When we direct boot a kernel on a CPU which emulates EL3, we need to
set up the EL3 system registers as the Linux kernel documentation
specifies:
https://www.kernel.org/doc/Documentation/arm64/booting.rst
For CPUs with FEAT_HCX support this includes:
- SCR_EL3.HXEn (bit 38) must be initialised to 0b1.
but we forgot to do this when implementing FEAT_HCX, which would mean
that a guest trying to access the HCRX_EL2 register would crash.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221027140207.413084-3-peter.maydell@linaro.org
When we direct boot a kernel on a CPU which emulates EL3, we need
to set up the EL3 system registers as the Linux kernel documentation
specifies:
https://www.kernel.org/doc/Documentation/arm64/booting.rst
For SVE and SME this includes:
- ZCR_EL3.LEN must be initialised to the same value for all CPUs the
kernel is executed on.
- SMCR_EL3.LEN must be initialised to the same value for all CPUs the
kernel will execute on.
Although we are technically compliant with this, the "same value" we
currently use by default is the reset value of 0. This will end up
forcing the guest kernel's SVE and SME vector length to be only the
smallest supported length.
Initialize the vector length fields to their maximum possible value,
which is 0xf. If the implementation doesn't actually support that
vector length then the effective vector length will be constrained
down to the maximum supported value at point of use.
This allows the guest to use all the vector lengths the emulated CPU
supports (by programming the _EL2 and _EL1 versions of these
registers.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221027140207.413084-2-peter.maydell@linaro.org
We need to emulate it to generate a floating point disable exception
when CSR.EUEN.FPE is zero.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221104040517.222059-3-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221104040517.222059-2-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
When the address is invalid address, We should set exception_index
according to MMUAccessType, and EXCCODE_ADEF need't update badinstr.
Otherwise, The system enters an infinite loop. e.g:
run test.c on system mode
test.c:
#include<stdio.h>
void (*func)(int *);
int main()
{
int i = 8;
void *ptr = (void *)0x4000000000000000;
func = ptr;
func(&i);
return 0;
}
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20221101073210.3934280-2-gaosong@loongson.cn>
We need subcodes to distinguish the same excode cs->exception_indexs,
such as EXCCODE_ADEF/EXCCODE_ADEM.
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20221101073210.3934280-1-gaosong@loongson.cn>
Add TPM device for LoongArch virt machine, including
establish TPM acpi info and add TYPE_TPM_TIS_SYSBUS
to dynamic_sysbus_devices list.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20221028014007.2718352-4-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Add new items into LoongArch FDT, including rtc and uart info.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20221028014007.2718352-3-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Load FDT table into dram memory space, and the addr is 2 MiB.
Since lowmem region starts from 0, FDT base address is located
at 2 MiB to avoid NULL pointer access.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20221028014007.2718352-2-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
1. When cpu read or write extioi COREISR reg, it should access
the reg belonged to itself, so the cpu index of 's->coreisr'
is current cpu number. Using MemTxAttrs' requester_id to get
the cpu index.
2. it need not to mask 0x1f when calculate the coreisr array index.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221021015307.2570844-3-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Converting the MemoryRegionOps read/write handlers to
with_attrs in LoongArch extioi emulation.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221021015307.2570844-2-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
vfio_migration_init() initializes VFIOMigration->device_state using enum
of VFIO migration protocol v2. Current implemented protocol is v1 so v1
enum should be used. Fix it.
Fixes: 429c728006 ("vfio/migration: Fix incorrect initialization value for parameters in VFIOMigration")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Link: https://lore.kernel.org/r/20221016085752.32740-1-avihaih@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
It's possible that a message contains both normal payload and ancillary
data in the same message, and even if no ancillary data is available
this information should be passed to the target, otherwise the target
cmsghdr will be left uninitialized and the target is going to access
uninitialized memory if it expects cmsg.
Always call the function that translate cmsg when recvmsg, because that
function should be empty-cmsg-safe (it creates an empty cmsg in the
target).
Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20221028081220.1604244-1-uwu@icenowy.me>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The glibc on the hppa platform uses the "iitlbp %r0,(%sr0, %r0)"
assembler instruction as ABORT_INSTRUCTION.
If this (in userspace context) illegal assembler statement is found,
dump the registers and report the failure to userspace the same way as
the Linux kernel on physical hardware.
For other illegal instructions report TARGET_ILL_ILLOPC instead of
TARGET_ILL_ILLOPN as si_code.
Additionally add the missing EXCP_BREAK exception handler which occurs
when the "break x,y" assembler instruction is executed and report
EXCP_ASSIST traps.
Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <Y1osHVsylkuZNUnY@p100>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
If CR0.PG is unset, pg_mode will be zero, but it will also be zero
for non-PAE/non-PSE page tables with CR0.WP=0. Restore the
correct test for paging enabled.
Fixes: 98281984a3 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221102091232.1092552-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
As per the NVMe Command Set specification Section 3.2.2, if
i) The namespace is formatted to use 16b Guard Protection
Information (i.e., pif = 0) and
ii) The Descriptor Format is not cleared to 0h
Then the copy command should be aborted with the status code of Invalid
Namespace or Format
Fixes: 44219b6029 ("hw/nvme: 64-bit pi support")
Signed-off-by: Francis Pravin Antony Michael Raj <francis.michael@solidigm.com>
Signed-off-by: Jonathan Derrick <jonathan.derrick@solidigm.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit 2e53b0b450 ("hw/nvme: Use ioeventfd to handle doorbell
updates") had the unintended effect of disabling batching of CQEs.
This patch changes the sq/cq timers to bottom halfs and instead of
calling nvme_post_cqes() immediately (causing an interrupt per cqe), we
defer the call.
| iops
-----------------+------
baseline | 138k
+cqe batching | 233k
Fixes: 2e53b0b450 ("hw/nvme: Use ioeventfd to handle doorbell updates")
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Jinhao Fan <fanjinhao21s@ict.ac.cn>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Note that we're still discussing "block/blkio: Make driver nvme-io_uring take a
"path" instead of a "filename"". I have sent the pull request now so everything
is ready for the soft freeze tomorrow if we decide to go ahead with the patch.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmNgGQkACgkQnKSrs4Gr
c8hLFgf/dnszoHO02hjoJCN2LPAxDalyYKzog+ZU8U5VdzJn2gione1jVlf3Xb0l
mhTgrioSbKLKXavGZTSwWUki/xRgCJMtG3m07EFmMsLX0QiSOIyzLr0DslQawYdZ
FlXyCCyAVTUILz7oUXBqORlfTKsGPHms6nlXQYhitTOsDbPyqbT9nNPKAlfGkqfj
Pwn+oWJmjLC0aARpcrB1bXCMbqQrtZGh4bBgfIXRUJmprWqk227bkFvXNCuXU16x
PC4oH552+6nyQyRxGpHc3o1W/8gqlxU9DTBb5arDUQaDvsDTKVkuGe2HdDI7knAT
/m57/BFVUnA35SYOxX+0piiEbawI6Q==
=UWL7
-----END PGP SIGNATURE-----
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
Note that we're still discussing "block/blkio: Make driver nvme-io_uring take a
"path" instead of a "filename"". I have sent the pull request now so everything
is ready for the soft freeze tomorrow if we decide to go ahead with the patch.
