[PATCH v2 3/5] hw/riscv: spike: Allow creating multiple sockets
We extend RISC-V spike machine to allow creating a multi-socket machine. Each RISC-V spike machine socket is a set of HARTs and a CLINT instance. Other peripherals are shared between all RISC-V spike machine sockets. We also update RISC-V spike machine device tree to treat each socket as a NUMA node. The number of sockets in RISC-V spike machine can be specified using the "sockets=" sub-option of QEMU "-smp" command-line option. By default, only one socket RISC-V spike machine will be created. Currently, we only allow creating upto maximum 4 sockets but this limit can be changed in future. Signed-off-by: Anup Patel --- hw/riscv/spike.c | 210 --- include/hw/riscv/spike.h | 6 +- 2 files changed, 136 insertions(+), 80 deletions(-) diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index d5e0103d89..e0bff23a23 100644 --- a/hw/riscv/spike.c +++ b/hw/riscv/spike.c @@ -64,9 +64,11 @@ static void create_fdt(SpikeState *s, const struct MemmapEntry *memmap, uint64_t mem_size, const char *cmdline) { void *fdt; -int cpu; -uint32_t *cells; -char *nodename; +int cpu, socket; +uint32_t *clint_cells; +unsigned long clint_addr; +uint32_t cpu_phandle, intc_phandle, phandle = 1; +char *name, *clint_name, *clust_name, *core_name, *cpu_name, *intc_name; fdt = s->fdt = create_device_tree(>fdt_size); if (!fdt) { @@ -88,68 +90,87 @@ static void create_fdt(SpikeState *s, const struct MemmapEntry *memmap, qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2); -nodename = g_strdup_printf("/memory@%lx", -(long)memmap[SPIKE_DRAM].base); -qemu_fdt_add_subnode(fdt, nodename); -qemu_fdt_setprop_cells(fdt, nodename, "reg", +name = g_strdup_printf("/memory@%lx", (long)memmap[SPIKE_DRAM].base); +qemu_fdt_add_subnode(fdt, name); +qemu_fdt_setprop_cells(fdt, name, "reg", memmap[SPIKE_DRAM].base >> 32, memmap[SPIKE_DRAM].base, mem_size >> 32, mem_size); -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); -g_free(nodename); +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); +g_free(name); qemu_fdt_add_subnode(fdt, "/cpus"); qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", SIFIVE_CLINT_TIMEBASE_FREQ); qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { -nodename = g_strdup_printf("/cpus/cpu@%d", cpu); -char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu); -char *isa = riscv_isa_string(>soc.harts[cpu]); -qemu_fdt_add_subnode(fdt, nodename); +for (socket = (s->num_socs - 1); socket >= 0; socket--) { +clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket); +qemu_fdt_add_subnode(fdt, clust_name); + +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4); + +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) { +cpu_phandle = phandle++; + +cpu_name = g_strdup_printf("/cpus/cpu@%d", +s->soc[socket].hartid_base + cpu); +qemu_fdt_add_subnode(fdt, cpu_name); #if defined(TARGET_RISCV32) -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv32"); +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv32"); #else -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48"); +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv48"); #endif -qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa); -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv"); -qemu_fdt_setprop_string(fdt, nodename, "status", "okay"); -qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu); -qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu"); -qemu_fdt_add_subnode(fdt, intc); -qemu_fdt_setprop_cell(fdt, intc, "phandle", 1); -qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc"); -qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0); -qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1); -g_free(isa); -g_free(intc); -g_free(nodename); -} +name = riscv_isa_string(>soc[socket].harts[cpu]); +qemu_fdt_setprop_string(fdt, cpu_name, "riscv,isa", name); +g_free(name); +qemu_fdt_setprop_string(fdt, cpu_name, "compatible", "riscv"); +qemu_fdt_setprop_string(fdt, cpu_name, "status", "okay"); +qemu_fdt_setprop_cell(fdt, cpu_name, "reg", +s->soc[socket].hartid_base + cpu); +qemu_fdt_setprop_string(fdt, cpu_name, "device_type", "cpu"); +
[PATCH v2 4/5] hw/riscv: Allow creating multiple instances of PLIC
We extend PLIC emulation to allow multiple instances of PLIC in a QEMU RISC-V machine. To achieve this, we remove first HART id zero assumption from PLIC emulation. Signed-off-by: Anup Patel Reviewed-by: Palmer Dabbelt Reviewed-by: Alistair Francis --- hw/riscv/sifive_e.c| 2 +- hw/riscv/sifive_plic.c | 24 +--- hw/riscv/sifive_u.c| 2 +- hw/riscv/virt.c| 2 +- include/hw/riscv/sifive_plic.h | 12 +++- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c index 1c3b37d0ba..bd122e71ae 100644 --- a/hw/riscv/sifive_e.c +++ b/hw/riscv/sifive_e.c @@ -152,7 +152,7 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, Error **errp) /* MMIO */ s->plic = sifive_plic_create(memmap[SIFIVE_E_PLIC].base, -(char *)SIFIVE_E_PLIC_HART_CONFIG, +(char *)SIFIVE_E_PLIC_HART_CONFIG, 0, SIFIVE_E_PLIC_NUM_SOURCES, SIFIVE_E_PLIC_NUM_PRIORITIES, SIFIVE_E_PLIC_PRIORITY_BASE, diff --git a/hw/riscv/sifive_plic.c b/hw/riscv/sifive_plic.c index c1e04cbb98..f88bb48053 100644 --- a/hw/riscv/sifive_plic.c +++ b/hw/riscv/sifive_plic.c @@ -352,6 +352,7 @@ static const MemoryRegionOps sifive_plic_ops = { static Property sifive_plic_properties[] = { DEFINE_PROP_STRING("hart-config", SiFivePLICState, hart_config), +DEFINE_PROP_UINT32("hartid-base", SiFivePLICState, hartid_base, 0), DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 0), DEFINE_PROP_UINT32("num-priorities", SiFivePLICState, num_priorities, 0), DEFINE_PROP_UINT32("priority-base", SiFivePLICState, priority_base, 0), @@ -400,10 +401,12 @@ static void parse_hart_config(SiFivePLICState *plic) } hartid++; -/* store hart/mode combinations */ plic->num_addrs = addrid; +plic->num_harts = hartid; + +/* store hart/mode combinations */ plic->addr_config = g_new(PLICAddr, plic->num_addrs); -addrid = 0, hartid = 0; +addrid = 0, hartid = plic->hartid_base; p = plic->hart_config; while ((c = *p++)) { if (c == ',') { @@ -429,8 +432,6 @@ static void sifive_plic_irq_request(void *opaque, int irq, int level) static void sifive_plic_realize(DeviceState *dev, Error **errp) { -MachineState *ms = MACHINE(qdev_get_machine()); -unsigned int smp_cpus = ms->smp.cpus; SiFivePLICState *plic = SIFIVE_PLIC(dev); int i; @@ -451,8 +452,8 @@ static void sifive_plic_realize(DeviceState *dev, Error **errp) * lost a interrupt in the case a PLIC is attached. The SEIP bit must be * hardware controlled when a PLIC is attached. */ -for (i = 0; i < smp_cpus; i++) { -RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(i)); +for (i = 0; i < plic->num_harts; i++) { +RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(plic->hartid_base + i)); if (riscv_cpu_claim_interrupts(cpu, MIP_SEIP) < 0) { error_report("SEIP already claimed"); exit(1); @@ -488,16 +489,17 @@ type_init(sifive_plic_register_types) * Create PLIC device. */ DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, -uint32_t num_sources, uint32_t num_priorities, -uint32_t priority_base, uint32_t pending_base, -uint32_t enable_base, uint32_t enable_stride, -uint32_t context_base, uint32_t context_stride, -uint32_t aperture_size) +uint32_t hartid_base, uint32_t num_sources, +uint32_t num_priorities, uint32_t priority_base, +uint32_t pending_base, uint32_t enable_base, +uint32_t enable_stride, uint32_t context_base, +uint32_t context_stride, uint32_t aperture_size) { DeviceState *dev = qdev_create(NULL, TYPE_SIFIVE_PLIC); assert(enable_stride == (enable_stride & -enable_stride)); assert(context_stride == (context_stride & -context_stride)); qdev_prop_set_string(dev, "hart-config", hart_config); +qdev_prop_set_uint32(dev, "hartid-base", hartid_base); qdev_prop_set_uint32(dev, "num-sources", num_sources); qdev_prop_set_uint32(dev, "num-priorities", num_priorities); qdev_prop_set_uint32(dev, "priority-base", priority_base); diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index c193761916..53e48e2ff5 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -586,7 +586,7 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, Error **errp) /* MMIO */ s->plic = sifive_plic_create(memmap[SIFIVE_U_PLIC].base, -plic_hart_config, +plic_hart_config, 0, SIFIVE_U_PLIC_NUM_SOURCES, SIFIVE_U_PLIC_NUM_PRIORITIES, SIFIVE_U_PLIC_PRIORITY_BASE, diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index 51afe7e23b..421815081d 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -584,7 +584,7 @@ static void riscv_virt_board_init(MachineState *machine) /* MMIO */ s->plic = sifive_plic_create(memmap[VIRT_PLIC].base, -plic_hart_config, +
[PATCH v2 1/5] hw: Add sockets_specified field in CpuTopology
When "sockets" sub-option of "-smp" option is not specified, the smp_parse() function will assume one CPU per-socket and set the number of sockets equal to number of CPUs. This is counter-intuitive and we should allow machine emulation to decide default number of sockets when "sockets" sub-option is not specified. To achieve this, we add boolean flag sockets_specified in struct CpuTopology which tells machine emulation whether the "sockets" sub-option was specified in command-line. Signed-off-by: Anup Patel --- hw/core/machine.c | 2 ++ include/hw/boards.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index bb3a7b18b1..fd5ef5a4bb 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -706,6 +706,8 @@ static void smp_parse(MachineState *ms, QemuOpts *opts) unsigned cores = qemu_opt_get_number(opts, "cores", 0); unsigned threads = qemu_opt_get_number(opts, "threads", 0); + ms->smp.sockets_specified = (sockets == 0) ? false : true; + /* compute missing values, prefer sockets over cores over threads */ if (cpus == 0 || sockets == 0) { cores = cores > 0 ? cores : 1; diff --git a/include/hw/boards.h b/include/hw/boards.h index 18815d9be2..59b28ada65 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -244,6 +244,7 @@ typedef struct DeviceMemoryState { * @cores: the number of cores in one package * @threads: the number of threads in one core * @sockets: the number of sockets on the machine + * @sockets_specified: the number of sockets were specified for the machine * @max_cpus: the maximum number of logical processors on the machine */ typedef struct CpuTopology { @@ -251,6 +252,7 @@ typedef struct CpuTopology { unsigned int cores; unsigned int threads; unsigned int sockets; +bool sockets_specified; unsigned int max_cpus; } CpuTopology; -- 2.25.1
[PATCH v2 0/5] RISC-V multi-socket support
This series adds multi-socket support for RISC-V virt machine and RISC-V spike machine. The multi-socket support will help us improve various RISC-V operating systems, firmwares, and bootloader to support RISC-V NUMA systems. These patch can be found in riscv_multi_socket_v2 branch at: https://github.com/avpatel/qemu.git To try this patches, we will need: Linux multi-PLIC improvements support which can be found in plic_imp_v2 branch at: https://github.com/avpatel/linux.git Changes since v1: - Fixed checkpatch errors and warnings - Added PATCH1 for knowning whether "sockets" sub-option was specified - Remove SPIKE_CPUS_PER_SOCKET_MIN and SPIKE_CPUS_PER_SOCKET_MAX in PATCH3 - Remove VIRT_CPUS_PER_SOCKET_MIN and VIRT_CPUS_PER_SOCKET_MAX in PATCH5 Anup Patel (5): hw: Add sockets_specified field in CpuTopology hw/riscv: Allow creating multiple instances of CLINT hw/riscv: spike: Allow creating multiple sockets hw/riscv: Allow creating multiple instances of PLIC hw/riscv: virt: Allow creating multiple sockets hw/core/machine.c | 2 + hw/riscv/sifive_clint.c | 20 +- hw/riscv/sifive_e.c | 4 +- hw/riscv/sifive_plic.c | 24 +- hw/riscv/sifive_u.c | 4 +- hw/riscv/spike.c| 214 -- hw/riscv/virt.c | 498 ++-- include/hw/boards.h | 2 + include/hw/riscv/sifive_clint.h | 7 +- include/hw/riscv/sifive_plic.h | 12 +- include/hw/riscv/spike.h| 6 +- include/hw/riscv/virt.h | 10 +- 12 files changed, 466 insertions(+), 337 deletions(-) -- 2.25.1
