Commit Graph

97282 Commits

Author SHA1 Message Date
Paolo Bonzini
c0b3607d59 pc-bios/s390-ccw: add -Wno-array-bounds
The option generates a lot of warnings for integers casted to pointers,
for example:

/home/pbonzini/work/upstream/qemu/pc-bios/s390-ccw/dasd-ipl.c:174:19: warning: array subscript 0 is outside array bounds of ‘CcwSeekData[0]’ [-Warray-bounds]
  174 |     seekData->cyl = 0x00;
      |     ~~~~~~~~~~~~~~^~~~~~

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
74518fb615 q800: add default vendor and product information for scsi-cd devices
The MacOS CDROM driver uses a SCSI INQUIRY command to check that any SCSI CDROMs
detected match a whitelist of vendors and products before adding them to the
list of available devices.

Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-15-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
0fc37adac6 q800: add default vendor and product information for scsi-hd devices
The Apple HD SC Setup program uses a SCSI INQUIRY command to check that any SCSI
hard disks detected match a whitelist of vendors and products before allowing
the "Initialise" button to prepare an empty disk.

Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-14-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
356c4c441e scsi-disk: allow MODE SELECT block descriptor to set the block size
The MODE SELECT command can contain an optional block descriptor that can be used
to set the device block size. If the block descriptor is present then update the
block size on the SCSI device accordingly.

This allows CDROMs to be used with A/UX which requires a CDROM drive which is
capable of switching from a 2048 byte sector size to a 512 byte sector size.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-13-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
4536fba00a scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM drives
A/UX sends a MODE_PAGE_R_W_ERROR command with the AWRE bit set to 0 when enumerating
CDROM drives. Since the bit is currently hardcoded to 1 then indicate that the AWRE
bit can be changed (even though we don't care about the value) so that
the MODE_PAGE_R_W_ERROR page can be set successfully.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-12-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
2724b90dfb q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd devices
By default quirk_mode_page_truncated should be enabled for all scsi-cd devices
connected to the q800 machine to allow A/UX to enumerate SCSI CDROM devices
without hanging.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-11-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
389e18eb9a scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
When A/UX configures the CDROM device it sends a truncated MODE SELECT request
for page 1 (MODE_PAGE_R_W_ERROR) which is only 6 bytes in length rather than
10. This seems to be due to bug in Apple's code which calculates the CDB message
length incorrectly.

The work at [1] suggests that this truncated request is accepted on real
hardware whereas in QEMU it generates an INVALID_PARAM_LEN sense code which
causes A/UX to get stuck in a loop retrying the command in an attempt to succeed.

Alter the mode page request length check so that truncated requests are allowed
if the SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk is enabled, whilst also adding a
trace event to enable the condition to be detected.

[1] https://68kmla.org/bb/index.php?threads/scsi2sd-project-anyone-interested.29040/page-7#post-316444

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-10-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
6ab717610f scsi-disk: add FORMAT UNIT command
When initialising a drive ready to install MacOS, Apple HD SC Setup first attempts
to format the drive. Add a simple FORMAT UNIT command which simply returns success
to allow the format to succeed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220622105314.802852-9-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
d9a107d153 q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple for scsi devices
By default quirk_mode_page_vendor_specific_apple should be enabled for both scsi-hd
and scsi-cd devices to allow MacOS to format SCSI disk devices, and A/UX to
enumerate SCSI CDROM devices succesfully without getting stuck in a loop.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-8-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
09274de1f7 scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for Macintosh
Both MacOS and A/UX make use of vendor-specific MODE SELECT commands with PF=0
to identify SCSI devices:

- MacOS sends a MODE SELECT command with PF=0 for the MODE_PAGE_VENDOR_SPECIFIC
  (0x0) mode page containing 2 bytes before initialising a disk

- A/UX (installed on disk) sends a MODE SELECT command with PF=0 during SCSI
  bus enumeration, and gets stuck in an infinite loop if it fails

