Re: [PATCH v3 02/16] migration: Fix file migration with fdset
17.06.2024 21:57, Fabiano Rosas wrote: When the "file:" migration support was added we missed the special case in the qemu_open_old implementation that allows for a particular file name format to be used to refer to a set of file descriptors that have been previously provided to QEMU via the add-fd QMP command. When using this fdset feature, we should not truncate the migration file because being given an fd means that the management layer is in control of the file and will likely already have some data written to it. This is further indicated by the presence of the 'offset' argument, which indicates the start of the region where QEMU is allowed to write. Fix the issue by replacing the O_TRUNC flag on open by an ftruncate call, which will take the offset into consideration. Fixes: 385f510df5 ("migration: file URI offset") Suggested-by: Daniel P. Berrangé Reviewed-by: Prasad Pandit Reviewed-by: Peter Xu Reviewed-by: Daniel P. Berrangé Signed-off-by: Fabiano Rosas --- migration/file.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) Is it a stable material? Thanks, /mjt diff --git a/migration/file.c b/migration/file.c index 2bb8c64092..a903710f06 100644 --- a/migration/file.c +++ b/migration/file.c @@ -84,12 +84,19 @@ void file_start_outgoing_migration(MigrationState *s, trace_migration_file_outgoing(filename); -fioc = qio_channel_file_new_path(filename, O_CREAT | O_WRONLY | O_TRUNC, - 0600, errp); +fioc = qio_channel_file_new_path(filename, O_CREAT | O_WRONLY, 0600, errp); if (!fioc) { return; } +if (ftruncate(fioc->fd, offset)) { +error_setg_errno(errp, errno, + "failed to truncate migration file to offset %" PRIx64, + offset); +object_unref(OBJECT(fioc)); +return; +} + outgoing_args.fname = g_strdup(filename); ioc = QIO_CHANNEL(fioc); -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH v2] os-posix: Expand setrlimit() syscall compatibility
17.06.2024 10:19, Philippe Mathieu-Daudé wrote: Hi Trent, On 14/6/24 23:06, Trent Huber wrote: Darwin uses a subtly different version of the setrlimit() syscall as described in the COMPATIBILITY section of the macOS man page. The value of the rlim_cur member has been adjusted accordingly for Darwin-based systems. Signed-off-by: Trent Huber --- The previous version assumed OPEN_MAX was a constant defined on all POSIX systems--turns out it's only a macOS constant. This version adds preprocessing conditionals to maintain compatibility with Linux. os-posix.c | 4 1 file changed, 4 insertions(+) diff --git a/os-posix.c b/os-posix.c index a4284e2c07..43f9a43f3f 100644 --- a/os-posix.c +++ b/os-posix.c @@ -270,7 +270,11 @@ void os_setup_limits(void) return; } +#ifdef CONFIG_DARWIN + nofile.rlim_cur = OPEN_MAX < nofile.rlim_max ? OPEN_MAX : nofile.rlim_max; Why open-code min()? (The man-page also suggests it). I guess it's because stddef.h isn't included there, so min() isn't immediately available :) Applied to trivial-patches, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH 0/7] Remove some unused structures
07.06.2024 17:04, Dr. David Alan Gilbert пишет: * Dr. David Alan Gilbert (d...@treblig.org) wrote: A bunch of structs that are currently unused, found with a simple script and a bit of eyeballing. The only one I'm that suspicious of is the SPARC one, where the patch which removed the use is a bit confusing to me. Copying in Trivial; I think there are 4 of these that are still outstanding: [PATCH 1/7] linux-user: cris: Remove unused struct 'rt_signal_frame' (Although cris is going) [PATCH 3/7] linux-user: sparc: Remove unused struct 'target_mc_fq' [PATCH 5/7] hw/arm/bcm2836: Remove unusued struct 'BCM283XClass' [PATCH 7/7] net/can: Remove unused struct 'CanBusState' Can Trivial pick these up please? Applied to qemu-trivial, thanks! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH] monitor: Remove obsolete stubs
10.06.2024 09:39, Philippe Mathieu-Daudé wrote: hmp_info_roms() was removed in commit dd98234c05 ("qapi: introduce x-query-roms QMP command"), hmp_info_numa() in commit 1b8ae799d8 ("qapi: introduce x-query-numa QMP command"), hmp_info_ramblock() in commit ca411b7c8a ("qapi: introduce x-query-ramblock QMP command") and hmp_info_irq() in commit 91f2fa7045 ("qapi: introduce x-query-irq QMP command"). Applied to qemu-trivial, thanks! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH] fix SSE2/SSSE3 feature detection in tcg/decode-new.c.inc
Adding Cc's. /mjt 29.05.2024 16:53, Frank Mehnert wrote: The correct bitmask is cpuid_features rather than cpuid_ext_features. --- target/i386/tcg/decode-new.c.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 27dc1bb146..0ec849b003 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -2041,9 +2041,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid) case X86_FEAT_PCLMULQDQ: return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ); case X86_FEAT_SSE: -return (s->cpuid_ext_features & CPUID_SSE); +return (s->cpuid_features & CPUID_SSE); case X86_FEAT_SSE2: -return (s->cpuid_ext_features & CPUID_SSE2); +return (s->cpuid_features & CPUID_SSE2); case X86_FEAT_SSE3: return (s->cpuid_ext_features & CPUID_EXT_SSE3); case X86_FEAT_SSSE3: -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH] cpu: fix memleak of 'halt_cond' and 'thread'
12.06.2024 20:04, Matheus Tavares Bernardino wrote: Since a4c2735f35 (cpu: move Qemu[Thread|Cond] setup into common code, 2024-05-30) these fields are now allocated at cpu_common_initfn(). So let's make sure we also free them at cpu_common_finalize(). Furthermore, the code also frees these on round robin, but we missed 'halt_cond'. Applied to trivial-patches, thanks! /mjt
Re: [PATCH] hmp-commands-info.hx: Add missing info command for stats subcommand
Applied to trivial-patches, thanks! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH V3 0/2] improve -overcommit cpu-pm=on|off
04.06.2024 03:02, Zide Chen wrote: Currently, if running "-overcommit cpu-pm=on" on hosts that don't have MWAIT support, the MWAIT/MONITOR feature is advertised to the guest and executing MWAIT/MONITOR on the guest triggers #UD. Typically #UD takes priority over VM-Exit interception checks and KVM doesn't emulate MONITOR/MWAIT. This causes the guest fail to boot. Applied to trivial-patches, thanks! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH v4] hw/audio/virtio-snd: Always use little endian audio format
23.04.2024 00:18, Philippe Mathieu-Daudé wrote: The VIRTIO Sound Device conforms with the Virtio spec v1.2, thus only use little endianness. Remove the suspicious target_words_bigendian() noticed during code review. Cc: qemu-sta...@nongnu.org Fixes: eb9ad377bb ("virtio-sound: handle control messages and streams") Signed-off-by: Philippe Mathieu-Daudé Ping? Is this change still needed? Thanks, /mjt diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index c80b58bf5d..ba4fff7302 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -24,7 +24,6 @@ #include "trace.h" #include "qapi/error.h" #include "hw/audio/virtio-snd.h" -#include "hw/core/cpu.h" #define VIRTIO_SOUND_VM_VERSION 1 #define VIRTIO_SOUND_JACK_DEFAULT 0 @@ -401,7 +400,7 @@ static void virtio_snd_get_qemu_audsettings(audsettings *as, as->nchannels = MIN(AUDIO_MAX_CHANNELS, params->channels); as->fmt = virtio_snd_get_qemu_format(params->format); as->freq = virtio_snd_get_qemu_freq(params->rate); -as->endianness = target_words_bigendian() ? 1 : 0; +as->endianness = 0; /* Conforming to VIRTIO 1.0: always little endian. */ } /* -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [Stable-7.2.12 00/29] Patch Round-up for stable 7.2.12, frozen at 2024-06-07
10.06.2024 15:21, Eric Blake wrote: On Mon, Jun 10, 2024 at 07:17:53AM GMT, Eric Blake wrote: In addition to these two, we also need the following for NBD: 14ddea7e3c81 Eric Blake: qio: Inherit follow_coroutine_ctx across TLS and optionally: 5905c09466f4 Eric Blake: iotests: test NBD+TLS+iothread Hmm; I see you did include them for the 8.2.x branch; and the regression they fix was only introduced in 8.2. Unless we backported the work of removing AioContext to 7.2.x, then not backporting these two that far should not be an issue, after all. Ah yes, some of these don't apply to older (here: 7.2) versions, especially because 7.2 lacks AioContext removal. Such change is too intrusive for a stable release, I'd say. I was in a hurry when replied to your previous reply and didn't check before writing, - if I'd look I would know the reason why I haven't picked them up for 7.2 right away. I'm sorry for this noise. And thank you once again for checking and letting me know, - such attention is appreciated, it is a good reality check for my own sanity ;) (I keep stable-7.2 branch alive still, because it is used in debian stable and in redhat). Thanks! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
[ANNOUNCE] QEMU 9.0.1 Stable released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi everyone, The QEMU v9.0.1 stable release is now available. You can grab the tarball from our download page here: https://www.qemu.org/download/#source https://download.qemu.org/qemu-9.0.1.tar.xz https://download.qemu.org/qemu-9.0.1.tar.xz.sig (signature) v9.0.1 is now tagged in the official qemu.git repository, and the stable-9.0 branch has been updated accordingly: https://gitlab.com/qemu-project/qemu/-/commits/stable-9.0 There are 71 changes since the previous v9.0.0 release. Thank you everyone who has been involved and helped with the stable series! /mjt Changelog (stable-9.0-hash master-hash Author Name: Commmit-Subject): 60b4f3aff4 Michael Tokarev: Update version for 9.0.1 release 2d673c3cdc 78f932ea1f lanyanzhi: target/loongarch: fix a wrong print in cpu dump 453a7c4f9b 2e701e6785 Bernhard Beschow: ui/sdl2: Allow host to power down screen 3fe67740ca 40a23ef643 Marc-André Lureau: virtio-gpu: fix v2 migration e44389b0ac da7c95920d Xinyu Li: target/i386: fix SSE and SSE2 feature check 0ab2229daa 7604bbc2d8 Paolo Bonzini: target/i386: fix xsave.flat from kvm-unit-tests 9075bc0bdd 915758c537 Alistair Francis: disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs 8746327f4b 583edc4efb Daniel Henrique Barboza: riscv, gdbstub.c: fix reg_width in ricsv_gen_dynamic_vector_feature() e532fdb0eb 190b867f28 Yong-Xuan Wang: target/riscv/kvm.c: Fix the hart bit setting of AIA fb1be88084 c5eb8d6336 Alistair Francis: target/riscv: rvzicbo: Fixup CBO extension register calculation a58758c5df 6c9a344247 Alexei Filippov: target/riscv: do not set mtval2 for non guest-page faults ab2d6e7412 68e7c86927 Daniel Henrique Barboza: target/riscv: prioritize pmp errors in raise_mmu_exception() 3ee5f0e313 93cb52b7a3 Max Chou: target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions 9f9cd6b7f9 692f33a3ab Max Chou: target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w a0ea75e019 7a999d4dd7 Max Chou: target/riscv: rvv: Check single width operator for vector fp widen instructions f3bea9603b 17b713c080 Max Chou: target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions 3f4ab4b158 ff33b7a969 Yangyu Chen: target/riscv/cpu.c: fix Zvkb extension config af1e2cdc57 75115d880c Huang Tao: target/riscv: Fix the element agnostic function problem 2dcc48b38b 1215d45b2a Daniel Henrique Barboza: target/riscv/kvm: tolerate KVM disable ext errors 2ae8e12964 86997772fa Andrew Jones: target/riscv/kvm: Fix exposure of Zkr 8d664e5bc2 c76b121840 yang.zhang: hw/intc/riscv_aplic: APLICs should add child earlier than realize f7ddff7d5b a73c993780 Eric Blake: iotests: test NBD+TLS+iothread a15989d89b 199e84de1c Eric Blake: qio: Inherit follow_coroutine_ctx across TLS 1c8a740fad daf9748ac0 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled 65b44e55e4 daafa78b29 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR 68af25cd8e 19ed42e8ad Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 6df1431678 b563959b90 Daniel P. Berrangé: gitlab: use 'setarch -R' to workaround tsan bug d488e255be c53f7a1078 Daniel P. Berrangé: gitlab: use $MAKE instead of 'make' 8fe634f851 bad7a2759c Daniel P. Berrangé: dockerfiles: add 'MAKE' env variable to remaining containers fd4afd5a77 36fa7c686e Richard Henderson: gitlab: Update msys2-64bit runner tags 2cd8deb0d9 f0f0136abb Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS 89ed6d4b6c 8225bff7c5 Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 0854469050 6204af704a Jiaxun Yang: hw/loongarch/virt: Fix FDT memory node address width 16b1ecee52 b11f981452 Song Gao: hw/loongarch: Fix fdt memory node wrong 'reg' d27df7187b 07c0866103 Song Gao: target/loongarch/kvm: fpu save the vreg registers high 192bit 41558f42b3 9710401276 Fiona Ebner: hw/core/machine: move compatibility flags for VirtIO-net USO to machine 8.1 285cef5c39 84d4b72854 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 2569dec929 2563be6317 Gerd Hoffmann: hw/pflash: fix block write start 2965ecc487 c9290dfebf Richard Henderson: tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs bbfe1d4e8b e4e62514e3 Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 ba27e71976 37e9141501 hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend 33a17bcbaf 371d60dfdb Thomas Huth: configure: Fix error message when C compiler is not working 52d96ce37d 23b1f53c2c Paolo Bonzini: configure: quote -D options that are passed through to meson 6cb4afc418 fe01af5d47 Paolo Bonzini: target/i386: fix feature dependency for WAITPKG 1e5c6ceb27 40a3ec7b5f Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions 08eb23e4c9 41c685dc59 Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 230b5c968e e6578f1f68 Mattias
[ANNOUNCE] QEMU 7.2.12 Stable released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi everyone, The QEMU v7.2.12 stable release is now available. You can grab the tarball from our download page here: https://www.qemu.org/download/#source https://download.qemu.org/qemu-7.2.12.tar.xz https://download.qemu.org/qemu-7.2.12.tar.xz.sig (signature) v7.2.12 is now tagged in the official qemu.git repository, and the stable-7.2 branch has been updated accordingly: https://gitlab.com/qemu-project/qemu/-/commits/stable-7.2 There are 29 changes since the previous v7.2.11 release. Thank you everyone who has been involved and helped with the stable series! /mjt Changelog (stable-7.2-hash master-hash Author Name: Commmit-Subject): f48ba9b085 Michael Tokarev: Update version for 7.2.12 release 6f62fc9ff3 78f932ea1f lanyanzhi: target/loongarch: fix a wrong print in cpu dump 61687b3b43 2e701e6785 Bernhard Beschow: ui/sdl2: Allow host to power down screen 082940a5a1 da7c95920d Xinyu Li: target/i386: fix SSE and SSE2 feature check 9aca1a84de 7604bbc2d8 Paolo Bonzini: target/i386: fix xsave.flat from kvm-unit-tests 81ca6c2c9b 915758c537 Alistair Francis: disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs b73e3712a3 c76b121840 yang.zhang: hw/intc/riscv_aplic: APLICs should add child earlier than realize e08fbea661 daf9748ac0 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled eed21e9574 daafa78b29 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR c6fe98fe79 19ed42e8ad Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 07f686009f 36fa7c686e Richard Henderson: gitlab: Update msys2-64bit runner tags f417712ef1 f0f0136abb Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS 9abcd968e7 8225bff7c5 Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 ddc13a3c42 84d4b72854 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 5ec422a958 e4e62514e3 Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 659835d24b 37e9141501 hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend e6000bd7c7 40a3ec7b5f Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions 76b96c053f 41c685dc59 Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 2b8be9cffb e6578f1f68 Mattias Nissler: hw/remote/vfio-user: Fix config space access byte order 41e052fc05 6a5a63f74b Ruihan Li: target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK 2e3e5138d6 eb656a60fd Philippe Mathieu-Daudé: hw/arm/npcm7xx: Store derivative OTP fuse key in little endian a004dfabea 4b00855f0e Alexandra Diupina: hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields 9a005e30f5 a88a04906b Thomas Huth: .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs e00c9b4758 dcc5c018c7 Peter Maydell: tests/avocado: update sunxi kernel from armbian to 6.6.16 39a0961d0a 06479dbf3d Li Zhijian: backends/cryptodev-builtin: Fix local_error leaks f7b46e82ce 4fa333e08d Eric Blake: nbd/server: Mark negotiation functions as coroutine_fn a0823c2766 ae6d91a7e9 Zhu Yangyang: nbd/server: do not poll within a coroutine context 51cc8762a0 04f6fb897a Michael Tokarev: linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY 6ea6863f21 7bc1286b81 Palmer Dabbelt: gitlab/opensbi: Move to docker:stable 861fca8ce0 690ceb7193 Philippe Mathieu-Daudé: gitlab-ci: Remove job building EDK2 firmware binaries -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmZn1fMACgkQcBtPaxpp PlkL/wf/f6KAhQKrxLJu0e76xxMzJrTDTmXW3wHKq3K9blOamBfohNAEIc6d0Haf HQj02beu+Nw1KvnHRdr0ycXU3KkJyywpC1BivohZCmS2uLgEdIXkfcMiZfBlcKdb 5amLWMXFUz1Agbq3Ks9FIbPv6SdmMgsq/wbQlwJX0cpQhIvxuuj+8U9FBH5el2Hp THF5As0+1vMJVxk3G5ZihdjsG+Pv36zcwJsOPQpqg/exalicSkKUfFfsaoXlsmVG FUqds548p40tSVGPmdVhIyRwMEEBWYPO8lAcz9pcy9Kosy6l7QcjLqTDJb08on06 hZYlU9zRkcW6ZTYvEfeIKulbnqpFwA== =VJj7 -END PGP SIGNATURE-
[ANNOUNCE] QEMU 8.2.5 Stable released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi everyone, The QEMU v8.2.5 stable release is now available. You can grab the tarball from our download page here: https://www.qemu.org/download/#source https://download.qemu.org/qemu-8.2.5.tar.xz https://download.qemu.org/qemu-8.2.5.tar.xz.sig (signature) v8.2.5 is now tagged in the official qemu.git repository, and the stable-8.2 branch has been updated accordingly: https://gitlab.com/qemu-project/qemu/-/commits/stable-8.2 There are 45 changes since the previous v8.2.4 release. Thank you everyone who has been involved and helped with the stable series! /mjt Changelog (stable-8.2-hash master-hash Author Name: Commmit-Subject): 909772f0a5 Michael Tokarev: Update version for 8.2.5 release 6feae1d0dd 78f932ea1f lanyanzhi: target/loongarch: fix a wrong print in cpu dump af008b379c 2e701e6785 Bernhard Beschow: ui/sdl2: Allow host to power down screen 276ec925a7 da7c95920d Xinyu Li: target/i386: fix SSE and SSE2 feature check d84afebcee 7604bbc2d8 Paolo Bonzini: target/i386: fix xsave.flat from kvm-unit-tests 2891807479 915758c537 Alistair Francis: disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs ae5edeb084 190b867f28 Yong-Xuan Wang: target/riscv/kvm.c: Fix the hart bit setting of AIA 935be461eb c5eb8d6336 Alistair Francis: target/riscv: rvzicbo: Fixup CBO extension register calculation 37d6c6e495 6c9a344247 Alexei Filippov: target/riscv: do not set mtval2 for non guest-page faults 6da92af4f9 68e7c86927 Daniel Henrique Barboza: target/riscv: prioritize pmp errors in raise_mmu_exception() 0f9578497c 93cb52b7a3 Max Chou: target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions c4173e4caf 692f33a3ab Max Chou: target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w d813f356ad 7a999d4dd7 Max Chou: target/riscv: rvv: Check single width operator for vector fp widen instructions 749907f857 17b713c080 Max Chou: target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions 4cba687b86 ff33b7a969 Yangyu Chen: target/riscv/cpu.c: fix Zvkb extension config ec182b1045 75115d880c Huang Tao: target/riscv: Fix the element agnostic function problem cf7143fdb7 1215d45b2a Daniel Henrique Barboza: target/riscv/kvm: tolerate KVM disable ext errors cd1228a80e c76b121840 yang.zhang: hw/intc/riscv_aplic: APLICs should add child earlier than realize b9b2f3bbab a73c993780 Eric Blake: iotests: test NBD+TLS+iothread 9a6143a73e 199e84de1c Eric Blake: qio: Inherit follow_coroutine_ctx across TLS 71c7036b18 daf9748ac0 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled 3f470980b4 daafa78b29 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR 0970313b05 19ed42e8ad Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 8965709b86 b563959b90 Daniel P. Berrangé: gitlab: use 'setarch -R' to workaround tsan bug 3b36dd0005 c53f7a1078 Daniel P. Berrangé: gitlab: use $MAKE instead of 'make' fc88204b82 bad7a2759c Daniel P. Berrangé: dockerfiles: add 'MAKE' env variable to remaining containers ca0799624e 36fa7c686e Richard Henderson: gitlab: Update msys2-64bit runner tags 52031d6be5 f0f0136abb Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS c6171d524d 8225bff7c5 Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 93fa768d40 6204af704a Jiaxun Yang: hw/loongarch/virt: Fix FDT memory node address width d679c82488 b11f981452 Song Gao: hw/loongarch: Fix fdt memory node wrong 'reg' e3a2aa9542 9710401276 Fiona Ebner: hw/core/machine: move compatibility flags for VirtIO-net USO to machine 8.1 9b98ab7d3d 84d4b72854 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 90e023f2bc c9290dfebf Richard Henderson: tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs 355527b646 e4e62514e3 Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 f44d2398d8 37e9141501 hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend 05bfa963df 371d60dfdb Thomas Huth: configure: Fix error message when C compiler is not working 19a931f207 23b1f53c2c Paolo Bonzini: configure: quote -D options that are passed through to meson 2b95625643 fe01af5d47 Paolo Bonzini: target/i386: fix feature dependency for WAITPKG 1cc3cb96b8 40a3ec7b5f Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions eb761b4ee5 41c685dc59 Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 7d7b770bde e6578f1f68 Mattias Nissler: hw/remote/vfio-user: Fix config space access byte order 7dbebba4a5 54c52ec719 Song Gao: hw/loongarch/virt: Fix memory leak 819f92ec3e 9157dccc7e Richard Henderson: target/sparc: Fix FMUL8x16 d3da3d02a0 7b616f36de Richard Henderson: target/sparc: Fix FEXPAND 50ed4f856a 6a5a63f74b Ruihan Li: target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK -BEGIN PGP SIGNATURE
