Commit Graph

104204 Commits

Author SHA1 Message Date
Richard Henderson
d397be9a22 disas/riscv: Decode czero.{eqz,nez}
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:52 +00:00
Richard Henderson
b56d5a8a4b tcg/mips: Replace MIPS_BE with HOST_BIG_ENDIAN
Since e03b56863d, which replaced HOST_WORDS_BIGENDIAN
with HOST_BIG_ENDIAN, there is no need to define a second
symbol which is [0,1].

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:52 +00:00
Richard Henderson
c64ed451a9 tcg/mips: Use qemu_build_not_reached for LO/HI_OFF
The new(ish) macro produces a compile-time error instead
of a link-time error.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:52 +00:00
Richard Henderson
269e93ab76 tcg/mips: Try three insns with shift and add in tcg_out_movi
These sequences are inexpensive to test.  Maxing out at three insns
results in the same space as a load plus the constant pool entry.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
1d159e64cc tcg/mips: Try tb-relative addresses in tcg_out_movi
These addresses are often loaded by the qemu_ld/st slow path,
for loading the retaddr value.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
4316de32e7 tcg/mips: Aggressively use the constant pool for n64 calls
Repeated calls to a single helper are common -- especially
the ones for softmmu memory access.  Prefer the constant pool
to longer sequences to increase sharing.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
48c12ba748 tcg/mips: Use the constant pool for 64-bit constants
During normal processing, the constant pool is accessible via
TCG_REG_TB.  During the prologue, it is accessible via TCG_REG_T9.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
1d9c5b3084 tcg/mips: Split out tcg_out_movi_two
Emit all 32-bit signed constants, which can be loaded in two insns.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
47a572865a tcg/mips: Split out tcg_out_movi_one
Emit all constants that can be loaded in exactly one insn.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
53c4fa2726 tcg/mips: Create and use TCG_REG_TB
This vastly reduces the size of code generated for 64-bit addresses.
The code for exit_tb, for instance, where we load a (tagged) pointer
to the current TB, goes from

0x400aa9725c:  li       v0,64
0x400aa97260:  dsll     v0,v0,0x10
0x400aa97264:  ori      v0,v0,0xaa9
0x400aa97268:  dsll     v0,v0,0x10
0x400aa9726c:  j        0x400aa9703c
0x400aa97270:  ori      v0,v0,0x7083

to

0x400aa97240:  j        0x400aa97040
0x400aa97244:  daddiu   v0,s6,-189

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:51 +00:00
Richard Henderson
f63eb2e59f tcg/mips: Unify TCG_GUEST_BASE_REG tests
In tcg_out_qemu_ld/st, we already check for guest_base matching int16_t.
Mirror that when setting up TCG_GUEST_BASE_REG in the prologue.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:50 +00:00
Richard Henderson
43b4cd9713 tcg/mips: Move TCG_GUEST_BASE_REG to S7
No functional change; just moving the saved reserved regs to the end.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:50 +00:00
Richard Henderson
d721cc94b2 tcg/mips: Move TCG_AREG0 to S8
No functional change; just moving the saved reserved regs to the end.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-25 13:57:50 +00:00
Paolo Bonzini
eea7cd3fc5 monitor: do not use mb_read/mb_set
Instead of relying on magic memory barriers, document the pattern that
is being used.  It is the one based on Dekker's algorithm, and in this
case it is embodied as follows:

    enqueue request;              sleeping = true;
    smp_mb();                     smp_mb();
    if (sleeping) kick();         if (!have a request) yield();

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
60f4f62efe monitor: extract request dequeuing to a new function
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
9f2d58546e monitor: introduce qmp_dispatcher_co_wake
This makes it possible to turn qmp_dispatcher_co_busy into a static
variable.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
0ff2553701 monitor: cleanup fetching of QMP requests
Use a continue statement so that "after going to sleep" is treated the same
way as "after processing a request".  Pull the monitor_lock critical
section out of monitor_qmp_requests_pop_any_with_lock() and protect
qmp_dispatcher_co_shutdown with the monitor_lock.