Add a new SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk to allow both
PF=0 MODE SELECT commands and implement a MODE_PAGE_VENDOR_SPECIFIC (0x0)
mode page which is compatible with MacOS.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-7-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
f7c30a0f41 q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for scsi-cd devices
By default quirk_mode_sense_rom_use_dbd should be enabled for all scsi-cd devices
connected to the q800 machine to correctly report the CDROM block descriptor back
to A/UX.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-6-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:58 +02:00
Mark Cave-Ayland
f43c2b94cd scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh
During SCSI bus enumeration A/UX sends a MODE SENSE command to the CDROM with
the DBD bit unset and expects the response to include a block descriptor. As per
the latest SCSI documentation, QEMU currently force-disables the block
descriptor for CDROM devices but the A/UX driver expects the requested block
descriptor to be returned.

If the block descriptor is not returned in the response then A/UX becomes
confused, since the block descriptor returned in the MODE SENSE response is
used to generate a subsequent MODE SELECT command which is then invalid.

Add a new SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk to allow this behaviour
to be enabled as required. Note that an additional workaround is required for
the previous SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk which must never
return a block descriptor even though the DBD bit is left unset.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-5-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland
f358241029 q800: implement compat_props to enable quirk_mode_page_apple_vendor for scsi-cd devices
By default quirk_mode_page_apple_vendor should be enabled for all scsi-cd devices
connected to the q800 machine to enable MacOS to detect and use them.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland
09d3786762 scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh
One of the mechanisms MacOS uses to identify CDROM drives compatible with MacOS
is to send a custom MODE SELECT command for page 0x30 to the drive. The
response to this is a hard-coded manufacturer string which must match in order
for the CDROM to be usable within MacOS.

Add an implementation of the MODE SELECT page 0x30 response guarded by a newly
defined SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk bit so that CDROM drives
attached to non-Apple machines function exactly as before.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mark Cave-Ayland
3412f9c3b4 scsi-disk: add new quirks bitmap to SCSIDiskState
Since the MacOS SCSI implementation is quite old (and Apple added some firmware
customisations to their drives for m68k Macs) there is need to add a mechanism
to correctly handle Apple-specific quirks.

Add a new quirks bitmap to SCSIDiskState that can be used to enable these
features as required.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Akihiko Odaki
8154f5e64b meson: Prefix each element of firmware path
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624154042.51512-1-akihiko.odaki@gmail.com>
[Rewrite shell function without using Bash extensions. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Akihiko Odaki
98753e9a8f module: Use bundle mechanism
Before this change, the directory of the executable was being added to
resolve modules in the build tree. However, get_relocated_path() can now
resolve them with the new bundle mechanism.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624145039.49929-5-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Akihiko Odaki
882084a04a datadir: Use bundle mechanism
softmmu/datadir.c had its own implementation to find files in the
build tree, but now bundle mechanism provides the unified
implementation which works for datadir and the other files.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624145039.49929-4-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Akihiko Odaki
cf60ccc330 cutils: Introduce bundle mechanism
Developers often run QEMU without installing. The bundle mechanism
allows to look up files which should be present in installation even in
such a situation.

It is a general mechanism and can find any files in the installation
tree. The build tree will have a new directory, qemu-bundle, to
represent what files the installation tree would have for reference by
the executables.

Note that it abandons compatibility with Windows older than 8. The
extended support for the prior version, 7 ended more than 2 years ago,
and it is unlikely that someone would like to run the latest QEMU on
such an old system.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220624145039.49929-3-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Mauro Matteo Cascella
4367a20cc4 scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req to NULL, not current_req->req, to prevent reusing a free'd
buffer in case of repeated SCSI cancel requests.  Also apply the fix to
CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel
the request.