Re: [Stable-7.2.12 00/29] Patch Round-up for stable 7.2.12, frozen at 2024-06-07
10.06.2024 15:17, Eric Blake wrote: 01* 690ceb71936f Philippe Mathieu-Daudé: gitlab-ci: Remove job building EDK2 firmware binaries 02* 7bc1286b81d4 Palmer Dabbelt: gitlab/opensbi: Move to docker:stable 03* 04f6fb897a5a Michael Tokarev: linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY 04* ae6d91a7e9b7 Zhu Yangyang: nbd/server: do not poll within a coroutine context 05* 4fa333e08dd9 Eric Blake: nbd/server: Mark negotiation functions as coroutine_fn In addition to these two, we also need the following for NBD: 14ddea7e3c81 Eric Blake: qio: Inherit follow_coroutine_ctx across TLS Does it need to be in 7.2.12, or can it wait for the next, 7.2.13, release? I tagged 7.2.12 yesterday already. So if this change is also needed, I guess we can make 7.2.13 release sooner than later. Thank you for letting me know! /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
[Stable-9.0.1 47/71] hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
From: Zenghui Yu We wrongly encoded ID_AA64PFR1_EL1 using {3,0,0,4,2} in hvf_sreg_match[] so we fail to get the expected ARMCPRegInfo from cp_regs hash table with the wrong key. Fix it with the correct encoding {3,0,0,4,1}. With that fixed, the Linux guest can properly detect FEAT_SSBS2 on my M1 HW. All DBG{B,W}{V,C}R_EL1 registers are also wrongly encoded with op0 == 14. It happens to work because HVF_SYSREG(CRn, CRm, 14, op1, op2) equals to HVF_SYSREG(CRn, CRm, 2, op1, op2), by definition. But we shouldn't rely on it. Cc: qemu-sta...@nongnu.org Fixes: a1477da3ddeb ("hvf: Add Apple Silicon support") Signed-off-by: Zenghui Yu Reviewed-by: Alexander Graf Message-id: 20240503153453.54389-1-zenghui...@linux.dev Signed-off-by: Peter Maydell (cherry picked from commit 19ed42e8adc87a3c739f61608b66a046bb9237e2) Signed-off-by: Michael Tokarev diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index 65a5601804..ee657f455b 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -397,85 +397,85 @@ struct hvf_sreg_match { }; static struct hvf_sreg_match hvf_sreg_match[] = { -{ HV_SYS_REG_DBGBVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR15_EL1, HVF_SYSREG(0, 15, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR15_EL1, HVF_SYSREG(0, 15, 14, 0, 5) }, -{ HV_SYS_REG_DB
[Stable-9.0.1 68/71] target/i386: fix SSE and SSE2 feature check
From: Xinyu Li Features check of CPUID_SSE and CPUID_SSE2 should use cpuid_features, rather than cpuid_ext_features. Signed-off-by: Xinyu Li Reviewed-by: Zhao Liu Message-ID: <20240602100904.2137939-1-lixinyu...@ict.ac.cn> Signed-off-by: Paolo Bonzini (cherry picked from commit da7c95920d027dbb00c6879c1da0216b19509191) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 426c459412..4209d59ca8 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1485,9 +1485,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid) case X86_FEAT_PCLMULQDQ: return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ); case X86_FEAT_SSE: -return (s->cpuid_ext_features & CPUID_SSE); +return (s->cpuid_features & CPUID_SSE); case X86_FEAT_SSE2: -return (s->cpuid_ext_features & CPUID_SSE2); +return (s->cpuid_features & CPUID_SSE2); case X86_FEAT_SSE3: return (s->cpuid_ext_features & CPUID_EXT_SSE3); case X86_FEAT_SSSE3: -- 2.39.2
[Stable-8.2.5 40/45] target/riscv/kvm.c: Fix the hart bit setting of AIA
From: Yong-Xuan Wang In AIA spec, each hart (or each hart within a group) has a unique hart number to locate the memory pages of interrupt files in the address space. The number of bits required to represent any hart number is equal to ceil(log2(hmax + 1)), where hmax is the largest hart number among groups. However, if the largest hart number among groups is a power of 2, QEMU will pass an inaccurate hart-index-bit setting to Linux. For example, when the guest OS has 4 harts, only ceil(log2(3 + 1)) = 2 bits are sufficient to represent 4 harts, but we passes 3 to Linux. The code needs to be updated to ensure accurate hart-index-bit settings. Additionally, a Linux patch[1] is necessary to correctly recover the hart index when the guest OS has only 1 hart, where the hart-index-bit is 0. [1] https://lore.kernel.org/lkml/20240415064905.25184-1-yongxuan.w...@sifive.com/t/ Signed-off-by: Yong-Xuan Wang Reviewed-by: Andrew Jones Cc: qemu-stable Message-ID: <20240515091129.28116-1-yongxuan.w...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 190b867f28cb5781f3cd01a3deb371e4211595b1) Signed-off-by: Michael Tokarev diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index fa00b14269..aa7444d958 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -1455,7 +1455,14 @@ void kvm_riscv_aia_create(MachineState *machine, uint64_t group_shift, } } -hart_bits = find_last_bit(_hart_per_socket, BITS_PER_LONG) + 1; + +if (max_hart_per_socket > 1) { +max_hart_per_socket--; +hart_bits = find_last_bit(_hart_per_socket, BITS_PER_LONG) + 1; +} else { +hart_bits = 0; +} + ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG, KVM_DEV_RISCV_AIA_CONFIG_HART_BITS, _bits, true, NULL); -- 2.39.2
[Stable-8.2.5 23/45] gitlab: use 'setarch -R' to workaround tsan bug
From: Daniel P. Berrangé The TSAN job started failing when gitlab rolled out their latest release. The root cause is a change in the Google COS version used on shared runners. This brings a kernel running with vm.mmap_rnd_bits = 31 which is incompatible with TSAN in LLVM < 18, which only supports upto '28'. LLVM 18 can support upto '30', and failing that will re-exec itself to turn off VA randomization. Our LLVM is too old for now, but we can run with 'setarch -R make ..' to turn off VA randomization ourselves. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Message-ID: <20240513111551.488088-4-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit b563959b906db53fb4bcaef1351f11a51c4b9582) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml index 0a01746cea..96d6744525 100644 --- a/.gitlab-ci.d/buildtest.yml +++ b/.gitlab-ci.d/buildtest.yml @@ -506,6 +506,9 @@ tsan-build: CONFIGURE_ARGS: --enable-tsan --cc=clang --cxx=clang++ --enable-trace-backends=ust --disable-slirp TARGETS: x86_64-softmmu ppc64-softmmu riscv64-softmmu x86_64-linux-user +# Remove when we switch to a distro with clang >= 18 +# https://github.com/google/sanitizers/issues/1716 +MAKE: setarch -R make # gcov is a GCC features gcov: -- 2.39.2
[Stable-9.0.1 56/71] target/riscv/cpu.c: fix Zvkb extension config
From: Yangyu Chen This code has a typo that writes zvkb to zvkg, causing users can't enable zvkb through the config. This patch gets this fixed. Signed-off-by: Yangyu Chen Fixes: ea61ef7097d0 ("target/riscv: Move vector crypto extensions to riscv_cpu_extensions") Reviewed-by: LIU Zhiwei Reviewed-by: Alistair Francis Reviewed-by: Max Chou Reviewed-by: Weiwei Li Message-ID: Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit ff33b7a9699e977a050a1014c617a89da1bf8295) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 36e3e5fdaf..776f377849 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1535,7 +1535,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { /* Vector cryptography extensions */ MULTI_EXT_CFG_BOOL("zvbb", ext_zvbb, false), MULTI_EXT_CFG_BOOL("zvbc", ext_zvbc, false), -MULTI_EXT_CFG_BOOL("zvkb", ext_zvkg, false), +MULTI_EXT_CFG_BOOL("zvkb", ext_zvkb, false), MULTI_EXT_CFG_BOOL("zvkg", ext_zvkg, false), MULTI_EXT_CFG_BOOL("zvkned", ext_zvkned, false), MULTI_EXT_CFG_BOOL("zvknha", ext_zvknha, false), -- 2.39.2
[Stable-8.2.5 45/45] target/loongarch: fix a wrong print in cpu dump
From: lanyanzhi description: loongarch_cpu_dump_state() want to dump all loongarch cpu state registers, but there is a tiny typographical error when printing "PRCFG2". Cc: qemu-sta...@nongnu.org Signed-off-by: lanyanzhi Reviewed-by: Richard Henderson Reviewed-by: Song Gao Message-Id: <20240604073831.90-1-lanyanzhi...@ict.ac.cn> Signed-off-by: Song Gao (cherry picked from commit 78f932ea1f7b3b9b0ac628dc2a91281318fe51fa) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c index 337f04b201..6710ca0016 100644 --- a/target/loongarch/cpu.c +++ b/target/loongarch/cpu.c @@ -764,7 +764,7 @@ void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags) qemu_fprintf(f, "EENTRY=%016" PRIx64 "\n", env->CSR_EENTRY); qemu_fprintf(f, "PRCFG1=%016" PRIx64 ", PRCFG2=%016" PRIx64 "," " PRCFG3=%016" PRIx64 "\n", - env->CSR_PRCFG1, env->CSR_PRCFG3, env->CSR_PRCFG3); + env->CSR_PRCFG1, env->CSR_PRCFG2, env->CSR_PRCFG3); qemu_fprintf(f, "TLBRENTRY=%016" PRIx64 "\n", env->CSR_TLBRENTRY); qemu_fprintf(f, "TLBRBADV=%016" PRIx64 "\n", env->CSR_TLBRBADV); qemu_fprintf(f, "TLBRERA=%016" PRIx64 "\n", env->CSR_TLBRERA); -- 2.39.2
[Stable-9.0.1 62/71] target/riscv: do not set mtval2 for non guest-page faults
From: Alexei Filippov Previous patch fixed the PMP priority in raise_mmu_exception() but we're still setting mtval2 incorrectly. In riscv_cpu_tlb_fill(), after pmp check in 2 stage translation part, mtval2 will be set in case of successes 2 stage translation but failed pmp check. In this case we gonna set mtval2 via env->guest_phys_fault_addr in context of riscv_cpu_tlb_fill(), as this was a guest-page-fault, but it didn't and mtval2 should be zero, according to RISCV privileged spec sect. 9.4.4: When a guest page-fault is taken into M-mode, mtval2 is written with either zero or guest physical address that faulted, shifted by 2 bits. *For other traps, mtval2 is set to zero...* Signed-off-by: Alexei Filippov Reviewed-by: Daniel Henrique Barboza Reviewed-by: Alistair Francis Message-ID: <20240503103052.6819-1-alexei.filip...@syntacore.com> Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit 6c9a344247132ac6c3d0eb9670db45149a29c88f) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index e3a7797d00..484edad900 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1375,17 +1375,17 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, __func__, pa, ret, prot_pmp, tlb_size); prot &= prot_pmp; -} - -if (ret != TRANSLATE_SUCCESS) { +} else { /* * Guest physical address translation failed, this is a HS * level exception */ first_stage_error = false; -env->guest_phys_fault_addr = (im_address | - (address & - (TARGET_PAGE_SIZE - 1))) >> 2; +if (ret != TRANSLATE_PMP_FAIL) { +env->guest_phys_fault_addr = (im_address | + (address & + (TARGET_PAGE_SIZE - 1))) >> 2; +} } } } else { -- 2.39.2
[Stable-8.2.5 34/45] target/riscv: rvv: Check single width operator for vector fp widen instructions
From: Max Chou The require_scale_rvf function only checks the double width operator for the vector floating point widen instructions, so most of the widen checking functions need to add require_rvf for single width operator. The vfwcvt.f.x.v and vfwcvt.f.xu.v instructions convert single width integer to double width float, so the opfxv_widen_check function doesn’t need require_rvf for the single width operator(integer). Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-3-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 7a999d4dd704aa71fe6416871ada69438b56b1e5) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index a5fe92b670..e42f49a6d8 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2379,6 +2379,7 @@ GEN_OPFVF_TRANS(vfrsub_vf, opfvf_check) static bool opfvv_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2421,6 +2422,7 @@ GEN_OPFVV_WIDEN_TRANS(vfwsub_vv, opfvv_widen_check) static bool opfvf_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2453,6 +2455,7 @@ GEN_OPFVF_WIDEN_TRANS(vfwsub_vf) static bool opfwv_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2495,6 +2498,7 @@ GEN_OPFWV_WIDEN_TRANS(vfwsub_wv) static bool opfwf_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -3015,6 +3019,7 @@ GEN_OPFVV_TRANS(vfredmin_vs, freduction_check) static bool freduction_widen_check(DisasContext *s, arg_rmrr *a) { return reduction_widen_check(s, a) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-9.0.1 64/71] target/riscv/kvm.c: Fix the hart bit setting of AIA
From: Yong-Xuan Wang In AIA spec, each hart (or each hart within a group) has a unique hart number to locate the memory pages of interrupt files in the address space. The number of bits required to represent any hart number is equal to ceil(log2(hmax + 1)), where hmax is the largest hart number among groups. However, if the largest hart number among groups is a power of 2, QEMU will pass an inaccurate hart-index-bit setting to Linux. For example, when the guest OS has 4 harts, only ceil(log2(3 + 1)) = 2 bits are sufficient to represent 4 harts, but we passes 3 to Linux. The code needs to be updated to ensure accurate hart-index-bit settings. Additionally, a Linux patch[1] is necessary to correctly recover the hart index when the guest OS has only 1 hart, where the hart-index-bit is 0. [1] https://lore.kernel.org/lkml/20240415064905.25184-1-yongxuan.w...@sifive.com/t/ Signed-off-by: Yong-Xuan Wang Reviewed-by: Andrew Jones Cc: qemu-stable Message-ID: <20240515091129.28116-1-yongxuan.w...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 190b867f28cb5781f3cd01a3deb371e4211595b1) Signed-off-by: Michael Tokarev diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index 5187b88ad9..94b0e393bf 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -1671,7 +1671,14 @@ void kvm_riscv_aia_create(MachineState *machine, uint64_t group_shift, } } -hart_bits = find_last_bit(_hart_per_socket, BITS_PER_LONG) + 1; + +if (max_hart_per_socket > 1) { +max_hart_per_socket--; +hart_bits = find_last_bit(_hart_per_socket, BITS_PER_LONG) + 1; +} else { +hart_bits = 0; +} + ret = kvm_device_access(aia_fd, KVM_DEV_RISCV_AIA_GRP_CONFIG, KVM_DEV_RISCV_AIA_CONFIG_HART_BITS, _bits, true, NULL); -- 2.39.2
[Stable-9.0.1 71/71] target/loongarch: fix a wrong print in cpu dump
From: lanyanzhi description: loongarch_cpu_dump_state() want to dump all loongarch cpu state registers, but there is a tiny typographical error when printing "PRCFG2". Cc: qemu-sta...@nongnu.org Signed-off-by: lanyanzhi Reviewed-by: Richard Henderson Reviewed-by: Song Gao Message-Id: <20240604073831.90-1-lanyanzhi...@ict.ac.cn> Signed-off-by: Song Gao (cherry picked from commit 78f932ea1f7b3b9b0ac628dc2a91281318fe51fa) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c index 294bdbfa93..c1e6d98ac4 100644 --- a/target/loongarch/cpu.c +++ b/target/loongarch/cpu.c @@ -710,7 +710,7 @@ void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags) qemu_fprintf(f, "EENTRY=%016" PRIx64 "\n", env->CSR_EENTRY); qemu_fprintf(f, "PRCFG1=%016" PRIx64 ", PRCFG2=%016" PRIx64 "," " PRCFG3=%016" PRIx64 "\n", - env->CSR_PRCFG1, env->CSR_PRCFG3, env->CSR_PRCFG3); + env->CSR_PRCFG1, env->CSR_PRCFG2, env->CSR_PRCFG3); qemu_fprintf(f, "TLBRENTRY=%016" PRIx64 "\n", env->CSR_TLBRENTRY); qemu_fprintf(f, "TLBRBADV=%016" PRIx64 "\n", env->CSR_TLBRBADV); qemu_fprintf(f, "TLBRERA=%016" PRIx64 "\n", env->CSR_TLBRERA); -- 2.39.2
[Stable-9.0.1 63/71] target/riscv: rvzicbo: Fixup CBO extension register calculation
From: Alistair Francis When running the instruction ``` cbo.flush 0(x0) ``` QEMU would segfault. The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0] allocated. In order to fix this let's use the existing get_address() helper. This also has the benefit of performing pointer mask calculations on the address specified in rs1. The pointer masking specificiation specifically states: """ Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz """ So this is the correct behaviour and we previously have been incorrectly not masking the address. Signed-off-by: Alistair Francis Reported-by: Fabian Thomas Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension") Reviewed-by: Richard Henderson Cc: qemu-stable Message-ID: <20240514023910.301766-1-alistair.fran...@wdc.com> Signed-off-by: Alistair Francis (cherry picked from commit c5eb8d6336741dbcb98efcc347f8265bf60bc9d1) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvzicbo.c.inc b/target/riscv/insn_trans/trans_rvzicbo.c.inc index d5d7095903..15711c3140 100644 --- a/target/riscv/insn_trans/trans_rvzicbo.c.inc +++ b/target/riscv/insn_trans/trans_rvzicbo.c.inc @@ -31,27 +31,35 @@ static bool trans_cbo_clean(DisasContext *ctx, arg_cbo_clean *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_clean_flush(tcg_env, src); return true; } static bool trans_cbo_flush(DisasContext *ctx, arg_cbo_flush *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_clean_flush(tcg_env, src); return true; } static bool trans_cbo_inval(DisasContext *ctx, arg_cbo_inval *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_inval(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_inval(tcg_env, src); return true; } static bool trans_cbo_zero(DisasContext *ctx, arg_cbo_zero *a) { REQUIRE_ZICBOZ(ctx); -gen_helper_cbo_zero(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_zero(tcg_env, src); return true; } -- 2.39.2
[Stable-9.0.1 52/71] hw/intc/riscv_aplic: APLICs should add child earlier than realize
From: "yang.zhang" Since only root APLICs can have hw IRQ lines, aplic->parent should be initialized first. Fixes: e8f79343cf ("hw/intc: Add RISC-V AIA APLIC device emulation") Reviewed-by: Daniel Henrique Barboza Signed-off-by: yang.zhang Cc: qemu-stable Message-ID: <20240409014445.278-1-gaoshanliu...@163.com> Signed-off-by: Alistair Francis (cherry picked from commit c76b121840c6ca79dc6305a5f4bcf17c72217d9c) Signed-off-by: Michael Tokarev diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c index fc5df0d598..32edd6d07b 100644 --- a/hw/intc/riscv_aplic.c +++ b/hw/intc/riscv_aplic.c @@ -1000,16 +1000,16 @@ DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size, qdev_prop_set_bit(dev, "msimode", msimode); qdev_prop_set_bit(dev, "mmode", mmode); +if (parent) { +riscv_aplic_add_child(parent, dev); +} + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); if (!is_kvm_aia(msimode)) { sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); } -if (parent) { -riscv_aplic_add_child(parent, dev); -} - if (!msimode) { for (i = 0; i < num_harts; i++) { CPUState *cpu = cpu_by_arch_id(hartid_base + i); -- 2.39.2
[Stable-7.2.12 23/29] target/arm: Disable SVE extensions when SVE is disabled
From: Marcin Juszkiewicz Cc: qemu-sta...@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2304 Reported-by: Marcin Juszkiewicz Signed-off-by: Richard Henderson Signed-off-by: Marcin Juszkiewicz Message-id: 20240526204551.553282-1-richard.hender...@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit daf9748ac002ec35258e5986b6257961fd04b565) Signed-off-by: Michael Tokarev diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 3d74f134f5..037e9d9feb 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -190,7 +190,11 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) * No explicit bits enabled, and no implicit bits from sve-max-vq. */ if (!cpu_isar_feature(aa64_sve, cpu)) { -/* SVE is disabled and so are all vector lengths. Good. */ +/* + * SVE is disabled and so are all vector lengths. Good. + * Disable all SVE extensions as well. + */ +cpu->isar.id_aa64zfr0 = 0; return; } -- 2.39.2
[Stable-7.2.12 24/29] hw/intc/riscv_aplic: APLICs should add child earlier than realize
From: "yang.zhang" Since only root APLICs can have hw IRQ lines, aplic->parent should be initialized first. Fixes: e8f79343cf ("hw/intc: Add RISC-V AIA APLIC device emulation") Reviewed-by: Daniel Henrique Barboza Signed-off-by: yang.zhang Cc: qemu-stable Message-ID: <20240409014445.278-1-gaoshanliu...@163.com> Signed-off-by: Alistair Francis (cherry picked from commit c76b121840c6ca79dc6305a5f4bcf17c72217d9c) Signed-off-by: Michael Tokarev diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c index cfd007e629..961caff7b6 100644 --- a/hw/intc/riscv_aplic.c +++ b/hw/intc/riscv_aplic.c @@ -957,13 +957,13 @@ DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size, qdev_prop_set_bit(dev, "msimode", msimode); qdev_prop_set_bit(dev, "mmode", mmode); -sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); -sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); - if (parent) { riscv_aplic_add_child(parent, dev); } +sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); +sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); + if (!msimode) { for (i = 0; i < num_harts; i++) { CPUState *cpu = qemu_get_cpu(hartid_base + i); -- 2.39.2
[Stable-9.0.1 53/71] target/riscv/kvm: Fix exposure of Zkr