[PATCH v2 5/5] hw/riscv: virt: Allow creating multiple sockets
We extend RISC-V virt machine to allow creating a multi-socket machine. Each RISC-V virt machine socket is a set of HARTs, a CLINT instance, and a PLIC instance. Other peripherals are shared between all RISC-V virt machine sockets. We also update RISC-V virt machine device tree to treat each socket as a NUMA node. The number of sockets in RISC-V virt machine can be specified using the "sockets=" sub-option of QEMU "-smp" command-line option. By default, only one socket RISC-V virt machine will be created. Currently, we only allow creating upto maximum 4 sockets but this limit can be changed in future. Signed-off-by: Anup Patel --- hw/riscv/virt.c | 498 ++-- include/hw/riscv/virt.h | 10 +- 2 files changed, 284 insertions(+), 224 deletions(-) diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index 421815081d..0c04a5493b 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -60,7 +60,7 @@ static const struct MemmapEntry { [VIRT_TEST] ={ 0x10,0x1000 }, [VIRT_RTC] = { 0x101000,0x1000 }, [VIRT_CLINT] = { 0x200, 0x1 }, -[VIRT_PLIC] ={ 0xc00, 0x400 }, +[VIRT_PLIC] ={ 0xc00, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) }, [VIRT_UART0] = { 0x1000, 0x100 }, [VIRT_VIRTIO] = { 0x10001000,0x1000 }, [VIRT_FLASH] = { 0x2000, 0x400 }, @@ -182,10 +182,15 @@ static void create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap, uint64_t mem_size, const char *cmdline) { void *fdt; -int cpu, i; -uint32_t *cells; -char *nodename; -uint32_t plic_phandle, test_phandle, phandle = 1; +int i, cpu, socket; +uint32_t *clint_cells, *plic_cells; +unsigned long clint_addr, plic_addr; +uint32_t plic_phandle[VIRT_SOCKETS_MAX]; +uint32_t cpu_phandle, intc_phandle, test_phandle; +uint32_t phandle = 1, plic_mmio_phandle = 1; +uint32_t plic_pcie_phandle = 1, plic_virtio_phandle = 1; +char *name, *cpu_name, *core_name, *intc_name; +char *clint_name, *plic_name, *clust_name; hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2; hwaddr flashbase = virt_memmap[VIRT_FLASH].base; @@ -206,231 +211,235 @@ static void create_fdt(RISCVVirtState *s, const struct MemmapEntry *memmap, qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2); -nodename = g_strdup_printf("/memory@%lx", +name = g_strdup_printf("/memory@%lx", (long)memmap[VIRT_DRAM].base); -qemu_fdt_add_subnode(fdt, nodename); -qemu_fdt_setprop_cells(fdt, nodename, "reg", +qemu_fdt_add_subnode(fdt, name); +qemu_fdt_setprop_cells(fdt, name, "reg", memmap[VIRT_DRAM].base >> 32, memmap[VIRT_DRAM].base, mem_size >> 32, mem_size); -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); -g_free(nodename); +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); +g_free(name); qemu_fdt_add_subnode(fdt, "/cpus"); qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", SIFIVE_CLINT_TIMEBASE_FREQ); qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); + +for (socket = (s->num_socs - 1); socket >= 0; socket--) { +clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket); +qemu_fdt_add_subnode(fdt, clust_name); + +plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4); +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4); + +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) { +cpu_phandle = phandle++; -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { -int cpu_phandle = phandle++; -int intc_phandle; -nodename = g_strdup_printf("/cpus/cpu@%d", cpu); -char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu); -char *isa = riscv_isa_string(>soc.harts[cpu]); -qemu_fdt_add_subnode(fdt, nodename); +cpu_name = g_strdup_printf("/cpus/cpu@%d", +s->soc[socket].hartid_base + cpu); +qemu_fdt_add_subnode(fdt, cpu_name); #if defined(TARGET_RISCV32) -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv32"); +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv32"); #else -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48"); +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv48"); #endif -qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa); -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv"); -qemu_fdt_setprop_string(fdt, nodename, "status", "okay"); -qemu_fdt_setprop_cell(fdt, nodename, "reg",
[PULL 14/15] target/ppc: Fix argument to ppc_radix64_partition_scoped_xlate() again
From: Greg Kurz The penultimate argument of function ppc_radix64_partition_scoped_xlate() has the bool type. Fixes: d04ea940c597 "target/ppc: Add support for Radix partition-scoped translation" Signed-off-by: Greg Kurz Message-Id: <159051003729.407106.10610703877543955831.st...@bahia.lan> Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index 0d3922537c..c60bf31357 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -513,7 +513,7 @@ static int ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, int rwx, ret = ppc_radix64_partition_scoped_xlate(cpu, rwx, eaddr, g_raddr, pate, raddr, , , - 0, guest_visible); + false, guest_visible); if (ret) { return ret; } -- 2.26.2
[PATCH v2 2/5] hw/riscv: Allow creating multiple instances of CLINT
We extend CLINT emulation to allow multiple instances of CLINT in a QEMU RISC-V machine. To achieve this, we remove first HART id zero assumption from CLINT emulation. Signed-off-by: Anup Patel Reviewed-by: Alistair Francis Reviewed-by: Palmer Dabbelt --- hw/riscv/sifive_clint.c | 20 hw/riscv/sifive_e.c | 2 +- hw/riscv/sifive_u.c | 2 +- hw/riscv/spike.c| 6 +++--- hw/riscv/virt.c | 2 +- include/hw/riscv/sifive_clint.h | 7 --- 6 files changed, 22 insertions(+), 17 deletions(-) diff --git a/hw/riscv/sifive_clint.c b/hw/riscv/sifive_clint.c index e933d35092..7d713fd743 100644 --- a/hw/riscv/sifive_clint.c +++ b/hw/riscv/sifive_clint.c @@ -78,7 +78,7 @@ static uint64_t sifive_clint_read(void *opaque, hwaddr addr, unsigned size) SiFiveCLINTState *clint = opaque; if (addr >= clint->sip_base && addr < clint->sip_base + (clint->num_harts << 2)) { -size_t hartid = (addr - clint->sip_base) >> 2; +size_t hartid = clint->hartid_base + ((addr - clint->sip_base) >> 2); CPUState *cpu = qemu_get_cpu(hartid); CPURISCVState *env = cpu ? cpu->env_ptr : NULL; if (!env) { @@ -91,7 +91,8 @@ static uint64_t sifive_clint_read(void *opaque, hwaddr addr, unsigned size) } } else if (addr >= clint->timecmp_base && addr < clint->timecmp_base + (clint->num_harts << 3)) { -size_t hartid = (addr - clint->timecmp_base) >> 3; +size_t hartid = clint->hartid_base + +((addr - clint->timecmp_base) >> 3); CPUState *cpu = qemu_get_cpu(hartid); CPURISCVState *env = cpu ? cpu->env_ptr : NULL; if (!env) { @@ -128,7 +129,7 @@ static void sifive_clint_write(void *opaque, hwaddr addr, uint64_t value, if (addr >= clint->sip_base && addr < clint->sip_base + (clint->num_harts << 2)) { -size_t hartid = (addr - clint->sip_base) >> 2; +size_t hartid = clint->hartid_base + ((addr - clint->sip_base) >> 2); CPUState *cpu = qemu_get_cpu(hartid); CPURISCVState *env = cpu ? cpu->env_ptr : NULL; if (!env) { @@ -141,7 +142,8 @@ static void sifive_clint_write(void *opaque, hwaddr addr, uint64_t value, return; } else if (addr >= clint->timecmp_base && addr < clint->timecmp_base + (clint->num_harts << 3)) { -size_t hartid = (addr - clint->timecmp_base) >> 3; +size_t hartid = clint->hartid_base + +((addr - clint->timecmp_base) >> 3); CPUState *cpu = qemu_get_cpu(hartid); CPURISCVState *env = cpu ? cpu->env_ptr : NULL; if (!env) { @@ -185,6 +187,7 @@ static const MemoryRegionOps sifive_clint_ops = { }; static Property sifive_clint_properties[] = { +DEFINE_PROP_UINT32("hartid-base", SiFiveCLINTState, hartid_base, 0), DEFINE_PROP_UINT32("num-harts", SiFiveCLINTState, num_harts, 0), DEFINE_PROP_UINT32("sip-base", SiFiveCLINTState, sip_base, 0), DEFINE_PROP_UINT32("timecmp-base", SiFiveCLINTState, timecmp_base, 0), @@ -226,13 +229,13 @@ type_init(sifive_clint_register_types) /* * Create CLINT device. */ -DeviceState *sifive_clint_create(hwaddr addr, hwaddr size, uint32_t num_harts, -uint32_t sip_base, uint32_t timecmp_base, uint32_t time_base, -bool provide_rdtime) +DeviceState *sifive_clint_create(hwaddr addr, hwaddr size, +uint32_t hartid_base, uint32_t num_harts, uint32_t sip_base, +uint32_t timecmp_base, uint32_t time_base, bool provide_rdtime) { int i; for (i = 0; i < num_harts; i++) { -CPUState *cpu = qemu_get_cpu(i); +CPUState *cpu = qemu_get_cpu(hartid_base + i); CPURISCVState *env = cpu ? cpu->env_ptr : NULL; if (!env) { continue; @@ -246,6 +249,7 @@ DeviceState *sifive_clint_create(hwaddr addr, hwaddr size, uint32_t num_harts, } DeviceState *dev = qdev_create(NULL, TYPE_SIFIVE_CLINT); +qdev_prop_set_uint32(dev, "hartid-base", hartid_base); qdev_prop_set_uint32(dev, "num-harts", num_harts); qdev_prop_set_uint32(dev, "sip-base", sip_base); qdev_prop_set_uint32(dev, "timecmp-base", timecmp_base); diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c index b53109521e..1c3b37d0ba 100644 --- a/hw/riscv/sifive_e.c +++ b/hw/riscv/sifive_e.c @@ -163,7 +163,7 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, Error **errp) SIFIVE_E_PLIC_CONTEXT_STRIDE, memmap[SIFIVE_E_PLIC].size); sifive_clint_create(memmap[SIFIVE_E_CLINT].base, -memmap[SIFIVE_E_CLINT].size, ms->smp.cpus, +memmap[SIFIVE_E_CLINT].size, 0, ms->smp.cpus, SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE, false); create_unimplemented_device("riscv.sifive.e.aon", memmap[SIFIVE_E_AON].base, memmap[SIFIVE_E_AON].size); diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index 4299bdf480..c193761916 100644 ---
[PULL 13/15] hw/nvram/mac_nvram: Convert debug printf()s to trace events
From: Philippe Mathieu-Daudé Convert NVR_DPRINTF() to trace events and remove ifdef'ry. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200524165126.13920-1-f4...@amsat.org> Reviewed-by: Mark Cave-Ayland Signed-off-by: David Gibson --- hw/nvram/mac_nvram.c | 17 +++-- hw/nvram/trace-events | 4 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/hw/nvram/mac_nvram.c b/hw/nvram/mac_nvram.c index ff5db03e6b..beec1c4e4d 100644 --- a/hw/nvram/mac_nvram.c +++ b/hw/nvram/mac_nvram.c @@ -30,18 +30,9 @@ #include "migration/vmstate.h" #include "qemu/cutils.h" #include "qemu/module.h" +#include "trace.h" #include -/* debug NVR */ -//#define DEBUG_NVR - -#ifdef DEBUG_NVR -#define NVR_DPRINTF(fmt, ...) \ -do { printf("NVR: " fmt , ## __VA_ARGS__); } while (0) -#else -#define NVR_DPRINTF(fmt, ...) -#endif - #define DEF_SYSTEM_SIZE 0xc10 /* macio style NVRAM device */ @@ -51,9 +42,8 @@ static void macio_nvram_writeb(void *opaque, hwaddr addr, MacIONVRAMState *s = opaque; addr = (addr >> s->it_shift) & (s->size - 1); +trace_macio_nvram_write(addr, value); s->data[addr] = value; -NVR_DPRINTF("writeb addr %04" HWADDR_PRIx " val %" PRIx64 "\n", -addr, value); } static uint64_t macio_nvram_readb(void *opaque, hwaddr addr, @@ -64,8 +54,7 @@ static uint64_t macio_nvram_readb(void *opaque, hwaddr addr, addr = (addr >> s->it_shift) & (s->size - 1); value = s->data[addr]; -NVR_DPRINTF("readb addr %04" HWADDR_PRIx " val %" PRIx32 "\n", -addr, value); +trace_macio_nvram_read(addr, value); return value; } diff --git a/hw/nvram/trace-events b/hw/nvram/trace-events index 0dea9260ce..e023193295 100644 --- a/hw/nvram/trace-events +++ b/hw/nvram/trace-events @@ -13,3 +13,7 @@ fw_cfg_add_string(uint16_t key_value, const char *key_name, const char *value) " fw_cfg_add_i16(uint16_t key_value, const char *key_name, uint16_t value) "key 0x%04" PRIx16 " '%s', value 0x%" PRIx16 fw_cfg_add_i32(uint16_t key_value, const char *key_name, uint32_t value) "key 0x%04" PRIx16 " '%s', value 0x%" PRIx32 fw_cfg_add_i64(uint16_t key_value, const char *key_name, uint64_t value) "key 0x%04" PRIx16 " '%s', value 0x%" PRIx64 + +# mac_nvram.c +macio_nvram_read(uint32_t addr, uint8_t val) "read addr=0x%04"PRIx32" val=0x%02x" +macio_nvram_write(uint32_t addr, uint8_t val) "write addr=0x%04"PRIx32" val=0x%02x" -- 2.26.2