Thanks to Alexander Bulekov for providing a reproducer.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220711123316.421279-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-13 16:58:57 +02:00
Peter Maydell
8e3d85d36b * fuzzing fixes (Alexander)
* fix cross compilation CFLAGS and compiler choice
 * do not specify -bios option for tests/vm
 * miscellaneous fixes
 * preparation for pre-install tree in the build directory (Akihiko)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLNbVcUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1KggArZDxqEOyTCvsu2H1Bf7j2J4Mfx2k
 +8FiDNpdfnmpQIc8KnQHZN7QKodXhaPwShoK6NZPYeAbg62n5/RUlF+fj2DbdCN0
 udBqt9V5dmjF2S+vb2++pWSpEUpqH1yAVYX3t0MvQDkfscADYYqYndHkYqVP34Sy
 sIIkDGdFODQqHCPDmNNFWFHt8X5Zu8t5j53NjPebdryZBDiA4DgFnorTw0sTPV1H
 XeS2M06C1lkGyWrdy7eaF9IL3tmlCsuc6xiA0RAhzJiWgHe1LQZOUPMfR+GKuidI
 E9Cz05iGyOlH+CNYgdukqT8BdJtcjWZwDgYWVxVIswv461h/asoENUIx1g==
 =Nyzq
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fuzzing fixes (Alexander)
* fix cross compilation CFLAGS and compiler choice
* do not specify -bios option for tests/vm
* miscellaneous fixes
* preparation for pre-install tree in the build directory (Akihiko)

# gpg: Signature made Tue 12 Jul 2022 13:47:19 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  meson: place default firmware path under .../share
  qga: Relocate a path emitted in the help text
  build: Do not depend on pc-bios for config-host.mak
  accel: kvm: Fix memory leak in find_stats_descriptors
  audio/dbus: fix building
  fuzz: only use generic-fuzz targets on oss-fuzz
  build: improve -fsanitize-coverage-allowlist check
  build: try both native and cross compilers
  configure: pass whole target name to probe_target_compiler
  tests/tcg: compile system emulation tests as freestanding
  configure: write EXTRA_CFLAGS for all sub-Makefiles
  configure: allow more host/target combos to use the host compiler
  configure, pc-bios/vof: pass cross CFLAGS correctly
  configure, pc-bios/s390-ccw: pass cross CFLAGS correctly
  configure, pc-bios/optionrom: pass cross CFLAGS correctly
  pc-bios/optionrom: use -m16 unconditionally
  scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
  tests/vm: do not specify -bios option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	pc-bios/s390-ccw/netboot.mak
2022-07-12 14:12:15 +01:00
Paolo Bonzini
9fb6d8a9b2 meson: place default firmware path under .../share
Fixes: c09c1ce7e9 ("configure: switch directory options to automatic parsing", 2022-05-07)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-12 14:46:58 +02:00
Vladimir Sementsov-Ogievskiy
9548cbefff iotests/copy-before-write: specify required_fmts
Declare that we need copy-before-write filter to avoid failure when
filter is not whitelisted.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220706170834.242277-1-vsementsov@yandex-team.ru>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 13:21:02 +05:30
Vladimir Sementsov-Ogievskiy
05b47eec90 iotests: fix copy-before-write for macOS and FreeBSD
strerror() represents ETIMEDOUT a bit different in Linux and macOS /
FreeBSD. Let's support the latter too.

Fixes: 9d05a87b77 ("iotests: copy-before-write: add cases for cbw-timeout option")
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220705153708.186418-1-vsementsov@yandex-team.ru>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 13:21:02 +05:30
Richard Henderson
f085ba292b gitlab-ci/cirrus: Update freebsd to python 3.9 packages
FreeBSD has stopped shipping python 3.8, causing our cirrus
builds to fail immediately.  Upstream lcitool has an update
to address this, but has also reorganized its source tree so
additional changes are required for 'make lcitool-update'.