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmNgGQkACgkQnKSrs4Gr
# c8hLFgf/dnszoHO02hjoJCN2LPAxDalyYKzog+ZU8U5VdzJn2gione1jVlf3Xb0l
# mhTgrioSbKLKXavGZTSwWUki/xRgCJMtG3m07EFmMsLX0QiSOIyzLr0DslQawYdZ
# FlXyCCyAVTUILz7oUXBqORlfTKsGPHms6nlXQYhitTOsDbPyqbT9nNPKAlfGkqfj
# Pwn+oWJmjLC0aARpcrB1bXCMbqQrtZGh4bBgfIXRUJmprWqk227bkFvXNCuXU16x
# PC4oH552+6nyQyRxGpHc3o1W/8gqlxU9DTBb5arDUQaDvsDTKVkuGe2HdDI7knAT
# /m57/BFVUnA35SYOxX+0piiEbawI6Q==
# =UWL7
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 31 Oct 2022 14:50:49 EDT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [ultimate]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [ultimate]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
block/blkio: Make driver nvme-io_uring take a "path" instead of a "filename"
block/blkio: Tolerate device size changes
block/blkio: Add virtio-blk-vfio-pci BlockDriver
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
- cleanup win32/64 docker files
- update test-mingw test
- add flex/bison to debian-all-test
- handle --enable-static/--disable-pie in config
- extend timeouts on x86_64 avocado tests
- add flex/bison to debian-hexagon-cross
- use regular semihosting for nios2 check-tcg
- fix obscure linker error to nios2 softmmu tests
- various windows portability fixes for tests
- clean-up of MAINTAINERS
- use -machine none when appropriate in avocado
- make raspi2_initrd test detect shutdown
- disable sh4 rd2 tests on gitlab
- re-enable threadcount/linux-test for sh4
- clean-up s390x handling of "ex" instruction
- better handle new CPUs in execlog plugin
- pass CONFIG_DEBUG_TCG to plugin builds
- try and avoid races in test-io-channel-command
- speed up ssh key checking for tests/vm
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmNhI/MACgkQ+9DbCVqe
KkSFXggAg0HIpBDcNz0V5Mh5p69F14pwbDSygKqGDFBebdOHeL7f+WCvQPUGEWxp
814zjvRY3SC4Mo4mtzguRvNu0styaUpemvRw5FDYK48GpEjg2eVxTnAFD4nr7ud0
dhw3iaHP+RjA6s3EpPUqQ5nlZEgFJ+Tvkckk3wKSpksBYA4tJra6Uey5kpZ27x0T
KOzB2P6w+9B/B11n/aeSxvRPZdnXt2MyfS/3pwwfoFYioEyaEQ3Ie6ooachtdSL3
PEvnJVK0VVYbZQwBXJlycNLlK/D++s4AEwmnZ5GmvDFuXlkRO9YMy9Wa5TKJl7gz
76Aw1KHsE03SyAPvH4bE7eGkIwhJOQ==
=6hXE
-----END PGP SIGNATURE-----
Merge tag 'pull-testing-for-7.2-011122-3' of https://github.com/stsquad/qemu into staging
testing and plugin updates for 7.2:
- cleanup win32/64 docker files
- update test-mingw test
- add flex/bison to debian-all-test
- handle --enable-static/--disable-pie in config
- extend timeouts on x86_64 avocado tests
- add flex/bison to debian-hexagon-cross
- use regular semihosting for nios2 check-tcg
- fix obscure linker error to nios2 softmmu tests
- various windows portability fixes for tests
- clean-up of MAINTAINERS
- use -machine none when appropriate in avocado
- make raspi2_initrd test detect shutdown
- disable sh4 rd2 tests on gitlab
- re-enable threadcount/linux-test for sh4
- clean-up s390x handling of "ex" instruction
- better handle new CPUs in execlog plugin
- pass CONFIG_DEBUG_TCG to plugin builds
- try and avoid races in test-io-channel-command
- speed up ssh key checking for tests/vm
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmNhI/MACgkQ+9DbCVqe
# KkSFXggAg0HIpBDcNz0V5Mh5p69F14pwbDSygKqGDFBebdOHeL7f+WCvQPUGEWxp
# 814zjvRY3SC4Mo4mtzguRvNu0styaUpemvRw5FDYK48GpEjg2eVxTnAFD4nr7ud0
# dhw3iaHP+RjA6s3EpPUqQ5nlZEgFJ+Tvkckk3wKSpksBYA4tJra6Uey5kpZ27x0T
# KOzB2P6w+9B/B11n/aeSxvRPZdnXt2MyfS/3pwwfoFYioEyaEQ3Ie6ooachtdSL3
# PEvnJVK0VVYbZQwBXJlycNLlK/D++s4AEwmnZ5GmvDFuXlkRO9YMy9Wa5TKJl7gz
# 76Aw1KHsE03SyAPvH4bE7eGkIwhJOQ==
# =6hXE
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Nov 2022 09:49:39 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-testing-for-7.2-011122-3' of https://github.com/stsquad/qemu: (31 commits)