From: Andrew Jones The Zkr extension may only be exposed to KVM guests if the VMM implements the SEED CSR. Use the same implementation as TCG. Without this patch, running with a KVM which does not forward the SEED CSR access to QEMU will result in an ILL exception being injected into the guest (this results in Linux guests crashing on boot). And, when running with a KVM which does forward the access, QEMU will crash, since QEMU doesn't know what to do with the exit. Fixes: 3108e2f1c69d ("target/riscv/kvm: update KVM exts to Linux 6.8") Signed-off-by: Andrew Jones Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240422134605.534207-2-ajo...@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit 86997772fa807f3961e5aeed97af7738adec1b43) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 3b1a02b944..52fb8c15d0 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -821,6 +821,9 @@ void riscv_set_csr_ops(int csrno, riscv_csr_operations *ops); void riscv_cpu_register_gdb_regs_for_features(CPUState *cs); +target_ulong riscv_new_csr_seed(target_ulong new_value, +target_ulong write_mask); + uint8_t satp_mode_max_from_map(uint32_t map); const char *satp_mode_str(uint8_t satp_mode, bool is_32_bit); diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 726096444f..829d8346ed 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -4267,10 +4267,8 @@ static RISCVException write_upmbase(CPURISCVState *env, int csrno, #endif /* Crypto Extension */ -static RISCVException rmw_seed(CPURISCVState *env, int csrno, - target_ulong *ret_value, - target_ulong new_value, - target_ulong write_mask) +target_ulong riscv_new_csr_seed(target_ulong new_value, +target_ulong write_mask) { uint16_t random_v; Error *random_e = NULL; @@ -4294,6 +4292,18 @@ static RISCVException rmw_seed(CPURISCVState *env, int csrno, rval = random_v | SEED_OPST_ES16; } +return rval; +} + +static RISCVException rmw_seed(CPURISCVState *env, int csrno, + target_ulong *ret_value, + target_ulong new_value, + target_ulong write_mask) +{ +target_ulong rval; + +rval = riscv_new_csr_seed(new_value, write_mask); + if (ret_value) { *ret_value = rval; } diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index ee69ea9785..243a624fee 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -1418,6 +1418,28 @@ static int kvm_riscv_handle_sbi(CPUState *cs, struct kvm_run *run) return ret; } +static int kvm_riscv_handle_csr(CPUState *cs, struct kvm_run *run) +{ +target_ulong csr_num = run->riscv_csr.csr_num; +target_ulong new_value = run->riscv_csr.new_value; +target_ulong write_mask = run->riscv_csr.write_mask; +int ret = 0; + +switch (csr_num) { +case CSR_SEED: +run->riscv_csr.ret_value = riscv_new_csr_seed(new_value, write_mask); +break; +default: +qemu_log_mask(LOG_UNIMP, + "%s: un-handled CSR EXIT for CSR %lx\n", + __func__, csr_num); +ret = -1; +break; +} + +return ret; +} + int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) { int ret = 0; @@ -1425,6 +1447,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) case KVM_EXIT_RISCV_SBI: ret = kvm_riscv_handle_sbi(cs, run); break; +case KVM_EXIT_RISCV_CSR: +ret = kvm_riscv_handle_csr(cs, run); +break; default: qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n", __func__, run->exit_reason); -- 2.39.2
[Stable-9.0.1 69/71] virtio-gpu: fix v2 migration
From: Marc-André Lureau Commit dfcf74fa ("virtio-gpu: fix scanout migration post-load") broke forward/backward version migration. Versioning of nested VMSD structures is not straightforward, as the wire format doesn't have nested structures versions. Introduce x-scanout-vmstate-version and a field test to save/load appropriately according to the machine version. Fixes: dfcf74fa ("virtio-gpu: fix scanout migration post-load") Signed-off-by: Marc-André Lureau Signed-off-by: Peter Xu Reviewed-by: Fiona Ebner Tested-by: Fiona Ebner [fixed long lines] Signed-off-by: Fabiano Rosas (cherry picked from commit 40a23ef643664b5c1021a9789f9d680b6294fb50) Signed-off-by: Michael Tokarev diff --git a/hw/core/machine.c b/hw/core/machine.c index 3a5a8d473d..4273de16a0 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -37,6 +37,7 @@ GlobalProperty hw_compat_8_2[] = { { "migration", "zero-page-detection", "legacy"}, { TYPE_VIRTIO_IOMMU_PCI, "granule", "4k" }, { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" }, +{ "virtio-gpu-device", "x-scanout-vmstate-version", "1" }, }; const size_t hw_compat_8_2_len = G_N_ELEMENTS(hw_compat_8_2); diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index ae831b6b3e..d60b1b2973 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1166,10 +1166,17 @@ static void virtio_gpu_cursor_bh(void *opaque) virtio_gpu_handle_cursor(>parent_obj.parent_obj, g->cursor_vq); } +static bool scanout_vmstate_after_v2(void *opaque, int version) +{ +struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout); +struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj); + +return gpu->scanout_vmstate_version >= 2; +} + static const VMStateDescription vmstate_virtio_gpu_scanout = { .name = "virtio-gpu-one-scanout", -.version_id = 2, -.minimum_version_id = 1, +.version_id = 1, .fields = (const VMStateField[]) { VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), VMSTATE_UINT32(width, struct virtio_gpu_scanout), @@ -1181,12 +1188,18 @@ static const VMStateDescription vmstate_virtio_gpu_scanout = { VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), -VMSTATE_UINT32_V(fb.format, struct virtio_gpu_scanout, 2), -VMSTATE_UINT32_V(fb.bytes_pp, struct virtio_gpu_scanout, 2), -VMSTATE_UINT32_V(fb.width, struct virtio_gpu_scanout, 2), -VMSTATE_UINT32_V(fb.height, struct virtio_gpu_scanout, 2), -VMSTATE_UINT32_V(fb.stride, struct virtio_gpu_scanout, 2), -VMSTATE_UINT32_V(fb.offset, struct virtio_gpu_scanout, 2), +VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), +VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), +VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), +VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), +VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), +VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, +scanout_vmstate_after_v2), VMSTATE_END_OF_LIST() }, }; @@ -1659,6 +1672,7 @@ static Property virtio_gpu_properties[] = { DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, VIRTIO_GPU_FLAG_BLOB_ENABLED, false), DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0), +DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2), DEFINE_PROP_END_OF_LIST(), }; diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h index ed44cdad6b..842315d51d 100644 --- a/include/hw/virtio/virtio-gpu.h +++ b/include/hw/virtio/virtio-gpu.h @@ -177,6 +177,7 @@ typedef struct VGPUDMABuf { struct VirtIOGPU { VirtIOGPUBase parent_obj; +uint8_t scanout_vmstate_version; uint64_t conf_max_hostmem; VirtQueue *ctrl_vq; -- 2.39.2
[Stable-8.2.5 32/45] target/riscv/cpu.c: fix Zvkb extension config
From: Yangyu Chen This code has a typo that writes zvkb to zvkg, causing users can't enable zvkb through the config. This patch gets this fixed. Signed-off-by: Yangyu Chen Fixes: ea61ef7097d0 ("target/riscv: Move vector crypto extensions to riscv_cpu_extensions") Reviewed-by: LIU Zhiwei Reviewed-by: Alistair Francis Reviewed-by: Max Chou Reviewed-by: Weiwei Li Message-ID: Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit ff33b7a9699e977a050a1014c617a89da1bf8295) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 83c7c0cf07..77cb59b8a1 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1359,7 +1359,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { /* Vector cryptography extensions */ MULTI_EXT_CFG_BOOL("zvbb", ext_zvbb, false), MULTI_EXT_CFG_BOOL("zvbc", ext_zvbc, false), -MULTI_EXT_CFG_BOOL("zvkb", ext_zvkg, false), +MULTI_EXT_CFG_BOOL("zvkb", ext_zvkb, false), MULTI_EXT_CFG_BOOL("zvkg", ext_zvkg, false), MULTI_EXT_CFG_BOOL("zvkned", ext_zvkned, false), MULTI_EXT_CFG_BOOL("zvknha", ext_zvknha, false), -- 2.39.2
[Stable-7.2.12 00/29] Patch Round-up for stable 7.2.12, frozen at 2024-06-07
The following patches are queued for QEMU stable v7.2.12: https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2 Patch freeze is 2024-06-07 (frozen), and the release is planned for 2024-06-09: https://wiki.qemu.org/Planning/7.2 Please respond here or CC qemu-sta...@nongnu.org on any additional notes about the planning release. The changes which are staging for inclusion, with the original commit hash from master branch, are given below the bottom line. Thanks! /mjt -- 01* 690ceb71936f Philippe Mathieu-Daudé: gitlab-ci: Remove job building EDK2 firmware binaries 02* 7bc1286b81d4 Palmer Dabbelt: gitlab/opensbi: Move to docker:stable 03* 04f6fb897a5a Michael Tokarev: linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY 04* ae6d91a7e9b7 Zhu Yangyang: nbd/server: do not poll within a coroutine context 05* 4fa333e08dd9 Eric Blake: nbd/server: Mark negotiation functions as coroutine_fn 06* 06479dbf3d7d Li Zhijian: backends/cryptodev-builtin: Fix local_error leaks 07* dcc5c018c7e6 Peter Maydell: tests/avocado: update sunxi kernel from armbian to 6.6.16 08* a88a04906b96 Thomas Huth: .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs 09* 4b00855f0ee2 Alexandra Diupina: hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields 10* eb656a60fd93 Philippe Mathieu-Daudé: hw/arm/npcm7xx: Store derivative OTP fuse key in little endian 11* 6a5a63f74ba5 Ruihan Li: target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK 12* e6578f1f68a0 Mattias Nissler: hw/remote/vfio-user: Fix config space access byte order 13* 41c685dc59bb Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 14* 40a3ec7b5ffd Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions 15* 37e91415018d hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend 16* e4e62514e3cc Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 17* 84d4b7285486 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 18* 8225bff7c5db Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 19* f0f0136abba6 Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS 20 36fa7c686e9e Richard Henderson: gitlab: Update msys2-64bit runner tags 21 19ed42e8adc8 Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 22 daafa78b2972 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR 23 daf9748ac002 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled 24 c76b121840c6 yang.zhang: hw/intc/riscv_aplic: APLICs should add child earlier than realize 25 915758c537b5 Alistair Francis: disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs 26 7604bbc2d87d Paolo Bonzini: target/i386: fix xsave.flat from kvm-unit-tests 27 da7c95920d02 Xinyu Li: target/i386: fix SSE and SSE2 feature check 28 2e701e6785cd Bernhard Beschow: ui/sdl2: Allow host to power down screen 29 78f932ea1f7b lanyanzhi: target/loongarch: fix a wrong print in cpu dump (commit(s) marked with * were in previous series and are not resent)
[Stable-7.2.12 20/29] gitlab: Update msys2-64bit runner tags
From: Richard Henderson Gitlab has deprecated and removed support for windows-1809 and shared-windows. Update to saas-windows-medium-amd64 per https://about.gitlab.com/blog/2024/01/22/windows-2022-support-for-gitlab-saas-runners/ Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Tested-by: Thomas Huth Message-Id: <20240507175356.281618-1-richard.hender...@linaro.org> (cherry picked from commit 36fa7c686e9eac490002ffc439c4affaa352c17c) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml index 0180261b7f..dfa4eb84a7 100644 --- a/.gitlab-ci.d/windows.yml +++ b/.gitlab-ci.d/windows.yml @@ -1,9 +1,7 @@ .shared_msys2_builder: extends: .base_job_template tags: - - shared-windows - - windows - - windows-1809 + - saas-windows-medium-amd64 cache: key: "${CI_JOB_NAME}-cache" paths: -- 2.39.2
[Stable-8.2.5 44/45] ui/sdl2: Allow host to power down screen
From: Bernhard Beschow By default, SDL disables the screen saver which prevents the host from powering down the screen even if the screen is locked. This results in draining the battery needlessly when the host isn't connected to a wall charger. Fix that by enabling the screen saver. Signed-off-by: Bernhard Beschow Acked-by: Marc-André Lureau Message-ID: <20240512095945.1879-1-shen...@gmail.com> (cherry picked from commit 2e701e6785cd8cc048c608751c6e4f6253c67ab6) Signed-off-by: Michael Tokarev diff --git a/ui/sdl2.c b/ui/sdl2.c index 4971963f00..0a0eb5a42d 100644 --- a/ui/sdl2.c +++ b/ui/sdl2.c @@ -874,6 +874,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) SDL_SetHint(SDL_HINT_ALLOW_ALT_TAB_WHILE_GRABBED, "0"); #endif SDL_SetHint(SDL_HINT_WINDOWS_NO_CLOSE_ON_ALT_F4, "1"); +SDL_EnableScreenSaver(); memset(, 0, sizeof(info)); SDL_VERSION(); -- 2.39.2
[Stable-8.2.5 31/45] target/riscv: Fix the element agnostic function problem
From: Huang Tao In RVV and vcrypto instructions, the masked and tail elements are set to 1s using vext_set_elems_1s function if the vma/vta bit is set. It is the element agnostic policy. However, this function can't deal the big endian situation. This patch fixes the problem by adding handling of such case. Signed-off-by: Huang Tao Suggested-by: Richard Henderson Reviewed-by: LIU Zhiwei Cc: qemu-stable Message-ID: <20240325021654.6594-1-eric.hu...@linux.alibaba.com> Signed-off-by: Alistair Francis (cherry picked from commit 75115d880c6d396f8a2d56aab8c12236d85a90e0) Signed-off-by: Michael Tokarev diff --git a/target/riscv/vector_internals.c b/target/riscv/vector_internals.c index 40faf3e65b..b077189579 100644 --- a/target/riscv/vector_internals.c +++ b/target/riscv/vector_internals.c @@ -29,6 +29,28 @@ void vext_set_elems_1s(void *base, uint32_t is_agnostic, uint32_t cnt, if (tot - cnt == 0) { return ; } + +if (HOST_BIG_ENDIAN) { +/* + * Deal the situation when the elements are insdie + * only one uint64 block including setting the + * masked-off element. + */ +if (((tot - 1) ^ cnt) < 8) { +memset(base + H1(tot - 1), -1, tot - cnt); +return; +} +/* + * Otherwise, at least cross two uint64_t blocks. + * Set first unaligned block. + */ +if (cnt % 8 != 0) { +uint32_t j = ROUND_UP(cnt, 8); +memset(base + H1(j - 1), -1, j - cnt); +cnt = j; +} +/* Set other 64bit aligend blocks */ +} memset(base + cnt, -1, tot - cnt); } -- 2.39.2
[Stable-8.2.5 43/45] target/i386: fix SSE and SSE2 feature check
From: Xinyu Li Features check of CPUID_SSE and CPUID_SSE2 should use cpuid_features, rather than cpuid_ext_features. Signed-off-by: Xinyu Li Reviewed-by: Zhao Liu Message-ID: <20240602100904.2137939-1-lixinyu...@ict.ac.cn> Signed-off-by: Paolo Bonzini (cherry picked from commit da7c95920d027dbb00c6879c1da0216b19509191) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 2bdbb1bba0..73aa2c42b7 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1478,9 +1478,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid) case X86_FEAT_PCLMULQDQ: return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ); case X86_FEAT_SSE: -return (s->cpuid_ext_features & CPUID_SSE); +return (s->cpuid_features & CPUID_SSE); case X86_FEAT_SSE2: -return (s->cpuid_ext_features & CPUID_SSE2); +return (s->cpuid_features & CPUID_SSE2); case X86_FEAT_SSE3: return (s->cpuid_ext_features & CPUID_EXT_SSE3); case X86_FEAT_SSSE3: -- 2.39.2
[Stable-7.2.12 21/29] hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
From: Zenghui Yu We wrongly encoded ID_AA64PFR1_EL1 using {3,0,0,4,2} in hvf_sreg_match[] so we fail to get the expected ARMCPRegInfo from cp_regs hash table with the wrong key. Fix it with the correct encoding {3,0,0,4,1}. With that fixed, the Linux guest can properly detect FEAT_SSBS2 on my M1 HW. All DBG{B,W}{V,C}R_EL1 registers are also wrongly encoded with op0 == 14. It happens to work because HVF_SYSREG(CRn, CRm, 14, op1, op2) equals to HVF_SYSREG(CRn, CRm, 2, op1, op2), by definition. But we shouldn't rely on it. Cc: qemu-sta...@nongnu.org Fixes: a1477da3ddeb ("hvf: Add Apple Silicon support") Signed-off-by: Zenghui Yu Reviewed-by: Alexander Graf Message-id: 20240503153453.54389-1-zenghui...@linux.dev Signed-off-by: Peter Maydell (cherry picked from commit 19ed42e8adc87a3c739f61608b66a046bb9237e2) Signed-off-by: Michael Tokarev diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index 060aa0ccf4..047cb8fc50 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -187,85 +187,85 @@ struct hvf_sreg_match { }; static struct hvf_sreg_match hvf_sreg_match[] = { -{ HV_SYS_REG_DBGBVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR15_EL1, HVF_SYSREG(0, 15, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR15_EL1, HVF_SYSREG(0, 15, 14, 0, 5) }, -{ HV_SYS_REG_DB
[Stable-9.0.1 00/71] Patch Round-up for stable 9.0.1, frozen on 2024-06-07
The following patches are queued for QEMU stable v9.0.1: https://gitlab.com/qemu-project/qemu/-/commits/staging-9.0 Patch freeze is 2024-06-07 (frozen), and the release is planned for 2024-06-09: https://wiki.qemu.org/Planning/9.0 Please respond here or CC qemu-sta...@nongnu.org with any additional notes about the planning release. The changes which are staging for inclusion, with the original commit hash from master branch, are given below the bottom line. Thanks! /mjt -- 01* 2cc637f1ea08 Li Zhijian: migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_coroutine()' failed. 02* 04f6fb897a5a Michael Tokarev: linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY 03* 838f82468a12 Zhao Liu: docs: i386: pc: Update maximum CPU numbers for PC Q35 04* ae6d91a7e9b7 Zhu Yangyang: nbd/server: do not poll within a coroutine context 05* 4fa333e08dd9 Eric Blake: nbd/server: Mark negotiation functions as coroutine_fn 06* 06479dbf3d7d Li Zhijian: backends/cryptodev-builtin: Fix local_error leaks 07* 0cbb322f70e8 Michael Tokarev: target/loongarch/cpu.c: typo fix: expection 08* e4426353175f Daniel Henrique Barboza: target/riscv/kvm: remove sneaky strerrorname_np() instance 09* 7b19a3554d2d Richard Henderson: target/arm: Restrict translation disabled alignment check to VMSA 10* dcc5c018c7e6 Peter Maydell: tests/avocado: update sunxi kernel from armbian to 6.6.16 11* a88a04906b96 Thomas Huth: .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs 12* f2c8aeb1afef Jeuk Kim: hw/ufs: Fix buffer overflow bug 13* 4b00855f0ee2 Alexandra Diupina: hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields 14* eb656a60fd93 Philippe Mathieu-Daudé: hw/arm/npcm7xx: Store derivative OTP fuse key in little endian 15* c365e6b07057 Philippe Mathieu-Daudé: target/sh4: Fix ADDV opcode 16* e88a856efd1d Philippe Mathieu-Daudé: target/sh4: Fix SUBV opcode 17* e096d370ad87 Philippe Mathieu-Daudé: plugins: Update stale comment 18* 6a5a63f74ba5 Ruihan Li: target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK 19* 7b616f36de0b Richard Henderson: target/sparc: Fix FEXPAND 20* 9157dccc7e71 Richard Henderson: target/sparc: Fix FMUL8x16 21* a859602c746b Richard Henderson: target/sparc: Fix FMUL8x16A{U,L} 22* be8998e046c2 Richard Henderson: target/sparc: Fix FMULD8*X16 23* d3ef26afde77 Richard Henderson: target/sparc: Fix FPMERGE 24* ca51921158e3 Richard Henderson: target/sh4: Update DisasContextBase.insn_start 25* 54c52ec719fb Song Gao: hw/loongarch/virt: Fix memory leak 26* e6578f1f68a0 Mattias Nissler: hw/remote/vfio-user: Fix config space access byte order 27* 41c685dc59bb Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 28* 40a3ec7b5ffd Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions 29* fe01af5d47d4 Paolo Bonzini: target/i386: fix feature dependency for WAITPKG 30* 23b1f53c2c89 Paolo Bonzini: configure: quote -D options that are passed through to meson 31* 371d60dfdb47 Thomas Huth: configure: Fix error message when C compiler is not working 32* 37e91415018d hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend 33* e4e62514e3cc Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 34* c9290dfebfdb Richard Henderson: tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs 35* 2563be6317fa Gerd Hoffmann: hw/pflash: fix block write start 36* 84d4b7285486 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 37* 9710401276a0 Fiona Ebner: hw/core/machine: move compatibility flags for VirtIO-net USO to machine 8.1 38* 07c0866103d4 Song Gao: target/loongarch/kvm: fpu save the vreg registers high 192bit 39* b11f9814526b Song Gao: hw/loongarch: Fix fdt memory node wrong 'reg' 40* 6204af704a07 Jiaxun Yang: hw/loongarch/virt: Fix FDT memory node address width 41* 8225bff7c5db Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 42* f0f0136abba6 Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS 43* 36fa7c686e9e Richard Henderson: gitlab: Update msys2-64bit runner tags 44* bad7a2759c69 Daniel P. Berrangé: dockerfiles: add 'MAKE' env variable to remaining containers 45 c53f7a107879 Daniel P. Berrangé: gitlab: use $MAKE instead of 'make' 46 b563959b906d Daniel P. Berrangé: gitlab: use 'setarch -R' to workaround tsan bug 47 19ed42e8adc8 Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 48 daafa78b2972 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR 49 daf9748ac002 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled 50 199e84de1c90 Eric Blake: qio: Inherit follow_coroutine_ctx across TLS 51 a73c99378022 Eric Blake: iotests: test NBD+TLS+iothread 52 c76b121840c6 yang.zhang: hw/intc/riscv_aplic
[Stable-9.0.1 66/71] disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