[PULL 09/15] target/ppc: Add missing braces in ppc_radix64_partition_scoped_xlate()
From: Greg Kurz As per CODING_STYLE. Fixes: d04ea940c597 "target/ppc: Add support for Radix partition-scoped translation" Signed-off-by: Greg Kurz Message-Id: <158941062665.240484.2663106458734800894.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index 07f956c986..fb7dfe25ba 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -286,8 +286,9 @@ static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu, int rwx, pate.dw0 & PRTBE_R_RPDS, h_raddr, h_page_size, , _cause, _addr) || ppc_radix64_check_prot(cpu, rwx, pte, _cause, h_prot, true)) { -if (pde_addr) /* address being translated was that of a guest pde */ +if (pde_addr) { /* address being translated was that of a guest pde */ fault_cause |= DSISR_PRTABLE_FAULT; +} if (cause_excp) { ppc_radix64_raise_hsi(cpu, rwx, eaddr, g_raddr, fault_cause); } -- 2.26.2
[PULL 15/15] vfio/nvlink: Remove exec permission to avoid SELinux AVCs
From: Leonardo Bras If SELinux is setup without 'execmem' permission for qemu, all mmap with (PROT_WRITE | PROT_EXEC) will fail and print a warning in SELinux log. If "nvlink2-mr" memory allocation fails (fist diff), it will cause guest NUMA nodes to not be correctly configured (V100 memory will not be visible for guest, nor its NUMA nodes). Not having 'execmem' permission is intesting for virtual machines to avoid buffer-overflow based attacks, and it's adopted in distros like RHEL. So, removing the PROT_EXEC flag seems the right thing to do. Browsing some other code that mmaps memory for usage with memory_region_init_ram_device_ptr, I could notice it's usual to not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be no problem around this. Signed-off-by: Leonardo Bras Message-Id: <20200501055448.286518-1-leobra...@gmail.com> Acked-by: Alex Williamson Signed-off-by: David Gibson --- hw/vfio/pci-quirks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c index 3bd05fed12..f2155ddb1d 100644 --- a/hw/vfio/pci-quirks.c +++ b/hw/vfio/pci-quirks.c @@ -1620,7 +1620,7 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, Error **errp) } cap = (void *) hdr; -p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE | PROT_EXEC, +p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE, MAP_SHARED, vdev->vbasedev.fd, nv2reg->offset); if (p == MAP_FAILED) { ret = -errno; @@ -1680,7 +1680,7 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error **errp) /* Some NVLink bridges may not have assigned ATSD */ if (atsdreg->size) { -p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE | PROT_EXEC, +p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE, MAP_SHARED, vdev->vbasedev.fd, atsdreg->offset); if (p == MAP_FAILED) { ret = -errno; -- 2.26.2
[PULL 12/15] hw/pci-bridge/dec: Remove dead debug code
From: Philippe Mathieu-Daudé Remove debug code never used since added in commit e1c6bbabee30. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200525033910.26166-1-f4...@amsat.org> Signed-off-by: David Gibson --- hw/pci-bridge/dec.c | 10 -- 1 file changed, 10 deletions(-) diff --git a/hw/pci-bridge/dec.c b/hw/pci-bridge/dec.c index 3ae2f788a4..952bc71122 100644 --- a/hw/pci-bridge/dec.c +++ b/hw/pci-bridge/dec.c @@ -32,16 +32,6 @@ #include "hw/pci/pci_bridge.h" #include "hw/pci/pci_bus.h" -/* debug DEC */ -//#define DEBUG_DEC - -#ifdef DEBUG_DEC -#define DEC_DPRINTF(fmt, ...) \ -do { printf("DEC: " fmt , ## __VA_ARGS__); } while (0) -#else -#define DEC_DPRINTF(fmt, ...) -#endif - #define DEC_21154(obj) OBJECT_CHECK(DECState, (obj), TYPE_DEC_21154) typedef struct DECState { -- 2.26.2
[PULL 11/15] target/ppc: Don't update radix PTE R/C bits with gdbstub
From: Greg Kurz gdbstub shouldn't silently change guest visible state when doing address translation. Since the R/C bits can only be updated when handling a MMU fault, let's reuse the cause_excp flag and rename it to guest_visible. While here drop a not very useful comment. This was found while reading the code. I could verify that this affects both powernv and pseries, but I failed to observe any actual bug. Fixes: d04ea940c597 "target/ppc: Add support for Radix partition-scoped translation" Signed-off-by: Greg Kurz Message-Id: <158941063899.240484.2778628492106387793.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 39 +-- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index 7ce37cb778..0d3922537c 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -274,7 +274,7 @@ static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu, int rwx, ppc_v3_pate_t pate, hwaddr *h_raddr, int *h_prot, int *h_page_size, bool pde_addr, - bool cause_excp) + bool guest_visible) { int fault_cause = 0; hwaddr pte_addr; @@ -289,14 +289,15 @@ static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu, int rwx, if (pde_addr) { /* address being translated was that of a guest pde */ fault_cause |= DSISR_PRTABLE_FAULT; } -if (cause_excp) { +if (guest_visible) { ppc_radix64_raise_hsi(cpu, rwx, eaddr, g_raddr, fault_cause); } return 1; } -/* Update Reference and Change Bits */ -ppc_radix64_set_rc(cpu, rwx, pte, pte_addr, h_prot); +if (guest_visible) { +ppc_radix64_set_rc(cpu, rwx, pte, pte_addr, h_prot); +} return 0; } @@ -305,7 +306,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, vaddr eaddr, uint64_t pid, ppc_v3_pate_t pate, hwaddr *g_raddr, int *g_prot, int *g_page_size, -bool cause_excp) +bool guest_visible) { CPUState *cs = CPU(cpu); CPUPPCState *env = >env; @@ -319,7 +320,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12); if (offset >= size) { /* offset exceeds size of the process table */ -if (cause_excp) { +if (guest_visible) { ppc_radix64_raise_si(cpu, rwx, eaddr, DSISR_NOPTE); } return 1; @@ -340,7 +341,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, prtbe_addr, pate, _raddr, _prot, _page_size, true, - cause_excp); + guest_visible); if (ret) { return ret; } @@ -360,7 +361,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, _cause, _addr); if (ret) { /* No valid PTE */ -if (cause_excp) { +if (guest_visible) { ppc_radix64_raise_si(cpu, rwx, eaddr, fault_cause); } return ret; @@ -380,7 +381,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, pte_addr, pate, _raddr, _prot, _page_size, true, - cause_excp); + guest_visible); if (ret) { return ret; } @@ -389,7 +390,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, , g_page_size, , _cause); if (ret) { /* No valid pte */ -if (cause_excp) { +if (guest_visible) { ppc_radix64_raise_si(cpu, rwx, eaddr, fault_cause); } return ret; @@ -406,13 +407,15 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, if (ppc_radix64_check_prot(cpu, rwx, pte, _cause, g_prot, false)) { /* Access denied due to protection */ -if
[PULL 06/15] target/ppc: Pass const pointer to ppc_radix64_get_prot_amr()
From: Greg Kurz This doesn't require write access to the CPU structure. Signed-off-by: Greg Kurz Message-Id: <158941060817.240484.14621015211317485106.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h index 96228546aa..f28c5794d0 100644 --- a/target/ppc/mmu-radix64.h +++ b/target/ppc/mmu-radix64.h @@ -55,9 +55,9 @@ static inline int ppc_radix64_get_prot_eaa(uint64_t pte) (pte & R_PTE_EAA_X ? PAGE_EXEC : 0); } -static inline int ppc_radix64_get_prot_amr(PowerPCCPU *cpu) +static inline int ppc_radix64_get_prot_amr(const PowerPCCPU *cpu) { -CPUPPCState *env = >env; +const CPUPPCState *env = >env; int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */ int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */ -- 2.26.2
[PULL 10/15] target/ppc: Fix arguments to ppc_radix64_partition_scoped_xlate()
From: Greg Kurz The last two arguments have the bool type. Also, we shouldn't raise an exception when using gdbstub. This was found while reading the code. Since it only affects the powernv machine, I didn't dig further to find an actual bug. Fixes: d04ea940c597 "target/ppc: Add support for Radix partition-scoped translation" Signed-off-by: Greg Kurz Message-Id: <158941063281.240484.9114539141307005992.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index fb7dfe25ba..7ce37cb778 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -339,7 +339,8 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, */ ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, prtbe_addr, pate, _raddr, _prot, - _page_size, 1, 1); + _page_size, true, + cause_excp); if (ret) { return ret; } @@ -378,7 +379,8 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, int rwx, do { ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, pte_addr, pate, _raddr, _prot, - _page_size, 1, 1); + _page_size, true, + cause_excp); if (ret) { return ret; } -- 2.26.2
[PULL 04/15] target/ppc: Add support for scv and rfscv instructions
From: Nicholas Piggin POWER9 adds scv and rfscv instructions and the system call vectored interrupt. Linux does not support this instruction yet but it has been tested with a modified kernel that runs on real hardware. Signed-off-by: Nicholas Piggin Message-Id: <20200507115328.789175-1-npig...