on this.  However, the implementation code
path which sends console output to a chardev doesn't honour this,
and will return negative values on error.  Bring it into line with
the other implementation codepaths and the documentation, so that
it returns 0 on error.

Spotted by Coverity, because console_write() passes the return value
to unlock_user(), which doesn't accept a negative length.

Resolves: Coverity CID 1490288
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220719121110.225657-2-peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220725140520.515340-7-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Bin Meng
93a02e822f .gitlab-ci.d/windows.yml: Enable native Windows symlink
The following error message was seen during the configure:

  "ln: failed to create symbolic link
  'x86_64-softmmu/qemu-system-x86_64.exe': No such file or directory"

By default the MSYS environment variable is not defined, so the runtime
behavior of winsymlinks is: if <target> does not exist, 'ln -s' fails.
At the configure phase, the qemu-system-x86_64.exe has not been built
so creation of the symbolic link fails hence the error message.

Set winsymlinks to 'native' whose behavior is most similar to the
behavior of 'ln -s' on *nix, that is:

  a) if native symlinks are enabled, and whether <target> exists
     or not, creates <destination> as a native Windows symlink;
  b) else if native symlinks are not enabled, and whether <target>
     exists or not, 'ln -s' creates as a Windows shortcut file.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725123000.807608-1-bmeng.cn@gmail.com>
Message-Id: <20220725140520.515340-6-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Bin Meng
6ad5208661 .cirrus.yml: Change winsymlinks to 'native'
At present winsymlinks is set to 'nativestrict', and its behavior is:

  a) if native symlinks are enabled and <target> exists, creates
     <destination> as a native Windows symlink;
  b) else if native symlinks are not enabled or if <target> does
     not exist, 'ln -s' fails.

This causes the following error message was seen during the configure:

  "ln: failed to create symbolic link
  'x86_64-softmmu/qemu-system-x86_64.exe': No such file or directory"

Change winsymlinks to 'native' whose behavior is most similar to the
behavior of 'ln -s' on *nix, that is:

  a) if native symlinks are enabled, and whether <target> exists
     or not, creates <destination> as a native Windows symlink;
  b) else if native symlinks are not enabled, and whether <target>
     exists or not, 'ln -s' creates as a Windows shortcut file.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20220719161230.766063-1-bmeng.cn@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725140520.515340-5-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Daniel P. Berrangé
ca58b4931e gitlab: drop 'containers-layer2' stage
Since we express dependencies via a 'needs' clause, we don't need to
split container builds into separate stages. GitLab happily lets jobs
depend on other jobs in the same stage and will run them when possible.

Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220722130431.2319019-4-berrange@redhat.com>
[AJB: fix typo]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220725140520.515340-4-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Daniel P. Berrangé
998f334722 gitlab: show testlog.txt contents when cirrus/custom-runner jobs fail
When tests fail meson just displays a summary and tells you to look at
the testlog.txt file for details. The native jobs on shared runners
publish testlog.txt as an artifact. For the Cirrus jobs and custom
runner jobs this is not currently possible. The best we can do is cat
the log contents on failure, to give maintainers a fighting chance
of diagnosing the problem.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220722130431.2319019-3-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220725140520.515340-3-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Daniel P. Berrangé
feb6cb9369 tests: refresh to latest libvirt-ci module
Notable changes:

  - libvirt-ci source tree was re-arranged, so the script we
    run now lives in a bin/ sub-dir

  - opensuse 15.2 is replaced by opensuse 15.3

  - libslirp is temporarily dropped on opensuse as the
    libslirp-version.h is broken

     https://bugzilla.opensuse.org/show_bug.cgi?id=1201551

  - The incorrectly named python3-virtualenv module was
    changed to python3-venv, but most distros don't need
    any package as 'venv' is a standard part of python

  - glibc-static was renamed to libc-static, to reflect
    fact that it isn't going to be glibc on all distros

  - The cmocka/json-c deps that were manually added to
    the centos dockerfile and are now consistently added
    to all targets

Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220722130431.2319019-2-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220725140520.515340-2-alex.bennee@linaro.org>
2022-07-29 09:48:01 +01:00
Paolo Bonzini
ebc55f523c configure: pass correct cflags to container-based cross compilers
probe_target_compiler returns nonempty $target_cc for installed toolchains
and $container_cross_cc for container-based toolchains.  In both cases
however the flags (coming from $cross_cc_cflags_${target_arch}) must be
in $target_cflags.

Therefore, do not clear them prior to returning from probe_target_compiler.