From: Alistair Francis Previously we only listed a single pmpcfg CSR and the first 16 pmpaddr CSRs. This patch fixes this to list all 16 pmpcfg and all 64 pmpaddr CSRs are part of the disassembly. Reported-by: Eric DeVolder Signed-off-by: Alistair Francis Fixes: ea10325917 ("RISC-V Disassembler") Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240514051615.330979-1-alistair.fran...@wdc.com> Signed-off-by: Alistair Francis (cherry picked from commit 915758c537b5fe09575291f4acd87e2d377a93de) Signed-off-by: Michael Tokarev diff --git a/disas/riscv.c b/disas/riscv.c index e236c8b5b7..297cfa2f63 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -2190,7 +2190,22 @@ static const char *csr_name(int csrno) case 0x0383: return "mibound"; case 0x0384: return "mdbase"; case 0x0385: return "mdbound"; -case 0x03a0: return "pmpcfg3"; +case 0x03a0: return "pmpcfg0"; +case 0x03a1: return "pmpcfg1"; +case 0x03a2: return "pmpcfg2"; +case 0x03a3: return "pmpcfg3"; +case 0x03a4: return "pmpcfg4"; +case 0x03a5: return "pmpcfg5"; +case 0x03a6: return "pmpcfg6"; +case 0x03a7: return "pmpcfg7"; +case 0x03a8: return "pmpcfg8"; +case 0x03a9: return "pmpcfg9"; +case 0x03aa: return "pmpcfg10"; +case 0x03ab: return "pmpcfg11"; +case 0x03ac: return "pmpcfg12"; +case 0x03ad: return "pmpcfg13"; +case 0x03ae: return "pmpcfg14"; +case 0x03af: return "pmpcfg15"; case 0x03b0: return "pmpaddr0"; case 0x03b1: return "pmpaddr1"; case 0x03b2: return "pmpaddr2"; @@ -2207,6 +,54 @@ static const char *csr_name(int csrno) case 0x03bd: return "pmpaddr13"; case 0x03be: return "pmpaddr14"; case 0x03bf: return "pmpaddr15"; +case 0x03c0: return "pmpaddr16"; +case 0x03c1: return "pmpaddr17"; +case 0x03c2: return "pmpaddr18"; +case 0x03c3: return "pmpaddr19"; +case 0x03c4: return "pmpaddr20"; +case 0x03c5: return "pmpaddr21"; +case 0x03c6: return "pmpaddr22"; +case 0x03c7: return "pmpaddr23"; +case 0x03c8: return "pmpaddr24"; +case 0x03c9: return "pmpaddr25"; +case 0x03ca: return "pmpaddr26"; +case 0x03cb: return "pmpaddr27"; +case 0x03cc: return "pmpaddr28"; +case 0x03cd: return "pmpaddr29"; +case 0x03ce: return "pmpaddr30"; +case 0x03cf: return "pmpaddr31"; +case 0x03d0: return "pmpaddr32"; +case 0x03d1: return "pmpaddr33"; +case 0x03d2: return "pmpaddr34"; +case 0x03d3: return "pmpaddr35"; +case 0x03d4: return "pmpaddr36"; +case 0x03d5: return "pmpaddr37"; +case 0x03d6: return "pmpaddr38"; +case 0x03d7: return "pmpaddr39"; +case 0x03d8: return "pmpaddr40"; +case 0x03d9: return "pmpaddr41"; +case 0x03da: return "pmpaddr42"; +case 0x03db: return "pmpaddr43"; +case 0x03dc: return "pmpaddr44"; +case 0x03dd: return "pmpaddr45"; +case 0x03de: return "pmpaddr46"; +case 0x03df: return "pmpaddr47"; +case 0x03e0: return "pmpaddr48"; +case 0x03e1: return "pmpaddr49"; +case 0x03e2: return "pmpaddr50"; +case 0x03e3: return "pmpaddr51"; +case 0x03e4: return "pmpaddr52"; +case 0x03e5: return "pmpaddr53"; +case 0x03e6: return "pmpaddr54"; +case 0x03e7: return "pmpaddr55"; +case 0x03e8: return "pmpaddr56"; +case 0x03e9: return "pmpaddr57"; +case 0x03ea: return "pmpaddr58"; +case 0x03eb: return "pmpaddr59"; +case 0x03ec: return "pmpaddr60"; +case 0x03ed: return "pmpaddr61"; +case 0x03ee: return "pmpaddr62"; +case 0x03ef: return "pmpaddr63"; case 0x0780: return "mtohost"; case 0x0781: return "mfromhost"; case 0x0782: return "mreset"; -- 2.39.2
[Stable-9.0.1 61/71] target/riscv: prioritize pmp errors in raise_mmu_exception()
From: Daniel Henrique Barboza raise_mmu_exception(), as is today, is prioritizing guest page faults by checking first if virt_enabled && !first_stage, and then considering the regular inst/load/store faults. There's no mention in the spec about guest page fault being a higher priority that PMP faults. In fact, privileged spec section 3.7.1 says: "Attempting to fetch an instruction from a PMP region that does not have execute permissions raises an instruction access-fault exception. Attempting to execute a load or load-reserved instruction which accesses a physical address within a PMP region without read permissions raises a load access-fault exception. Attempting to execute a store, store-conditional, or AMO instruction which accesses a physical address within a PMP region without write permissions raises a store access-fault exception." So, in fact, we're doing it wrong - PMP faults should always be thrown, regardless of also being a first or second stage fault. The way riscv_cpu_tlb_fill() and get_physical_address() work is adequate: a TRANSLATE_PMP_FAIL error is immediately reported and reflected in the 'pmp_violation' flag. What we need is to change raise_mmu_exception() to prioritize it. Reported-by: Joseph Chan Fixes: 82d53adfbb ("target/riscv/cpu_helper.c: Invalid exception on MMU translation stage") Signed-off-by: Daniel Henrique Barboza Reviewed-by: Alistair Francis Message-ID: <20240413105929.7030-1-alexei.filip...@syntacore.com> Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit 68e7c86927afa240fa450578cb3a4f18926153e4) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index fc090d729a..e3a7797d00 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1176,28 +1176,30 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address, switch (access_type) { case MMU_INST_FETCH: -if (env->virt_enabled && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_INST_ACCESS_FAULT; +} else if (env->virt_enabled && !first_stage) { cs->exception_index = RISCV_EXCP_INST_GUEST_PAGE_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_INST_ACCESS_FAULT : RISCV_EXCP_INST_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_INST_PAGE_FAULT; } break; case MMU_DATA_LOAD: -if (two_stage && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT; +} else if (two_stage && !first_stage) { cs->exception_index = RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_LOAD_ACCESS_FAULT : RISCV_EXCP_LOAD_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_LOAD_PAGE_FAULT; } break; case MMU_DATA_STORE: -if (two_stage && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT; +} else if (two_stage && !first_stage) { cs->exception_index = RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_STORE_AMO_ACCESS_FAULT : -RISCV_EXCP_STORE_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_STORE_PAGE_FAULT; } break; default: -- 2.39.2
[Stable-8.2.5 33/45] target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions
From: Max Chou According v spec 18.4, only the vfwcvt.f.f.v and vfncvt.f.f.w instructions will be affected by Zvfhmin extension. And the vfwcvt.f.f.v and vfncvt.f.f.w instructions only support the conversions of * From 1*SEW(16/32) to 2*SEW(32/64) * From 2*SEW(32/64) to 1*SEW(16/32) Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-2-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 17b713c0806e72cd8edc6c2ddd8acc5be0475df6) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index db9e45b696..a5fe92b670 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -50,6 +50,22 @@ static bool require_rvf(DisasContext *s) } } +static bool require_rvfmin(DisasContext *s) +{ +if (s->mstatus_fs == EXT_STATUS_DISABLED) { +return false; +} + +switch (s->sew) { +case MO_16: +return s->cfg_ptr->ext_zvfhmin; +case MO_32: +return s->cfg_ptr->ext_zve32f; +default: +return false; +} +} + static bool require_scale_rvf(DisasContext *s) { if (s->mstatus_fs == EXT_STATUS_DISABLED) { @@ -75,8 +91,6 @@ static bool require_scale_rvfmin(DisasContext *s) } switch (s->sew) { -case MO_8: -return s->cfg_ptr->ext_zvfhmin; case MO_16: return s->cfg_ptr->ext_zve32f; case MO_32: @@ -2747,6 +2761,7 @@ static bool opxfv_widen_check(DisasContext *s, arg_rmr *a) static bool opffv_widen_check(DisasContext *s, arg_rmr *a) { return opfv_widen_check(s, a) && + require_rvfmin(s) && require_scale_rvfmin(s) && (s->sew != MO_8); } @@ -2858,6 +2873,7 @@ static bool opfxv_narrow_check(DisasContext *s, arg_rmr *a) static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && + require_rvfmin(s) && require_scale_rvfmin(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-9.0.1 59/71] target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
From: Max Chou The opfv_narrow_check needs to check the single width float operator by require_rvf. Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-4-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 692f33a3abcaae789b08623e7cbdffcd2c738c89) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 6cb9bc9fde..19059fea5f 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2817,6 +2817,7 @@ static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) static bool opffv_rod_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-9.0.1 58/71] target/riscv: rvv: Check single width operator for vector fp widen instructions
From: Max Chou The require_scale_rvf function only checks the double width operator for the vector floating point widen instructions, so most of the widen checking functions need to add require_rvf for single width operator. The vfwcvt.f.x.v and vfwcvt.f.xu.v instructions convert single width integer to double width float, so the opfxv_widen_check function doesn’t need require_rvf for the single width operator(integer). Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-3-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 7a999d4dd704aa71fe6416871ada69438b56b1e5) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index ef568e263d..6cb9bc9fde 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2331,6 +2331,7 @@ GEN_OPFVF_TRANS(vfrsub_vf, opfvf_check) static bool opfvv_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2370,6 +2371,7 @@ GEN_OPFVV_WIDEN_TRANS(vfwsub_vv, opfvv_widen_check) static bool opfvf_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2402,6 +2404,7 @@ GEN_OPFVF_WIDEN_TRANS(vfwsub_vf) static bool opfwv_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2441,6 +2444,7 @@ GEN_OPFWV_WIDEN_TRANS(vfwsub_wv) static bool opfwf_widen_check(DisasContext *s, arg_rmrr *a) { return require_rvv(s) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8) && vext_check_isa_ill(s) && @@ -2941,6 +2945,7 @@ GEN_OPFVV_TRANS(vfredmin_vs, freduction_check) static bool freduction_widen_check(DisasContext *s, arg_rmrr *a) { return reduction_widen_check(s, a) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-8.2.5 41/45] disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
From: Alistair Francis Previously we only listed a single pmpcfg CSR and the first 16 pmpaddr CSRs. This patch fixes this to list all 16 pmpcfg and all 64 pmpaddr CSRs are part of the disassembly. Reported-by: Eric DeVolder Signed-off-by: Alistair Francis Fixes: ea10325917 ("RISC-V Disassembler") Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240514051615.330979-1-alistair.fran...@wdc.com> Signed-off-by: Alistair Francis (cherry picked from commit 915758c537b5fe09575291f4acd87e2d377a93de) Signed-off-by: Michael Tokarev diff --git a/disas/riscv.c b/disas/riscv.c index e9458e574b..8cb2b79f6a 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -2184,7 +2184,22 @@ static const char *csr_name(int csrno) case 0x0383: return "mibound"; case 0x0384: return "mdbase"; case 0x0385: return "mdbound"; -case 0x03a0: return "pmpcfg3"; +case 0x03a0: return "pmpcfg0"; +case 0x03a1: return "pmpcfg1"; +case 0x03a2: return "pmpcfg2"; +case 0x03a3: return "pmpcfg3"; +case 0x03a4: return "pmpcfg4"; +case 0x03a5: return "pmpcfg5"; +case 0x03a6: return "pmpcfg6"; +case 0x03a7: return "pmpcfg7"; +case 0x03a8: return "pmpcfg8"; +case 0x03a9: return "pmpcfg9"; +case 0x03aa: return "pmpcfg10"; +case 0x03ab: return "pmpcfg11"; +case 0x03ac: return "pmpcfg12"; +case 0x03ad: return "pmpcfg13"; +case 0x03ae: return "pmpcfg14"; +case 0x03af: return "pmpcfg15"; case 0x03b0: return "pmpaddr0"; case 0x03b1: return "pmpaddr1"; case 0x03b2: return "pmpaddr2"; @@ -2201,6 +2216,54 @@ static const char *csr_name(int csrno) case 0x03bd: return "pmpaddr13"; case 0x03be: return "pmpaddr14"; case 0x03bf: return "pmpaddr15"; +case 0x03c0: return "pmpaddr16"; +case 0x03c1: return "pmpaddr17"; +case 0x03c2: return "pmpaddr18"; +case 0x03c3: return "pmpaddr19"; +case 0x03c4: return "pmpaddr20"; +case 0x03c5: return "pmpaddr21"; +case 0x03c6: return "pmpaddr22"; +case 0x03c7: return "pmpaddr23"; +case 0x03c8: return "pmpaddr24"; +case 0x03c9: return "pmpaddr25"; +case 0x03ca: return "pmpaddr26"; +case 0x03cb: return "pmpaddr27"; +case 0x03cc: return "pmpaddr28"; +case 0x03cd: return "pmpaddr29"; +case 0x03ce: return "pmpaddr30"; +case 0x03cf: return "pmpaddr31"; +case 0x03d0: return "pmpaddr32"; +case 0x03d1: return "pmpaddr33"; +case 0x03d2: return "pmpaddr34"; +case 0x03d3: return "pmpaddr35"; +case 0x03d4: return "pmpaddr36"; +case 0x03d5: return "pmpaddr37"; +case 0x03d6: return "pmpaddr38"; +case 0x03d7: return "pmpaddr39"; +case 0x03d8: return "pmpaddr40"; +case 0x03d9: return "pmpaddr41"; +case 0x03da: return "pmpaddr42"; +case 0x03db: return "pmpaddr43"; +case 0x03dc: return "pmpaddr44"; +case 0x03dd: return "pmpaddr45"; +case 0x03de: return "pmpaddr46"; +case 0x03df: return "pmpaddr47"; +case 0x03e0: return "pmpaddr48"; +case 0x03e1: return "pmpaddr49"; +case 0x03e2: return "pmpaddr50"; +case 0x03e3: return "pmpaddr51"; +case 0x03e4: return "pmpaddr52"; +case 0x03e5: return "pmpaddr53"; +case 0x03e6: return "pmpaddr54"; +case 0x03e7: return "pmpaddr55"; +case 0x03e8: return "pmpaddr56"; +case 0x03e9: return "pmpaddr57"; +case 0x03ea: return "pmpaddr58"; +case 0x03eb: return "pmpaddr59"; +case 0x03ec: return "pmpaddr60"; +case 0x03ed: return "pmpaddr61"; +case 0x03ee: return "pmpaddr62"; +case 0x03ef: return "pmpaddr63"; case 0x0780: return "mtohost"; case 0x0781: return "mfromhost"; case 0x0782: return "mreset"; -- 2.39.2
[Stable-9.0.1 54/71] target/riscv/kvm: tolerate KVM disable ext errors
From: Daniel Henrique Barboza Running a KVM guest using a 6.9-rc3 kernel, in a 6.8 host that has zkr enabled, will fail with a kernel oops SIGILL right at the start. The reason is that we can't expose zkr without implementing the SEED CSR. Disabling zkr in the guest would be a workaround, but if the KVM doesn't allow it we'll error out and never boot. In hindsight this is too strict. If we keep proceeding, despite not disabling the extension in the KVM vcpu, we'll not add the extension in the riscv,isa. The guest kernel will be unaware of the extension, i.e. it doesn't matter if the KVM vcpu has it enabled underneath or not. So it's ok to keep booting in this case. Change our current logic to not error out if we fail to disable an extension in kvm_set_one_reg(), but show a warning and keep booting. It is important to throw a warning because we must make the user aware that the extension is still available in the vcpu, meaning that an ill-behaved guest can ignore the riscv,isa settings and use the extension. The case we're handling happens with an EINVAL error code. If we fail to disable the extension in KVM for any other reason, error out. We'll also keep erroring out when we fail to enable an extension in KVM, since adding the extension in riscv,isa at this point will cause a guest malfunction because the extension isn't enabled in the vcpu. Suggested-by: Andrew Jones Signed-off-by: Daniel Henrique Barboza Reviewed-by: Andrew Jones Cc: qemu-stable Message-ID: <20240422171425.333037-2-dbarb...@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit 1215d45b2aa97512a2867e401aa59f3d0c23cb23) Signed-off-by: Michael Tokarev diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index 243a624fee..5187b88ad9 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -427,10 +427,14 @@ static void kvm_riscv_update_cpu_cfg_isa_ext(RISCVCPU *cpu, CPUState *cs) reg = kvm_cpu_cfg_get(cpu, multi_ext_cfg); ret = kvm_set_one_reg(cs, id, ); if (ret != 0) { -error_report("Unable to %s extension %s in KVM, error %d", - reg ? "enable" : "disable", - multi_ext_cfg->name, ret); -exit(EXIT_FAILURE); +if (!reg && ret == -EINVAL) { +warn_report("KVM cannot disable extension %s", +multi_ext_cfg->name); +} else { +error_report("Unable to enable extension %s in KVM, error %d", + multi_ext_cfg->name, ret); +exit(EXIT_FAILURE); +} } } } -- 2.39.2
[Stable-8.2.5 24/45] hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
From: Zenghui Yu We wrongly encoded ID_AA64PFR1_EL1 using {3,0,0,4,2} in hvf_sreg_match[] so we fail to get the expected ARMCPRegInfo from cp_regs hash table with the wrong key. Fix it with the correct encoding {3,0,0,4,1}. With that fixed, the Linux guest can properly detect FEAT_SSBS2 on my M1 HW. All DBG{B,W}{V,C}R_EL1 registers are also wrongly encoded with op0 == 14. It happens to work because HVF_SYSREG(CRn, CRm, 14, op1, op2) equals to HVF_SYSREG(CRn, CRm, 2, op1, op2), by definition. But we shouldn't rely on it. Cc: qemu-sta...@nongnu.org Fixes: a1477da3ddeb ("hvf: Add Apple Silicon support") Signed-off-by: Zenghui Yu Reviewed-by: Alexander Graf Message-id: 20240503153453.54389-1-zenghui...@linux.dev Signed-off-by: Peter Maydell (cherry picked from commit 19ed42e8adc87a3c739f61608b66a046bb9237e2) Signed-off-by: Michael Tokarev diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index 757e13b0f9..09b31c318a 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -392,85 +392,85 @@ struct hvf_sreg_match { }; static struct hvf_sreg_match hvf_sreg_match[] = { -{ HV_SYS_REG_DBGBVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 5) }, -{ HV_SYS_REG_DBGWVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 6) }, -{ HV_SYS_REG_DBGWCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 7) }, - -{ HV_SYS_REG_DBGBVR15_EL1, HVF_SYSREG(0, 15, 14, 0, 4) }, -{ HV_SYS_REG_DBGBCR15_EL1, HVF_SYSREG(0, 15, 14, 0, 5) }, -{ HV_SYS_REG_DB
[Stable-7.2.12 29/29] target/loongarch: fix a wrong print in cpu dump
From: lanyanzhi description: loongarch_cpu_dump_state() want to dump all loongarch cpu state registers, but there is a tiny typographical error when printing "PRCFG2". Cc: qemu-sta...@nongnu.org Signed-off-by: lanyanzhi Reviewed-by: Richard Henderson Reviewed-by: Song Gao Message-Id: <20240604073831.90-1-lanyanzhi...@ict.ac.cn> Signed-off-by: Song Gao (cherry picked from commit 78f932ea1f7b3b9b0ac628dc2a91281318fe51fa) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c index 92dd50e15e..56e36d81b3 100644 --- a/target/loongarch/cpu.c +++ b/target/loongarch/cpu.c @@ -653,7 +653,7 @@ void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags) qemu_fprintf(f, "EENTRY=%016" PRIx64 "\n", env->CSR_EENTRY); qemu_fprintf(f, "PRCFG1=%016" PRIx64 ", PRCFG2=%016" PRIx64 "," " PRCFG3=%016" PRIx64 "\n", - env->CSR_PRCFG1, env->CSR_PRCFG3, env->CSR_PRCFG3); + env->CSR_PRCFG1, env->CSR_PRCFG2, env->CSR_PRCFG3); qemu_fprintf(f, "TLBRENTRY=%016" PRIx64 "\n", env->CSR_TLBRENTRY); qemu_fprintf(f, "TLBRBADV=%016" PRIx64 "\n", env->CSR_TLBRBADV); qemu_fprintf(f, "TLBRERA=%016" PRIx64 "\n", env->CSR_TLBRERA); -- 2.39.2
[Stable-9.0.1 70/71] ui/sdl2: Allow host to power down screen
From: Bernhard Beschow By default, SDL disables the screen saver which prevents the host from powering down the screen even if the screen is locked. This results in draining the battery needlessly when the host isn't connected to a wall charger. Fix that by enabling the screen saver. Signed-off-by: Bernhard Beschow Acked-by: Marc-André Lureau Message-ID: <20240512095945.1879-1-shen...@gmail.com> (cherry picked from commit 2e701e6785cd8cc048c608751c6e4f6253c67ab6) Signed-off-by: Michael Tokarev diff --git a/ui/sdl2.c b/ui/sdl2.c index 4971963f00..0a0eb5a42d 100644 --- a/ui/sdl2.c +++ b/ui/sdl2.c @@ -874,6 +874,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) SDL_SetHint(SDL_HINT_ALLOW_ALT_TAB_WHILE_GRABBED, "0"); #endif SDL_SetHint(SDL_HINT_WINDOWS_NO_CLOSE_ON_ALT_F4, "1"); +SDL_EnableScreenSaver(); memset(, 0, sizeof(info)); SDL_VERSION(); -- 2.39.2
[Stable-8.2.5 38/45] target/riscv: do not set mtval2 for non guest-page faults
From: Alexei Filippov Previous patch fixed the PMP priority in raise_mmu_exception() but we're still setting mtval2 incorrectly. In riscv_cpu_tlb_fill(), after pmp check in 2 stage translation part, mtval2 will be set in case of successes 2 stage translation but failed pmp check. In this case we gonna set mtval2 via env->guest_phys_fault_addr in context of riscv_cpu_tlb_fill(), as this was a guest-page-fault, but it didn't and mtval2 should be zero, according to RISCV privileged spec sect. 9.4.4: When a guest page-fault is taken into M-mode, mtval2 is written with either zero or guest physical address that faulted, shifted by 2 bits. *For other traps, mtval2 is set to zero...* Signed-off-by: Alexei Filippov Reviewed-by: Daniel Henrique Barboza Reviewed-by: Alistair Francis Message-ID: <20240503103052.6819-1-alexei.filip...@syntacore.com> Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit 6c9a344247132ac6c3d0eb9670db45149a29c88f) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index cf97c782dd..62dda4f284 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1361,17 +1361,17 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, __func__, pa, ret, prot_pmp, tlb_size); prot &= prot_pmp; -} - -if (ret != TRANSLATE_SUCCESS) { +} else { /* * Guest physical address translation failed, this is a HS * level exception */ first_stage_error = false; -env->guest_phys_fault_addr = (im_address | - (address & - (TARGET_PAGE_SIZE - 1))) >> 2; +if (ret != TRANSLATE_PMP_FAIL) { +env->guest_phys_fault_addr = (im_address | + (address & + (TARGET_PAGE_SIZE - 1))) >> 2; +} } } } else { -- 2.39.2
[Stable-9.0.1 60/71] target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions
From: Max Chou If the checking functions check both the single and double width operators at the same time, then the single width operator checking functions (require_rvf[min]) will check whether the SEW is 8. Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-5-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 93cb52b7a3ccc64e8d28813324818edae07e21d5) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 19059fea5f..08c22f48cb 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2333,7 +2333,6 @@ static bool opfvv_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dss(s, a->rd, a->rs1, a->rs2, a->vm); } @@ -2373,7 +2372,6 @@ static bool opfvf_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_ds(s, a->rd, a->rs2, a->vm); } @@ -2406,7 +2404,6 @@ static bool opfwv_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dds(s, a->rd, a->rs1, a->rs2, a->vm); } @@ -2446,7 +2443,6 @@ static bool opfwf_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dd(s, a->rd, a->rs2, a->vm); } @@ -2704,8 +2700,7 @@ static bool opffv_widen_check(DisasContext *s, arg_rmr *a) { return opfv_widen_check(s, a) && require_rvfmin(s) && - require_scale_rvfmin(s) && - (s->sew != MO_8); + require_scale_rvfmin(s); } #define GEN_OPFV_WIDEN_TRANS(NAME, CHECK, HELPER, FRM) \ @@ -2810,16 +2805,14 @@ static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && require_rvfmin(s) && - require_scale_rvfmin(s) && - (s->sew != MO_8); + require_scale_rvfmin(s); } static bool opffv_rod_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && require_rvf(s) && - require_scale_rvf(s) && - (s->sew != MO_8); + require_scale_rvf(s); } #define GEN_OPFV_NARROW_TRANS(NAME, CHECK, HELPER, FRM)\ @@ -2947,8 +2940,7 @@ static bool freduction_widen_check(DisasContext *s, arg_rmrr *a) { return reduction_widen_check(s, a) && require_rvf(s) && - require_scale_rvf(s) && - (s->sew != MO_8); + require_scale_rvf(s); } GEN_OPFVV_WIDEN_TRANS(vfwredusum_vs, freduction_widen_check) -- 2.39.2
[Stable-8.2.5 39/45] target/riscv: rvzicbo: Fixup CBO extension register calculation
From: Alistair Francis When running the instruction ``` cbo.flush 0(x0) ``` QEMU would segfault. The issue was in cpu_gpr[a->rs1] as QEMU does not have cpu_gpr[0] allocated. In order to fix this let's use the existing get_address() helper. This also has the benefit of performing pointer mask calculations on the address specified in rs1. The pointer masking specificiation specifically states: """ Cache Management Operations: All instructions in Zicbom, Zicbop and Zicboz """ So this is the correct behaviour and we previously have been incorrectly not masking the address. Signed-off-by: Alistair Francis Reported-by: Fabian Thomas Fixes: e05da09b7cfd ("target/riscv: implement Zicbom extension") Reviewed-by: Richard Henderson Cc: qemu-stable Message-ID: <20240514023910.301766-1-alistair.fran...@wdc.com> Signed-off-by: Alistair Francis (cherry picked from commit c5eb8d6336741dbcb98efcc347f8265bf60bc9d1) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvzicbo.c.inc b/target/riscv/insn_trans/trans_rvzicbo.c.inc index d5d7095903..15711c3140 100644 --- a/target/riscv/insn_trans/trans_rvzicbo.c.inc +++ b/target/riscv/insn_trans/trans_rvzicbo.c.inc @@ -31,27 +31,35 @@ static bool trans_cbo_clean(DisasContext *ctx, arg_cbo_clean *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_clean_flush(tcg_env, src); return true; } static bool trans_cbo_flush(DisasContext *ctx, arg_cbo_flush *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_clean_flush(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_clean_flush(tcg_env, src); return true; } static bool trans_cbo_inval(DisasContext *ctx, arg_cbo_inval *a) { REQUIRE_ZICBOM(ctx); -gen_helper_cbo_inval(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_inval(tcg_env, src); return true; } static bool trans_cbo_zero(DisasContext *ctx, arg_cbo_zero *a) { REQUIRE_ZICBOZ(ctx); -gen_helper_cbo_zero(tcg_env, cpu_gpr[a->rs1]); +TCGv src = get_address(ctx, a->rs1, 0); + +gen_helper_cbo_zero(tcg_env, src); return true; } -- 2.39.2
[Stable-8.2.5 26/45] target/arm: Disable SVE extensions when SVE is disabled
From: Marcin Juszkiewicz Cc: qemu-sta...@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2304 Reported-by: Marcin Juszkiewicz Signed-off-by: Richard Henderson Signed-off-by: Marcin Juszkiewicz Message-id: 20240526204551.553282-1-richard.hender...@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit daf9748ac002ec35258e5986b6257961fd04b565) Signed-off-by: Michael Tokarev diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 1e9c6c85ae..81d93e56db 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -109,7 +109,11 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) * No explicit bits enabled, and no implicit bits from sve-max-vq. */ if (!cpu_isar_feature(aa64_sve, cpu)) { -/* SVE is disabled and so are all vector lengths. Good. */ +/* + * SVE is disabled and so are all vector lengths. Good. + * Disable all SVE extensions as well. + */ +cpu->isar.id_aa64zfr0 = 0; return; } -- 2.39.2
[Stable-7.2.12 26/29] target/i386: fix xsave.flat from kvm-unit-tests
From: Paolo Bonzini xsave.flat checks that "executing the XSETBV instruction causes a general- protection fault (#GP) if ECX = 0 and EAX[2:1] has the value 10b". QEMU allows that option, so the test fails. Add the condition. Cc: qemu-sta...@nongnu.org Fixes: 892544317fe ("target/i386: implement XSAVE and XRSTOR of AVX registers", 2022-10-18) Reported-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 7604bbc2d87d153e65e38cf2d671a5a9a35917b1) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index 6f3741b635..68c7058628 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -3011,6 +3011,11 @@ void helper_xsetbv(CPUX86State *env, uint32_t ecx, uint64_t mask) goto do_gpf; } +/* SSE can be disabled, but only if AVX is disabled too. */ +if ((mask & (XSTATE_SSE_MASK | XSTATE_YMM_MASK)) == XSTATE_YMM_MASK) { +goto do_gpf; +} + /* Disallow enabling unimplemented features. */ cpu_x86_cpuid(env, 0x0d, 0, _lo, , , _hi); ena = ((uint64_t)ena_hi << 32) | ena_lo; -- 2.39.2
[Stable-9.0.1 65/71] riscv, gdbstub.c: fix reg_width in ricsv_gen_dynamic_vector_feature()
From: Daniel Henrique Barboza Commit 33a24910ae changed 'reg_width' to use 'vlenb', i.e. vector length in bytes, when in this context we want 'reg_width' as the length in bits. Fix 'reg_width' back to the value in bits like 7cb59921c05a ("target/riscv/gdbstub.c: use 'vlenb' instead of shifting 'vlen'") set beforehand. While we're at it, rename 'reg_width' to 'bitsize' to provide a bit more clarity about what the variable represents. 'bitsize' is also used in riscv_gen_dynamic_csr_feature() with the same purpose, i.e. as an input to gdb_feature_builder_append_reg(). Cc: Akihiko Odaki Cc: Alex Bennée Reported-by: Robin Dapp Fixes: 33a24910ae ("target/riscv: Use GDBFeature for dynamic XML") Signed-off-by: Daniel Henrique Barboza Reviewed-by: LIU Zhiwei Acked-by: Alex Bennée Reviewed-by: Akihiko Odaki Reviewed-by: Alistair Francis Cc: qemu-stable Message-ID: <20240517203054.880861-2-dbarb...@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit 583edc4efb7f4075212bdee281f336edfa532e3f) Signed-off-by: Michael Tokarev diff --git a/target/riscv/gdbstub.c b/target/riscv/gdbstub.c index be7a02cd90..c0026bd648 100644 --- a/target/riscv/gdbstub.c +++ b/target/riscv/gdbstub.c @@ -288,7 +288,7 @@ static GDBFeature *riscv_gen_dynamic_csr_feature(CPUState *cs, int base_reg) static GDBFeature *ricsv_gen_dynamic_vector_feature(CPUState *cs, int base_reg) { RISCVCPU *cpu = RISCV_CPU(cs); -int reg_width = cpu->cfg.vlenb; +int bitsize = cpu->cfg.vlenb << 3; GDBFeatureBuilder builder; int i; @@ -298,7 +298,7 @@ static GDBFeature *ricsv_gen_dynamic_vector_feature(CPUState *cs, int base_reg) /* First define types and totals in a whole VL */ for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) { -int count = reg_width / vec_lanes[i].size; +int count = bitsize / vec_lanes[i].size; gdb_feature_builder_append_tag( , "", vec_lanes[i].id, vec_lanes[i].gdb_type, count); @@ -316,7 +316,7 @@ static GDBFeature *ricsv_gen_dynamic_vector_feature(CPUState *cs, int base_reg) /* Define vector registers */ for (i = 0; i < 32; i++) { gdb_feature_builder_append_reg(, g_strdup_printf("v%d", i), - reg_width, i, "riscv_vector", "vector"); + bitsize, i, "riscv_vector", "vector"); } gdb_feature_builder_end(); -- 2.39.2
[Stable-8.2.5 36/45] target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions
From: Max Chou If the checking functions check both the single and double width operators at the same time, then the single width operator checking functions (require_rvf[min]) will check whether the SEW is 8. Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-5-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 93cb52b7a3ccc64e8d28813324818edae07e21d5) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 23a451cd9b..7076459e3e 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2381,7 +2381,6 @@ static bool opfvv_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dss(s, a->rd, a->rs1, a->rs2, a->vm); } @@ -2424,7 +2423,6 @@ static bool opfvf_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_ds(s, a->rd, a->rs2, a->vm); } @@ -2457,7 +2455,6 @@ static bool opfwv_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dds(s, a->rd, a->rs1, a->rs2, a->vm); } @@ -2500,7 +2497,6 @@ static bool opfwf_widen_check(DisasContext *s, arg_rmrr *a) return require_rvv(s) && require_rvf(s) && require_scale_rvf(s) && - (s->sew != MO_8) && vext_check_isa_ill(s) && vext_check_dd(s, a->rd, a->rs2, a->vm); } @@ -2766,8 +2762,7 @@ static bool opffv_widen_check(DisasContext *s, arg_rmr *a) { return opfv_widen_check(s, a) && require_rvfmin(s) && - require_scale_rvfmin(s) && - (s->sew != MO_8); + require_scale_rvfmin(s); } #define GEN_OPFV_WIDEN_TRANS(NAME, CHECK, HELPER, FRM) \ @@ -2878,16 +2873,14 @@ static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && require_rvfmin(s) && - require_scale_rvfmin(s) && - (s->sew != MO_8); + require_scale_rvfmin(s); } static bool opffv_rod_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && require_rvf(s) && - require_scale_rvf(s) && - (s->sew != MO_8); + require_scale_rvf(s); } #define GEN_OPFV_NARROW_TRANS(NAME, CHECK, HELPER, FRM)\ @@ -3021,8 +3014,7 @@ static bool freduction_widen_check(DisasContext *s, arg_rmrr *a) { return reduction_widen_check(s, a) && require_rvf(s) && - require_scale_rvf(s) && - (s->sew != MO_8); + require_scale_rvf(s); } GEN_OPFVV_WIDEN_TRANS(vfwredusum_vs, freduction_widen_check) -- 2.39.2
[Stable-8.2.5 22/45] gitlab: use $MAKE instead of 'make'
From: Daniel P. Berrangé The lcitool generated containers have '$MAKE' set to the path of the right 'make' binary. Using the env variable makes it possible to override the choice per job. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240513111551.488088-3-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit c53f7a107879a2b7e719b07692a05289bf603fde) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml index 4fbfeb6667..8e4d60f5d0 100644 --- a/.gitlab-ci.d/buildtest-template.yml +++ b/.gitlab-ci.d/buildtest-template.yml @@ -25,10 +25,10 @@ then pyvenv/bin/meson configure . -Dbackend_max_links="$LD_JOBS" ; fi || exit 1; -- make -j"$JOBS" +- $MAKE -j"$JOBS" - if test -n "$MAKE_CHECK_ARGS"; then -make -j"$JOBS" $MAKE_CHECK_ARGS ; +$MAKE -j"$JOBS" $MAKE_CHECK_ARGS ; fi - ccache --show-stats @@ -59,7 +59,7 @@ - cd build - find . -type f -exec touch {} + # Avoid recompiling by hiding ninja with NINJA=":" -- make NINJA=":" $MAKE_CHECK_ARGS +- $MAKE NINJA=":" $MAKE_CHECK_ARGS .native_test_job_template: extends: .common_test_job_template -- 2.39.2
[Stable-9.0.1 46/71] gitlab: use 'setarch -R' to workaround tsan bug
From: Daniel P. Berrangé The TSAN job started failing when gitlab rolled out their latest release. The root cause is a change in the Google COS version used on shared runners. This brings a kernel running with vm.mmap_rnd_bits = 31 which is incompatible with TSAN in LLVM < 18, which only supports upto '28'. LLVM 18 can support upto '30', and failing that will re-exec itself to turn off VA randomization. Our LLVM is too old for now, but we can run with 'setarch -R make ..' to turn off VA randomization ourselves. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Message-ID: <20240513111551.488088-4-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit b563959b906db53fb4bcaef1351f11a51c4b9582) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml index cfdff175c3..92e65bb78e 100644 --- a/.gitlab-ci.d/buildtest.yml +++ b/.gitlab-ci.d/buildtest.yml @@ -575,6 +575,9 @@ tsan-build: CONFIGURE_ARGS: --enable-tsan --cc=clang --cxx=clang++ --enable-trace-backends=ust --disable-slirp TARGETS: x86_64-softmmu ppc64-softmmu riscv64-softmmu x86_64-linux-user +# Remove when we switch to a distro with clang >= 18 +# https://github.com/google/sanitizers/issues/1716 +MAKE: setarch -R make # gcov is a GCC features gcov: -- 2.39.2
[Stable-9.0.1 50/71] qio: Inherit follow_coroutine_ctx across TLS
From: Eric Blake Since qemu 8.2, the combination of NBD + TLS + iothread crashes on an assertion failure: qemu-kvm: ../io/channel.c:534: void qio_channel_restart_read(void *): Assertion `qemu_get_current_aio_context() == qemu_coroutine_get_aio_context(co)' failed. It turns out that when we removed AioContext locking, we did so by having NBD tell its qio channels that it wanted to opt in to qio_channel_set_follow_coroutine_ctx(); but while we opted in on the main channel, we did not opt in on the TLS wrapper channel. qemu-iotests has coverage of NBD+iothread and NBD+TLS, but apparently no coverage of NBD+TLS+iothread, or we would have noticed this regression sooner. (I'll add that in the next patch) But while we could manually opt in to the TLS channel in nbd/server.c (a one-line change), it is more generic if all qio channels that wrap other channels inherit the follow status, in the same way that they inherit feature bits. CC: Stefan Hajnoczi CC: Daniel P. Berrangé CC: qemu-sta...@nongnu.org Fixes: https://issues.redhat.com/browse/RHEL-34786 Fixes: 06e0f098 ("io: follow coroutine AioContext in qio_channel_yield()", v8.2.0) Signed-off-by: Eric Blake Reviewed-by: Stefan Hajnoczi Reviewed-by: Daniel P. Berrangé Message-ID: <20240518025246.791593-5-ebl...@redhat.com> (cherry picked from commit 199e84de1c903ba5aa1f7256310bbc4a20dd930b) Signed-off-by: Michael Tokarev diff --git a/io/channel-tls.c b/io/channel-tls.c index 1d9c9c72bf..67b976 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -69,37 +69,40 @@ qio_channel_tls_new_server(QIOChannel *master, const char *aclname, Error **errp) { -QIOChannelTLS *ioc; +QIOChannelTLS *tioc; +QIOChannel *ioc; -ioc = QIO_CHANNEL_TLS(object_new(TYPE_QIO_CHANNEL_TLS)); +tioc = QIO_CHANNEL_TLS(object_new(TYPE_QIO_CHANNEL_TLS)); +ioc = QIO_CHANNEL(tioc); -ioc->master = master; +tioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { -qio_channel_set_feature(QIO_CHANNEL(ioc), QIO_CHANNEL_FEATURE_SHUTDOWN); +qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } object_ref(OBJECT(master)); -ioc->session = qcrypto_tls_session_new( +tioc->session = qcrypto_tls_session_new( creds, NULL, aclname, QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, errp); -if (!ioc->session) { +if (!tioc->session) { goto error; } qcrypto_tls_session_set_callbacks( -ioc->session, +tioc->session, qio_channel_tls_write_handler, qio_channel_tls_read_handler, -ioc); +tioc); -trace_qio_channel_tls_new_server(ioc, master, creds, aclname); -return ioc; +trace_qio_channel_tls_new_server(tioc, master, creds, aclname); +return tioc; error: -object_unref(OBJECT(ioc)); +object_unref(OBJECT(tioc)); return NULL; } @@ -116,6 +119,7 @@ qio_channel_tls_new_client(QIOChannel *master, ioc = QIO_CHANNEL(tioc); tioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } diff --git a/io/channel-websock.c b/io/channel-websock.c index a12acc27cf..de39f0d182 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -883,6 +883,7 @@ qio_channel_websock_new_server(QIOChannel *master) ioc = QIO_CHANNEL(wioc); wioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } -- 2.39.2
[Stable-8.2.5 27/45] qio: Inherit follow_coroutine_ctx across TLS
From: Eric Blake Since qemu 8.2, the combination of NBD + TLS + iothread crashes on an assertion failure: qemu-kvm: ../io/channel.c:534: void qio_channel_restart_read(void *): Assertion `qemu_get_current_aio_context() == qemu_coroutine_get_aio_context(co)' failed. It turns out that when we removed AioContext locking, we did so by having NBD tell its qio channels that it wanted to opt in to qio_channel_set_follow_coroutine_ctx(); but while we opted in on the main channel, we did not opt in on the TLS wrapper channel. qemu-iotests has coverage of NBD+iothread and NBD+TLS, but apparently no coverage of NBD+TLS+iothread, or we would have noticed this regression sooner. (I'll add that in the next patch) But while we could manually opt in to the TLS channel in nbd/server.c (a one-line change), it is more generic if all qio channels that wrap other channels inherit the follow status, in the same way that they inherit feature bits. CC: Stefan Hajnoczi CC: Daniel P. Berrangé CC: qemu-sta...@nongnu.org Fixes: https://issues.redhat.com/browse/RHEL-34786 Fixes: 06e0f098 ("io: follow coroutine AioContext in qio_channel_yield()", v8.2.0) Signed-off-by: Eric Blake Reviewed-by: Stefan Hajnoczi Reviewed-by: Daniel P. Berrangé Message-ID: <20240518025246.791593-5-ebl...@redhat.com> (cherry picked from commit 199e84de1c903ba5aa1f7256310bbc4a20dd930b) Signed-off-by: Michael Tokarev diff --git a/io/channel-tls.c b/io/channel-tls.c index 58fe1aceee..a8ad89c3d1 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -69,37 +69,40 @@ qio_channel_tls_new_server(QIOChannel *master, const char *aclname, Error **errp) { -QIOChannelTLS *ioc; +QIOChannelTLS *tioc; +QIOChannel *ioc; -ioc = QIO_CHANNEL_TLS(object_new(TYPE_QIO_CHANNEL_TLS)); +tioc = QIO_CHANNEL_TLS(object_new(TYPE_QIO_CHANNEL_TLS)); +ioc = QIO_CHANNEL(tioc); -ioc->master = master; +tioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { -qio_channel_set_feature(QIO_CHANNEL(ioc), QIO_CHANNEL_FEATURE_SHUTDOWN); +qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } object_ref(OBJECT(master)); -ioc->session = qcrypto_tls_session_new( +tioc->session = qcrypto_tls_session_new( creds, NULL, aclname, QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, errp); -if (!ioc->session) { +if (!tioc->session) { goto error; } qcrypto_tls_session_set_callbacks( -ioc->session, +tioc->session, qio_channel_tls_write_handler, qio_channel_tls_read_handler, -ioc); +tioc); -trace_qio_channel_tls_new_server(ioc, master, creds, aclname); -return ioc; +trace_qio_channel_tls_new_server(tioc, master, creds, aclname); +return tioc; error: -object_unref(OBJECT(ioc)); +object_unref(OBJECT(tioc)); return NULL; } @@ -116,6 +119,7 @@ qio_channel_tls_new_client(QIOChannel *master, ioc = QIO_CHANNEL(tioc); tioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } diff --git a/io/channel-websock.c b/io/channel-websock.c index a12acc27cf..de39f0d182 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -883,6 +883,7 @@ qio_channel_websock_new_server(QIOChannel *master) ioc = QIO_CHANNEL(wioc); wioc->master = master; +ioc->follow_coroutine_ctx = master->follow_coroutine_ctx; if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); } -- 2.39.2
[Stable-9.0.1 49/71] target/arm: Disable SVE extensions when SVE is disabled
From: Marcin Juszkiewicz Cc: qemu-sta...@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2304 Reported-by: Marcin Juszkiewicz Signed-off-by: Richard Henderson Signed-off-by: Marcin Juszkiewicz Message-id: 20240526204551.553282-1-richard.hender...@linaro.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit daf9748ac002ec35258e5986b6257961fd04b565) Signed-off-by: Michael Tokarev diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 985b1efe16..6e33481dfa 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -109,7 +109,11 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) * No explicit bits enabled, and no implicit bits from sve-max-vq. */ if (!cpu_isar_feature(aa64_sve, cpu)) { -/* SVE is disabled and so are all vector lengths. Good. */ +/* + * SVE is disabled and so are all vector lengths. Good. + * Disable all SVE extensions as well. + */ +cpu->isar.id_aa64zfr0 = 0; return; } -- 2.39.2
[Stable-8.2.5 35/45] target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
From: Max Chou The opfv_narrow_check needs to check the single width float operator by require_rvf. Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-4-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 692f33a3abcaae789b08623e7cbdffcd2c738c89) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index e42f49a6d8..23a451cd9b 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -2885,6 +2885,7 @@ static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) static bool opffv_rod_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && + require_rvf(s) && require_scale_rvf(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-8.2.5 00/45] Patch Round-up for stable 8.2.5, frozen on 2024-06-07