The two changes are complex to separate because monitor_qmp_dispatcher_co()
previously had a complicated logic to check for shutdown both before
and after going to sleep.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
3e6bed619a monitor: cleanup detection of qmp_dispatcher_co shutting down
Instead of overloading qmp_dispatcher_co_busy, make the coroutine
pointer NULL.  This will make things break spectacularly if somebody
tries to start a request after monitor_cleanup().

AIO_WAIT_WHILE_UNLOCKED() does not need qatomic_mb_read(), because
the macro contains all the necessary memory barriers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
6ee7c82d0d monitor: do not use mb_read/mb_set for suspend_cnt
Clean up monitor_event to just use monitor_suspend/monitor_resume,
using mon->mux_out to protect against incorrect nesting (especially
on startup).

The only remaining case of reading suspend_cnt is in the can_read
callback, which is just advisory and can use qatomic_read.

As an extra benefit, mux_out is now simply protected by mon_lock.
Also, moving the prompt to the beginning of the main loop removes
it from the output in some error cases where QEMU does not actually
start successfully.  It is not a full fix and it would be nice to
also remove the monitor heading, but this is already a small (though
unintentional) improvement.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
4cb96b9742 monitor: add more *_locked() functions
Allow flushing and printing to the monitor while mon->mon_lock is
held.  This will help cleaning up the locking of mon->mux_out and
mon->suspend_cnt.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
c5d0c55f1a monitor: allow calling monitor_resume under mon_lock
Move monitor_resume()'s call to readline_show_prompt() outside the
potentially locked section.  Reuse the existing monitor_accept_input()
bottom half for this purpose.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
e37548ef13 monitor: use QEMU_LOCK_GUARD a bit more
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Mark Cave-Ayland
690705ca0b softmmu/ioport.c: make MemoryRegionPortioList owner of portio_list MemoryRegions
Currently when portio_list MemoryRegions are freed using portio_list_destroy() the RCU
thread segfaults generating a backtrace similar to that below:

    #0 0x5555599a34b6 in phys_section_destroy ../softmmu/physmem.c:996
    #1 0x5555599a37a3 in phys_sections_free ../softmmu/physmem.c:1011
    #2 0x5555599b24aa in address_space_dispatch_free ../softmmu/physmem.c:2430
    #3 0x55555996a283 in flatview_destroy ../softmmu/memory.c:292
    #4 0x55555a2cb9fb in call_rcu_thread ../util/rcu.c:284
    #5 0x55555a29b71d in qemu_thread_start ../util/qemu-thread-posix.c:541
    #6 0x7ffff4a0cea6 in start_thread nptl/pthread_create.c:477
    #7 0x7ffff492ca2e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfca2e)

The problem here is that portio_list_destroy() unparents the portio_list
MemoryRegions causing them to be freed immediately, however the flatview
still has a reference to the MemoryRegion and so causes a use-after-free
segfault when the RCU thread next updates the flatview.

Solve the lifetime issue by making MemoryRegionPortioList the owner of the
portio_list MemoryRegions, and then reparenting them to the portio_list
owner. This ensures that they can be accessed as QOM children via the
portio_list owner, yet the MemoryRegionPortioList owns the refcount.

Update portio_list_destroy() to unparent the MemoryRegion from the
portio_list owner (while keeping mrpio->mr live until finalization of the
MemoryRegionPortioList), so that the portio_list MemoryRegions remain
allocated until flatview_destroy() removes the final refcount upon the
next flatview update.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230419151652.362717-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Mark Cave-Ayland
28770689c5 softmmu/ioport.c: QOMify MemoryRegionPortioList
The aim of QOMification is so that the lifetime of the MemoryRegionPortioList
structure can be managed using QOM's in-built refcounting instead of having to
handle this manually.