Reported-by: Taylor Simpson <tsimpson@quicinc.com>
Fixes: 92e288fcfb ("build: try both native and cross compilers", 2022-07-08)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-29 00:22:19 +02:00
Cornelia Huck
47c182fe8b kvm: don't use perror() without useful errno
perror() is designed to append the decoded errno value to a
string. This, however, only makes sense if we called something that
actually sets errno prior to that.

For the callers that check for split irqchip support that is not the
case, and we end up with confusing error messages that end in
"success". Use error_report() instead.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20220728142446.438177-1-cohuck@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-29 00:15:02 +02:00
Richard Henderson
705c881f7d configure: Fix ppc container_cross_cc substitution
When moving this code out of probe_target_compiler(), we failed to adjust
the variable in which the target is located, resulting in e.g.
powerpc64-linux-user-linux-gnu-gcc-10

Fixes: cd362defbb ("tests/tcg: merge configure.sh back into main configure script")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220728183901.1290113-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-29 00:15:02 +02:00
Richard Henderson
cc42559ab1 ppc patch queue for 2022-07-28:
Short queue with 2 Coverity fixes and one fix of the
 'wait' insns that is causing hangs if the guest kernel uses
 the most up to date wait opcode.
 
 - target/ppc:
   - implement new wait variants to fix guest hang when using the new opcode
 - ppc440_uc: initialize length passed to cpu_physical_memory_map()
 - spapr_nvdimm: check if spapr_drc_index() returns NULL
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYuK8VgAKCRA82cqW3gMx
 ZOc7AQDPMsFY9NHNqJ3O0MiX4Qoy8IGUreZ9dzZSS3zT1nxtEAD+Lwl0/aGO+dk+
 +NiIO80A5Agy/0g8PHie4qR3EqHEnwA=
 =Q4eR
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-07-28:

Short queue with 2 Coverity fixes and one fix of the
'wait' insns that is causing hangs if the guest kernel uses
the most up to date wait opcode.

- target/ppc:
  - implement new wait variants to fix guest hang when using the new opcode
- ppc440_uc: initialize length passed to cpu_physical_memory_map()
- spapr_nvdimm: check if spapr_drc_index() returns NULL

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYuK8VgAKCRA82cqW3gMx
# ZOc7AQDPMsFY9NHNqJ3O0MiX4Qoy8IGUreZ9dzZSS3zT1nxtEAD+Lwl0/aGO+dk+
# +NiIO80A5Agy/0g8PHie4qR3EqHEnwA=
# =Q4eR
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Jul 2022 09:41:58 AM PDT
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu:
  target/ppc: Implement new wait variants
  hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()
  hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-28 15:06:42 -07:00
Peter Maydell
734a659ad2 linux-user/flatload.c: Fix setting of image_info::end_code
The flatload loader sets the end_code field in the image_info struct
incorrectly, due to a typo.

This is a very long-standing bug (dating all the way back to when
the bFLT loader was added in 2006), but has gone unnoticed because
(a) most people don't use bFLT binaries
(b) we don't actually do anything with the end_code field, except
    print it in debugging traces and pass it to TCG plugins

Fix the typo.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1119
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220728151406.2262862-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-07-28 19:17:24 +02:00
Nicholas Piggin
0c9717ff35 target/ppc: Implement new wait variants
ISA v2.06 adds new variations of wait, specified by the WC field. These
are not all compatible with the prior wait implementation, because they
add additional conditions that cause the processor to resume, which can
cause software to hang or run very slowly.

At this moment, with the current wait implementation and a pseries guest
using mainline kernel with new wait upcodes [1], QEMU hangs during boot if
more than one CPU is present:

 qemu-system-ppc64 -M pseries,x-vof=on -cpu POWER10 -smp 2 -nographic
-kernel zImage.pseries -no-reboot

QEMU will exit (as there's no filesystem) if the test "passes", or hang
during boot if it hits the bug.

ISA v3.0 changed the wait opcode and removed the new variants (retaining
the WC field but making non-zero values reserved).

ISA v3.1 added new WC values to the new wait opcode, and added a PL
field.

This patch implements the new wait encoding and supports WC variants
with no-op implementations, which provides basic correctness as
explained in comments.