The following patches are queued for QEMU stable v8.2.5: https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2 Patch freeze is 2024-06-07 (frozen), and the release is planned for 2024-06-09: https://wiki.qemu.org/Planning/8.2 Please respond here or CC qemu-sta...@nongnu.org for any additional notes about the planned release. The changes which are staging for inclusion, with the original commit hash from master branch, are given below the bottom line. Thanks! /mjt -- 01* 6a5a63f74ba5 Ruihan Li: target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK 02* 7b616f36de0b Richard Henderson: target/sparc: Fix FEXPAND 03* 9157dccc7e71 Richard Henderson: target/sparc: Fix FMUL8x16 04* 54c52ec719fb Song Gao: hw/loongarch/virt: Fix memory leak 05* e6578f1f68a0 Mattias Nissler: hw/remote/vfio-user: Fix config space access byte order 06* 41c685dc59bb Paolo Bonzini: target/i386: fix operand size for DATA16 REX.W POPCNT 07* 40a3ec7b5ffd Paolo Bonzini: target/i386: rdpkru/wrpkru are no-prefix instructions 08* fe01af5d47d4 Paolo Bonzini: target/i386: fix feature dependency for WAITPKG 09* 23b1f53c2c89 Paolo Bonzini: configure: quote -D options that are passed through to meson 10* 371d60dfdb47 Thomas Huth: configure: Fix error message when C compiler is not working 11* 37e91415018d hikalium: ui/gtk: Fix mouse/motion event scaling issue with GTK display backend 12* e4e62514e3cc Dongwon Kim: ui/gtk: Check if fence_fd is equal to or greater than 0 13* c9290dfebfdb Richard Henderson: tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs 14* 84d4b7285486 donsheng: target-i386: hyper-v: Correct kvm_hv_handle_exit return value 15* 9710401276a0 Fiona Ebner: hw/core/machine: move compatibility flags for VirtIO-net USO to machine 8.1 16* b11f9814526b Song Gao: hw/loongarch: Fix fdt memory node wrong 'reg' 17* 6204af704a07 Jiaxun Yang: hw/loongarch/virt: Fix FDT memory node address width 18* 8225bff7c5db Paolo Bonzini: target/i386: disable jmp_opt if EFLAGS.RF is 1 19* f0f0136abba6 Paolo Bonzini: target/i386: no single-step exception after MOV or POP SS 20 36fa7c686e9e Richard Henderson: gitlab: Update msys2-64bit runner tags 21* bad7a2759c69 Daniel P. Berrangé: dockerfiles: add 'MAKE' env variable to remaining containers 22 c53f7a107879 Daniel P. Berrangé: gitlab: use $MAKE instead of 'make' 23 b563959b906d Daniel P. Berrangé: gitlab: use 'setarch -R' to workaround tsan bug 24 19ed42e8adc8 Zenghui Yu: hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers 25 daafa78b2972 Andrey Shumilin: hw/intc/arm_gic: Fix handling of NS view of GICC_APR 26 daf9748ac002 Marcin Juszkiewicz: target/arm: Disable SVE extensions when SVE is disabled 27 199e84de1c90 Eric Blake: qio: Inherit follow_coroutine_ctx across TLS 28 a73c99378022 Eric Blake: iotests: test NBD+TLS+iothread 29 c76b121840c6 yang.zhang: hw/intc/riscv_aplic: APLICs should add child earlier than realize 30 1215d45b2aa9 Daniel Henrique Barboza: target/riscv/kvm: tolerate KVM disable ext errors 31 75115d880c6d Huang Tao: target/riscv: Fix the element agnostic function problem 32 ff33b7a9699e Yangyu Chen: target/riscv/cpu.c: fix Zvkb extension config 33 17b713c0806e Max Chou: target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions 34 7a999d4dd704 Max Chou: target/riscv: rvv: Check single width operator for vector fp widen instructions 35 692f33a3abca Max Chou: target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w 36 93cb52b7a3cc Max Chou: target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions 37 68e7c86927af Daniel Henrique Barboza: target/riscv: prioritize pmp errors in raise_mmu_exception() 38 6c9a34424713 Alexei Filippov: target/riscv: do not set mtval2 for non guest-page faults 39 c5eb8d633674 Alistair Francis: target/riscv: rvzicbo: Fixup CBO extension register calculation 40 190b867f28cb Yong-Xuan Wang: target/riscv/kvm.c: Fix the hart bit setting of AIA 41 915758c537b5 Alistair Francis: disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs 42 7604bbc2d87d Paolo Bonzini: target/i386: fix xsave.flat from kvm-unit-tests 43 da7c95920d02 Xinyu Li: target/i386: fix SSE and SSE2 feature check 44 2e701e6785cd Bernhard Beschow: ui/sdl2: Allow host to power down screen 45 78f932ea1f7b lanyanzhi: target/loongarch: fix a wrong print in cpu dump (commit(s) marked with * were in previous series and are not resent)
[Stable-7.2.12 28/29] ui/sdl2: Allow host to power down screen
From: Bernhard Beschow By default, SDL disables the screen saver which prevents the host from powering down the screen even if the screen is locked. This results in draining the battery needlessly when the host isn't connected to a wall charger. Fix that by enabling the screen saver. Signed-off-by: Bernhard Beschow Acked-by: Marc-André Lureau Message-ID: <20240512095945.1879-1-shen...@gmail.com> (cherry picked from commit 2e701e6785cd8cc048c608751c6e4f6253c67ab6) Signed-off-by: Michael Tokarev diff --git a/ui/sdl2.c b/ui/sdl2.c index d630459b78..fc7e8639c2 100644 --- a/ui/sdl2.c +++ b/ui/sdl2.c @@ -857,6 +857,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) SDL_SetHint(SDL_HINT_ALLOW_ALT_TAB_WHILE_GRABBED, "0"); #endif SDL_SetHint(SDL_HINT_WINDOWS_NO_CLOSE_ON_ALT_F4, "1"); +SDL_EnableScreenSaver(); memset(, 0, sizeof(info)); SDL_VERSION(); -- 2.39.2
[Stable-8.2.5 37/45] target/riscv: prioritize pmp errors in raise_mmu_exception()
From: Daniel Henrique Barboza raise_mmu_exception(), as is today, is prioritizing guest page faults by checking first if virt_enabled && !first_stage, and then considering the regular inst/load/store faults. There's no mention in the spec about guest page fault being a higher priority that PMP faults. In fact, privileged spec section 3.7.1 says: "Attempting to fetch an instruction from a PMP region that does not have execute permissions raises an instruction access-fault exception. Attempting to execute a load or load-reserved instruction which accesses a physical address within a PMP region without read permissions raises a load access-fault exception. Attempting to execute a store, store-conditional, or AMO instruction which accesses a physical address within a PMP region without write permissions raises a store access-fault exception." So, in fact, we're doing it wrong - PMP faults should always be thrown, regardless of also being a first or second stage fault. The way riscv_cpu_tlb_fill() and get_physical_address() work is adequate: a TRANSLATE_PMP_FAIL error is immediately reported and reflected in the 'pmp_violation' flag. What we need is to change raise_mmu_exception() to prioritize it. Reported-by: Joseph Chan Fixes: 82d53adfbb ("target/riscv/cpu_helper.c: Invalid exception on MMU translation stage") Signed-off-by: Daniel Henrique Barboza Reviewed-by: Alistair Francis Message-ID: <20240413105929.7030-1-alexei.filip...@syntacore.com> Cc: qemu-stable Signed-off-by: Alistair Francis (cherry picked from commit 68e7c86927afa240fa450578cb3a4f18926153e4) Signed-off-by: Michael Tokarev diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index da1a153abf..cf97c782dd 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1162,28 +1162,30 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address, switch (access_type) { case MMU_INST_FETCH: -if (env->virt_enabled && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_INST_ACCESS_FAULT; +} else if (env->virt_enabled && !first_stage) { cs->exception_index = RISCV_EXCP_INST_GUEST_PAGE_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_INST_ACCESS_FAULT : RISCV_EXCP_INST_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_INST_PAGE_FAULT; } break; case MMU_DATA_LOAD: -if (two_stage && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT; +} else if (two_stage && !first_stage) { cs->exception_index = RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_LOAD_ACCESS_FAULT : RISCV_EXCP_LOAD_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_LOAD_PAGE_FAULT; } break; case MMU_DATA_STORE: -if (two_stage && !first_stage) { +if (pmp_violation) { +cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT; +} else if (two_stage && !first_stage) { cs->exception_index = RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT; } else { -cs->exception_index = pmp_violation ? -RISCV_EXCP_STORE_AMO_ACCESS_FAULT : -RISCV_EXCP_STORE_PAGE_FAULT; +cs->exception_index = RISCV_EXCP_STORE_PAGE_FAULT; } break; default: -- 2.39.2
[Stable-8.2.5 42/45] target/i386: fix xsave.flat from kvm-unit-tests
From: Paolo Bonzini xsave.flat checks that "executing the XSETBV instruction causes a general- protection fault (#GP) if ECX = 0 and EAX[2:1] has the value 10b". QEMU allows that option, so the test fails. Add the condition. Cc: qemu-sta...@nongnu.org Fixes: 892544317fe ("target/i386: implement XSAVE and XRSTOR of AVX registers", 2022-10-18) Reported-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 7604bbc2d87d153e65e38cf2d671a5a9a35917b1) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index 4430d3d380..580188d9b7 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -3012,6 +3012,11 @@ void helper_xsetbv(CPUX86State *env, uint32_t ecx, uint64_t mask) goto do_gpf; } +/* SSE can be disabled, but only if AVX is disabled too. */ +if ((mask & (XSTATE_SSE_MASK | XSTATE_YMM_MASK)) == XSTATE_YMM_MASK) { +goto do_gpf; +} + /* Disallow enabling unimplemented features. */ cpu_x86_cpuid(env, 0x0d, 0, _lo, , , _hi); ena = ((uint64_t)ena_hi << 32) | ena_lo; -- 2.39.2
[Stable-9.0.1 57/71] target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions
From: Max Chou According v spec 18.4, only the vfwcvt.f.f.v and vfncvt.f.f.w instructions will be affected by Zvfhmin extension. And the vfwcvt.f.f.v and vfncvt.f.f.w instructions only support the conversions of * From 1*SEW(16/32) to 2*SEW(32/64) * From 2*SEW(32/64) to 1*SEW(16/32) Signed-off-by: Max Chou Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240322092600.1198921-2-max.c...@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 17b713c0806e72cd8edc6c2ddd8acc5be0475df6) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 7d84e7d812..ef568e263d 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -50,6 +50,22 @@ static bool require_rvf(DisasContext *s) } } +static bool require_rvfmin(DisasContext *s) +{ +if (s->mstatus_fs == EXT_STATUS_DISABLED) { +return false; +} + +switch (s->sew) { +case MO_16: +return s->cfg_ptr->ext_zvfhmin; +case MO_32: +return s->cfg_ptr->ext_zve32f; +default: +return false; +} +} + static bool require_scale_rvf(DisasContext *s) { if (s->mstatus_fs == EXT_STATUS_DISABLED) { @@ -75,8 +91,6 @@ static bool require_scale_rvfmin(DisasContext *s) } switch (s->sew) { -case MO_8: -return s->cfg_ptr->ext_zvfhmin; case MO_16: return s->cfg_ptr->ext_zve32f; case MO_32: @@ -2685,6 +2699,7 @@ static bool opxfv_widen_check(DisasContext *s, arg_rmr *a) static bool opffv_widen_check(DisasContext *s, arg_rmr *a) { return opfv_widen_check(s, a) && + require_rvfmin(s) && require_scale_rvfmin(s) && (s->sew != MO_8); } @@ -2790,6 +2805,7 @@ static bool opfxv_narrow_check(DisasContext *s, arg_rmr *a) static bool opffv_narrow_check(DisasContext *s, arg_rmr *a) { return opfv_narrow_check(s, a) && + require_rvfmin(s) && require_scale_rvfmin(s) && (s->sew != MO_8); } -- 2.39.2
[Stable-9.0.1 55/71] target/riscv: Fix the element agnostic function problem
From: Huang Tao In RVV and vcrypto instructions, the masked and tail elements are set to 1s using vext_set_elems_1s function if the vma/vta bit is set. It is the element agnostic policy. However, this function can't deal the big endian situation. This patch fixes the problem by adding handling of such case. Signed-off-by: Huang Tao Suggested-by: Richard Henderson Reviewed-by: LIU Zhiwei Cc: qemu-stable Message-ID: <20240325021654.6594-1-eric.hu...@linux.alibaba.com> Signed-off-by: Alistair Francis (cherry picked from commit 75115d880c6d396f8a2d56aab8c12236d85a90e0) Signed-off-by: Michael Tokarev diff --git a/target/riscv/vector_internals.c b/target/riscv/vector_internals.c index 996c21eb31..05b2d01e58 100644 --- a/target/riscv/vector_internals.c +++ b/target/riscv/vector_internals.c @@ -30,6 +30,28 @@ void vext_set_elems_1s(void *base, uint32_t is_agnostic, uint32_t cnt, if (tot - cnt == 0) { return ; } + +if (HOST_BIG_ENDIAN) { +/* + * Deal the situation when the elements are insdie + * only one uint64 block including setting the + * masked-off element. + */ +if (((tot - 1) ^ cnt) < 8) { +memset(base + H1(tot - 1), -1, tot - cnt); +return; +} +/* + * Otherwise, at least cross two uint64_t blocks. + * Set first unaligned block. + */ +if (cnt % 8 != 0) { +uint32_t j = ROUND_UP(cnt, 8); +memset(base + H1(j - 1), -1, j - cnt); +cnt = j; +} +/* Set other 64bit aligend blocks */ +} memset(base + cnt, -1, tot - cnt); } -- 2.39.2
[Stable-8.2.5 30/45] target/riscv/kvm: tolerate KVM disable ext errors
From: Daniel Henrique Barboza Running a KVM guest using a 6.9-rc3 kernel, in a 6.8 host that has zkr enabled, will fail with a kernel oops SIGILL right at the start. The reason is that we can't expose zkr without implementing the SEED CSR. Disabling zkr in the guest would be a workaround, but if the KVM doesn't allow it we'll error out and never boot. In hindsight this is too strict. If we keep proceeding, despite not disabling the extension in the KVM vcpu, we'll not add the extension in the riscv,isa. The guest kernel will be unaware of the extension, i.e. it doesn't matter if the KVM vcpu has it enabled underneath or not. So it's ok to keep booting in this case. Change our current logic to not error out if we fail to disable an extension in kvm_set_one_reg(), but show a warning and keep booting. It is important to throw a warning because we must make the user aware that the extension is still available in the vcpu, meaning that an ill-behaved guest can ignore the riscv,isa settings and use the extension. The case we're handling happens with an EINVAL error code. If we fail to disable the extension in KVM for any other reason, error out. We'll also keep erroring out when we fail to enable an extension in KVM, since adding the extension in riscv,isa at this point will cause a guest malfunction because the extension isn't enabled in the vcpu. Suggested-by: Andrew Jones Signed-off-by: Daniel Henrique Barboza Reviewed-by: Andrew Jones Cc: qemu-stable Message-ID: <20240422171425.333037-2-dbarb...@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit 1215d45b2aa97512a2867e401aa59f3d0c23cb23) Signed-off-by: Michael Tokarev diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index ddbe820e10..fa00b14269 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -379,10 +379,14 @@ static void kvm_riscv_update_cpu_cfg_isa_ext(RISCVCPU *cpu, CPUState *cs) reg = kvm_cpu_cfg_get(cpu, multi_ext_cfg); ret = kvm_set_one_reg(cs, id, ); if (ret != 0) { -error_report("Unable to %s extension %s in KVM, error %d", - reg ? "enable" : "disable", - multi_ext_cfg->name, ret); -exit(EXIT_FAILURE); +if (!reg && ret == -EINVAL) { +warn_report("KVM cannot disable extension %s", +multi_ext_cfg->name); +} else { +error_report("Unable to enable extension %s in KVM, error %d", + multi_ext_cfg->name, ret); +exit(EXIT_FAILURE); +} } } } -- 2.39.2
[Stable-8.2.5 28/45] iotests: test NBD+TLS+iothread
From: Eric Blake Prevent regressions when using NBD with TLS in the presence of iothreads, adding coverage the fix to qio channels made in the previous patch. The shell function pick_unused_port() was copied from nbdkit.git/tests/functions.sh.in, where it had all authors from Red Hat, agreeing to the resulting relicensing from 2-clause BSD to GPLv2. CC: qemu-sta...@nongnu.org CC: "Richard W.M. Jones" Signed-off-by: Eric Blake Message-ID: <20240531180639.1392905-6-ebl...@redhat.com> Reviewed-by: Daniel P. Berrangé (cherry picked from commit a73c99378022ebb785481e84cfe1e81097546268) Signed-off-by: Michael Tokarev diff --git a/tests/qemu-iotests/tests/nbd-tls-iothread b/tests/qemu-iotests/tests/nbd-tls-iothread new file mode 100755 index 00..a2fb07206e --- /dev/null +++ b/tests/qemu-iotests/tests/nbd-tls-iothread @@ -0,0 +1,168 @@ +#!/usr/bin/env bash +# group: rw quick +# +# Test of NBD+TLS+iothread +# +# Copyright (C) 2024 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# creator +owner=ebl...@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +status=1# failure is the default! + +_cleanup() +{ +_cleanup_qemu +_cleanup_test_img +rm -f "$dst_image" +tls_x509_cleanup +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +cd .. +. ./common.rc +. ./common.filter +. ./common.qemu +. ./common.tls +. ./common.nbd + +_supported_fmt qcow2 # Hardcoded to qcow2 command line and QMP below +_supported_proto file + +# pick_unused_port +# +# Picks and returns an "unused" port, setting the global variable +# $port. +# +# This is inherently racy, but we need it because qemu does not currently +# permit NBD+TLS over a Unix domain socket +pick_unused_port () +{ +if ! (ss --version) >/dev/null 2>&1; then +_notrun "ss utility required, skipped this test" +fi + +# Start at a random port to make it less likely that two parallel +# tests will conflict. +port=$(( 5 + (RANDOM%15000) )) +while ss -ltn | grep -sqE ":$port\b"; do +((port++)) +if [ $port -eq 65000 ]; then port=5; fi +done +echo picked unused port +} + +tls_x509_init + +size=1G +DST_IMG="$TEST_DIR/dst.qcow2" + +echo +echo "== preparing TLS creds and spare port ==" + +pick_unused_port +tls_x509_create_root_ca "ca1" +tls_x509_create_server "ca1" "server1" +tls_x509_create_client "ca1" "client1" +tls_obj_base=tls-creds-x509,id=tls0,verify-peer=true,dir="${tls_dir}" + +echo +echo "== preparing image ==" + +_make_test_img $size +$QEMU_IMG create -f qcow2 "$DST_IMG" $size | _filter_img_create + +echo +echo === Starting Src QEMU === +echo + +_launch_qemu -machine q35 \ +-object iothread,id=iothread0 \ +-object "${tls_obj_base}"/client1,endpoint=client \ +-device '{"driver":"pcie-root-port", "id":"root0", "multifunction":true, + "bus":"pcie.0"}' \ +-device '{"driver":"virtio-scsi-pci", "id":"virtio_scsi_pci0", + "bus":"root0", "iothread":"iothread0"}' \ +-device '{"driver":"scsi-hd", "id":"image1", "drive":"drive_image1", + "bus":"virtio_scsi_pci0.0"}' \ +-blockdev '{"driver":"file", "cache":{"direct":true, "no-flush":false}, +"filename":"'"$TEST_IMG"'", "node-name":"drive_sys1"}' \ +-blockdev '{"driver":"qcow2", "node-name":"drive_image1", +"file":"drive_sys1"}' +h1=$QEMU_HANDLE +_send_qemu_cmd $h1 '{"execute": "qmp_capabilities"}' 'return' + +echo +echo === Starting Dst VM2 === +echo + +_launch_qemu -machine q35 \ +-object iothread,id=iothread0 \ +-object "${tls_obj_base}"/server1,endpoint=server \ +-device '{"driver":"pcie-root-port", "id":"root0
[Stable-8.2.5 20/45] gitlab: Update msys2-64bit runner tags
From: Richard Henderson Gitlab has deprecated and removed support for windows-1809 and shared-windows. Update to saas-windows-medium-amd64 per https://about.gitlab.com/blog/2024/01/22/windows-2022-support-for-gitlab-saas-runners/ Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Tested-by: Thomas Huth Message-Id: <20240507175356.281618-1-richard.hender...@linaro.org> (cherry picked from commit 36fa7c686e9eac490002ffc439c4affaa352c17c) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml index 8fc08218d2..c6251ebbb8 100644 --- a/.gitlab-ci.d/windows.yml +++ b/.gitlab-ci.d/windows.yml @@ -1,9 +1,7 @@ .shared_msys2_builder: extends: .base_job_template tags: - - shared-windows - - windows - - windows-1809 + - saas-windows-medium-amd64 cache: key: "$CI_JOB_NAME" paths: -- 2.39.2
[Stable-9.0.1 51/71] iotests: test NBD+TLS+iothread
From: Eric Blake Prevent regressions when using NBD with TLS in the presence of iothreads, adding coverage the fix to qio channels made in the previous patch. The shell function pick_unused_port() was copied from nbdkit.git/tests/functions.sh.in, where it had all authors from Red Hat, agreeing to the resulting relicensing from 2-clause BSD to GPLv2. CC: qemu-sta...@nongnu.org CC: "Richard W.M. Jones" Signed-off-by: Eric Blake Message-ID: <20240531180639.1392905-6-ebl...@redhat.com> Reviewed-by: Daniel P. Berrangé (cherry picked from commit a73c99378022ebb785481e84cfe1e81097546268) Signed-off-by: Michael Tokarev diff --git a/tests/qemu-iotests/tests/nbd-tls-iothread b/tests/qemu-iotests/tests/nbd-tls-iothread new file mode 100755 index 00..a2fb07206e --- /dev/null +++ b/tests/qemu-iotests/tests/nbd-tls-iothread @@ -0,0 +1,168 @@ +#!/usr/bin/env bash +# group: rw quick +# +# Test of NBD+TLS+iothread +# +# Copyright (C) 2024 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# creator +owner=ebl...@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +status=1# failure is the default! + +_cleanup() +{ +_cleanup_qemu +_cleanup_test_img +rm -f "$dst_image" +tls_x509_cleanup +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +cd .. +. ./common.rc +. ./common.filter +. ./common.qemu +. ./common.tls +. ./common.nbd + +_supported_fmt qcow2 # Hardcoded to qcow2 command line and QMP below +_supported_proto file + +# pick_unused_port +# +# Picks and returns an "unused" port, setting the global variable +# $port. +# +# This is inherently racy, but we need it because qemu does not currently +# permit NBD+TLS over a Unix domain socket +pick_unused_port () +{ +if ! (ss --version) >/dev/null 2>&1; then +_notrun "ss utility required, skipped this test" +fi + +# Start at a random port to make it less likely that two parallel +# tests will conflict. +port=$(( 5 + (RANDOM%15000) )) +while ss -ltn | grep -sqE ":$port\b"; do +((port++)) +if [ $port -eq 65000 ]; then port=5; fi +done +echo picked unused port +} + +tls_x509_init + +size=1G +DST_IMG="$TEST_DIR/dst.qcow2" + +echo +echo "== preparing TLS creds and spare port ==" + +pick_unused_port +tls_x509_create_root_ca "ca1" +tls_x509_create_server "ca1" "server1" +tls_x509_create_client "ca1" "client1" +tls_obj_base=tls-creds-x509,id=tls0,verify-peer=true,dir="${tls_dir}" + +echo +echo "== preparing image ==" + +_make_test_img $size +$QEMU_IMG create -f qcow2 "$DST_IMG" $size | _filter_img_create + +echo +echo === Starting Src QEMU === +echo + +_launch_qemu -machine q35 \ +-object iothread,id=iothread0 \ +-object "${tls_obj_base}"/client1,endpoint=client \ +-device '{"driver":"pcie-root-port", "id":"root0", "multifunction":true, + "bus":"pcie.0"}' \ +-device '{"driver":"virtio-scsi-pci", "id":"virtio_scsi_pci0", + "bus":"root0", "iothread":"iothread0"}' \ +-device '{"driver":"scsi-hd", "id":"image1", "drive":"drive_image1", + "bus":"virtio_scsi_pci0.0"}' \ +-blockdev '{"driver":"file", "cache":{"direct":true, "no-flush":false}, +"filename":"'"$TEST_IMG"'", "node-name":"drive_sys1"}' \ +-blockdev '{"driver":"qcow2", "node-name":"drive_image1", +"file":"drive_sys1"}' +h1=$QEMU_HANDLE +_send_qemu_cmd $h1 '{"execute": "qmp_capabilities"}' 'return' + +echo +echo === Starting Dst VM2 === +echo + +_launch_qemu -machine q35 \ +-object iothread,id=iothread0 \ +-object "${tls_obj_base}"/server1,endpoint=server \ +-device '{"driver":"pcie-root-port", "id":"root0