@gmail.com> [dwg: Corrected an overlong line] Signed-off-by: David Gibson --- linux-user/ppc/cpu_loop.c | 1 + target/ppc/cpu.h| 7 ++- target/ppc/excp_helper.c| 98 - target/ppc/helper.h | 1 + target/ppc/translate.c | 53 +- target/ppc/translate_init.inc.c | 3 +- 6 files changed, 133 insertions(+), 30 deletions(-) diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c index 5b27f8603e..df71e15a25 100644 --- a/linux-user/ppc/cpu_loop.c +++ b/linux-user/ppc/cpu_loop.c @@ -267,6 +267,7 @@ void cpu_loop(CPUPPCState *env) queue_signal(env, info.si_signo, QEMU_SI_FAULT, ); break; case POWERPC_EXCP_SYSCALL: /* System call exception */ +case POWERPC_EXCP_SYSCALL_VECTORED: cpu_abort(cs, "Syscall exception while in user mode. " "Aborting\n"); break; diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h index 7db7882f52..c1005b04a0 100644 --- a/target/ppc/cpu.h +++ b/target/ppc/cpu.h @@ -127,8 +127,9 @@ enum { POWERPC_EXCP_SDOOR_HV = 100, /* ISA 3.00 additions */ POWERPC_EXCP_HVIRT= 101, +POWERPC_EXCP_SYSCALL_VECTORED = 102, /* scv exception */ /* EOL */ -POWERPC_EXCP_NB = 102, +POWERPC_EXCP_NB = 103, /* QEMU exceptions: used internally during code translation */ POWERPC_EXCP_STOP = 0x200, /* stop translation */ POWERPC_EXCP_BRANCH = 0x201, /* branch instruction */ @@ -478,6 +479,7 @@ typedef struct ppc_v3_pate_t { /* Facility Status and Control (FSCR) bits */ #define FSCR_EBB(63 - 56) /* Event-Based Branch Facility */ #define FSCR_TAR(63 - 55) /* Target Address Register */ +#define FSCR_SCV(63 - 51) /* System call vectored */ /* Interrupt cause mask and position in FSCR. HFSCR has the same format */ #define FSCR_IC_MASK(0xFFULL) #define FSCR_IC_POS (63 - 7) @@ -487,6 +489,7 @@ typedef struct ppc_v3_pate_t { #define FSCR_IC_TM 5 #define FSCR_IC_EBB 7 #define FSCR_IC_TAR 8 +#define FSCR_IC_SCV12 /* Exception state register bits definition */ #define ESR_PIL PPC_BIT(36) /* Illegal Instruction*/ @@ -554,6 +557,8 @@ enum { POWERPC_FLAG_VSX = 0x0008, /* Has Transaction Memory (ISA 2.07) */ POWERPC_FLAG_TM = 0x0010, +/* Has SCV (ISA 3.00)*/ +POWERPC_FLAG_SCV = 0x0020, }; /*/ diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c index ace8620026..14d3902982 100644 --- a/target/ppc/excp_helper.c +++ b/target/ppc/excp_helper.c @@ -67,6 +67,18 @@ static inline void dump_syscall(CPUPPCState *env) ppc_dump_gpr(env, 8), env->nip); } +static inline void dump_syscall_vectored(CPUPPCState *env) +{ +qemu_log_mask(CPU_LOG_INT, "syscall r0=%016" PRIx64 + " r3=%016" PRIx64 " r4=%016" PRIx64 " r5=%016" PRIx64 + " r6=%016" PRIx64 " r7=%016" PRIx64 " r8=%016" PRIx64 + " nip=" TARGET_FMT_lx "\n", + ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3), + ppc_dump_gpr(env, 4), ppc_dump_gpr(env, 5), + ppc_dump_gpr(env, 6), ppc_dump_gpr(env, 7), + ppc_dump_gpr(env, 8), env->nip); +} + static inline void dump_hcall(CPUPPCState *env) { qemu_log_mask(CPU_LOG_INT, "hypercall r3=%016" PRIx64 @@ -185,7 +197,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp) CPUState *cs = CPU(cpu); CPUPPCState *env = >env; target_ulong msr, new_msr, vector; -int srr0, srr1, asrr0, asrr1, lev, ail; +int srr0, srr1, asrr0, asrr1, lev = -1, ail; bool lpes0; qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx @@ -421,6 +433,13 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp) new_msr |= (target_ulong)MSR_HVB; } break; +case POWERPC_EXCP_SYSCALL_VECTORED: /* scv exception */ +lev = env->error_code; +dump_syscall_vectored(env); +env->nip += 4; +new_msr |= env->msr & ((target_ulong)1 << MSR_EE); +new_msr |= env->msr & ((target_ulong)1 << MSR_RI); +break;
[PULL 07/15] target/ppc: Pass const pointer to ppc_radix64_get_fully_qualified_addr()
From: Greg Kurz This doesn't require write access to the CPU registers. Signed-off-by: Greg Kurz Message-Id: <158941061434.240484.10700096396035994133.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index 1404e53dec..c76879f65b 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -28,7 +28,8 @@ #include "mmu-radix64.h" #include "mmu-book3s-v3.h" -static bool ppc_radix64_get_fully_qualified_addr(CPUPPCState *env, vaddr eaddr, +static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env, + vaddr eaddr, uint64_t *lpid, uint64_t *pid) { if (msr_hv) { /* MSR[HV] -> Hypervisor/bare metal */ -- 2.26.2
[PULL 08/15] target/ppc: Don't initialize some local variables in ppc_radix64_xlate()
From: Greg Kurz It is the job of the ppc_radix64_get_fully_qualified_addr() function which is called at the beginning of ppc_radix64_xlate() to set both lpid *and* pid. It doesn't buy us anything to initialize them first. Worse, a bug in ppc_radix64_get_fully_qualified_addr(), eg. failing to set either lpid or pid, would be undetectable by static analysis tools like coverity. Some recent versions of gcc (eg. gcc-9.3.1-2.fc30) may still think that lpid or pid is used uninitialized though, so this also adds default cases in the switch statements to make it clear this cannot happen. Signed-off-by: Greg Kurz Message-Id: <158941062048.240484.9693581559252337111.st...@bahia.lan> Reviewed-by: Cédric Le Goater Signed-off-by: David Gibson --- target/ppc/mmu-radix64.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c index c76879f65b..07f956c986 100644 --- a/target/ppc/mmu-radix64.c +++ b/target/ppc/mmu-radix64.c @@ -50,6 +50,8 @@ static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env, *lpid = 0; *pid = 0; break; +default: +g_assert_not_reached(); } } else { /* !MSR[HV] -> Guest */ switch (eaddr & R_EADDR_QUADRANT) { @@ -64,6 +66,8 @@ static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env, *lpid = env->spr[SPR_LPIDR]; *pid = 0; /* pid set to 0 -> addresses guest operating system */ break; +default: +g_assert_not_reached(); } } @@ -433,7 +437,7 @@ static int ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, int rwx, bool cause_excp) { CPUPPCState *env = >env; -uint64_t lpid = 0, pid = 0; +uint64_t lpid, pid; ppc_v3_pate_t pate; int psize, prot; hwaddr g_raddr; -- 2.26.2
[PULL 01/15] ppc/pnv: Fix NMI system reset SRR1 value
From: Nicholas Piggin Commit a77fed5bd926 ("ppc/pnv: Add support for NMI interface") got the SRR1 setting wrong for sresets that hit outside of power-save states. Fix this, better documenting the source for the bit definitions. Fixes: 01b552b05b0f ("ppc/pnv: Add support for NMI interface") Cc: Cédric Le Goater Cc: David Gibson Signed-off-by: Nicholas Piggin Message-Id: <20200507114824.788942-1-npig...@gmail.com> Reviewed-by: Cédric Le Goater [dwg: Fixed up some tab indentation] Signed-off-by: David Gibson --- hw/ppc/pnv.c | 26 -- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c index da637822f9..f48a61d6d1 100644 --- a/hw/ppc/pnv.c +++ b/hw/ppc/pnv.c @@ -1984,12 +1984,26 @@ static void pnv_cpu_do_nmi_on_cpu(CPUState *cs, run_on_cpu_data arg) cpu_synchronize_state(cs); ppc_cpu_do_system_reset(cs); -/* - * SRR1[42:45] is set to 0100 which the ISA defines as implementation - * dependent. POWER processors use this for xscom triggered interrupts, - * which come from the BMC or NMI IPIs. - */ -env->spr[SPR_SRR1] |= PPC_BIT(43); +if (env->spr[SPR_SRR1] & PPC_BITMASK(46, 47)) { +/* + * Power-save wakeups, as indicated by non-zero SRR1[46:47] put the + * wakeup reason in SRR1[42:45], system reset is indicated with 0b0100 + * (PPC_BIT(43)). + */ +if (!(env->spr[SPR_SRR1] & PPC_BIT(43))) { +warn_report("ppc_cpu_do_system_reset does not set system reset wakeup reason"); +env->spr[SPR_SRR1] |= PPC_BIT(43); +} +} else { +/* + * For non-powersave system resets, SRR1[42:45] are defined to be + * implementation-dependent. The POWER9 User Manual specifies that + * an external (SCOM driven, which may come from a BMC nmi command or + * another CPU requesting a NMI IPI) system reset exception should be + * 0b0010 (PPC_BIT(44)). + */ +env->spr[SPR_SRR1] |= PPC_BIT(44); +} } static void pnv_nmi(NMIState *n, int cpu_index, Error **errp) -- 2.26.2
[PULL 05/15] ppc/spapr: Add hotremovable flag on DIMM LMBs on drmem_v2
From: Leonardo Bras On reboot, all memory that was previously added using object_add and device_add is placed in this DIMM area. The new SPAPR_LMB_FLAGS_HOTREMOVABLE flag helps Linux to put this memory in the correct memory zone, so no unmovable allocations are made there, allowing the object to be easily hot-removed by device_del and object_del. This new flag was accepted in Power Architecture documentation. Signed-off-by: Leonardo Bras Reviewed-by: Bharata B Rao Message-Id: <20200511200201.58537-1-leobra...@gmail.com> [dwg: Fixed syntax error spotted by Cédric Le Goater] Signed-off-by: David Gibson --- hw/ppc/pnv.c | 8 hw/ppc/spapr.c | 3 ++- include/hw/ppc/spapr.h | 1 + target/ppc/cpu.h | 21 + target/ppc/excp_helper.c | 16 5 files changed, 36 insertions(+), 13 deletions(-) diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c index f48a61d6d1..806a5d9a8d 100644 --- a/hw/ppc/pnv.c +++ b/hw/ppc/pnv.c @@ -1984,15 +1984,15 @@ static void pnv_cpu_do_nmi_on_cpu(CPUState *cs, run_on_cpu_data arg) cpu_synchronize_state(cs); ppc_cpu_do_system_reset(cs); -if (env->spr[SPR_SRR1] & PPC_BITMASK(46, 47)) { +if (env->spr[SPR_SRR1] & SRR1_WAKESTATE) { /* * Power-save wakeups, as indicated by non-zero SRR1[46:47] put the * wakeup reason in SRR1[42:45], system reset is indicated with 0b0100 * (PPC_BIT(43)). */ -if (!(env->spr[SPR_SRR1] & PPC_BIT(43))) { +if (!(env->spr[SPR_SRR1] & SRR1_WAKERESET)) { warn_report("ppc_cpu_do_system_reset does not set system reset wakeup reason"); -env->spr[SPR_SRR1] |= PPC_BIT(43); +env->spr[SPR_SRR1] |= SRR1_WAKERESET; } } else { /* @@ -2002,7 +2002,7 @@ static void pnv_cpu_do_nmi_on_cpu(CPUState *cs, run_on_cpu_data arg) * another CPU requesting a NMI IPI) system reset exception should be * 0b0010 (PPC_BIT(44)). */ -env->spr[SPR_SRR1] |= PPC_BIT(44); +env->spr[SPR_SRR1] |= SRR1_WAKESCOM; } } diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 9b358fcc60..3b1a5ed865 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -445,7 +445,8 @@ static int spapr_dt_dynamic_memory_v2(SpaprMachineState *spapr, void *fdt, g_assert(drc); elem = spapr_get_drconf_cell(size / lmb_size, addr, spapr_drc_index(drc), node, - SPAPR_LMB_FLAGS_ASSIGNED); + (SPAPR_LMB_FLAGS_ASSIGNED | + SPAPR_LMB_FLAGS_HOTREMOVABLE)); QSIMPLEQ_INSERT_TAIL(_queue, elem, entry); nr_entries++; cur_addr = addr + size; diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index d2533e7264..c421410e3f 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -886,6 +886,7 @@ int spapr_rtc_import_offset(SpaprRtcState *rtc, int64_t legacy_offset); #define SPAPR_LMB_FLAGS_ASSIGNED 0x0008 #define SPAPR_LMB_FLAGS_DRC_INVALID 0x0020 #define SPAPR_LMB_FLAGS_RESERVED 0x0080 +#define SPAPR_LMB_FLAGS_HOTREMOVABLE 0x0100 void spapr_do_system_reset_on_cpu(CPUState *cs, run_on_cpu_data arg); diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h index c1005b04a0..1988b436cb 100644 --- a/target/ppc/cpu.h +++ b/target/ppc/cpu.h @@ -476,6 +476,27 @@ typedef struct ppc_v3_pate_t { #define SRR1_PROTFAULT DSISR_PROTFAULT #define SRR1_IAMRDSISR_AMR +/* SRR1[42:45] wakeup fields for System Reset Interrupt */ + +#define SRR1_WAKEMASK 0x003c /* reason for wakeup */ + +#define SRR1_WAKEHMI0x0028 /* Hypervisor maintenance */ +#define SRR1_WAKEHVI0x0024 /* Hypervisor Virt. Interrupt (P9) */ +#define SRR1_WAKEEE 0x0020 /* External interrupt */ +#define SRR1_WAKEDEC0x0018 /* Decrementer interrupt */ +#define SRR1_WAKEDBELL 0x0014 /* Privileged doorbell */ +#define SRR1_WAKERESET 0x0010 /* System reset */ +#define SRR1_WAKEHDBELL 0x000c /* Hypervisor doorbell */ +#define SRR1_WAKESCOM 0x0008 /* SCOM not in power-saving mode */ + +/* SRR1[46:47] power-saving exit mode */ + +#define SRR1_WAKESTATE 0x0003 /* Powersave exit mask */ + +#define SRR1_WS_HVLOSS 0x0003 /* HV resources not maintained */ +#define SRR1_WS_GPRLOSS 0x0002 /* GPRs not maintained */ +#define SRR1_WS_NOLOSS 0x0001 /* All resources maintained */ + /* Facility Status and Control (FSCR) bits */ #define FSCR_EBB(63 - 56) /* Event-Based Branch Facility */ #define FSCR_TAR(63 - 55) /* Target Address Register */ diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c index 14d3902982..a988ba15f4 100644 --- a/target/ppc/excp_helper.c +++ b/target/ppc/excp_helper.c @@
[PULL 02/15] ppc/spapr: add a POWER10 CPU model
From: Cédric Le Goater Signed-off-by: Cédric Le Goater Message-Id: <20200507073855.2485680-1-...@kaod.org> Signed-off-by: David Gibson --- hw/ppc/spapr_cpu_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c index e1f76c74f3..9c8c1b14cf 100644 --- a/hw/ppc/spapr_cpu_core.c +++ b/hw/ppc/spapr_cpu_core.c @@ -407,6 +407,7 @@ static const TypeInfo spapr_cpu_core_type_infos[] = { DEFINE_SPAPR_CPU_CORE_TYPE("power8nvl_v1.0"), DEFINE_SPAPR_CPU_CORE_TYPE("power9_v1.0"), DEFINE_SPAPR_CPU_CORE_TYPE("power9_v2.0"), +DEFINE_SPAPR_CPU_CORE_TYPE("power10_v1.0"), #ifdef CONFIG_KVM DEFINE_SPAPR_CPU_CORE_TYPE("host"), #endif -- 2.26.2
[PULL 00/15] ppc-for-5.1 queue 20200527