[1] https://lore.kernel.org/all/20220720132132.903462-1-npiggin@gmail.com/

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Víctor Colombo <victor.colombo@eldorado.org.br>
Tested-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220720133352.904263-1-npiggin@gmail.com>
[danielhb: added information about the bug being fixed]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 13:30:41 -03:00
Claudio Fontana
bb7e03cb56 stubs: update replay-tools to match replay.h types
detected with GCC 13 [-Werror=enum-int-mismatch]

Solves Issue #1096.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220704075832.31537-1-cfontana@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-28 15:36:17 +02:00
Paolo Bonzini
37e7b86766 vga: fix incorrect line height in 640x200x2 mode
When in CGA modes, QEMU wants to ignore the maximum scan field (bits 0..4) of
the maximum scan length register in the CRTC.  It is not clear why this is
needed---for example, Bochs ignores bit 7 instead.  The issue is that the
CGA modes are not detected correctly, and in particular mode 6 results in
multi_scan==3 according to how SeaBIOS programs it.  The right way to check
for CGA graphics modes is to check whether bit 13 of the address is special
cased by the CRT controller to achieve line interleaving, i.e. whether bit 0
of the CRTC mode control register is clear.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1020
Reported-by: Korneliusz Osmenda <korneliuszo@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-28 15:36:17 +02:00
Peter Maydell
eda3f17bcd hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()
In dcr_write_dma(), there is code that uses cpu_physical_memory_map()
to implement a DMA transfer.  That function takes a 'plen' argument,
which points to a hwaddr which is used for both input and output: the
caller must set it to the size of the range it wants to map, and on
return it is updated to the actual length mapped. The dcr_write_dma()
code fails to initialize rlen and wlen, so will end up mapping an
unpredictable amount of memory.

Initialize the length values correctly, and check that we managed to
map the entire range before using the fast-path memmove().

This was spotted by Coverity, which points out that we never
initialized the variables before using them.

Fixes: Coverity CID 1487137, 1487150
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 10:31:54 -03:00
Daniel Henrique Barboza
edccf661e6 hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c
spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the
DRC object returned by spapr_drc_index() without checking it for NULL.
In this case we would be dereferencing a NULL pointer when doing
SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev).

This can happen if, during a scm_flush(), the DRC object is wrongly
freed/released (e.g. a bug in another part of the code).
spapr_drc_index() would then return NULL in the callbacks.

Fixes: Coverity CID 1487108, 1487178
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220409200856.283076-2-danielhb413@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28 10:31:54 -03:00
Richard Henderson
a17001c423 Sixth RISC-V PR for QEMU 7.1
This is a PR to go in for RC1. It fixes a segfault that occurs
 when using multiple sockets on the RISC-V virt board. It also
 includes a small fix to allow both Zmmul and M extensions.
 
 * Allow both Zmmul and M extension
 * Fix multi-socket plic configuraiton
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmLh33AACgkQIeENKd+X
 cFROBQf/QFxHsIX9clpAkHmK220efQ3rjHZtdCqQoCeRZp2EytFS9KZ6iae/BM9r
 3Z8cZci38kxjqTzsYJLj46yNO3AxHoFsDH41yWTMOsxjVWVlno/06R/C1B4Ek37N
 kZXWKHzqfQvZRJIUAjKfVxaLtw9xRI9xYqWxVngdYSoW3HWHHz5UmA6fFoJ29QiZ
 SKEgxhakrqhvN9GMm1aWGkLN10uD5lFWOBMYdqMVcWq48XSP3Df5FU2Xk0sfegXq
 EqbIYKJL/Q6koyvmdpQz7VmtMAGjMTcmozEH8oN/MuCk7MCLmbloWVl+LF39SeTH
 3amapiJBtYBOwaNZUpb5TZkv/bEDIw==
 =ip1R
 -----END PGP SIGNATURE-----

Merge tag 'pull-riscv-to-apply-20220728' of github.com:alistair23/qemu into staging

Sixth RISC-V PR for QEMU 7.1

This is a PR to go in for RC1. It fixes a segfault that occurs
when using multiple sockets on the RISC-V virt board. It also
includes a small fix to allow both Zmmul and M extensions.

* Allow both Zmmul and M extension
* Fix multi-socket plic configuraiton

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmLh33AACgkQIeENKd+X
# cFROBQf/QFxHsIX9clpAkHmK220efQ3rjHZtdCqQoCeRZp2EytFS9KZ6iae/BM9r
# 3Z8cZci38kxjqTzsYJLj46yNO3AxHoFsDH41yWTMOsxjVWVlno/06R/C1B4Ek37N
# kZXWKHzqfQvZRJIUAjKfVxaLtw9xRI9xYqWxVngdYSoW3HWHHz5UmA6fFoJ29QiZ
# SKEgxhakrqhvN9GMm1aWGkLN10uD5lFWOBMYdqMVcWq48XSP3Df5FU2Xk0sfegXq
# EqbIYKJL/Q6koyvmdpQz7VmtMAGjMTcmozEH8oN/MuCk7MCLmbloWVl+LF39SeTH
# 3amapiJBtYBOwaNZUpb5TZkv/bEDIw==
# =ip1R
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 27 Jul 2022 05:59:28 PM PDT
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8  CE8F 21E1 0D29 DF97 7054