[Stable-8.2.5 29/45] hw/intc/riscv_aplic: APLICs should add child earlier than realize
From: "yang.zhang" Since only root APLICs can have hw IRQ lines, aplic->parent should be initialized first. Fixes: e8f79343cf ("hw/intc: Add RISC-V AIA APLIC device emulation") Reviewed-by: Daniel Henrique Barboza Signed-off-by: yang.zhang Cc: qemu-stable Message-ID: <20240409014445.278-1-gaoshanliu...@163.com> Signed-off-by: Alistair Francis (cherry picked from commit c76b121840c6ca79dc6305a5f4bcf17c72217d9c) Signed-off-by: Michael Tokarev diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c index 6e816e33bf..ab23399a8d 100644 --- a/hw/intc/riscv_aplic.c +++ b/hw/intc/riscv_aplic.c @@ -975,16 +975,16 @@ DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size, qdev_prop_set_bit(dev, "msimode", msimode); qdev_prop_set_bit(dev, "mmode", mmode); +if (parent) { +riscv_aplic_add_child(parent, dev); +} + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); if (!is_kvm_aia(msimode)) { sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); } -if (parent) { -riscv_aplic_add_child(parent, dev); -} - if (!msimode) { for (i = 0; i < num_harts; i++) { CPUState *cpu = cpu_by_arch_id(hartid_base + i); -- 2.39.2
[Stable-9.0.1 67/71] target/i386: fix xsave.flat from kvm-unit-tests
From: Paolo Bonzini xsave.flat checks that "executing the XSETBV instruction causes a general- protection fault (#GP) if ECX = 0 and EAX[2:1] has the value 10b". QEMU allows that option, so the test fails. Add the condition. Cc: qemu-sta...@nongnu.org Fixes: 892544317fe ("target/i386: implement XSAVE and XRSTOR of AVX registers", 2022-10-18) Reported-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 7604bbc2d87d153e65e38cf2d671a5a9a35917b1) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index 4b965a5d6c..0747e8fd40 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -3010,6 +3010,11 @@ void helper_xsetbv(CPUX86State *env, uint32_t ecx, uint64_t mask) goto do_gpf; } +/* SSE can be disabled, but only if AVX is disabled too. */ +if ((mask & (XSTATE_SSE_MASK | XSTATE_YMM_MASK)) == XSTATE_YMM_MASK) { +goto do_gpf; +} + /* Disallow enabling unimplemented features. */ cpu_x86_cpuid(env, 0x0d, 0, _lo, , , _hi); ena = ((uint64_t)ena_hi << 32) | ena_lo; -- 2.39.2
[Stable-7.2.12 25/29] disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
From: Alistair Francis Previously we only listed a single pmpcfg CSR and the first 16 pmpaddr CSRs. This patch fixes this to list all 16 pmpcfg and all 64 pmpaddr CSRs are part of the disassembly. Reported-by: Eric DeVolder Signed-off-by: Alistair Francis Fixes: ea10325917 ("RISC-V Disassembler") Reviewed-by: Daniel Henrique Barboza Cc: qemu-stable Message-ID: <20240514051615.330979-1-alistair.fran...@wdc.com> Signed-off-by: Alistair Francis (cherry picked from commit 915758c537b5fe09575291f4acd87e2d377a93de) Signed-off-by: Michael Tokarev diff --git a/disas/riscv.c b/disas/riscv.c index dee4e580a0..42399867a1 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -2159,7 +2159,22 @@ static const char *csr_name(int csrno) case 0x0383: return "mibound"; case 0x0384: return "mdbase"; case 0x0385: return "mdbound"; -case 0x03a0: return "pmpcfg3"; +case 0x03a0: return "pmpcfg0"; +case 0x03a1: return "pmpcfg1"; +case 0x03a2: return "pmpcfg2"; +case 0x03a3: return "pmpcfg3"; +case 0x03a4: return "pmpcfg4"; +case 0x03a5: return "pmpcfg5"; +case 0x03a6: return "pmpcfg6"; +case 0x03a7: return "pmpcfg7"; +case 0x03a8: return "pmpcfg8"; +case 0x03a9: return "pmpcfg9"; +case 0x03aa: return "pmpcfg10"; +case 0x03ab: return "pmpcfg11"; +case 0x03ac: return "pmpcfg12"; +case 0x03ad: return "pmpcfg13"; +case 0x03ae: return "pmpcfg14"; +case 0x03af: return "pmpcfg15"; case 0x03b0: return "pmpaddr0"; case 0x03b1: return "pmpaddr1"; case 0x03b2: return "pmpaddr2"; @@ -2176,6 +2191,54 @@ static const char *csr_name(int csrno) case 0x03bd: return "pmpaddr13"; case 0x03be: return "pmpaddr14"; case 0x03bf: return "pmpaddr15"; +case 0x03c0: return "pmpaddr16"; +case 0x03c1: return "pmpaddr17"; +case 0x03c2: return "pmpaddr18"; +case 0x03c3: return "pmpaddr19"; +case 0x03c4: return "pmpaddr20"; +case 0x03c5: return "pmpaddr21"; +case 0x03c6: return "pmpaddr22"; +case 0x03c7: return "pmpaddr23"; +case 0x03c8: return "pmpaddr24"; +case 0x03c9: return "pmpaddr25"; +case 0x03ca: return "pmpaddr26"; +case 0x03cb: return "pmpaddr27"; +case 0x03cc: return "pmpaddr28"; +case 0x03cd: return "pmpaddr29"; +case 0x03ce: return "pmpaddr30"; +case 0x03cf: return "pmpaddr31"; +case 0x03d0: return "pmpaddr32"; +case 0x03d1: return "pmpaddr33"; +case 0x03d2: return "pmpaddr34"; +case 0x03d3: return "pmpaddr35"; +case 0x03d4: return "pmpaddr36"; +case 0x03d5: return "pmpaddr37"; +case 0x03d6: return "pmpaddr38"; +case 0x03d7: return "pmpaddr39"; +case 0x03d8: return "pmpaddr40"; +case 0x03d9: return "pmpaddr41"; +case 0x03da: return "pmpaddr42"; +case 0x03db: return "pmpaddr43"; +case 0x03dc: return "pmpaddr44"; +case 0x03dd: return "pmpaddr45"; +case 0x03de: return "pmpaddr46"; +case 0x03df: return "pmpaddr47"; +case 0x03e0: return "pmpaddr48"; +case 0x03e1: return "pmpaddr49"; +case 0x03e2: return "pmpaddr50"; +case 0x03e3: return "pmpaddr51"; +case 0x03e4: return "pmpaddr52"; +case 0x03e5: return "pmpaddr53"; +case 0x03e6: return "pmpaddr54"; +case 0x03e7: return "pmpaddr55"; +case 0x03e8: return "pmpaddr56"; +case 0x03e9: return "pmpaddr57"; +case 0x03ea: return "pmpaddr58"; +case 0x03eb: return "pmpaddr59"; +case 0x03ec: return "pmpaddr60"; +case 0x03ed: return "pmpaddr61"; +case 0x03ee: return "pmpaddr62"; +case 0x03ef: return "pmpaddr63"; case 0x0780: return "mtohost"; case 0x0781: return "mfromhost"; case 0x0782: return "mreset"; -- 2.39.2
[Stable-7.2.12 27/29] target/i386: fix SSE and SSE2 feature check
From: Xinyu Li Features check of CPUID_SSE and CPUID_SSE2 should use cpuid_features, rather than cpuid_ext_features. Signed-off-by: Xinyu Li Reviewed-by: Zhao Liu Message-ID: <20240602100904.2137939-1-lixinyu...@ict.ac.cn> Signed-off-by: Paolo Bonzini (cherry picked from commit da7c95920d027dbb00c6879c1da0216b19509191) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 528e2fdfbb..1dfc368456 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1418,9 +1418,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid) case X86_FEAT_PCLMULQDQ: return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ); case X86_FEAT_SSE: -return (s->cpuid_ext_features & CPUID_SSE); +return (s->cpuid_features & CPUID_SSE); case X86_FEAT_SSE2: -return (s->cpuid_ext_features & CPUID_SSE2); +return (s->cpuid_features & CPUID_SSE2); case X86_FEAT_SSE3: return (s->cpuid_ext_features & CPUID_EXT_SSE3); case X86_FEAT_SSSE3: -- 2.39.2
[Stable-9.0.1 45/71] gitlab: use $MAKE instead of 'make'
From: Daniel P. Berrangé The lcitool generated containers have '$MAKE' set to the path of the right 'make' binary. Using the env variable makes it possible to override the choice per job. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240513111551.488088-3-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit c53f7a107879a2b7e719b07692a05289bf603fde) Signed-off-by: Michael Tokarev diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml index 22045add80..278a5ea966 100644 --- a/.gitlab-ci.d/buildtest-template.yml +++ b/.gitlab-ci.d/buildtest-template.yml @@ -26,10 +26,10 @@ then pyvenv/bin/meson configure . -Dbackend_max_links="$LD_JOBS" ; fi || exit 1; -- make -j"$JOBS" +- $MAKE -j"$JOBS" - if test -n "$MAKE_CHECK_ARGS"; then -make -j"$JOBS" $MAKE_CHECK_ARGS ; +$MAKE -j"$JOBS" $MAKE_CHECK_ARGS ; fi - ccache --show-stats @@ -60,7 +60,7 @@ - cd build - find . -type f -exec touch {} + # Avoid recompiling by hiding ninja with NINJA=":" -- make NINJA=":" $MAKE_CHECK_ARGS +- $MAKE NINJA=":" $MAKE_CHECK_ARGS .native_test_job_template: extends: .common_test_job_template -- 2.39.2
Re: [PATCH] spapr: Migrate ail-mode-3 spapr cap
06.05.2024 14:56, Nicholas Piggin wrote: This cap did not add the migration code when it was introduced. This results in migration failure when changing the default using the command line. Cc: qemu-sta...@nongnu.org Fixes: ccc5a4c5e10 ("spapr: Add SPAPR_CAP_AIL_MODE_3 for AIL mode 3 support for H_SET_MODE hcall") Signed-off-by: Nicholas Piggin --- include/hw/ppc/spapr.h | 1 + hw/ppc/spapr.c | 1 + hw/ppc/spapr_caps.c| 1 + 3 files changed, 3 insertions(+) Hi! Has this change been forgotten? It's aimed at -stable, so must be fixing a real issue. Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PULL 00/20] Net patches
04.06.2024 10:37, Jason Wang wrote: Akihiko Odaki (18): tap: Remove tap_probe_vnet_hdr_len() tap: Remove qemu_using_vnet_hdr() net: Move virtio-net header length assertion net: Remove receive_raw() tap: Call tap_receive_iov() from tap_receive() tap: Shrink zeroed virtio-net header virtio-net: Do not propagate ebpf-rss-fds errors virtio-net: Add only one queue pair when realizing virtio-net: Copy header only when necessary virtio-net: Shrink header byte swapping buffer virtio-net: Disable RSS on reset virtio-net: Unify the logic to update NIC state for RSS virtio-net: Always set populate_hash virtio-net: Do not write hashes to peer buffer ebpf: Fix RSS error handling ebpf: Return 0 when configuration fails ebpf: Refactor tun_rss_steering_prog() ebpf: Add a separate target for skeleton Alexey Dobriyan (1): virtio-net: drop too short packets early Andrew Melnychenko (1): ebpf: Added traces back. Changed source set for eBPF to 'system'. Is there anything in there for qemu-stable? (NOT picking up without explicit mention of stable) Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: qemu CI & ccache: cache size is too small
03.06.2024 14:29, Daniel P. Berrangé wrote: Given your original job had cache of 447 MB, and new cache is 654 MB, the old cache is 68% of size of the new cache. So effectively your 63% is high 90's cache hit rate of what was present. Don't forget the way how old items are evicted from the cache. If we have N files to compile but the cache can only fit N-1 files, the cache hit ratio might be near zero - provided we compile files in the same order and oldest files gets evicted. When doing the compiles I forgot to reset cache stats before the second run (with larger cache), - the hit ratio should've been about 100% there. So we need the cache size not less than to hold WHOLE compilation plus a fine bit more so it wont evict things which can be reused in favor of changed files. This would suggest a cache size of 700 MB is more appropriate, unless some other jobs have even high usage needs. Yes, that seems right. I'd keep it at 800MB if possible. /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH] i386: removes microvm from default build since microvm doesn't support Xen accel.
03.06.2024 10:31, Vilhelm Gyda wrote: We can remove Xen from default build too. Though, I think, regardless of Xen being in our out of default build, the "depends on" change in `hw/i386/Kconfig` is essential in itself to cover the case when a user builds with Xen only. In case of a Xen only build by user, without the proposed Kconfig changes, microvm can be ran with Xen accel. Something that doesn't work currently. FWIW, I love to have some minimal xen-only build too, also microvm-only build. I do this on Debian with a few tricks plus trial-and-error when choosing which devices/features to enable/omit. 9.1 will have microvm- config already which is good. Yes, either depends or fixing microvm to work under xen is a good thing for sure. /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PATCH] i386: removes microvm from default build since microvm doesn't support Xen accel.
02.06.2024 13:38, Will Gyda wrote: i386: removes microvm from default build since microvm doesn't support Xen accel. Hm. Maybe we should remove xen from default build instead? Thanks, /mjt
Re: [PATCH v3 00/27] qemu-img: refersh options and --help handling, cleanups
A friendly ping? It took me quite some time and energy for all this. It'd be sad if it gets lost. /mjt 24.04.2024 11:50, Michael Tokarev wrote: Quite big patchset trying to implement normal, readable qemu-img --help (and qemu-img COMMAND --help) output with readable descriptions, and adding many long options in the process. In the end I stopped using qemu-img-opts.hx in qemu-img.c, perhaps this can be avoided, with only list of commands and their desrciptions kept there, but I don't see big advantage here. The same list should be included in docs/tools/qemu-img.rst, - this is not done now. Also each command syntax isn't reflected in the doc for now, because I want to give good names for options first, - and there, we've quite some inconsistences and questions. For example, measure --output=OFMT -O OFMT, - this is priceless :) I've no idea why we have this ugly --output=json thing, why not have --json? ;) I gave the desired format long name --target-format to avoid clash with --output. For rebase, src vs tgt probably should be renamed in local variables too, and I'm not even sure I've got the caches right. For caches, the thing is inconsistent across commands. For compare, I used --a-format/--b-format (for -f/-F), - this can be made --souce-format and --target-format, to compare source (file1) with target (file2). For bitmap, things are scary, I'm not sure what -b SRC_FILENAME really means, - for now I gave it --source option, but this does not make it more clear, suggestions welcome. There are many other inconsistencies, I can't fix them all in one go. Changes since v2: - added Dan's R-Bs - refined couple cvtnum conversions - dropped "stop printing error twice in a few places" Michael Tokarev (27): qemu-img: measure: convert img_size to signed, simplify handling qemu-img: create: convert img_size to signed, simplify handling qemu-img: global option processing and error printing qemu-img: pass current cmd info into command handlers qemu-img: create: refresh options/--help qemu-img: factor out parse_output_format() and use it in the code qemu-img: check: refresh options/--help qemu-img: simplify --repair error message qemu-img: commit: refresh options/--help qemu-img: compare: refresh options/--help qemu-img: convert: refresh options/--help qemu-img: info: refresh options/--help qemu-img: map: refresh options/--help qemu-img: snapshot: allow specifying -f fmt qemu-img: snapshot: make -l (list) the default, simplify option handling qemu-img: snapshot: refresh options/--help qemu-img: rebase: refresh options/--help qemu-img: resize: do not always eat last argument qemu-img: resize: refresh options/--help qemu-img: amend: refresh options/--help qemu-img: bench: refresh options/--help qemu-img: bitmap: refresh options/--help qemu-img: dd: refresh options/--help qemu-img: measure: refresh options/--help qemu-img: implement short --help, remove global help() function qemu-img: inline list of supported commands, remove qemu-img-cmds.h include qemu-img: extend cvtnum() and use it in more places docs/tools/qemu-img.rst|4 +- qemu-img-cmds.hx |4 +- qemu-img.c | 1311 ++-- tests/qemu-iotests/049.out |9 +- 4 files changed, 821 insertions(+), 507 deletions(-) -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [PULL 00/11] gitlab CI fix and glib update
15.05.2024 13:39, Daniel P. Berrangé пишет: Hi Michael, In this pull request, patches 2, 3 & 4 will be applicable to stable to fix the tsan CI job which broke with the latest GitLab software release. These are: bad7a2759c dockerfiles: add 'MAKE' env variable to remaining containers c53f7a1078 gitlab: use $MAKE instead of 'make' b563959b90 gitlab: use 'setarch -R' to workaround tsan bug I picked these up for 8.2 and 9.0, but not to 7.2 (yet), since this one needs more work. If someone can tell me which changes are also needed for 7.2, I'm all ears :) Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [Stable-8.2.5 19/21] dockerfiles: add 'MAKE' env variable to remaining containers
27.05.2024 14:30, Michael Tokarev wrote: 27.05.2024 10:24, Michael Tokarev wrote: From: Daniel P. Berrangé All the lcitool generated containers define a "MAKE" env. It will be convenient for later patches if all containers do this. This one is picked up for 8.2 by mistake, I dropped it now. It was my failed attempt to pick up some changes in CI into staging-7.2 branch. Actually it's not picked by mistake, it's picked up as the first in a 3-patch series suggested to be back-ported by Dan. So I ended up with this patch for 7.2 which doesn't apply, and 7.2 needing other changes anyway b/c it references old images which are gone now. And I got distracted by something and not picked up the other 2, neither for 8.2 nor 9.0. Let's fix this... Thanks, and please excuse me for the noise. /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: qemu CI & ccache: cache size is too small
27.05.2024 14:19, Thomas Huth wrote: On 27/05/2024 12.49, Michael Tokarev wrote: Hi! Noticed today that a rebuild of basically the same tree (a few commits apart) in CI result in just 11% hit rate of ccache: https://gitlab.com/mjt0k/qemu/-/jobs/6947445337#L5054 For me, the results look better: https://gitlab.com/thuth/qemu/-/jobs/6918599017#L4954 Yeah, it's a bit better, but still not good enough. I dunno how much changes the source had between the two runs. It still had 11 cleanups, and the cache size is at the same level. (It is an older ccache, too). while it should be near 100%. What's interesting in there is: 1) cache size is close to max cache size, and more important, 2) cleanups performed 78 so it has to remove old entries before it finished the build. Did you maybe switch between master and stable branches before that run? ... I guess that could have invalidated most of the cached files since we switched from CentOS 8 to 9 recently...? Nope, nothing else ran between the two and it was just a few source-level commits (stable-8.2 pick ups), without changing giltab/containers/etc configuration. I increased cache size to 900M and did another test run, here are the results: https://gitlab.com/mjt0k/qemu/-/jobs/6947894974#L5054 cache directory /builds/mjt0k/qemu/ccache primary config /builds/mjt0k/qemu/ccache/ccache.conf secondary config (readonly)/etc/ccache.conf stats updated Mon May 27 11:17:44 2024 stats zeroedMon May 27 11:10:22 2024 cache hit (direct) 1862 cache hit (preprocessed) 274 cache miss 1219 cache hit rate 63.67 % called for link 285 called for preprocessing 71 compiler produced empty output 5 preprocessor error 2 no input file 6 cleanups performed 0 files in cache 9948 cache size 654.6 MB max cache size 900.0 MB This is having in mind that the previous run was with CCACHE_SIZE=500M and had multiple cleanups, so 63% is actually more than I'd expect already. Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: [Stable-8.2.5 19/21] dockerfiles: add 'MAKE' env variable to remaining containers
27.05.2024 10:24, Michael Tokarev wrote: From: Daniel P. Berrangé All the lcitool generated containers define a "MAKE" env. It will be convenient for later patches if all containers do this. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240513111551.488088-2-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit bad7a2759c69417a5558f0f19d4ede58c08705e8) Signed-off-by: Michael Tokarev This one is picked up for 8.2 by mistake, I dropped it now. It was my failed attempt to pick up some changes in CI into staging-7.2 branch. Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
qemu CI & ccache: cache size is too small
Hi! Noticed today that a rebuild of basically the same tree (a few commits apart) in CI result in just 11% hit rate of ccache: https://gitlab.com/mjt0k/qemu/-/jobs/6947445337#L5054 while it should be near 100%. What's interesting in there is: 1) cache size is close to max cache size, and more important, 2) cleanups performed 78 so it has to remove old entries before it finished the build. So effectively, our ccache usage is an extra burden, not help. I should be increased at least, I think. But it's actually difficult to say really, - is the cache shared between all builds or is it unique for each build config? Because if it the former, it shouldn't even work since different ccache versions use different format of the files in cache. What's unique in my pipeline run - I ran just a single build job in two pipelines, nothing more. Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