Due to the use of an opaque pointer it isn't possible to model the new
TYPE_MEMORY_REGION_PORTIO_LIST directly using QOM properties, however since
use of the new object is restricted to the portio API we can simply set the
opaque pointer (and the heap-allocated port list) internally.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230419151652.362717-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Mark Cave-Ayland
d2f07b75ae softmmu/ioport.c: allocate MemoryRegionPortioList ports on the heap
In order to facilitate a conversion of MemoryRegionPortioList to a QOM object
move the allocation of MemoryRegionPortioList ports to the heap instead of
using a variable-length member at the end of the MemoryRegionPortioList
structure.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230419151652.362717-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
6301460ce9 usb/ohci: Set pad to 0 after frame update
When the OHCI controller's framenumber is incremented, HccaPad1 register
should be set to zero (Ref OHCI Spec 4.4)

ReactOS uses hccaPad1 to determine if the OHCI hardware is running,
consequently it fails this check in current qemu master.

Signed-off-by: Ryan Wendland <wendland@live.com.au>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1048
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:18:33 +02:00
Paolo Bonzini
b03fcd6818 meson: move -no-pie from linker to compiler
The large comment in the patch says it all; the -no-pie flag is broken and
this is why it was not included in QEMU_LDFLAGS before commit a988b4c561
("build: move remaining compiler flag tests to meson", 2023-05-18).  And
some distros made things even worse, so we have to add it to the compiler
command line.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1664
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:02:43 +02:00
Paolo Bonzini
91a2e6882a meson: fix rule for qemu-ga installer
The bindir variable is not available in the "glib" variable, which is an internal
dependency (created with "declare_dependency").  Use glib_pc instead, which contains
the variable as it is instantiated from glib-2.0.pc.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:02:43 +02:00
Nicolas Saenz Julienne
f49d883d4d meson.build: Fix glib -Wno-unused-function workaround
We want to only enable '-Wno-unused-function' if glib's version is
smaller than '2.57.2' and has a G_DEFINE_AUTOPTR_CLEANUP_FUNC()
implementation that doesn't take into account unused functions. But the
compilation test isn't working as intended as '-Wunused-function' isn't
enabled while running it.

Let's enable it.

Fixes: fc9a809e0d ("build: move glib detection and workarounds to meson")
Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230524173123.66483-1-nsaenz@amazon.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 10:02:37 +02:00
Maksim Davydov
fb00aa6126 target/i386: EPYC-Rome model without XSAVES
Based on the kernel commit "b0563468ee x86/CPU/AMD: Disable XSAVES on
AMD family 0x17", host system with EPYC-Rome can clear XSAVES capability
bit. In another words, EPYC-Rome host without XSAVES can occur. Thus, we
need an EPYC-Rome cpu model (without this feature) that matches the
solution of fixing this erratum

Signed-off-by: Maksim Davydov <davydov-max@yandex-team.ru>
Message-Id: <20230524213748.8918-1-davydov-max@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25 09:30:52 +02:00
Richard Henderson
b300c13446 vfio queue:
* Fix for a memory corruption due to an extra free
 * Fix for a compile breakage
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmRtyB4ACgkQUaNDx8/7
 7KFQvRAAhexL/Q8rWM8og+VESL5gPlpxDhWCI+l76+YJqQzZkgebwZ5rw920f8EG
 bRs5AAk8fPTX/qKKq/JkYMmQwpM2jo8W4elcNumm44WAG7hDwd1LQ3nAZeOcvgU0
 jQ1IwRYcgNo+oOTN9b7GhePQK27OraliLUrf/sBGUWvbdAttVc2pcB91CMur0Dxb
 9KK2vEA4MJ9B8zf2/ZkaK6Z+28GsratR7803Nvv25rm5sP3VBb9w0TnKZAOmaHLv
 X5Tz8yjNvQxxzB9SzgOK6yMtnrp42ArVC5u2aDa33uzSWUeFiTF1HEFeGAps2nJg
 8tSNo0fTKhznrVR3q2pyxC05Dp+jmKicrmivc26iBdAWAUxQYX44UQoLYD5ISdti
 nlSE+Is+0ZE5E2tHE9yAOPa4rrXHNBqpueu+VMPbYMyVEqzblP7twYe6HkGPYhrD
 zbx/ABZAAGOf+3YmyL1yQrCc0WyJ2lHDySQt/llMrhkBTCHGEF8yjfWFypluZFWX
 X7Mb0YZP0qPpFsV3TDcrqV3onaFSNehp2EJs2EJAa/DeUNbnKlz4LiYBzZE95egb
 9PGrLnB5w1Vlp44H+ctrnYj55TnspHT+Qqwvhkr/vOMupZukbGus0VFIU2IDrh2g
 qEqhaigwxfVyZ1Eqwti4IgX8RVX8bW43slR33aD6vsO7jpiP2Pk=
 =TA2V
 -----END PGP SIGNATURE-----