* tag 'pull-riscv-to-apply-20220728' of github.com:alistair23/qemu:
  hw/intc: sifive_plic: Fix multi-socket plic configuraiton
  RISC-V: Allow both Zmmul and M

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-28 04:40:26 -07:00
Paolo Bonzini
d82b11f699 ui: dbus-display requires CONFIG_GBM
Without CONFIG_GBM, compiling dbus-display fails with

../ui/dbus.c: In function ‘dbus_create_context’:
../ui/dbus.c:47:20: error: ‘qemu_egl_rn_ctx’ undeclared (first use in this function); did you mean ‘qemu_egl_init_ctx’?
   47 |                    qemu_egl_rn_ctx);
      |                    ^~~~~~~~~~~~~~~
      |                    qemu_egl_init_ctx
../ui/dbus.c:47:20: note: each undeclared identifier is reported only once for each function it appears in

and many other similar errors, because include/ui/egl-helpers.h only has
these declaration if gbm is found on the system.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1108
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-28 13:08:29 +02:00
Richard Henderson
3e4abe2c92 Block: fix parallels block driver
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEi5wmzbL9FHyIDoahVh8kwfGfefsFAmLhi0cACgkQVh8kwfGf
 efs1Dg/7BwbaJu5uZEGhz3+KBRPk5kdYKX60bOojac27pBTVo4OyiP7QFzBt4c6+
 4yftT2vD7yTyzKANlmIYBvmjoIEw6eB09gJ5/mnUKgxTAS+thKo0e2v1zdncliy+
 h9SEYRT3RhlePJYSssZx8lW4gfCG2JZi5xSjfqbG50X7I8RgDtMmcj7EUwkvCkaI
 WL3iZIuYPxkfFwbQ/6xVmwc6uE97tWom9Z0iyEgFIhtFGlrgV3zJrDJ2CbOXIbi+
 9c2j4zmnMUZLwtdT2CFwyvO03iU8eMJxqnt4aSyByOAd/rqko+ugHeE53eZkND0Q
 ci4bFq9XjgxOSsIqHXemIEUnuExhMuw5i7dtwR8w7K5Kwc88/44GTUgCZrPnBLx2
 smGX0g7BiCpNYXA8DkquOsUQf8cS67M3rjdTB6SiMo0KuQHe5O0RDQAwu7f+hnTw
 vEyo8dk4xGqUvqYcOpLLBHDis1lghWwseC5gB/M6Q+KqvDF4WDpIWwPLfR1phJ0L
 kA1M9QO+NAcUtLEuT7N22QU8LMTxAX/hSYpR5Jrt5g3R26h7w7VZEvJbpQaytXTY
 VhDVWAGg9Xn3oxGTEyVqGP3Avik9OeoK9gCFiIyTEOL1jfEXqOsX8V6QkpaKP6c+
 WXWiWfV9A9D7O556Z92hUeDuWhQKb2w1dry2e7DPeSWiUmgHtyY=
 =QfFj
 -----END PGP SIGNATURE-----

Merge tag 'pull-block-2022-07-27' of https://gitlab.com/vsementsov/qemu into staging

Block: fix parallels block driver

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEi5wmzbL9FHyIDoahVh8kwfGfefsFAmLhi0cACgkQVh8kwfGf
# efs1Dg/7BwbaJu5uZEGhz3+KBRPk5kdYKX60bOojac27pBTVo4OyiP7QFzBt4c6+
# 4yftT2vD7yTyzKANlmIYBvmjoIEw6eB09gJ5/mnUKgxTAS+thKo0e2v1zdncliy+
# h9SEYRT3RhlePJYSssZx8lW4gfCG2JZi5xSjfqbG50X7I8RgDtMmcj7EUwkvCkaI
# WL3iZIuYPxkfFwbQ/6xVmwc6uE97tWom9Z0iyEgFIhtFGlrgV3zJrDJ2CbOXIbi+
# 9c2j4zmnMUZLwtdT2CFwyvO03iU8eMJxqnt4aSyByOAd/rqko+ugHeE53eZkND0Q
# ci4bFq9XjgxOSsIqHXemIEUnuExhMuw5i7dtwR8w7K5Kwc88/44GTUgCZrPnBLx2
# smGX0g7BiCpNYXA8DkquOsUQf8cS67M3rjdTB6SiMo0KuQHe5O0RDQAwu7f+hnTw
# vEyo8dk4xGqUvqYcOpLLBHDis1lghWwseC5gB/M6Q+KqvDF4WDpIWwPLfR1phJ0L
# kA1M9QO+NAcUtLEuT7N22QU8LMTxAX/hSYpR5Jrt5g3R26h7w7VZEvJbpQaytXTY
# VhDVWAGg9Xn3oxGTEyVqGP3Avik9OeoK9gCFiIyTEOL1jfEXqOsX8V6QkpaKP6c+
# WXWiWfV9A9D7O556Z92hUeDuWhQKb2w1dry2e7DPeSWiUmgHtyY=
# =QfFj
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 27 Jul 2022 12:00:23 PM PDT
# gpg:                using RSA key 8B9C26CDB2FD147C880E86A1561F24C1F19F79FB
# gpg: Good signature from "Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>" [unknown]
# gpg:                 aka "Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8B9C 26CD B2FD 147C 880E  86A1 561F 24C1 F19F 79FB