[Stable-9.0.1 36/44] target-i386: hyper-v: Correct kvm_hv_handle_exit return value
From: donsheng This bug fix addresses the incorrect return value of kvm_hv_handle_exit for KVM_EXIT_HYPERV_SYNIC, which should be EXCP_INTERRUPT. Handling of KVM_EXIT_HYPERV_SYNIC in QEMU needs to be synchronous. This means that async_synic_update should run in the current QEMU vCPU thread before returning to KVM, returning EXCP_INTERRUPT to guarantee this. Returning 0 can cause async_synic_update to run asynchronously. One problem (kvm-unit-tests's hyperv_synic test fails with timeout error) caused by this bug: When a guest VM writes to the HV_X64_MSR_SCONTROL MSR to enable Hyper-V SynIC, a VM exit is triggered and processed by the kvm_hv_handle_exit function of the QEMU vCPU. This function then calls the async_synic_update function to set synic->sctl_enabled to true. A true value of synic->sctl_enabled is required before creating SINT routes using the hyperv_sint_route_new() function. If kvm_hv_handle_exit returns 0 for KVM_EXIT_HYPERV_SYNIC, the current QEMU vCPU thread may return to KVM and enter the guest VM before running async_synic_update. In such case, the hyperv_synic test’s subsequent call to synic_ctl(HV_TEST_DEV_SINT_ROUTE_CREATE, ...) immediately after writing to HV_X64_MSR_SCONTROL can cause QEMU’s hyperv_sint_route_new() function to return prematurely (because synic->sctl_enabled is false). If the SINT route is not created successfully, the SINT interrupt will not be fired, resulting in a timeout error in the hyperv_synic test. Fixes: 267e071bd6d6 (“hyperv: make overlay pages for SynIC”) Suggested-by: Chao Gao Signed-off-by: Dongsheng Zhang Message-ID: <20240521200114.11588-1-dongsheng.x.zh...@intel.com> Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 84d4b72854869821eb89813c195927fdd3078c12) Signed-off-by: Michael Tokarev diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c index f2a3fe650a..b94f12acc2 100644 --- a/target/i386/kvm/hyperv.c +++ b/target/i386/kvm/hyperv.c @@ -81,7 +81,7 @@ int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit) */ async_safe_run_on_cpu(CPU(cpu), async_synic_update, RUN_ON_CPU_NULL); -return 0; +return EXCP_INTERRUPT; case KVM_EXIT_HYPERV_HCALL: { uint16_t code = exit->u.hcall.input & 0x; bool fast = exit->u.hcall.input & HV_HYPERCALL_FAST; -- 2.39.2
[Stable-9.0.1 41/44] dockerfiles: add 'MAKE' env variable to remaining containers
From: Daniel P. Berrangé All the lcitool generated containers define a "MAKE" env. It will be convenient for later patches if all containers do this. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240513111551.488088-2-berra...@redhat.com> Signed-off-by: Thomas Huth (cherry picked from commit bad7a2759c69417a5558f0f19d4ede58c08705e8) Signed-off-by: Michael Tokarev diff --git a/tests/docker/dockerfiles/debian-all-test-cross.docker b/tests/docker/dockerfiles/debian-all-test-cross.docker index 2cc7a24d4d..6cc38a3633 100644 --- a/tests/docker/dockerfiles/debian-all-test-cross.docker +++ b/tests/docker/dockerfiles/debian-all-test-cross.docker @@ -68,6 +68,7 @@ RUN DEBIAN_FRONTEND=noninteractive eatmydata \ ENV QEMU_CONFIGURE_OPTS --disable-system --disable-docs --disable-tools ENV DEF_TARGET_LIST aarch64-linux-user,arm-linux-user,hppa-linux-user,i386-linux-user,m68k-linux-user,mips-linux-user,mips64-linux-user,mips64el-linux-user,mipsel-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,riscv64-linux-user,s390x-linux-user,sparc64-linux-user # As a final step configure the user (if env is defined) +ENV MAKE /usr/bin/make ARG USER ARG UID RUN if [ "${USER}" ]; then \ diff --git a/tests/docker/dockerfiles/debian-hexagon-cross.docker b/tests/docker/dockerfiles/debian-hexagon-cross.docker index 60bd8faa20..f2d40f2dee 100644 --- a/tests/docker/dockerfiles/debian-hexagon-cross.docker +++ b/tests/docker/dockerfiles/debian-hexagon-cross.docker @@ -45,6 +45,7 @@ ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers" RUN curl -#SL "$TOOLCHAIN_URL" | tar -xJC "$TOOLCHAIN_INSTALL" ENV PATH $PATH:${TOOLCHAIN_INSTALL}/${TOOLCHAIN_BASENAME}/x86_64-linux-gnu/bin +ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) ARG USER ARG UID diff --git a/tests/docker/dockerfiles/debian-legacy-test-cross.docker b/tests/docker/dockerfiles/debian-legacy-test-cross.docker index 8cc68bc912..d75e0b85e2 100644 --- a/tests/docker/dockerfiles/debian-legacy-test-cross.docker +++ b/tests/docker/dockerfiles/debian-legacy-test-cross.docker @@ -42,6 +42,7 @@ RUN /usr/bin/pip3 install tomli ENV QEMU_CONFIGURE_OPTS --disable-system --disable-docs --disable-tools ENV DEF_TARGET_LIST alpha-linux-user,sh4-linux-user +ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) ARG USER ARG UID diff --git a/tests/docker/dockerfiles/debian-loongarch-cross.docker b/tests/docker/dockerfiles/debian-loongarch-cross.docker index b25e779a2c..6a9197528b 100644 --- a/tests/docker/dockerfiles/debian-loongarch-cross.docker +++ b/tests/docker/dockerfiles/debian-loongarch-cross.docker @@ -44,6 +44,7 @@ ENV LD_LIBRARY_PATH /opt/cross-tools/lib:/opt/cross-tools/loongarch64-unknown-li ENV QEMU_CONFIGURE_OPTS --disable-system --disable-docs --disable-tools ENV DEF_TARGET_LIST loongarch64-linux-user,loongarch-softmmu +ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) ARG USER diff --git a/tests/docker/dockerfiles/debian-tricore-cross.docker b/tests/docker/dockerfiles/debian-tricore-cross.docker index c597f8e16b..16276aa21d 100644 --- a/tests/docker/dockerfiles/debian-tricore-cross.docker +++ b/tests/docker/dockerfiles/debian-tricore-cross.docker @@ -44,6 +44,7 @@ RUN curl -#SL https://github.com/bkoppelmann/package_940/releases/download/trico # This image can only build a very minimal QEMU as well as the tests ENV DEF_TARGET_LIST tricore-softmmu ENV QEMU_CONFIGURE_OPTS --disable-user --disable-tools --disable-fdt +ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) ARG USER ARG UID diff --git a/tests/docker/dockerfiles/debian-xtensa-cross.docker b/tests/docker/dockerfiles/debian-xtensa-cross.docker index 72c25d63d9..413881899b 100644 --- a/tests/docker/dockerfiles/debian-xtensa-cross.docker +++ b/tests/docker/dockerfiles/debian-xtensa-cross.docker @@ -27,6 +27,7 @@ RUN for cpu in $CPU_LIST; do \ done ENV PATH $PATH:/opt/$TOOLCHAIN_RELEASE/xtensa-dc232b-elf/bin:/opt/$TOOLCHAIN_RELEASE/xtensa-dc233c-elf/bin:/opt/$TOOLCHAIN_RELEASE/xtensa-de233_fpu-elf/bin:/opt/$TOOLCHAIN_RELEASE/xtensa-dsp3400-elf/bin +ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) ARG USER ARG UID diff --git a/tests/docker/dockerfiles/fedora-cris-cross.docker b/tests/docker/dockerfiles/fedora-cris-cross.docker index f2899af410..97c9d37ede 100644 --- a/tests/docker/dockerfiles/fedora-cris-cross.docker +++ b/tests/docker/dockerfiles/fedora-cris-cross.docker @@ -4,6 +4,7 @@ FROM registry.fedoraproject.org/fedora:33 ENV PACKAGES gcc-cris-linux-gnu +ENV MAKE /usr/bin/make RUN dnf install -y $PACKAGES RUN rpm -q $PACKAGES | sort > /packages.txt # As a final step configure the user (if env is defined) -- 2.39.2
[Stable-9.0.1 26/44] hw/remote/vfio-user: Fix config space access byte order
From: Mattias Nissler PCI config space is little-endian, so on a big-endian host we need to perform byte swaps for values as they are passed to and received from the generic PCI config space access machinery. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Stefan Hajnoczi Reviewed-by: Jagannathan Raman Signed-off-by: Mattias Nissler Message-ID: <20240507094210.300566-6-mniss...@rivosinc.com> Signed-off-by: Philippe Mathieu-Daudé (cherry picked from commit e6578f1f68a0e90789a841ada532c3e494c9a04c) Signed-off-by: Michael Tokarev diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c index d9b879e056..8dbafafb9e 100644 --- a/hw/remote/vfio-user-obj.c +++ b/hw/remote/vfio-user-obj.c @@ -281,7 +281,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, char * const buf, while (bytes > 0) { len = (bytes > pci_access_width) ? pci_access_width : bytes; if (is_write) { -memcpy(, ptr, len); +val = ldn_le_p(ptr, len); pci_host_config_write_common(o->pci_dev, offset, pci_config_size(o->pci_dev), val, len); @@ -289,7 +289,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, char * const buf, } else { val = pci_host_config_read_common(o->pci_dev, offset, pci_config_size(o->pci_dev), len); -memcpy(ptr, , len); +stn_le_p(ptr, len, val); trace_vfu_cfg_read(offset, val); } offset += len; -- 2.39.2
[Stable-9.0.1 38/44] target/loongarch/kvm: fpu save the vreg registers high 192bit
From: Song Gao On kvm side, get_fpu/set_fpu save the vreg registers high 192bits, but QEMU missing. Cc: qemu-sta...@nongnu.org Signed-off-by: Song Gao Reviewed-by: Bibo Mao Message-Id: <20240514110752.989572-1-gaos...@loongson.cn> (cherry picked from commit 07c0866103d4aa2dd83c7c3e7898843e28e3893a) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c index d630cc39cb..e2dff2b795 100644 --- a/target/loongarch/kvm/kvm.c +++ b/target/loongarch/kvm/kvm.c @@ -436,6 +436,9 @@ static int kvm_loongarch_get_regs_fp(CPUState *cs) env->fcsr0 = fpu.fcsr; for (i = 0; i < 32; i++) { env->fpr[i].vreg.UD[0] = fpu.fpr[i].val64[0]; +env->fpr[i].vreg.UD[1] = fpu.fpr[i].val64[1]; +env->fpr[i].vreg.UD[2] = fpu.fpr[i].val64[2]; +env->fpr[i].vreg.UD[3] = fpu.fpr[i].val64[3]; } for (i = 0; i < 8; i++) { env->cf[i] = fpu.fcc & 0xFF; @@ -455,6 +458,9 @@ static int kvm_loongarch_put_regs_fp(CPUState *cs) fpu.fcc = 0; for (i = 0; i < 32; i++) { fpu.fpr[i].val64[0] = env->fpr[i].vreg.UD[0]; +fpu.fpr[i].val64[1] = env->fpr[i].vreg.UD[1]; +fpu.fpr[i].val64[2] = env->fpr[i].vreg.UD[2]; +fpu.fpr[i].val64[3] = env->fpr[i].vreg.UD[3]; } for (i = 0; i < 8; i++) { -- 2.39.2
[Stable-9.0.1 33/44] ui/gtk: Check if fence_fd is equal to or greater than 0
From: Dongwon Kim 'fence_fd' needs to be validated always before being referenced And the passing condition should include '== 0' as 0 is a valid value for the file descriptor. Suggested-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Cc: Philippe Mathieu-Daudé Cc: Daniel P. Berrangé Cc: Vivek Kasireddy Signed-off-by: Dongwon Kim Message-Id: <20240508175403.3399895-2-dongwon@intel.com> (cherry picked from commit e4e62514e3cc2fc9dbae44af8b80f61c730beab4) Signed-off-by: Michael Tokarev diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c index 3af5ac5bcf..955234429d 100644 --- a/ui/gtk-egl.c +++ b/ui/gtk-egl.c @@ -99,7 +99,7 @@ void gd_egl_draw(VirtualConsole *vc) #ifdef CONFIG_GBM if (dmabuf) { egl_dmabuf_create_fence(dmabuf); -if (dmabuf->fence_fd > 0) { +if (dmabuf->fence_fd >= 0) { qemu_set_fd_handler(dmabuf->fence_fd, gd_hw_gl_flushed, NULL, vc); return; } diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c index 52dcac161e..7fffd0544e 100644 --- a/ui/gtk-gl-area.c +++ b/ui/gtk-gl-area.c @@ -86,7 +86,7 @@ void gd_gl_area_draw(VirtualConsole *vc) #ifdef CONFIG_GBM if (dmabuf) { egl_dmabuf_create_fence(dmabuf); -if (dmabuf->fence_fd > 0) { +if (dmabuf->fence_fd >= 0) { qemu_set_fd_handler(dmabuf->fence_fd, gd_hw_gl_flushed, NULL, vc); return; } diff --git a/ui/gtk.c b/ui/gtk.c index c4a9662085..f1bb838ed3 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -597,10 +597,12 @@ void gd_hw_gl_flushed(void *vcon) VirtualConsole *vc = vcon; QemuDmaBuf *dmabuf = vc->gfx.guest_fb.dmabuf; -qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL); -close(dmabuf->fence_fd); -dmabuf->fence_fd = -1; -graphic_hw_gl_block(vc->gfx.dcl.con, false); +if (dmabuf->fence_fd >= 0) { +qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL); +close(dmabuf->fence_fd); +dmabuf->fence_fd = -1; +graphic_hw_gl_block(vc->gfx.dcl.con, false); +} } /** DisplayState Callbacks (opengl version) **/ -- 2.39.2
[Stable-9.0.1 17/44] plugins: Update stale comment
From: Philippe Mathieu-Daudé "plugin_mask" was renamed as "event_mask" in commit c006147122 ("plugins: create CPUPluginState and migrate plugin_mask"). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20240427155714.53669-3-phi...@linaro.org> (cherry picked from commit e096d370ad877f8573e20266f7e843084f9611d8) Signed-off-by: Michael Tokarev diff --git a/plugins/core.c b/plugins/core.c index 11ca20e626..09c98382f5 100644 --- a/plugins/core.c +++ b/plugins/core.c @@ -373,7 +373,7 @@ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct qemu_plugin_tb *tb) struct qemu_plugin_cb *cb, *next; enum qemu_plugin_event ev = QEMU_PLUGIN_EV_VCPU_TB_TRANS; -/* no plugin_mask check here; caller should have checked */ +/* no plugin_state->event_mask check here; caller should have checked */ QLIST_FOREACH_SAFE_RCU(cb, _lists[ev], entry, next) { qemu_plugin_vcpu_tb_trans_cb_t func = cb->f.vcpu_tb_trans; -- 2.39.2
[Stable-9.0.1 25/44] hw/loongarch/virt: Fix memory leak
From: Song Gao The char pointer 'ramName' point to a block of memory, but never free it. Use 'g_autofree' to automatically free it. Resolves: Coverity CID 1544773 Fixes: 0cf1478d6 ("hw/loongarch: Add numa support") Signed-off-by: Song Gao Reviewed-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240507022239.3113987-1-gaos...@loongson.cn> Signed-off-by: Philippe Mathieu-Daudé (cherry picked from commit 54c52ec719fb8c83bbde54cb87b58688ab27c166) Signed-off-by: Michael Tokarev (Mjt: context fixup in hw/loongarch/virt.c due to missing-in-9.0 v9.0.0-266-gd771ca1c10 "hw/loongarch: Move boot functions to boot.c") diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index 441d764843..e3042af7bb 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -832,7 +832,6 @@ static void loongarch_init(MachineState *machine) const CPUArchIdList *possible_cpus; MachineClass *mc = MACHINE_GET_CLASS(machine); CPUState *cpu; -char *ramName = NULL; struct loaderparams loaderparams = { }; if (!cpu_model) { @@ -892,7 +891,7 @@ static void loongarch_init(MachineState *machine) for (i = 1; i < nb_numa_nodes; i++) { MemoryRegion *nodemem = g_new(MemoryRegion, 1); -ramName = g_strdup_printf("loongarch.node%d.ram", i); +g_autofree char *ramName = g_strdup_printf("loongarch.node%d.ram", i); memory_region_init_alias(nodemem, NULL, ramName, machine->ram, offset, numa_info[i].node_mem); memory_region_add_subregion(address_space_mem, phyAddr, nodemem); -- 2.39.2
[Stable-9.0.1 16/44] target/sh4: Fix SUBV opcode
From: Philippe Mathieu-Daudé The documentation says: SUBV Rm, RnRn - Rm -> Rn, underflow -> T The overflow / underflow can be calculated as: T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31 However we were using the incorrect: T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31 Fix by using the Rn register instead of Rm. Add tests provided by Paul Cercueil. Cc: qemu-sta...@nongnu.org Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG") Reported-by: Paul Cercueil Suggested-by: Paul Cercueil Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318 Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Yoshinori Sato Message-Id: <20240430163125.77430-3-phi...@linaro.org> (cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808) Signed-off-by: Michael Tokarev diff --git a/target/sh4/translate.c b/target/sh4/translate.c index 4a1dd0d1f4..3e013b7c7c 100644 --- a/target/sh4/translate.c +++ b/target/sh4/translate.c @@ -933,7 +933,7 @@ static void _decode_opc(DisasContext * ctx) t0 = tcg_temp_new(); tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4)); t1 = tcg_temp_new(); -tcg_gen_xor_i32(t1, t0, REG(B7_4)); +tcg_gen_xor_i32(t1, t0, REG(B11_8)); t2 = tcg_temp_new(); tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4)); tcg_gen_and_i32(t1, t1, t2); diff --git a/tests/tcg/sh4/Makefile.target b/tests/tcg/sh4/Makefile.target index 521b8b0a76..7852fa62d8 100644 --- a/tests/tcg/sh4/Makefile.target +++ b/tests/tcg/sh4/Makefile.target @@ -20,3 +20,6 @@ TESTS += test-macw test-addv: CFLAGS += -O -g TESTS += test-addv + +test-subv: CFLAGS += -O -g +TESTS += test-subv diff --git a/tests/tcg/sh4/test-subv.c b/tests/tcg/sh4/test-subv.c new file mode 100644 index 00..a3c2db96e4 --- /dev/null +++ b/tests/tcg/sh4/test-subv.c @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include +#include +#include + +static void subv(const int a, const int b, const int res, const int carry) +{ +int o = a, c; + +asm volatile("subv %2,%0\n" + "movt %1\n" + : "+r"(o), "=r"(c) : "r"(b) : ); + +if (c != carry || o != res) { +printf("SUBV %d, %d = %d/%d [T = %d/%d]\n", a, b, o, res, c, carry); +abort(); +} +} + +int main(void) +{ +subv(INT_MIN, 1, INT_MAX, 1); +subv(INT_MAX, -1, INT_MIN, 1); +subv(INT_MAX, 1, INT_MAX - 1, 0); +subv(0, 1, -1, 0); +subv(-1, -1, 0, 0); + +return 0; +} -- 2.39.2
[Stable-9.0.1 30/44] configure: quote -D options that are passed through to meson
From: Paolo Bonzini Ensure that they go through unmodified, instead of removing one layer of quoting. -D is a pretty specialized option and most options that can have spaces do not need it (for example, c_args is covered by --extra-cflags). Therefore it's unlikely that this causes actual trouble. However, a somewhat realistic failure case would be with -Dpkg_config_path and a pkg-config directory that contains spaces. Cc: qemu-sta...@nongnu.org Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 23b1f53c2c8990ed745acede171e49645af3d6d0) Signed-off-by: Michael Tokarev diff --git a/configure b/configure index 3cd736b139..b8680df1b0 100755 --- a/configure +++ b/configure @@ -762,7 +762,7 @@ for opt do --*) meson_option_parse "$opt" "$optarg" ;; # Pass through -D options to meson - -D*) meson_options="$meson_options $opt" + -D*) meson_option_add "$opt" ;; esac done -- 2.39.2
[Stable-9.0.1 42/44] target/i386: disable jmp_opt if EFLAGS.RF is 1
From: Paolo Bonzini If EFLAGS.RF is 1, special processing in gen_eob_worker() is needed and therefore goto_tb cannot be used. Suggested-by: Richard Henderson Reviewed-by: Richard Henderson Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 8225bff7c5db504f50e54ef66b079854635dba70) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b5ebff2c89..c2c5e73b3f 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -6971,7 +6971,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->cpuid_7_1_eax_features = env->features[FEAT_7_1_EAX]; dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) || -(flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK))); +(flags & (HF_RF_MASK | HF_TF_MASK | HF_INHIBIT_IRQ_MASK))); /* * If jmp_opt, we want to handle each string instruction individually. * For icount also disable repz optimization so that each iteration -- 2.39.2
[Stable-9.0.1 43/44] target/i386: no single-step exception after MOV or POP SS
From: Paolo Bonzini Intel SDM 18.3.1.4 "If an occurrence of the MOV or POP instruction loads the SS register executes with EFLAGS.TF = 1, no single-step debug exception occurs following the MOV or POP instruction." Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit f0f0136abba688a6516647a79cc91e03fad6d5d7) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index c2c5e73b3f..a55df176c6 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2817,7 +2817,7 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr) if (recheck_tf) { gen_helper_rechecking_single_step(tcg_env); tcg_gen_exit_tb(NULL, 0); -} else if (s->flags & HF_TF_MASK) { +} else if ((s->flags & HF_TF_MASK) && !inhibit) { gen_helper_single_step(tcg_env); } else if (jr && /* give irqs a chance to happen */ -- 2.39.2
[Stable-9.0.1 39/44] hw/loongarch: Fix fdt memory node wrong 'reg'
From: Song Gao The right fdt memory node like [1], not [2] [1] memory@0 { device_type = "memory"; reg = <0x00 0x00 0x00 0x1000>; }; [2] memory@0 { device_type = "memory"; reg = <0x02 0x00 0x02 0x1000>; }; Reviewed-by: Bibo Mao Signed-off-by: Song Gao Message-Id: <20240426091551.2397867-10-gaos...@loongson.cn> (cherry picked from commit b11f9814526b833b3a052be2559457b1affad7f5) Signed-off-by: Michael Tokarev diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index e3042af7bb..8f39254880 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -333,7 +333,7 @@ static void fdt_add_memory_node(MachineState *ms, char *nodename = g_strdup_printf("/memory@%" PRIx64, base); qemu_fdt_add_subnode(ms->fdt, nodename); -qemu_fdt_setprop_cells(ms->fdt, nodename, "reg", 2, base, 2, size); +qemu_fdt_setprop_cells(ms->fdt, nodename, "reg", 0, base, 0, size); qemu_fdt_setprop_string(ms->fdt, nodename, "device_type", "memory"); if (ms->numa_state && ms->numa_state->num_nodes) { -- 2.39.2
[Stable-9.0.1 28/44] target/i386: rdpkru/wrpkru are no-prefix instructions
From: Paolo Bonzini Reject 0x66/0xf3/0xf2 in front of them. Cc: qemu-sta...@nongnu.org Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini (cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index ebfee15d77..b5ebff2c89 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -6089,7 +6089,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); break; case 0xee: /* rdpkru */ -if (prefixes & PREFIX_LOCK) { +if (s->prefix & (PREFIX_LOCK | PREFIX_DATA + | PREFIX_REPZ | PREFIX_REPNZ)) { goto illegal_op; } tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); @@ -6097,7 +6098,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64); break; case 0xef: /* wrpkru */ -if (prefixes & PREFIX_LOCK) { +if (s->prefix & (PREFIX_LOCK | PREFIX_DATA + | PREFIX_REPZ | PREFIX_REPNZ)) { goto illegal_op; } tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], -- 2.39.2