In the meantime, fix the build.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 13:21:02 +05:30
Richard Henderson
08c8a31214 Fix for duplicate tlb check on unaligned access.
Fix for w^x code gen buffer mapping.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLNEksdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8KPwf9EybXFrlI1u9A2nOK
 8puFCKdN7eGjYo2dkRd/CyqugmsaS3IuL9cooWi7/A6pOtyuIWdlyI/r+PAZat3p
 GfvZvx9GejWpbUv6GYX2extZAev1EbhaaM6ZOg/EZGOWTjiINZMztuIWhbjftRUj
 6E8FLkj/5PWQzYvi6TbMMAMqg5QsYERZIZ4SfDfjE2a8s8rloYDBdvVEaG35NOa/
 pv93clb7OrnE5VyJLHyfs8VwpbtJKsQy/Twwh1+828X/fetwJWT5AKfPZTIHLELL
 tVuABJA25wSfPPmjtXTzDjq5x5/UWKc16Zvk1tbcxuknLegxUH0Agy+qJRI3x5FA
 M3ZHOg==
 =b4EN
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20220712' of https://gitlab.com/rth7680/qemu into staging

Fix for duplicate tlb check on unaligned access.
Fix for w^x code gen buffer mapping.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLNEksdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8KPwf9EybXFrlI1u9A2nOK
# 8puFCKdN7eGjYo2dkRd/CyqugmsaS3IuL9cooWi7/A6pOtyuIWdlyI/r+PAZat3p
# GfvZvx9GejWpbUv6GYX2extZAev1EbhaaM6ZOg/EZGOWTjiINZMztuIWhbjftRUj
# 6E8FLkj/5PWQzYvi6TbMMAMqg5QsYERZIZ4SfDfjE2a8s8rloYDBdvVEaG35NOa/
# pv93clb7OrnE5VyJLHyfs8VwpbtJKsQy/Twwh1+828X/fetwJWT5AKfPZTIHLELL
# tVuABJA25wSfPPmjtXTzDjq5x5/UWKc16Zvk1tbcxuknLegxUH0Agy+qJRI3x5FA
# M3ZHOg==
# =b4EN
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 12 Jul 2022 11:48:51 AM +0530
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20220712' of https://gitlab.com/rth7680/qemu:
  accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore
  tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 11:52:11 +05:30
Ilya Leoshkevich
b0f650f047 accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore
If low-address-protection is active, unaligned stores to non-protected
parts of lowcore lead to protection exceptions. The reason is that in
such cases tlb_fill() call in store_helper_unaligned() covers
[0, addr + size) range, which contains the protected portion of
lowcore. This range is too large.

The most straightforward fix would be to make sure we stay within the
original [addr, addr + size) range. However, if an unaligned access
affects a single page, we don't need to call tlb_fill() in
store_helper_unaligned() at all, since it would be identical to
the previous tlb_fill() call in store_helper(), and therefore a no-op.
If an unaligned access covers multiple pages, this situation does not
occur.

Therefore simply skip TLB handling in store_helper_unaligned() if we
are dealing with a single page.

Fixes: 2bcf018340 ("s390x/tcg: low-address protection support")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220711185640.3558813-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 10:43:33 +05:30
Shaobo Song
ba8924113c tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd()
This fixes a bug in POSIX-compliant environments. Since we had allocated
a buffer named 'tcg-jit' with read-write access protections we need a int
type to combine these access flags and return it, whereas we had inexplicably
return a bool type. It may cause an unnecessary protection change in
tcg_region_init().