* tag 'pull-block-2022-07-27' of https://gitlab.com/vsementsov/qemu:
  iotests/131: Add parallels regression test
  block/parallels: Fix buffer-based write call

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-27 20:10:15 -07:00
Atish Patra
54f2183630 hw/intc: sifive_plic: Fix multi-socket plic configuraiton
Since commit 40244040a7, multi-socket configuration with plic is
broken as the hartid for second socket is calculated incorrectly.
The hartid stored in addr_config already includes the offset
for the base hartid for that socket. Adding it again would lead
to segfault while creating the plic device for the virt machine.
qdev_connect_gpio_out was also invoked with incorrect number of gpio
lines.

Fixes: 40244040a7 (hw/intc: sifive_plic: Avoid overflowing the addr_config buffer)

Signed-off-by: Atish Patra <atishp@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220723090335.671105-1-atishp@rivosinc.com>
[ Changes by AF:
 - Change the qdev_connect_gpio_out() numbering
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-28 09:08:44 +10:00
Palmer Dabbelt
44602af858 RISC-V: Allow both Zmmul and M
We got to talking about how Zmmul and M interact with each other
https://github.com/riscv/riscv-isa-manual/issues/869 , and it turns out
that QEMU's behavior is slightly wrong: having Zmmul and M is a legal
combination, it just means that the multiplication instructions are
supported even when M is disabled at runtime via misa.

This just stops overriding M from Zmmul, with that the other checks for
the multiplication instructions work as per the ISA.

Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220714180033.22385-1-palmer@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-27 17:34:02 +10:00
Richard Henderson
7b17a1a841 Update version for v7.1.0-rc0 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26 18:03:16 -07:00
Richard Henderson
e5b6555fb8 pc,virtio: fixes
Several fixes. From now on, regression fixes only.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmLgQr8PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpGUUIAKtNhrnKopGm4LlRpx8zN3Jc1Jo0nb648gaM
 Oyi+Pl8+hpESUhaWN10XDk38/QuPQfIFeR2ZhfYjFTRlZE+n3X9LVlwL8ejjP8KH
 AcWm78Ff/SLA45aMKMmw74pvEDNsoPYTp7TrfeIej5ub8BIXr8+8pqDdIR9WwtWO
 PbhLNXkTT2yLEs6jCVT4/dyh7zivSkrY7G/RVmtUaFe3PgY8fdW2z3+Txz7UIMgw
 CQoGuAucCO5ToBbs2CbT0V5yxY6G5VO6Qd8g0PzDW4M6GsY/Xr5QCnyJe0jTW0d6
 Dcc7UZFAzGNzyQCxHCic9xwTO+ZcJPJlH5TwknunxOb9xwCx4Qs=
 =zN41
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