Merge tag 'pull-vfio-20230524' of https://github.com/legoater/qemu into staging

vfio queue:

* Fix for a memory corruption due to an extra free
* Fix for a compile breakage

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmRtyB4ACgkQUaNDx8/7
# 7KFQvRAAhexL/Q8rWM8og+VESL5gPlpxDhWCI+l76+YJqQzZkgebwZ5rw920f8EG
# bRs5AAk8fPTX/qKKq/JkYMmQwpM2jo8W4elcNumm44WAG7hDwd1LQ3nAZeOcvgU0
# jQ1IwRYcgNo+oOTN9b7GhePQK27OraliLUrf/sBGUWvbdAttVc2pcB91CMur0Dxb
# 9KK2vEA4MJ9B8zf2/ZkaK6Z+28GsratR7803Nvv25rm5sP3VBb9w0TnKZAOmaHLv
# X5Tz8yjNvQxxzB9SzgOK6yMtnrp42ArVC5u2aDa33uzSWUeFiTF1HEFeGAps2nJg
# 8tSNo0fTKhznrVR3q2pyxC05Dp+jmKicrmivc26iBdAWAUxQYX44UQoLYD5ISdti
# nlSE+Is+0ZE5E2tHE9yAOPa4rrXHNBqpueu+VMPbYMyVEqzblP7twYe6HkGPYhrD
# zbx/ABZAAGOf+3YmyL1yQrCc0WyJ2lHDySQt/llMrhkBTCHGEF8yjfWFypluZFWX
# X7Mb0YZP0qPpFsV3TDcrqV3onaFSNehp2EJs2EJAa/DeUNbnKlz4LiYBzZE95egb
# 9PGrLnB5w1Vlp44H+ctrnYj55TnspHT+Qqwvhkr/vOMupZukbGus0VFIU2IDrh2g
# qEqhaigwxfVyZ1Eqwti4IgX8RVX8bW43slR33aD6vsO7jpiP2Pk=
# =TA2V
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 May 2023 01:17:34 AM PDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-vfio-20230524' of https://github.com/legoater/qemu:
  util/vfio-helpers: Use g_file_read_link()
  vfio/pci: Fix a use-after-free issue

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 14:23:41 -07:00
Camilla Conte
8acf865084 Add Kubernetes runner configuration
Custom values for the gitlab-runner Helm chart.
See https://wiki.qemu.org/Testing/CI/KubernetesRunners.

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230522174153.46801-6-cconte@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 12:26:40 -07:00
Camilla Conte
037a171a2f Add CI variable RUNNER_TAG
This allows to set a job tag dynamically.
We need this to be able to select the Kubernetes runner.
See https://wiki.qemu.org/Testing/CI/KubernetesRunners.

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230522174153.46801-5-cconte@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 12:26:40 -07:00
Camilla Conte
b105ce60ca Add loop over docker info
Wait for docker info to return successfuly to ensure that
the docker server (daemon) started.
This is needed for jobs running on Kubernetes.
See https://wiki.qemu.org/Testing/CI/KubernetesRunners.

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230522174153.46801-4-cconte@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 12:26:40 -07:00
Camilla Conte
5f63a67adb Use docker "stable" tag
Use the same tag in all jobs.

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230522174153.46801-3-cconte@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 12:26:40 -07:00
Camilla Conte
a878264d6c Remove redundant CI variables
These are not needed when using gitlab.com shared runners.