The following changes since commit ddc760832fa8cf5e93b9d9e6e854a5114ac63510: Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-26' into staging (2020-05-26 14:05:53 +0100) are available in the Git repository at: git://github.com/dgibson/qemu.git tags/ppc-for-5.1-20200527 for you to fetch changes up to 9c7c0407028355ca83349b8a60fddfad46f2ebd8: vfio/nvlink: Remove exec permission to avoid SELinux AVCs (2020-05-27 15:29:36 +1000) ppc patch queue 2020-05-27 Here's the next pull request for qemu-5.1. It includes: * Support for the scv and rfscv POWER9 instructions in TCG * Support for the new SPAPR_LMB_FLAGS_HOTREMOVABLE flag, which provides a way for guests to know memory which should be removable (so the guest can avoid putting immovable allocations there). * Some fixes for the recently added partition scope radix translation in softmmu * Assorted minor fixes and cleanups It includes one patch to avoid a clash with SELinux when using NVLink VFIO devices. That's not technically within the files under my maintainership, but it is in a section of the VFIO quirks code that's specific to the POWER-only NVLink devices, and has an ack from Alex Williamson. Cédric Le Goater (1): ppc/spapr: add a POWER10 CPU model Greg Kurz (8): target/ppc: Untabify excp_helper.c target/ppc: Pass const pointer to ppc_radix64_get_prot_amr() target/ppc: Pass const pointer to ppc_radix64_get_fully_qualified_addr() target/ppc: Don't initialize some local variables in ppc_radix64_xlate() target/ppc: Add missing braces in ppc_radix64_partition_scoped_xlate() target/ppc: Fix arguments to ppc_radix64_partition_scoped_xlate() target/ppc: Don't update radix PTE R/C bits with gdbstub target/ppc: Fix argument to ppc_radix64_partition_scoped_xlate() again Leonardo Bras (2): ppc/spapr: Add hotremovable flag on DIMM LMBs on drmem_v2 vfio/nvlink: Remove exec permission to avoid SELinux AVCs Nicholas Piggin (2): ppc/pnv: Fix NMI system reset SRR1 value target/ppc: Add support for scv and rfscv instructions Philippe Mathieu-Daudé (2): hw/pci-bridge/dec: Remove dead debug code hw/nvram/mac_nvram: Convert debug printf()s to trace events hw/nvram/mac_nvram.c| 17 +- hw/nvram/trace-events | 4 ++ hw/pci-bridge/dec.c | 10 hw/ppc/pnv.c| 26 ++-- hw/ppc/spapr.c | 3 +- hw/ppc/spapr_cpu_core.c | 1 + hw/vfio/pci-quirks.c| 4 +- include/hw/ppc/spapr.h | 1 + linux-user/ppc/cpu_loop.c | 1 + target/ppc/cpu.h| 28 - target/ppc/excp_helper.c| 130 +++- target/ppc/helper.h | 1 + target/ppc/mmu-radix64.c| 53 +--- target/ppc/mmu-radix64.h| 4 +- target/ppc/translate.c | 53 +++- target/ppc/translate_init.inc.c | 3 +- 16 files changed, 237 insertions(+), 102 deletions(-)
[PULL 03/15] target/ppc: Untabify excp_helper.c
From: Greg Kurz Some tabs crept in with a recent change. Fixes: 6dc6b557913f "target/ppc: Improve syscall exception logging" Signed-off-by: Greg Kurz Message-Id: <158886788307.1560068.14096740175576278978.st...@bahia.lan> Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: David Gibson --- target/ppc/excp_helper.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c index f052979664..ace8620026 100644 --- a/target/ppc/excp_helper.c +++ b/target/ppc/excp_helper.c @@ -70,16 +70,16 @@ static inline void dump_syscall(CPUPPCState *env) static inline void dump_hcall(CPUPPCState *env) { qemu_log_mask(CPU_LOG_INT, "hypercall r3=%016" PRIx64 - " r4=%016" PRIx64 " r5=%016" PRIx64 " r6=%016" PRIx64 - " r7=%016" PRIx64 " r8=%016" PRIx64 " r9=%016" PRIx64 - " r10=%016" PRIx64 " r11=%016" PRIx64 " r12=%016" PRIx64 + " r4=%016" PRIx64 " r5=%016" PRIx64 " r6=%016" PRIx64 + " r7=%016" PRIx64 " r8=%016" PRIx64 " r9=%016" PRIx64 + " r10=%016" PRIx64 " r11=%016" PRIx64 " r12=%016" PRIx64 " nip=" TARGET_FMT_lx "\n", ppc_dump_gpr(env, 3), ppc_dump_gpr(env, 4), - ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6), - ppc_dump_gpr(env, 7), ppc_dump_gpr(env, 8), - ppc_dump_gpr(env, 9), ppc_dump_gpr(env, 10), - ppc_dump_gpr(env, 11), ppc_dump_gpr(env, 12), - env->nip); + ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6), + ppc_dump_gpr(env, 7), ppc_dump_gpr(env, 8), + ppc_dump_gpr(env, 9), ppc_dump_gpr(env, 10), + ppc_dump_gpr(env, 11), ppc_dump_gpr(env, 12), + env->nip); } static int powerpc_reset_wakeup(CPUState *cs, CPUPPCState *env, int excp, -- 2.26.2
Re: [PATCH] or1k: Fix compilation hiccup
On 26/05/2020 20.51, Eric Blake wrote: > On my Fedora 32 machine, gcc 10.1.1 at -O2 (the default for a bare > './configure') has a false-positive complaint: > > CC or1k-softmmu/hw/openrisc/openrisc_sim.o > /home/eblake/qemu/hw/openrisc/openrisc_sim.c: In function ‘openrisc_sim_init’: > /home/eblake/qemu/hw/openrisc/openrisc_sim.c:87:42: error: ‘cpu_irqs[0]’ may > be used uninitialized in this function [-Werror=maybe-uninitialized] >87 | sysbus_connect_irq(s, i, cpu_irqs[i][irq_pin]); > | ^~~ > > Initializing both pointers of cpu_irqs[] to NULL is sufficient to shut > up the compiler, even though they are definitely assigned in > openrisc_sim_init() prior to the inlined call to > openrisc_sim_ompic_init() containing the line in question. > > Signed-off-by: Eric Blake > --- > hw/openrisc/openrisc_sim.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c > index d08ce6181199..95011a8015b4 100644 > --- a/hw/openrisc/openrisc_sim.c > +++ b/hw/openrisc/openrisc_sim.c > @@ -129,7 +129,7 @@ static void openrisc_sim_init(MachineState *machine) > const char *kernel_filename = machine->kernel_filename; > OpenRISCCPU *cpu = NULL; > MemoryRegion *ram; > -qemu_irq *cpu_irqs[2]; > +qemu_irq *cpu_irqs[2] = {}; > qemu_irq serial_irq; > int n; > unsigned int smp_cpus = machine->smp.cpus; > Reviewed-by: Thomas Huth
[Bug 1805256] Re: qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images
** No longer affects: qemu (Ubuntu Disco) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1805256 Title: qemu-img hangs on rcu_call_ready_event logic in Aarch64 when converting images Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Triaged Status in kunpeng920 ubuntu-18.04-hwe series: Triaged Status in kunpeng920 ubuntu-19.10 series: Triaged Status in kunpeng920 ubuntu-20.04 series: Triaged Status in kunpeng920 upstream-kernel series: Fix Committed Status in QEMU: Fix Released Status in qemu package in Ubuntu: In Progress Status in qemu source package in Bionic: In Progress Status in qemu source package in Eoan: In Progress Status in qemu source package in Focal: In Progress Bug description: [Impact] * QEMU locking primitives might face a race condition in QEMU Async I/O bottom halves scheduling. This leads to a dead lock making either QEMU or one of its tools to hang indefinitely. [Test Case] * qemu-img convert -f qcow2 -O qcow2 ./disk01.qcow2 ./output.qcow2 Hangs indefinitely approximately 30% of the runs in Aarch64. [Regression Potential] * This is a change to a core part of QEMU: The AIO scheduling. It works like a "kernel" scheduler, whereas kernel schedules OS tasks, the QEMU AIO code is responsible to schedule QEMU coroutines or event listeners callbacks. * There was a long discussion upstream about primitives and Aarch64. After quite sometime Paolo released this patch and it solves the issue. Tested platforms were: amd64 and aarch64 based on his commit log. * Christian suggests that this fix stay little longer in -proposed to make sure it won't cause any regressions. * dannf suggests we also check for performance regressions; e.g. how long it takes to convert a cloud image on high-core systems. [Other Info] * Original Description bellow: Command: qemu-img convert -f qcow2 -O qcow2 ./disk01.qcow2 ./output.qcow2 Hangs indefinitely approximately 30% of the runs. Workaround: qemu-img convert -m 1 -f qcow2 -O qcow2 ./disk01.qcow2 ./output.qcow2 Run "qemu-img convert" with "a single coroutine" to avoid this issue. (gdb) thread 1 ... (gdb) bt #0 0xbf1ad81c in __GI_ppoll #1 0xaabcf73c in ppoll #2 qemu_poll_ns #3 0xaabd0764 in os_host_main_loop_wait #4 main_loop_wait ... (gdb) thread 2 ... (gdb) bt #0 syscall () #1 0xaabd41cc in qemu_futex_wait #2 qemu_event_wait (ev=ev@entry=0xaac86ce8 ) #3 0xaabed05c in call_rcu_thread #4 0xaabd34c8 in qemu_thread_start #5 0xbf25c880 in start_thread #6 0xbf1b6b9c in thread_start () (gdb) thread 3 ... (gdb) bt #0 0xbf11aa20 in __GI___sigtimedwait #1 0xbf2671b4 in __sigwait #2 0xaabd1ddc in sigwait_compat #3 0xaabd34c8 in qemu_thread_start #4 0xbf25c880 in start_thread #5 0xbf1b6b9c in thread_start (gdb) run Starting program: /usr/bin/qemu-img convert -f qcow2 -O qcow2 ./disk01.ext4.qcow2 ./output.qcow2 [New Thread 0xbec5ad90 (LWP 72839)] [New Thread 0xbe459d90 (LWP 72840)] [New Thread 0xbdb57d90 (LWP 72841)] [New Thread 0xacac9d90 (LWP 72859)] [New Thread 0xa7ffed90 (LWP 72860)] [New Thread 0xa77fdd90 (LWP 72861)] [New Thread 0xa6ffcd90 (LWP 72862)] [New Thread 0xa67fbd90 (LWP 72863)] [New Thread 0xa5ffad90 (LWP 72864)] [Thread 0xa5ffad90 (LWP 72864) exited] [Thread 0xa6ffcd90 (LWP 72862) exited] [Thread 0xa77fdd90 (LWP 72861) exited] [Thread 0xbdb57d90 (LWP 72841) exited] [Thread 0xa67fbd90 (LWP 72863) exited] [Thread 0xacac9d90 (LWP 72859) exited] [Thread 0xa7ffed90 (LWP 72860) exited] """ All the tasks left are blocked in a system call, so no task left to call qemu_futex_wake() to unblock thread #2 (in futex()), which would unblock thread #1 (doing poll() in a pipe with thread #2). Those 7 threads exit before disk conversion is complete (sometimes in the beginning, sometimes at the end). On the HiSilicon D06 system - a 96 core NUMA arm64 box - qemu-img frequently hangs (~50% of the time) with this command: qemu-img convert -f qcow2 -O qcow2 /tmp/cloudimg /tmp/cloudimg2 Where "cloudimg" is a standard qcow2 Ubuntu cloud image. This qcow2->qcow2 conversion happens to be something uvtool does every time it fetches images. Once hung, attaching gdb gives the following backtrace: (gdb) bt #0 0xae4f8154 in __GI_ppoll (fds=0xe8a67dc0, nfds=187650274213760, timeout=, timeout@entry=0x0, sigmask=0xc123b950) at ../sysdeps/unix/sysv/linux/ppoll.c:39 #1 0xbbefaf00 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/aarch64-linux-gnu/bits/poll2.h:77
Re: [PATCH v3 4/9] qapi/misc: Restrict balloon-related commands to machine code
Philippe Mathieu-Daudé writes: > On 5/26/20 11:31 AM, Philippe Mathieu-Daudé wrote: >> +Laurent >> >> On 5/26/20 11:04 AM, Markus Armbruster wrote: >>> Philippe Mathieu-Daudé writes: >>> On 5/26/20 9:38 AM, Markus Armbruster wrote: > Philippe Mathieu-Daudé writes: > >> Signed-off-by: Philippe Mathieu-Daudé > > A brief note on why restricting "to machine code" is useful would be > nice. Same for the other patches. > > Acked-by: Markus Armbruster > What about this? "QEMU can do system-mode and user-mode emulation. Only system mode emulate a machine. Remove this feature from the user-mode emulation." >>> >>> Is is a feature of user-mode emulation before the patch? Or is it just >>> dead code? >>> >>> Hint: QMP commands tend to be dead code when the program doesn't expose >>> a QMP monitor :) >> >> Maybe a 'corollary' question, "How user-mode users use QMP?" >> > > I can't find a way to start a user-mode process with a QMP socket, is > there one? As far as I can tell, only qemu-system-FOO and qemu-storage-daemon provide QMP monitors: * Monitors need to be initialized with monitor_init(). Two callers: monitor_init_hmp(), monitor_init_qmp(). * monitor_init() calls both, and is the common wat to create a monitor. Called by vl.c via monitor_init_opts(), and by qemu-storage-daemon. * monitor_init_hmp() has additional callers, but HMP doesn't matter here.