pc,virtio: fixes

Several fixes. From now on, regression fixes only.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmLgQr8PHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpGUUIAKtNhrnKopGm4LlRpx8zN3Jc1Jo0nb648gaM
# Oyi+Pl8+hpESUhaWN10XDk38/QuPQfIFeR2ZhfYjFTRlZE+n3X9LVlwL8ejjP8KH
# AcWm78Ff/SLA45aMKMmw74pvEDNsoPYTp7TrfeIej5ub8BIXr8+8pqDdIR9WwtWO
# PbhLNXkTT2yLEs6jCVT4/dyh7zivSkrY7G/RVmtUaFe3PgY8fdW2z3+Txz7UIMgw
# CQoGuAucCO5ToBbs2CbT0V5yxY6G5VO6Qd8g0PzDW4M6GsY/Xr5QCnyJe0jTW0d6
# Dcc7UZFAzGNzyQCxHCic9xwTO+ZcJPJlH5TwknunxOb9xwCx4Qs=
# =zN41
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Jul 2022 12:38:39 PM PDT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP
  i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type
  i386/pc: relocate 4g start to 1T where applicable
  i386/pc: bounds check phys-bits against max used GPA
  i386/pc: factor out device_memory base/size to helper
  i386/pc: handle unitialized mr in pc_get_cxl_range_end()
  i386/pc: factor out cxl range start to helper
  i386/pc: factor out cxl range end to helper
  i386/pc: factor out above-4g end to an helper
  i386/pc: pass pci_hole64_size to pc_memory_init()
  i386/pc: create pci-host qdev prior to pc_memory_init()
  hw/i386: add 4g boundary start to X86MachineState
  hw/cxl: Fix size of constant in interleave granularity function.
  hw/i386/pc: Always place CXL Memory Regions after device_memory
  hw/machine: Clear out left over CXL related pointer from move of state handling to machines.
  acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26 12:57:20 -07:00
Jean-Philippe Brucker
0522be9a0c hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP
Currently we only enforce power-of-two mappings (required by the QEMU
notifier) for UNMAP requests. A MAP request not aligned on a
power-of-two may be successfully handled by VFIO, and then the
corresponding UNMAP notify will fail because it will attempt to split
that mapping. Ensure MAP and UNMAP notifications are consistent.

Fixes: dde3f08b5c ("virtio-iommu: Handle non power of 2 range invalidations")
Reported-by: Tina Zhang <tina.zhang@intel.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-Id: <20220718135636.338264-1-jean-philippe@linaro.org>
Tested-by: Tina Zhang <tina.zhang@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 15:33:29 -04:00
Hanna Reitz
0c2cb3827e iotests/131: Add parallels regression test
Test an allocating write to a parallels image that has a backing node.
Before HEAD^, doing so used to give me a failed assertion (when the
backing node contains only `42` bytes; the results varies with the value
chosen, for `0` bytes, for example, all I get is EIO).

Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-Id: <20220714132801.72464-3-hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
2022-07-26 22:05:20 +03:00
Hanna Reitz
eba088f91d block/parallels: Fix buffer-based write call
Commit a4072543cc has changed the I/O here
from working on a local one-element I/O vector to just using the buffer
directly (using the bdrv_co_pread()/bdrv_co_pwrite() helper functions
introduced shortly before).

However, it only changed the bdrv_co_preadv() call to bdrv_co_pread() -
the subsequent bdrv_co_pwritev() call stayed this way, and so still
expects a QEMUIOVector pointer instead of a plain buffer.  We must
change that to be a bdrv_co_pwrite() call.

Fixes: a4072543cc ("block/parallels: use buffer-based io")
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-Id: <20220714132801.72464-2-hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
2022-07-26 22:04:59 +03:00
Richard Henderson
f6cce6bcb2 target-arm queue:
* Update Coverity component definitions
  * target/arm: Add MO_128 entry to pred_esz_masks[]
  * configure: Fix portability issues
  * hw/display/bcm2835_fb: Fix framebuffer allocation address
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLgBfkZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vFdD/wLVC2gJ4Uxt2Ri5vutF6fl
 RKTNiIhcE/XQNUogQiVIERYJJ9CUOALtg3q/SPCItq0nFgNG4h+sB7Ms+VcYVmNd
 iphbYBF4nFXYsAGlYIiAPU4I5SVnL4ORLMovRmlqMGYO/xlWe4LMIIOI+Iky4z9G
 pgho7n0yuKNPwikFdX1nKH2lYvoh9pn/p8buwre4qg6z/p4XssV295NAWeGvynab
 Sj9cmBvQC9ijKADvWXrfaGbHWQCAOwjRI7su/Ky0QGHjEprBpyCC8QtKEPP0flTh
 ffWCPX/pATwkbOH6m7rVFhIpI0r+6UQaDX/5SWruMNRto6WocNbX3JYT4XzdNln9
 nkVTgqn5PTzfd801RmfhJ/iGV2zf3ZE/Entj3n1RrpxI1gb56Q2tFghJNVgnL4Mq
 eBeODhPUJRqOd2dIcFKQbRhQs4Uaonu4V6QM+F7SekdV7VbU5VbJzB/9IvCkpNJo
 TqHDLp3makEabonal2gucmhxon7+C+4NXv+YMzTQbG2g/lVa4kmXehEA5BDcFScE
 XYKBEXkWsabV2IRVaZybu+0qkD+2PNtWQP3iAqOX8RPCGKieu4fbDTbzaPJAPNTb
 OBgDnzO3tukwI1upHQDIuO06poGfwMjJGKR4IZgCphTzNO7AtzUBFR96wmoaJGfq
 t7VO2lnKf5tGPifFTi/egg==
 =SWMq
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220726' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Update Coverity component definitions
 * target/arm: Add MO_128 entry to pred_esz_masks[]
 * configure: Fix portability issues
 * hw/display/bcm2835_fb: Fix framebuffer allocation address