Cc: qemu-stable@nongnu.org
Fixes: 7be9ebcf92 ("tcg: Return the map protection from alloc_code_gen_buffer")
Signed-off-by: Shaobo Song <shnusongshaobo@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220624150216.3627-1-shnusongshaobo@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 10:30:10 +05:30
Richard Henderson
9fed1bca6b target-arm:
* Implement SME emulation, for both system and linux-user
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLMLC8ZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3sR6D/wN7+rQ86FnPEpeqqh37Chx
 dyCwmAjad7cSJWY4d6RlhNBll35D2nPIdo7MQrUi7ViNL+mDRGr4xSeYOU3IBXd7
 hxRY2rAjwlVtpL6WWJkHeZTr7n+gHtds/Pda+f7d8E7RmsXtD4uRSnbGG82HVGy0
 suG6MJwDYncSoa4AlX/J6sBBYha0cusTguTbkGkEfRonKgvQ6PAogYU8zAmI4EEz
 BsdhXOjH3FGO6aUUVjZKJd1CuISNYe32sZY1OcfuiB1KbBQaRHt2LbxfKSQGMKwd
 0GzXZK9NJ0xIteAX/ESHVakudennqaBY7kdbBdLwb485pQ25r7P2jGyPM4J4fota
 fXScOQKGGVfNySPwTOPR0QLzshcckWw7+Y+AOBg/rpbepSNT41bwI6Ldjs8oNtcI
 O44wNgbN4uvbVul4dj0rOrc5azMvfH0cU+SSrZAInahEHpCN9o/NQz1D2fju7j9W
 MujJCzRVBQSCvUwD1jX6+YDTJU3y84HeGYB/whXt8tg67Ump/5IgUInACgQzwwEZ
 ZP+vxFmhuMlIkbfaiDgYdx2CLjTVSJ7YHjGx/rkqlpLVx6DgGA0klzgHV4L8fbWh
 RFY8fejQve5QzsdiiDdeRWigFY2LnDEnphwOAy7tzktRpai8FnK3aMZyIj/5WODL
 uu+gSmYoToLhC35Uan5otg==
 =D1/T
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220711' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm:
 * Implement SME emulation, for both system and linux-user

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLMLC8ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3sR6D/wN7+rQ86FnPEpeqqh37Chx
# dyCwmAjad7cSJWY4d6RlhNBll35D2nPIdo7MQrUi7ViNL+mDRGr4xSeYOU3IBXd7
# hxRY2rAjwlVtpL6WWJkHeZTr7n+gHtds/Pda+f7d8E7RmsXtD4uRSnbGG82HVGy0
# suG6MJwDYncSoa4AlX/J6sBBYha0cusTguTbkGkEfRonKgvQ6PAogYU8zAmI4EEz
# BsdhXOjH3FGO6aUUVjZKJd1CuISNYe32sZY1OcfuiB1KbBQaRHt2LbxfKSQGMKwd
# 0GzXZK9NJ0xIteAX/ESHVakudennqaBY7kdbBdLwb485pQ25r7P2jGyPM4J4fota
# fXScOQKGGVfNySPwTOPR0QLzshcckWw7+Y+AOBg/rpbepSNT41bwI6Ldjs8oNtcI
# O44wNgbN4uvbVul4dj0rOrc5azMvfH0cU+SSrZAInahEHpCN9o/NQz1D2fju7j9W
# MujJCzRVBQSCvUwD1jX6+YDTJU3y84HeGYB/whXt8tg67Ump/5IgUInACgQzwwEZ
# ZP+vxFmhuMlIkbfaiDgYdx2CLjTVSJ7YHjGx/rkqlpLVx6DgGA0klzgHV4L8fbWh
# RFY8fejQve5QzsdiiDdeRWigFY2LnDEnphwOAy7tzktRpai8FnK3aMZyIj/5WODL
# uu+gSmYoToLhC35Uan5otg==
# =D1/T
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 11 Jul 2022 07:27:03 PM +0530
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20220711' of https://git.linaro.org/people/pmaydell/qemu-arm: (45 commits)
  linux-user/aarch64: Add SME related hwcap entries
  target/arm: Enable SME for user-only
  target/arm: Only set ZEN in reset if SVE present
  linux-user/aarch64: Implement PR_SME_GET_VL, PR_SME_SET_VL
  linux-user: Rename sve prctls
  linux-user/aarch64: Implement SME signal handling
  linux-user/aarch64: Move sve record checks into restore
  linux-user/aarch64: Verify extra record lock succeeded
  linux-user/aarch64: Do not allow duplicate or short sve records
  linux-user/aarch64: Tidy target_restore_sigframe error return
  linux-user/aarch64: Add SM bit to SVE signal context
  linux-user/aarch64: Reset PSTATE.SM on syscalls
  linux-user/aarch64: Clear tpidr2_el0 if CLONE_SETTLS
  target/arm: Enable SME for -cpu max
  target/arm: Reset streaming sve state on exception boundaries
  target/arm: Implement SCLAMP, UCLAMP
  target/arm: Implement REVD
  target/arm: Implement PSEL
  target/arm: Implement SME integer outer product
  target/arm: Implement FMOPA, FMOPS (widening)
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-11 22:02:09 +05:30
Richard Henderson
f9982ceaf2 linux-user/aarch64: Add SME related hwcap entries
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-46-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
78011586b9 target/arm: Enable SME for user-only
Enable SME, TPIDR2_EL0, and FA64 if supported by the cpu.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-45-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
4630353559 target/arm: Only set ZEN in reset if SVE present
There's no reason to set CPACR_EL1.ZEN if SVE disabled.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-44-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
24d87c187c linux-user/aarch64: Implement PR_SME_GET_VL, PR_SME_SET_VL
These prctl set the Streaming SVE vector length, which may
be completely different from the Normal SVE vector length.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-43-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
fd72f5d0ba linux-user: Rename sve prctls
Add "sve" to the sve prctl functions, to distinguish
them from the coming "sme" prctls with similar names.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-42-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
78fd56ba13 linux-user/aarch64: Implement SME signal handling
Set the SM bit in the SVE record on signal delivery, create the ZA record.
Restore SM and ZA state according to the records present on return.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-41-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:52 +01:00
Richard Henderson
d3b4f7170f linux-user/aarch64: Move sve record checks into restore
Move the checks out of the parsing loop and into the
restore function.  This more closely mirrors the code
structure in the kernel, and is slightly clearer.