Re: [PATCH 30/55] auxbus: New aux_realize_bus(), pairing with aux_init_bus()
Philippe Mathieu-Daudé writes: > On 5/19/20 4:55 PM, Markus Armbruster wrote: >> aux_init_bus() encapsulates the creation of an aux-bus and its >> aux-to-i2c-bridge device. >> >> Create aux_realize_bus() to similarly encapsulate their realization. >> >> Signed-off-by: Markus Armbruster >> --- >> include/hw/misc/auxbus.h | 7 +++ >> hw/display/xlnx_dp.c | 2 +- >> hw/misc/auxbus.c | 5 + >> 3 files changed, 13 insertions(+), 1 deletion(-) >> >> diff --git a/include/hw/misc/auxbus.h b/include/hw/misc/auxbus.h >> index a539a98c4b..6ab6cf5bb6 100644 >> --- a/include/hw/misc/auxbus.h >> +++ b/include/hw/misc/auxbus.h >> @@ -93,6 +93,13 @@ struct AUXSlave { >> */ >> AUXBus *aux_init_bus(DeviceState *parent, const char *name); > > Previous to your patch, but aux_init_bus() is misnamed. > > I'd rather rename this one aux_bus_init() ... > >> >> +/** >> + * aux_realize_bus: Realize an AUX bus. >> + * >> + * @bus: The AUX bus. >> + */ >> +void aux_realize_bus(AUXBus *bus); > > ... and this one aux_bus_realize(). > > If you mind :) Makes sense. > Reviewed-by: Philippe Mathieu-Daudé Thanks!
[PATCH v25 QEMU 1/3] virtio-balloon: Implement support for page poison reporting feature
From: Alexander Duyck We need to make certain to advertise support for page poison reporting if we want to actually get data on if the guest will be poisoning pages. Add a value for reporting the poison value being used if page poisoning is enabled in the guest. With this we can determine if we will need to skip free page reporting when it is enabled in the future. The value currently has no impact on existing balloon interfaces. In the case of existing balloon interfaces the onus is on the guest driver to reapply whatever poison is in place. When we add free page reporting the poison value is used to determine if we can perform in-place page reporting. The expectation is that a reported page will already contain the value specified by the poison, and the reporting of the page should not change that value. Acked-by: David Hildenbrand Signed-off-by: Alexander Duyck --- hw/core/machine.c |4 +++- hw/virtio/virtio-balloon.c | 29 + include/hw/virtio/virtio-balloon.h |1 + 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index bb3a7b18b193..9eca7d8c9bfe 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -28,7 +28,9 @@ #include "hw/mem/nvdimm.h" #include "migration/vmstate.h" -GlobalProperty hw_compat_5_0[] = {}; +GlobalProperty hw_compat_5_0[] = { +{ "virtio-balloon-device", "page-poison", "false" }, +}; const size_t hw_compat_5_0_len = G_N_ELEMENTS(hw_compat_5_0); GlobalProperty hw_compat_4_2[] = { diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 065cd450f10f..26f6a7ca2e35 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -634,6 +634,7 @@ static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t *config_data) config.num_pages = cpu_to_le32(dev->num_pages); config.actual = cpu_to_le32(dev->actual); +config.poison_val = cpu_to_le32(dev->poison_val); if (dev->free_page_report_status == FREE_PAGE_REPORT_S_REQUESTED) { config.free_page_report_cmd_id = @@ -683,6 +684,14 @@ static ram_addr_t get_current_ram_size(void) return size; } +static bool virtio_balloon_page_poison_support(void *opaque) +{ +VirtIOBalloon *s = opaque; +VirtIODevice *vdev = VIRTIO_DEVICE(s); + +return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON); +} + static void virtio_balloon_set_config(VirtIODevice *vdev, const uint8_t *config_data) { @@ -697,6 +706,10 @@ static void virtio_balloon_set_config(VirtIODevice *vdev, qapi_event_send_balloon_change(vm_ram_size - ((ram_addr_t) dev->actual << VIRTIO_BALLOON_PFN_SHIFT)); } +dev->poison_val = 0; +if (virtio_balloon_page_poison_support(dev)) { +dev->poison_val = le32_to_cpu(config.poison_val); +} trace_virtio_balloon_set_config(dev->actual, oldactual); } @@ -755,6 +768,17 @@ static const VMStateDescription vmstate_virtio_balloon_free_page_report = { } }; +static const VMStateDescription vmstate_virtio_balloon_page_poison = { +.name = "vitio-balloon-device/page-poison", +.version_id = 1, +.minimum_version_id = 1, +.needed = virtio_balloon_page_poison_support, +.fields = (VMStateField[]) { +VMSTATE_UINT32(poison_val, VirtIOBalloon), +VMSTATE_END_OF_LIST() +} +}; + static const VMStateDescription vmstate_virtio_balloon_device = { .name = "virtio-balloon-device", .version_id = 1, @@ -767,6 +791,7 @@ static const VMStateDescription vmstate_virtio_balloon_device = { }, .subsections = (const VMStateDescription * []) { _virtio_balloon_free_page_report, +_virtio_balloon_page_poison, NULL } }; @@ -854,6 +879,8 @@ static void virtio_balloon_device_reset(VirtIODevice *vdev) g_free(s->stats_vq_elem); s->stats_vq_elem = NULL; } + +s->poison_val = 0; } static void virtio_balloon_set_status(VirtIODevice *vdev, uint8_t status) @@ -916,6 +943,8 @@ static Property virtio_balloon_properties[] = { VIRTIO_BALLOON_F_DEFLATE_ON_OOM, false), DEFINE_PROP_BIT("free-page-hint", VirtIOBalloon, host_features, VIRTIO_BALLOON_F_FREE_PAGE_HINT, false), +DEFINE_PROP_BIT("page-poison", VirtIOBalloon, host_features, +VIRTIO_BALLOON_F_PAGE_POISON, true), /* QEMU 4.0 accidentally changed the config size even when free-page-hint * is disabled, resulting in QEMU 3.1 migration incompatibility. This * property retains this quirk for QEMU 4.1 machine types. diff --git a/include/hw/virtio/virtio-balloon.h b/include/hw/virtio/virtio-balloon.h index d1c968d2376e..7fe78e5c14d7 100644 --- a/include/hw/virtio/virtio-balloon.h +++ b/include/hw/virtio/virtio-balloon.h @@ -70,6 +70,7 @@ typedef struct VirtIOBalloon { uint32_t host_features; bool
[PATCH v25 QEMU 3/3] virtio-balloon: Replace free page hinting references to 'report' with 'hint'
From: Alexander Duyck In an upcoming patch a feature named Free Page Reporting is about to be added. In order to avoid any confusion we should drop the use of the word 'report' when referring to Free Page Hinting. So what this patch does is go through and replace all instances of 'report' with 'hint" when we are referring to free page hinting. Acked-by: David Hildenbrand Signed-off-by: Alexander Duyck --- hw/virtio/virtio-balloon.c | 78 ++-- include/hw/virtio/virtio-balloon.h | 20 + 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 3e2ac1104b5f..dc15409b0bb6 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -527,21 +527,21 @@ static bool get_free_page_hints(VirtIOBalloon *dev) ret = false; goto out; } -if (id == dev->free_page_report_cmd_id) { -dev->free_page_report_status = FREE_PAGE_REPORT_S_START; +if (id == dev->free_page_hint_cmd_id) { +dev->free_page_hint_status = FREE_PAGE_HINT_S_START; } else { /* * Stop the optimization only when it has started. This * avoids a stale stop sign for the previous command. */ -if (dev->free_page_report_status == FREE_PAGE_REPORT_S_START) { -dev->free_page_report_status = FREE_PAGE_REPORT_S_STOP; +if (dev->free_page_hint_status == FREE_PAGE_HINT_S_START) { +dev->free_page_hint_status = FREE_PAGE_HINT_S_STOP; } } } if (elem->in_num) { -if (dev->free_page_report_status == FREE_PAGE_REPORT_S_START) { +if (dev->free_page_hint_status == FREE_PAGE_HINT_S_START) { qemu_guest_free_page_hint(elem->in_sg[0].iov_base, elem->in_sg[0].iov_len); } @@ -567,11 +567,11 @@ static void virtio_ballloon_get_free_page_hints(void *opaque) qemu_mutex_unlock(>free_page_lock); virtio_notify(vdev, vq); /* - * Start to poll the vq once the reporting started. Otherwise, continue + * Start to poll the vq once the hinting started. Otherwise, continue * only when there are entries on the vq, which need to be given back. */ } while (continue_to_get_hints || - dev->free_page_report_status == FREE_PAGE_REPORT_S_START); + dev->free_page_hint_status == FREE_PAGE_HINT_S_START); virtio_queue_set_notification(vq, 1); } @@ -592,14 +592,14 @@ static void virtio_balloon_free_page_start(VirtIOBalloon *s) return; } -if (s->free_page_report_cmd_id == UINT_MAX) { -s->free_page_report_cmd_id = - VIRTIO_BALLOON_FREE_PAGE_REPORT_CMD_ID_MIN; +if (s->free_page_hint_cmd_id == UINT_MAX) { +s->free_page_hint_cmd_id = + VIRTIO_BALLOON_FREE_PAGE_HINT_CMD_ID_MIN; } else { -s->free_page_report_cmd_id++; +s->free_page_hint_cmd_id++; } -s->free_page_report_status = FREE_PAGE_REPORT_S_REQUESTED; +s->free_page_hint_status = FREE_PAGE_HINT_S_REQUESTED; virtio_notify_config(vdev); } @@ -607,18 +607,18 @@ static void virtio_balloon_free_page_stop(VirtIOBalloon *s) { VirtIODevice *vdev = VIRTIO_DEVICE(s); -if (s->free_page_report_status != FREE_PAGE_REPORT_S_STOP) { +if (s->free_page_hint_status != FREE_PAGE_HINT_S_STOP) { /* * The lock also guarantees us that the * virtio_ballloon_get_free_page_hints exits after the - * free_page_report_status is set to S_STOP. + * free_page_hint_status is set to S_STOP. */ qemu_mutex_lock(>free_page_lock); /* - * The guest hasn't done the reporting, so host sends a notification - * to the guest to actively stop the reporting. + * The guest isn't done hinting, so send a notification + * to the guest to actively stop the hinting. */ -s->free_page_report_status = FREE_PAGE_REPORT_S_STOP; +s->free_page_hint_status = FREE_PAGE_HINT_S_STOP; qemu_mutex_unlock(>free_page_lock); virtio_notify_config(vdev); } @@ -628,15 +628,15 @@ static void virtio_balloon_free_page_done(VirtIOBalloon *s) { VirtIODevice *vdev = VIRTIO_DEVICE(s); -s->free_page_report_status = FREE_PAGE_REPORT_S_DONE; +s->free_page_hint_status = FREE_PAGE_HINT_S_DONE; virtio_notify_config(vdev); } static int -virtio_balloon_free_page_report_notify(NotifierWithReturn *n, void *data) +virtio_balloon_free_page_hint_notify(NotifierWithReturn *n, void *data) { VirtIOBalloon *dev = container_of(n, VirtIOBalloon, - free_page_report_notify); + free_page_hint_notify); VirtIODevice *vdev =
[PATCH v25 QEMU 2/3] virtio-balloon: Provide an interface for free page reporting