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLgBfkZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vFdD/wLVC2gJ4Uxt2Ri5vutF6fl
# RKTNiIhcE/XQNUogQiVIERYJJ9CUOALtg3q/SPCItq0nFgNG4h+sB7Ms+VcYVmNd
# iphbYBF4nFXYsAGlYIiAPU4I5SVnL4ORLMovRmlqMGYO/xlWe4LMIIOI+Iky4z9G
# pgho7n0yuKNPwikFdX1nKH2lYvoh9pn/p8buwre4qg6z/p4XssV295NAWeGvynab
# Sj9cmBvQC9ijKADvWXrfaGbHWQCAOwjRI7su/Ky0QGHjEprBpyCC8QtKEPP0flTh
# ffWCPX/pATwkbOH6m7rVFhIpI0r+6UQaDX/5SWruMNRto6WocNbX3JYT4XzdNln9
# nkVTgqn5PTzfd801RmfhJ/iGV2zf3ZE/Entj3n1RrpxI1gb56Q2tFghJNVgnL4Mq
# eBeODhPUJRqOd2dIcFKQbRhQs4Uaonu4V6QM+F7SekdV7VbU5VbJzB/9IvCkpNJo
# TqHDLp3makEabonal2gucmhxon7+C+4NXv+YMzTQbG2g/lVa4kmXehEA5BDcFScE
# XYKBEXkWsabV2IRVaZybu+0qkD+2PNtWQP3iAqOX8RPCGKieu4fbDTbzaPJAPNTb
# OBgDnzO3tukwI1upHQDIuO06poGfwMjJGKR4IZgCphTzNO7AtzUBFR96wmoaJGfq
# t7VO2lnKf5tGPifFTi/egg==
# =SWMq
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Jul 2022 08:19:21 AM PDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20220726' of https://git.linaro.org/people/pmaydell/qemu-arm:
  hw/display/bcm2835_fb: Fix framebuffer allocation address
  configure: Avoid '==' bashism
  configure: Drop dead code attempting to use -msmall-data on alpha hosts
  configure: Don't use bash-specific string-replacement syntax
  configure: Add braces to clarify intent of $emu[[:space:]]
  configure: Add missing POSIX-required space
  target/arm: Add MO_128 entry to pred_esz_masks[]
  scripts/coverity-scan/COMPONENTS.md: Update slirp component info
  scripts/coverity-scan/COMPONENTS.md: Add loongarch component

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26 08:32:01 -07:00
Joao Martins
b3e6982b41 i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type
The added enforcing is only relevant in the case of AMD where the
range right before the 1TB is restricted and cannot be DMA mapped
by the kernel consequently leading to IOMMU INVALID_DEVICE_REQUEST
or possibly other kinds of IOMMU events in the AMD IOMMU.

Although, there's a case where it may make sense to disable the
IOVA relocation/validation when migrating from a
non-amd-1tb-aware qemu to one that supports it.

Relocating RAM regions to after the 1Tb hole has consequences for
guest ABI because we are changing the memory mapping, so make
sure that only new machine enforce but not older ones.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-12-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
8504f12945 i386/pc: relocate 4g start to 1T where applicable
It is assumed that the whole GPA space is available to be DMA
addressable, within a given address space limit, except for a
tiny region before the 4G. Since Linux v5.4, VFIO validates
whether the selected GPA is indeed valid i.e. not reserved by
IOMMU on behalf of some specific devices or platform-defined
restrictions, and thus failing the ioctl(VFIO_DMA_MAP) with
 -EINVAL.

AMD systems with an IOMMU are examples of such platforms and
particularly may only have these ranges as allowed:

        0000000000000000 - 00000000fedfffff (0      .. 3.982G)
        00000000fef00000 - 000000fcffffffff (3.983G .. 1011.9G)
        0000010000000000 - ffffffffffffffff (1Tb    .. 16Pb[*])

We already account for the 4G hole, albeit if the guest is big
enough we will fail to allocate a guest with  >1010G due to the
~12G hole at the 1Tb boundary, reserved for HyperTransport (HT).

[*] there is another reserved region unrelated to HT that exists
in the 256T boundary in Fam 17h according to Errata #1286,
documeted also in "Open-Source Register Reference for AMD Family
17h Processors (PUB)"

When creating the region above 4G, take into account that on AMD
platforms the HyperTransport range is reserved and hence it
cannot be used either as GPAs. On those cases rather than
establishing the start of ram-above-4g to be 4G, relocate instead
to 1Tb. See AMD IOMMU spec, section 2.1.2 "IOMMU Logical
Topology", for more information on the underlying restriction of
IOVAs.