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230522174153.46801-2-cconte@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-24 12:26:40 -07:00
Akihiko Odaki
dbdea0dbfe util/vfio-helpers: Use g_file_read_link()
When _FORTIFY_SOURCE=2, glibc version is 2.35, and GCC version is
12.1.0, the compiler complains as follows:

In file included from /usr/include/features.h:490,
                 from /usr/include/bits/libc-header-start.h:33,
                 from /usr/include/stdint.h:26,
                 from /usr/lib/gcc/aarch64-unknown-linux-gnu/12.1.0/include/stdint.h:9,
                 from /home/alarm/q/var/qemu/include/qemu/osdep.h:94,
                 from ../util/vfio-helpers.c:13:
In function 'readlink',
    inlined from 'sysfs_find_group_file' at ../util/vfio-helpers.c:116:9,
    inlined from 'qemu_vfio_init_pci' at ../util/vfio-helpers.c:326:18,
    inlined from 'qemu_vfio_open_pci' at ../util/vfio-helpers.c:517:9:
/usr/include/bits/unistd.h:119:10: error: argument 2 is null but the corresponding size argument 3 value is 4095 [-Werror=nonnull]
  119 |   return __glibc_fortify (readlink, __len, sizeof (char),
      |          ^~~~~~~~~~~~~~~

This error implies the allocated buffer can be NULL. Use
g_file_read_link(), which allocates buffer automatically to avoid the
error.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-05-24 09:21:22 +02:00
Zhenzhong Duan
b83b40b614 vfio/pci: Fix a use-after-free issue
vbasedev->name is freed wrongly which leads to garbage VFIO trace log.
Fix it by allocating a dup of vbasedev->name and then free the dup.

Fixes: 2dca1b37a7 ("vfio/pci: add support for VF token")
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-05-24 09:21:22 +02:00
Richard Henderson
1c12355b31 util: Host cpu detection for x86 and aa64
util: Use cpu detection for bufferiszero
 migration: Use cpu detection for xbzrle
 tcg: Replace and remove cpu_atomic_{ld,st}o*
 host/include: Split qemu/atomic128.h
 tcg: Remove DEBUG_DISAS
 tcg: Remove USE_TCG_OPTIMIZATIONS
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmRtbwAdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8xlgf7B/RnVG7u7Hjndr6h
 fH07ujjElAivs+H05S0GGbQYpSNlqVv8PzXT2olJTAe15ryb537dCkqxyKW53vgb
 pUWzZf9Zy8XfN48W5V91dSKQE3gm5wBlOM6LI85F8XrIQyjZqkHti+rw3GxsamNL
 8n2euOR0vx/jculBRxvZUAJDzb/0shN583mC5+wX/KInCHiNmMC6sCggyd5bpFJZ
 1wqWwrUCqJ0KAAYKd9WrIKt6QwAX3kUDiBQPa1g+psBjZ1CYQ4lqZZn9uYQ4hEtG
 yBnT0ER2LOBQaKXJ0BrdG5c/mUNX7WkLBDTb+QjGGkfPc/bHIirXqeFzuyrXahg8
 kY155w==
 =XH8Z
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20230523-3' of https://gitlab.com/rth7680/qemu into staging

util: Host cpu detection for x86 and aa64
util: Use cpu detection for bufferiszero
migration: Use cpu detection for xbzrle
tcg: Replace and remove cpu_atomic_{ld,st}o*
host/include: Split qemu/atomic128.h
tcg: Remove DEBUG_DISAS
tcg: Remove USE_TCG_OPTIMIZATIONS