Reject rather than silently skip incorrect VL and SVE record sizes,
bringing our checks in to line with those the kernel does.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-40-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
8e5e19ee41 linux-user/aarch64: Verify extra record lock succeeded
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-39-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
affb1a50b9 linux-user/aarch64: Do not allow duplicate or short sve records
In parse_user_sigframe, the kernel rejects duplicate sve records,
or records that are smaller than the header.  We were silently
allowing these cases to pass, dropping the record.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-38-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
5726597c3b linux-user/aarch64: Tidy target_restore_sigframe error return
Fold the return value setting into the goto, so each
point of failure need not do both.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-37-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
4a29c36316 linux-user/aarch64: Add SM bit to SVE signal context
Make sure to zero the currently reserved fields.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-36-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
2a98579711 linux-user/aarch64: Reset PSTATE.SM on syscalls
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-35-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
95aa4fdd58 linux-user/aarch64: Clear tpidr2_el0 if CLONE_SETTLS
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-34-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
78cb977666 target/arm: Enable SME for -cpu max
Note that SME remains effectively disabled for user-only,
because we do not yet set CPACR_EL1.SMEN.  This needs to
wait until the kernel ABI is implemented.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-33-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
04fbce7639 target/arm: Reset streaming sve state on exception boundaries
We can handle both exception entry and exception return by
hooking into aarch64_sve_change_el.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-32-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
6b5a3bdf3a target/arm: Implement SCLAMP, UCLAMP
This is an SVE instruction that operates using the SVE vector
length but that it is present only if SME is implemented.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-31-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
7dbfafc157 target/arm: Implement REVD
This is an SVE instruction that operates using the SVE vector
length but that it is present only if SME is implemented.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-30-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
598ab0b24c target/arm: Implement PSEL
This is an SVE instruction that operates using the SVE vector
length but that it is present only if SME is implemented.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-29-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
23a5e3859f target/arm: Implement SME integer outer product
This is SMOPA, SUMOPA, USMOPA_s, UMOPA, for both Int8 and Int16.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-28-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:51 +01:00
Richard Henderson
3916841ac7 target/arm: Implement FMOPA, FMOPS (widening)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-27-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:47 +01:00
Richard Henderson
920f640d39 target/arm: Implement BFMOPA, BFMOPS
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-26-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-11 13:43:32 +01:00