After accounting for the 1Tb hole on AMD hosts, mtree should
look like:

0000000000000000-000000007fffffff (prio 0, i/o):
         alias ram-below-4g @pc.ram 0000000000000000-000000007fffffff
0000010000000000-000001ff7fffffff (prio 0, i/o):
        alias ram-above-4g @pc.ram 0000000080000000-000000ffffffffff

If the relocation is done or the address space covers it, we
also add the the reserved HT e820 range as reserved.

Default phys-bits on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough
to address 1Tb (0xff ffff ffff). On AMD platforms, if a
ram-above-4g relocation is attempted and the CPU wasn't configured
with a big enough phys-bits, an error message will be printed
due to the maxphysaddr vs maxusedaddr check previously added.

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-11-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
1caab5cf86 i386/pc: bounds check phys-bits against max used GPA
Calculate max *used* GPA against the CPU maximum possible address
and error out if the former surprasses the latter. This ensures
max used GPA is reacheable by configured phys-bits. Default phys-bits
on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough for the CPU to
address 1Tb (0xff ffff ffff) or 1010G (0xfc ffff ffff) in AMD hosts
with IOMMU.

This is preparation for AMD guests with >1010G, where it will want relocate
ram-above-4g to be after 1Tb instead of 4G.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-10-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
8288a8286d i386/pc: factor out device_memory base/size to helper
Move obtaining hole64_start from device_memory memory region base/size
into an helper alongside correspondent getters in pc_memory_init() when
the hotplug range is unitialized. While doing that remove the memory
region based logic from this newly added helper.

This is the final step that allows pc_pci_hole64_start() to be callable
at the beginning of pc_memory_init() before any memory regions are
initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-9-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
1065b21993 i386/pc: handle unitialized mr in pc_get_cxl_range_end()
Remove pc_get_cxl_range_end() dependency on the CXL memory region,
and replace with one that does not require the CXL host_mr to determine
the start of CXL start.

This in preparation to allow pc_pci_hole64_start() to be called early
in pc_memory_init(), handle CXL memory region end when its underlying
memory region isn't yet initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Message-Id: <20220719170014.27028-8-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
42bed07127 i386/pc: factor out cxl range start to helper
Factor out the calculation of the base address of the memory region.
It will be used later on for the cxl range end counterpart calculation
and as well in pc_memory_init() CXL memory region initialization, thus
avoiding duplication.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-7-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
55668e409b i386/pc: factor out cxl range end to helper
Move calculation of CXL memory region end to separate helper.

This is in preparation to a future change that removes CXL range
dependency on the CXL memory region, with the goal of allowing
pc_pci_hole64_start() to be called before any memory region are
initialized.

Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-6-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
5ff62e2afe i386/pc: factor out above-4g end to an helper
There's a couple of places that seem to duplicate this calculation
of RAM size above the 4G boundary. Move all those to a helper function.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-5-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
c48eb7a4e8 i386/pc: pass pci_hole64_size to pc_memory_init()
Use the pre-initialized pci-host qdev and fetch the
pci-hole64-size into pc_memory_init() newly added argument.
Use PCI_HOST_PROP_PCI_HOLE64_SIZE pci-host property for
fetching pci-hole64-size.

This is in preparation to determine that host-phys-bits are
enough and for pci-hole64-size to be considered to relocate
ram-above-4g to be at 1T (on AMD platforms).

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-4-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
4876778749 i386/pc: create pci-host qdev prior to pc_memory_init()
At the start of pc_memory_init() we usually pass a range of
0..UINT64_MAX as pci_memory, when really its 2G (i440fx) or
32G (q35). To get the real user value, we need to get pci-host
passed property for default pci_hole64_size. Thus to get that,
create the qdev prior to memory init to better make estimations
on max used/phys addr.

This is in preparation to determine that host-phys-bits are
enough and also for pci-hole64-size to be considered to relocate
ram-above-4g to be at 1T (on AMD platforms).

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-3-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00
Joao Martins
4ab4c33014 hw/i386: add 4g boundary start to X86MachineState
Rather than hardcoding the 4G boundary everywhere, introduce a
X86MachineState field @above_4g_mem_start and use it
accordingly.

This is in preparation for relocating ram-above-4g to be
dynamically start at 1T on AMD platforms.

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220719170014.27028-2-joao.m.martins@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26 10:40:58 -04:00