tests/vm: use -o IdentitiesOnly=yes for ssh
tests/unit: cleanups for test-io-channel-command
contrib/plugins: protect execlog's last_exec expansion
contrib/plugins: enable debug on CONFIG_DEBUG_TCG
tests/tcg: include CONFIG_PLUGIN in config-host.mak
target/s390x: fake instruction loading when handling 'ex'
target/s390x: don't probe next pc for EXecuted insns
target/s390x: don't use ld_code2 to probe next pc
tests/tcg: re-enable threadcount for sh4
tests/tcg: re-enable linux-test for sh4
tests/avocado: disable sh4 rd2 tests on Gitlab
tests/avocado: raspi2_initrd: Wait for guest shutdown message before stopping
tests/avocado: set -machine none for userfwd and vnc tests
MAINTAINERS: fix-up for check-tcg Makefile changes
MAINTAINERS: add features_to_c.sh to gdbstub files
MAINTAINERS: add entries for the key build bits
hw/usb: dev-mtp: Use g_mkdir()
block/vvfat: Unify the mkdir() call
tcg: Avoid using hardcoded /tmp
semihosting/arm-compat-semi: Avoid using hardcoded /tmp
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAmNgIqAeHG1hcmsuY2F2
ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIfWU0H/iG6k04L9jrKJ4ao
wA/CQlvRxG+gRSj1I5oeuLJEqoMSzU5d5flQNPpfv068wngIS/0gHM7UNRGDAOIj
8Gu6lf+eB0lwOlmF0Gq2o9/RV6ZWEZtziX3s7G6CYQK0tkQsKZBD36P3Mssr3pWt
2XX44eV1qULreFEHWT6I97zV9gFTEuHXJ3j8YDuz7fpqW1B38WUq1TOftiMi9JP4
PEVhfTOwi6MhsrRpt2uouGPLhmANLucvaXgKgMFRHyy0xOlzYKxjKXbq6nbAFSRd
8xEbnLaMWHUKtsmsxtjPJnCV9obO7YzPLXJBLbg2CxhEc/ktDC7YjKL5EXLT2mHC
s7kVfyM=
=rc9K
-----END PGP SIGNATURE-----
Merge tag 'qemu-macppc-20221031' of https://github.com/mcayland/qemu into staging
qemu-macppc updates for 7.2
# -----BEGIN PGP SIGNATURE-----
#
# iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAmNgIqAeHG1hcmsuY2F2
# ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIfWU0H/iG6k04L9jrKJ4ao
# wA/CQlvRxG+gRSj1I5oeuLJEqoMSzU5d5flQNPpfv068wngIS/0gHM7UNRGDAOIj
# 8Gu6lf+eB0lwOlmF0Gq2o9/RV6ZWEZtziX3s7G6CYQK0tkQsKZBD36P3Mssr3pWt
# 2XX44eV1qULreFEHWT6I97zV9gFTEuHXJ3j8YDuz7fpqW1B38WUq1TOftiMi9JP4
# PEVhfTOwi6MhsrRpt2uouGPLhmANLucvaXgKgMFRHyy0xOlzYKxjKXbq6nbAFSRd
# 8xEbnLaMWHUKtsmsxtjPJnCV9obO7YzPLXJBLbg2CxhEc/ktDC7YjKL5EXLT2mHC
# s7kVfyM=
# =rc9K
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 31 Oct 2022 15:31:44 EDT
# gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* tag 'qemu-macppc-20221031' of https://github.com/mcayland/qemu:
mac_newworld: Turn CORE99_VIA_CONFIG defines into an enum
mac_{old|new}world: Code style fix adding missing braces to if-s
mac_nvram: Use NVRAM_SIZE constant
hw/ppc/mac.h: Rename to include/hw/nvram/mac_nvram.h
hw/ppc/mac.h: Move PROM and KERNEL defines to board code
hw/ppc/mac.h: Move grackle-pcihost type declaration out to a header
hw/ppc/mac.h: Move macio specific parts out from shared header
hw/ppc/mac.h: Move newworld specific parts out from shared header
mac_{old|new}world: Reduce number of QOM casts
mac_newworld: Clean up creation of Uninorth devices
mac_{old|new}world: Avoid else branch by setting default value
mac_{old|new}world: Set tbfreq at declaration
mac_oldworld: Drop some more variables
mac_newworld: Drop some variables
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add a test to detect races between munmap() and creating new threads.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20221028124227.2354792-3-iii@linux.ibm.com>
[rth: add more return insns]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Delay cpu_list_add until realize is complete, so that cross-cpu
interaction does not happen with incomplete cpu state. For this,
we must delay plugin initialization out of tcg_exec_realizefn,
because no cpu_index has been assigned.