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmRtbwAdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8xlgf7B/RnVG7u7Hjndr6h
# fH07ujjElAivs+H05S0GGbQYpSNlqVv8PzXT2olJTAe15ryb537dCkqxyKW53vgb
# pUWzZf9Zy8XfN48W5V91dSKQE3gm5wBlOM6LI85F8XrIQyjZqkHti+rw3GxsamNL
# 8n2euOR0vx/jculBRxvZUAJDzb/0shN583mC5+wX/KInCHiNmMC6sCggyd5bpFJZ
# 1wqWwrUCqJ0KAAYKd9WrIKt6QwAX3kUDiBQPa1g+psBjZ1CYQ4lqZZn9uYQ4hEtG
# yBnT0ER2LOBQaKXJ0BrdG5c/mUNX7WkLBDTb+QjGGkfPc/bHIirXqeFzuyrXahg8
# kY155w==
# =XH8Z
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 23 May 2023 06:57:20 PM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20230523-3' of https://gitlab.com/rth7680/qemu: (28 commits)
  tcg: Remove USE_TCG_OPTIMIZATIONS
  tcg: Remove DEBUG_DISAS
  qemu/atomic128: Add runtime test for FEAT_LSE2
  qemu/atomic128: Improve cmpxchg fallback for atomic16_set
  tcg: Split out tcg/debug-assert.h
  accel/tcg: Correctly use atomic128.h in ldst_atomicity.c.inc
  qemu/atomic128: Split atomic16_read
  accel/tcg: Eliminate #if on HAVE_ATOMIC128 and HAVE_CMPXCHG128
  accel/tcg: Remove prot argument to atomic_mmu_lookup
  accel/tcg: Remove cpu_atomic_{ld,st}o_*_mmu
  target/s390x: Always use cpu_atomic_cmpxchgl_be_mmu in do_csst
  target/s390x: Use cpu_{ld,st}*_mmu in do_csst
  accel/tcg: Unify cpu_{ld,st}*_{be,le}_mmu
  target/s390x: Use tcg_gen_qemu_{ld,st}_i128 for LPQ, STPQ
  target/ppc: Use tcg_gen_qemu_{ld,st}_i128 for LQARX, LQ, STQ
  include/qemu: Move CONFIG_ATOMIC128_OPT handling to atomic128.h
  meson: Fix detect atomic128 support with optimization
  include/host: Split out atomic128-ldst.h
  include/host: Split out atomic128-cas.h
  util: Add cpuinfo-aarch64.c
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:57:47 -07:00
Richard Henderson
16ffa1ef87 tcg: Remove USE_TCG_OPTIMIZATIONS
This is always defined, and the optimization pass is
essential to producing reasonable code.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
645e3a812a tcg: Remove DEBUG_DISAS
This had been set since the beginning, is never undefined,
and it would seem to be harmful to debugging to do so.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
e45fb74ddb qemu/atomic128: Add runtime test for FEAT_LSE2
With FEAT_LSE2, load and store of int128 is directly supported.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
b35b812567 qemu/atomic128: Improve cmpxchg fallback for atomic16_set
Use __sync_bool_compare_and_swap_16 to control the loop,
rather than a separate comparison.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
427fbf3721 tcg: Split out tcg/debug-assert.h
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
8dc24ff467 accel/tcg: Correctly use atomic128.h in ldst_atomicity.c.inc
Remove the locally defined load_atomic16 and store_atomic16,
along with HAVE_al16 and HAVE_al16_fast in favor of the
routines defined in atomic128.h.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
21c38f31c0 qemu/atomic128: Split atomic16_read
Create both atomic16_read_ro and atomic16_read_rw.
Previously we pretended that we had atomic16_read in system mode,
because we "know" that all ram is always writable to the host.
Now, expose read-only and read-write versions all of the time.

For aarch64, do not fall back to __atomic_read_16 even if
supported by the compiler, to work around a clang bug.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
4deb39ebb3 accel/tcg: Eliminate #if on HAVE_ATOMIC128 and HAVE_CMPXCHG128
These symbols will shortly become dynamic runtime tests and
therefore not appropriate for the preprocessor.  Use the
matching CONFIG_* symbols for that purpose.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
7bedee3243 accel/tcg: Remove prot argument to atomic_mmu_lookup
Now that load/store are gone, we're always passing
PAGE_READ | PAGE_WRITE for RMW atomic operations.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
ec4a9629a1 accel/tcg: Remove cpu_atomic_{ld,st}o_*_mmu
Atomic load/store of 128-byte quantities is now handled
by cpu_{ld,st}16_mmu.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00
Richard Henderson
47ae3e4039 target/s390x: Always use cpu_atomic_cmpxchgl_be_mmu in do_csst
Eliminate the CONFIG_USER_ONLY specialization.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-23 18:54:55 -07:00