Fixes a problem with cross-cpu jump cache flushing, when the
jump cache has not yet been allocated.
Fixes: a976a99a29 ("include/hw/core: Create struct CPUJumpCache")
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reported-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The helpers for reset_rf, cli, sti, clac, stac are
completely trivial; implement them inline.
Drop some nearby #if 0 code.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The value passed is always true, and if the target's
synchronize_from_tb hook is non-trivial, not exiting
may be erroneous.
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since we do not plan to exit, use cpu_unwind_state_data
and extract exactly the data requested.
This is a bug fix, in that we no longer clobber dflag.
Consider:
l.j L2 // branch
l.mfspr r1, ppc // delay
L1: boom
L2: l.lwa r3, (r4)
Here, dflag would be set by cpu_restore_state (because that is the current
state of the cpu), but but not cleared by tb_stop on exiting the TB
(because DisasContext has recorded the current value as zero).
The next TB begins at L2 with dflag incorrectly set. If the load has a
tlb miss, then the exception will be delivered as per a delay slot:
with DSX set in the status register and PC decremented (delay slots
restart by re-executing the branch). This will cause the return from
interrupt to go to L1, and boom!
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We have called cpu_restore_state asserting will_exit.
Do not go back on that promise. This affects icount.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Avoid cpu_restore_state, and modifying env->eip out from
underneath the translator with TARGET_TB_PCREL. There is
some slight duplication from x86_restore_state_to_opc,
but it's just a few lines.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
When one has a lot of keys in ~/.ssh directory, the ssh command will
try all of them before the one specified on the command line, and this
may cause the remote ssh server to reject the connection due to too
many failed authentication attempts.
Fix by adding -o IdentitiesOnly=yes, which makes the ssh client
consider only the keys specified on the command line.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20221027113026.2280863-1-iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-31-alex.bennee@linaro.org>
This test is hanging under heavy load when the two socats race while
trying to create the socket. I've tried various approaches to avoid
the race but it seems "creat=0" won't stop socat trying to create a
pipe if it executes first. In the end I just use a small sleep which
seems to be reliable enough on the load situations I've tried.
While I was there I also properly created a tmpdir for the socket to
live in which is cleaned up at the end of the test.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Message-Id: <20221027183637.2772968-30-alex.bennee@linaro.org>
We originally naively treated expansion as safe because we expected
each new CPU/thread to appear in order. However the -M raspi2 model
triggered a case where a new high cpu_index thread started executing
just before a smaller one.
Clean this up by converting the GArray into the simpler GPtrArray and
then holding a lock for the expansion.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221027183637.2772968-29-alex.bennee@linaro.org>
We used to rely on QEMU_CFLAGS to expose the debug flags but now this
is synthesised by meson and only available to the main build. Add our
own flags if we detect the build has been enabled with
CONFIG_DEBUG_TCG (which is the default for --enable-debug anyway).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20221027183637.2772968-28-alex.bennee@linaro.org>
The s390x EXecute instruction is a bit weird as we synthesis the
executed instruction from what we have stored in memory. This missed
the plugin instrumentation.
Work around this with a special helper to inform the rest of the
translator about the instruction so things stay consistent.
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221027183637.2772968-26-alex.bennee@linaro.org>
We have finished the TB anyway so we can shortcut the other tests by
checking dc->ex_value first.
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-25-alex.bennee@linaro.org>
This isn't an translator picking up an instruction so we shouldn't use
the translator_lduw function which has side effects for plugins.
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-24-alex.bennee@linaro.org>
This test was marked as broken due to bug #856 which was fixed by
ab419fd8a0 (target/sh4: Fix TB_FLAG_UNALIGN). Local testing shows this
is solid now so lets re-enable the test.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20221027183637.2772968-23-alex.bennee@linaro.org>
This test was marked as broken due to bug #704 which was fixed by
aee14c77f4 (linux-user: Rewrite do_getdents, do_getdents64). Local
testing shows this is solid now so lets re-enable the test.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20221027183637.2772968-22-alex.bennee@linaro.org>
Running repeated invocations on a number of test boxes show a fairly
high error rate:
$ retry.py -n 100 -c -- ./tests/venv/bin/avocado run tests/avocado/boot_linux_console.py:BootLinuxConsole.test_sh4_r2d
retry.py called with ['./tests/venv/bin/avocado', 'run', 'tests/avocado/boot_linux_console.py:BootLinuxConsole.test_sh4_r2d']
Results:
Run, Ret, Pass/Fail, Time, Total Pass, Total Run
...
Results summary:
0: 94 times (94.00%), avg time 2.254 (0.00 varience/0.04 deviation)
1: 3 times (3.00%), avg time 1.837 (0.02 varience/0.14 deviation)
8: 3 times (3.00%), avg time 91.288 (0.02 varience/0.15 deviation)
Examining the logs they fall into various categories of un-handled
unaligned access by user space and unexpected FPU usage by the kernel
which ultimately lead to the failure to reach the login prompt. This
could be bugs in the translator that only get hit occasionally or just
a flaky kernel - its hard to tell. To avoid these failures gating CI
lets skip on GitLab.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Magnus Damm <magnus.damm@gmail.com>
Message-Id: <20221027183637.2772968-21-alex.bennee@linaro.org>
The avocado test
tests/avocado/boot_linux_console.py:BootLinuxConsole.test_arm_raspi2_initrd
finishes with
exec_command(self, 'halt')
# Wait for VM to shut down gracefully
self.vm.wait()
In theory this should be fine. In practice it runs into two bugs:
* when the test calls self.vm.wait() Avocado closes the socket
connection to the guest serial console immediately, so the
avocado logs don't have the last part of the guest output:
https://gitlab.com/qemu-project/qemu/-/issues/1265
* when the socket is closed, a bug in the QEMU socket chardev
means that it loses any data that the guest UART has not
yet consumed. This means that the guest doesn't always read
the full 'halt' command string, so the test intermittently
fails with a timeout:
https://gitlab.com/qemu-project/qemu/-/issues/1264
Work around both of these by waiting for the guest to print the
string that means it has completed the shutdown process. This fixes
a very long standing intermittent failure in this test.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/636
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20221020102012.3015662-1-peter.maydell@linaro.org>
Message-Id: <20221027183637.2772968-20-alex.bennee@linaro.org>
These are exercising core QEMU features and don't actually run code.
Not specifying a machine will fail when avocado chooses the native
arch binary to run. Be explicit.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-19-alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-17-alex.bennee@linaro.org>
Changes to the build files are a bit special in that they usually go
through other maintainer trees. However considering the build system
is the root of everything a developer is likely to do we should at
least set it out in MAINTAINERS.
I'm going to nominate Paolo for meson stuff given the conversion was
his passion project. I'm happy to cast an eye over configure stuff
considering a lot of the cross compile logic is in there anyway.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20221027183637.2772968-16-alex.bennee@linaro.org>