From: Alexander Duyck Add support for free page reporting. The idea is to function very similar to how the balloon works in that we basically end up madvising the page as not being used. However we don't really need to bother with any deflate type logic since the page will be faulted back into the guest when it is read or written to. This provides a new way of letting the guest proactively report free pages to the hypervisor, so the hypervisor can reuse them. In contrast to inflate/deflate that is triggered via the hypervisor explicitly. Acked-by: David Hildenbrand Signed-off-by: Alexander Duyck --- hw/virtio/virtio-balloon.c | 72 include/hw/virtio/virtio-balloon.h |2 + 2 files changed, 73 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 26f6a7ca2e35..3e2ac1104b5f 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -321,6 +321,67 @@ static void balloon_stats_set_poll_interval(Object *obj, Visitor *v, balloon_stats_change_timer(s, 0); } +static void virtio_balloon_handle_report(VirtIODevice *vdev, VirtQueue *vq) +{ +VirtIOBalloon *dev = VIRTIO_BALLOON(vdev); +VirtQueueElement *elem; + +while ((elem = virtqueue_pop(vq, sizeof(VirtQueueElement { +unsigned int i; + +/* + * When we discard the page it has the effect of removing the page + * from the hypervisor itself and causing it to be zeroed when it + * is returned to us. So we must not discard the page if it is + * accessible by another device or process, or if the guest is + * expecting it to retain a non-zero value. + */ +if (qemu_balloon_is_inhibited() || dev->poison_val) { +goto skip_element; +} + +for (i = 0; i < elem->in_num; i++) { +void *addr = elem->in_sg[i].iov_base; +size_t size = elem->in_sg[i].iov_len; +ram_addr_t ram_offset; +RAMBlock *rb; + +/* + * There is no need to check the memory section to see if + * it is ram/readonly/romd like there is for handle_output + * below. If the region is not meant to be written to then + * address_space_map will have allocated a bounce buffer + * and it will be freed in address_space_unmap and trigger + * and unassigned_mem_write before failing to copy over the + * buffer. If more than one bad descriptor is provided it + * will return NULL after the first bounce buffer and fail + * to map any resources. + */ +rb = qemu_ram_block_from_host(addr, false, _offset); +if (!rb) { +trace_virtio_balloon_bad_addr(elem->in_addr[i]); +continue; +} + +/* + * For now we will simply ignore unaligned memory regions, or + * regions that overrun the end of the RAMBlock. + */ +if (!QEMU_IS_ALIGNED(ram_offset | size, qemu_ram_pagesize(rb)) || +(ram_offset + size) > qemu_ram_get_used_length(rb)) { +continue; +} + +ram_block_discard_range(rb, ram_offset, size); +} + +skip_element: +virtqueue_push(vq, elem, 0); +virtio_notify(vdev, vq); +g_free(elem); +} +} + static void virtio_balloon_handle_output(VirtIODevice *vdev, VirtQueue *vq) { VirtIOBalloon *s = VIRTIO_BALLOON(vdev); @@ -841,6 +902,12 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp) virtio_error(vdev, "iothread is missing"); } } + +if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) { +s->reporting_vq = virtio_add_queue(vdev, 32, + virtio_balloon_handle_report); +} + reset_stats(s); } @@ -863,6 +930,9 @@ static void virtio_balloon_device_unrealize(DeviceState *dev) if (s->free_page_vq) { virtio_delete_queue(s->free_page_vq); } +if (s->reporting_vq) { +virtio_delete_queue(s->reporting_vq); +} virtio_cleanup(vdev); } @@ -945,6 +1015,8 @@ static Property virtio_balloon_properties[] = { VIRTIO_BALLOON_F_FREE_PAGE_HINT, false), DEFINE_PROP_BIT("page-poison", VirtIOBalloon, host_features, VIRTIO_BALLOON_F_PAGE_POISON, true), +DEFINE_PROP_BIT("free-page-reporting", VirtIOBalloon, host_features, +VIRTIO_BALLOON_F_REPORTING, false), /* QEMU 4.0 accidentally changed the config size even when free-page-hint * is disabled, resulting in QEMU 3.1 migration incompatibility. This * property retains this quirk for QEMU 4.1 machine types. diff --git a/include/hw/virtio/virtio-balloon.h b/include/hw/virtio/virtio-balloon.h index 7fe78e5c14d7..d49fef00cef2 100644
[PATCH v25 QEMU 0/3] virtio-balloon: add support for page poison and free page reporting
This series provides an asynchronous means of reporting free guest pages to QEMU through virtio-balloon so that the memory associated with those pages can be dropped and reused by other processes and/or guests on the host. Using this it is possible to avoid unnecessary I/O to disk and greatly improve performance in the case of memory overcommit on the host. I originally submitted this patch series back on February 11th 2020[1], but at that time I was focused primarily on the kernel portion of this patch set. However as of April 7th those patches are now included in Linus's kernel tree[2] and so I am submitting the QEMU pieces for inclusion. [1]: https://lore.kernel.org/lkml/20200211224416.29318.44077.stgit@localhost.localdomain/ [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0c504f154718904ae49349147e3b7e6ae91ffdc Changes from v17: Fixed typo in patch 1 title Addressed white-space issues reported via checkpatch Added braces {} for two if statements to match expected coding style Changes from v18: Updated patches 2 and 3 based on input from dhildenb Added comment to patch 2 describing what keeps us from reporting a bad page Added patch to address issue with ROM devices being directly writable Changes from v19: Added std-headers change to match changes pushed for linux kernel headers Added patch to remove "report" from page hinting code paths Updated comment to better explain why we disable hints w/ page poisoning Removed code that was modifying config size for poison vs hinting Dropped x-page-poison property Added code to bounds check the reported region vs the RAM block Dropped patch for ROM devices as that was already pulled in by Paolo Changes from v20: Rearranged patches to push Linux header sync patches to front Removed association between free page hinting and VIRTIO_BALLOON_F_PAGE_POISON Added code to enable VIRTIO_BALLOON_F_PAGE_POISON if page reporting is enabled Fixed possible resource leak if poison or qemu_balloon_is_inhibited return true Changes from v21: Added ack for patch 3 Rewrote patch description for page poison reporting feature Made page-poison independent property and set to enabled by default Added logic to migrate poison_val Added several comments in code to better explain features Switched free-page-reporting property to disabled by default Changes from v22: Added ack for patches 4 & 5 Added additional comment fixes in patch 3 to remove "reporting" reference Renamed rvq in patch 5 to reporting_vq to better match linux kernel Moved call adding reporting_vq to after free_page_vq Changes from v23: Rebased on latest QEMU Dropped patches 1 & 2 as Linux kernel headers were synced Added compat machine code for page-poison feature Changes from v24: Moved free page hinting rename to end of set as feature may be removed entirely Added code to cleanup reporting_vq --- Alexander Duyck (3): virtio-balloon: Implement support for page poison reporting feature virtio-balloon: Provide an interface for free page reporting virtio-balloon: Replace free page hinting references to 'report' with 'hint' hw/core/machine.c |4 + hw/virtio/virtio-balloon.c | 179 include/hw/virtio/virtio-balloon.h | 23 ++--- 3 files changed, 155 insertions(+), 51 deletions(-) --
RE: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets
> -Original Message- > From: Alistair Francis > Sent: 27 May 2020 09:00 > To: Anup Patel > Cc: Palmer Dabbelt ; Peter Maydell > ; qemu-ri...@nongnu.org; > sag...@eecs.berkeley.edu; a...@brainfault.org; qemu-devel@nongnu.org; > Atish Patra ; Alistair Francis > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets > > at all? > > AlistairOn Tue, May 26, 2020 at 7:55 PM Anup Patel > wrote: > > > > > > > > > -Original Message- > > > From: Alistair Francis > > > Sent: 27 May 2020 06:08 > > > To: Anup Patel > > > Cc: Palmer Dabbelt ; Peter Maydell > > > ; qemu-ri...@nongnu.org; > > > sag...@eecs.berkeley.edu; a...@brainfault.org; > > > qemu-devel@nongnu.org; Atish Patra ; Alistair > > > Francis > > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple > > > sockets > > > > > > On Fri, May 22, 2020 at 3:10 AM Anup Patel wrote: > > > > > > > > > > > > > > > > > -Original Message- > > > > > From: Palmer Dabbelt > > > > > Sent: 22 May 2020 01:46 > > > > > To: Anup Patel > > > > > Cc: Peter Maydell ; Alistair Francis > > > > > ; sag...@eecs.berkeley.edu; Atish > > > > > Patra ; a...@brainfault.org; > > > > > qemu-ri...@nongnu.org; qemu-devel@nongnu.org; Anup Patel > > > > > > > > > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating > > > > > multiple sockets > > > > > > > > > > On Fri, 15 May 2020 23:37:44 PDT (-0700), Anup Patel wrote: > > > > > > We extend RISC-V spike machine to allow creating a > > > > > > multi-socket > > > machine. > > > > > > Each RISC-V spike machine socket is a set of HARTs and a CLINT > instance. > > > > > > Other peripherals are shared between all RISC-V spike machine > sockets. > > > > > > We also update RISC-V spike machine device tree to treat each > > > > > > socket as a NUMA node. > > > > > > > > > > > > The number of sockets in RISC-V spike machine can be specified > > > > > > using the "sockets=" sub-option of QEMU "-smp" command-line > > > > > > option. By default, only one socket RISC-V spike machine will be > created. > > > > > > > > > > > > Currently, we only allow creating upto maximum 4 sockets with > > > > > > minimum > > > > > > 2 HARTs per socket. In future, this limits can be changed. > > > > > > > > > > > > Signed-off-by: Anup Patel > > > > > > --- > > > > > > hw/riscv/spike.c | 206 > > > > > > --- > > > > > > include/hw/riscv/spike.h | 8 +- > > > > > > 2 files changed, 133 insertions(+), 81 deletions(-) > > > > > > > > > > > > diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index > > > > > > d5e0103d89..f63c57a87c 100644 > > > > > > --- a/hw/riscv/spike.c > > > > > > +++ b/hw/riscv/spike.c > > > > > > @@ -64,9 +64,11 @@ static void create_fdt(SpikeState *s, const > > > > > > struct > > > > > MemmapEntry *memmap, > > > > > > uint64_t mem_size, const char *cmdline) { > > > > > > void *fdt; > > > > > > -int cpu; > > > > > > -uint32_t *cells; > > > > > > -char *nodename; > > > > > > +int cpu, socket; > > > > > > +uint32_t *clint_cells; > > > > > > +unsigned long clint_addr; > > > > > > +uint32_t cpu_phandle, intc_phandle, phandle = 1; > > > > > > +char *name, *clint_name, *clust_name, *core_name, > > > > > > + *cpu_name, *intc_name; > > > > > > > > > > > > fdt = s->fdt = create_device_tree(>fdt_size); > > > > > > if (!fdt) { > > > > > > @@ -88,68 +90,85 @@ static void create_fdt(SpikeState *s, > > > > > > const struct > > > > > MemmapEntry *memmap, > > > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); > > > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", > > > > > > 0x2); > > > > > > > > > > > > -nodename = g_strdup_printf("/memory@%lx", > > > > > > -(long)memmap[SPIKE_DRAM].base); > > > > > > -qemu_fdt_add_subnode(fdt, nodename); > > > > > > -qemu_fdt_setprop_cells(fdt, nodename, "reg", > > > > > > +name = g_strdup_printf("/memory@%lx", > > > > > (long)memmap[SPIKE_DRAM].base); > > > > > > +qemu_fdt_add_subnode(fdt, name); > > > > > > +qemu_fdt_setprop_cells(fdt, name, "reg", > > > > > > memmap[SPIKE_DRAM].base >> 32, > memmap[SPIKE_DRAM].base, > > > > > > mem_size >> 32, mem_size); > > > > > > -qemu_fdt_setprop_string(fdt, nodename, "device_type", > "memory"); > > > > > > -g_free(nodename); > > > > > > +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); > > > > > > +g_free(name); > > > > > > > > > > > > qemu_fdt_add_subnode(fdt, "/cpus"); > > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", > > > > > > SIFIVE_CLINT_TIMEBASE_FREQ); > > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); > > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", > > > > > > 0x1); > > > > > > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); > > > > > > > > > > > > -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { > > > > > >
Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets
at all? AlistairOn Tue, May 26, 2020 at 7:55 PM Anup Patel wrote: > > > > > -Original Message- > > From: Alistair Francis > > Sent: 27 May 2020 06:08 > > To: Anup Patel > > Cc: Palmer Dabbelt ; Peter Maydell > > ; qemu-ri...@nongnu.org; > > sag...@eecs.berkeley.edu; a...@brainfault.org; qemu-devel@nongnu.org; > > Atish Patra ; Alistair Francis > > > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets > > > > On Fri, May 22, 2020 at 3:10 AM Anup Patel wrote: > > > > > > > > > > > > > -Original Message- > > > > From: Palmer Dabbelt > > > > Sent: 22 May 2020 01:46 > > > > To: Anup Patel > > > > Cc: Peter Maydell ; Alistair Francis > > > > ; sag...@eecs.berkeley.edu; Atish Patra > > > > ; a...@brainfault.org; qemu-ri...@nongnu.org; > > > > qemu-devel@nongnu.org; Anup Patel > > > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple > > > > sockets > > > > > > > > On Fri, 15 May 2020 23:37:44 PDT (-0700), Anup Patel wrote: > > > > > We extend RISC-V spike machine to allow creating a multi-socket > > machine. > > > > > Each RISC-V spike machine socket is a set of HARTs and a CLINT > > > > > instance. > > > > > Other peripherals are shared between all RISC-V spike machine sockets. > > > > > We also update RISC-V spike machine device tree to treat each > > > > > socket as a NUMA node. > > > > > > > > > > The number of sockets in RISC-V spike machine can be specified > > > > > using the "sockets=" sub-option of QEMU "-smp" command-line > > > > > option. By default, only one socket RISC-V spike machine will be > > > > > created. > > > > > > > > > > Currently, we only allow creating upto maximum 4 sockets with > > > > > minimum > > > > > 2 HARTs per socket. In future, this limits can be changed. > > > > > > > > > > Signed-off-by: Anup Patel > > > > > --- > > > > > hw/riscv/spike.c | 206 > > > > > --- > > > > > include/hw/riscv/spike.h | 8 +- > > > > > 2 files changed, 133 insertions(+), 81 deletions(-) > > > > > > > > > > diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index > > > > > d5e0103d89..f63c57a87c 100644 > > > > > --- a/hw/riscv/spike.c > > > > > +++ b/hw/riscv/spike.c > > > > > @@ -64,9 +64,11 @@ static void create_fdt(SpikeState *s, const > > > > > struct > > > > MemmapEntry *memmap, > > > > > uint64_t mem_size, const char *cmdline) { > > > > > void *fdt; > > > > > -int cpu; > > > > > -uint32_t *cells; > > > > > -char *nodename; > > > > > +int cpu, socket; > > > > > +uint32_t *clint_cells; > > > > > +unsigned long clint_addr; > > > > > +uint32_t cpu_phandle, intc_phandle, phandle = 1; > > > > > +char *name, *clint_name, *clust_name, *core_name, *cpu_name, > > > > > + *intc_name; > > > > > > > > > > fdt = s->fdt = create_device_tree(>fdt_size); > > > > > if (!fdt) { > > > > > @@ -88,68 +90,85 @@ static void create_fdt(SpikeState *s, const > > > > > struct > > > > MemmapEntry *memmap, > > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); > > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2); > > > > > > > > > > -nodename = g_strdup_printf("/memory@%lx", > > > > > -(long)memmap[SPIKE_DRAM].base); > > > > > -qemu_fdt_add_subnode(fdt, nodename); > > > > > -qemu_fdt_setprop_cells(fdt, nodename, "reg", > > > > > +name = g_strdup_printf("/memory@%lx", > > > > (long)memmap[SPIKE_DRAM].base); > > > > > +qemu_fdt_add_subnode(fdt, name); > > > > > +qemu_fdt_setprop_cells(fdt, name, "reg", > > > > > memmap[SPIKE_DRAM].base >> 32, memmap[SPIKE_DRAM].base, > > > > > mem_size >> 32, mem_size); > > > > > -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); > > > > > -g_free(nodename); > > > > > +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); > > > > > +g_free(name); > > > > > > > > > > qemu_fdt_add_subnode(fdt, "/cpus"); > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", > > > > > SIFIVE_CLINT_TIMEBASE_FREQ); > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); > > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); > > > > > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); > > > > > > > > > > -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { > > > > > -nodename = g_strdup_printf("/cpus/cpu@%d", cpu); > > > > > -char *intc = > > > > > g_strdup_printf("/cpus/cpu@%d/interrupt-controller", > > cpu); > > > > > -char *isa = riscv_isa_string(>soc.harts[cpu]); > > > > > -qemu_fdt_add_subnode(fdt, nodename); > > > > > +for (socket = (s->num_socs - 1); socket >= 0; socket--) { > > > > > +clust_name = g_strdup_printf("/cpus/cpu-map/cluster0%d", > > > > > socket); > > > > > +qemu_fdt_add_subnode(fdt, clust_name); > > > > > + > > > > > +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts > > >
Re: [PATCH] target/ppc: Fix argument to ppc_radix64_partition_scoped_xlate() again
On Tue, May 26, 2020 at 06:20:37PM +0200, Greg Kurz wrote: > The penultimate argument of function ppc_radix64_partition_scoped_xlate() > has the bool type. > > Fixes: d04ea940c597 "target/ppc: Add support for Radix partition-scoped > translation" > Signed-off-by: Greg Kurz Applied, thanks. > --- > > A patch fixing the same issue in other places was merged recently in > ppc-for-5.1. Maybe worth squashing the two patches into one ? I haven't done this, because it ran into some conflicts that I didn't want to spend time resolving. > > commit 372ef6e9b803ef10c3200c45311d218e2c97b218 > Author: Greg Kurz > Date: Thu May 14 00:57:13 2020 +0200 > > target/ppc: Fix arguments to ppc_radix64_partition_scoped_xlate() > --- > target/ppc/mmu-radix64.c |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c > index 0d3922537c4c..c60bf3135734 100644 > --- a/target/ppc/mmu-radix64.c > +++ b/target/ppc/mmu-radix64.c > @@ -513,7 +513,7 @@ static int ppc_radix64_xlate(PowerPCCPU *cpu, vaddr > eaddr, int rwx, > > ret = ppc_radix64_partition_scoped_xlate(cpu, rwx, eaddr, > g_raddr, > pate, raddr, , > , > - 0, guest_visible); > + false, guest_visible); > if (ret) { > return ret; > } > -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [RESEND PATCH 1/1] vfio/nvlink: Remove exec permission to avoid SELinux AVCs
On Tue, May 26, 2020 at 02:43:43PM -0600, Alex Williamson wrote: > On Mon, 18 May 2020 12:05:24 -0300 > Leonardo Bras wrote: > > > If SELinux is setup without 'execmem' permission for qemu, all mmap > > with (PROT_WRITE | PROT_EXEC) will fail and print a warning in > > SELinux log. > > > > If "nvlink2-mr" memory allocation fails (fist diff), it will cause > > guest NUMA nodes to not be correctly configured (V100 memory will > > not be visible for guest, nor its NUMA nodes). > > > > Not having 'execmem' permission is intesting for virtual machines to > > avoid buffer-overflow based attacks, and it's adopted in distros > > like RHEL. > > > > So, removing the PROT_EXEC flag seems the right thing to do. > > > > Browsing some other code that mmaps memory for usage with > > memory_region_init_ram_device_ptr, I could notice it's usual to > > not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be > > no problem around this. > > > > Signed-off-by: Leonardo Bras > > Reviewed-by: Alexey Kardashevskiy > > > > --- > > Seems David Gibson might be in a position to send a pull request > including this before I can, so: Merged to ppc-for-5.1, thanks. > > Acked-by: Alex Williamson > > > > - Alexey's review is here: > > https://lists.nongnu.org/archive/html/qemu-devel/2020-05/msg6.html > > > > hw/vfio/pci-quirks.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c > > index 2d348f8237..124d4f57e1 100644 > > --- a/hw/vfio/pci-quirks.c > > +++ b/hw/vfio/pci-quirks.c > > @@ -1620,7 +1620,7 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice > > *vdev, Error **errp) > > } > > cap = (void *) hdr; > > > > -p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE | PROT_EXEC, > > +p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE, > > MAP_SHARED, vdev->vbasedev.fd, nv2reg->offset); > > if (p == MAP_FAILED) { > > ret = -errno; > > @@ -1680,7 +1680,7 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error > > **errp) > > > > /* Some NVLink bridges may not have assigned ATSD */ > > if (atsdreg->size) { > > -p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE | PROT_EXEC, > > +p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE, > > MAP_SHARED, vdev->vbasedev.fd, atsdreg->offset); > > if (p == MAP_FAILED) { > > ret = -errno; > > > > -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [PATCH] or1k: Fix compilation hiccup
On 5/26/20 6:21 PM, no-re...@patchew.org wrote: Patchew URL: https://patchew.org/QEMU/20200526185132.1652355-1-ebl...@redhat.com/ Hi, This series seems to have some coding style problems. See output below for more information: === OUTPUT BEGIN === ERROR: spaces required around that '*' (ctx:WxV) #33: FILE: hw/openrisc/openrisc_sim.c:132: +qemu_irq *cpu_irqs[2] = {}; ^ total: 1 errors, 0 warnings, 8 lines checked Commit d96d2fbbc5db (or1k: Fix compilation hiccup) has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. False positive, due to 'qemu_irq' not following the normal naming conventions for typedefs. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
RE: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets
> -Original Message- > From: Alistair Francis > Sent: 27 May 2020 06:08 > To: Anup Patel > Cc: Palmer Dabbelt ; Peter Maydell > ; qemu-ri...@nongnu.org; > sag...@eecs.berkeley.edu; a...@brainfault.org; qemu-devel@nongnu.org; > Atish Patra ; Alistair Francis > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets > > On Fri, May 22, 2020 at 3:10 AM Anup Patel wrote: > > > > > > > > > -Original Message- > > > From: Palmer Dabbelt > > > Sent: 22 May 2020 01:46 > > > To: Anup Patel > > > Cc: Peter Maydell ; Alistair Francis > > > ; sag...@eecs.berkeley.edu; Atish Patra > > > ; a...@brainfault.org; qemu-ri...@nongnu.org; > > > qemu-devel@nongnu.org; Anup Patel > > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple > > > sockets > > > > > > On Fri, 15 May 2020 23:37:44 PDT (-0700), Anup Patel wrote: > > > > We extend RISC-V spike machine to allow creating a multi-socket > machine. > > > > Each RISC-V spike machine socket is a set of HARTs and a CLINT instance. > > > > Other peripherals are shared between all RISC-V spike machine sockets. > > > > We also update RISC-V spike machine device tree to treat each > > > > socket as a NUMA node. > > > > > > > > The number of sockets in RISC-V spike machine can be specified > > > > using the "sockets=" sub-option of QEMU "-smp" command-line > > > > option. By default, only one socket RISC-V spike machine will be > > > > created. > > > > > > > > Currently, we only allow creating upto maximum 4 sockets with > > > > minimum > > > > 2 HARTs per socket. In future, this limits can be changed. > > > > > > > > Signed-off-by: Anup Patel > > > > --- > > > > hw/riscv/spike.c | 206 --- > > > > include/hw/riscv/spike.h | 8 +- > > > > 2 files changed, 133 insertions(+), 81 deletions(-) > > > > > > > > diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index > > > > d5e0103d89..f63c57a87c 100644 > > > > --- a/hw/riscv/spike.c > > > > +++ b/hw/riscv/spike.c > > > > @@ -64,9 +64,11 @@ static void create_fdt(SpikeState *s, const > > > > struct > > > MemmapEntry *memmap, > > > > uint64_t mem_size, const char *cmdline) { > > > > void *fdt; > > > > -int cpu; > > > > -uint32_t *cells; > > > > -char *nodename; > > > > +int cpu, socket; > > > > +uint32_t *clint_cells; > > > > +unsigned long clint_addr; > > > > +uint32_t cpu_phandle, intc_phandle, phandle = 1; > > > > +char *name, *clint_name, *clust_name, *core_name, *cpu_name, > > > > + *intc_name; > > > > > > > > fdt = s->fdt = create_device_tree(>fdt_size); > > > > if (!fdt) { > > > > @@ -88,68 +90,85 @@ static void create_fdt(SpikeState *s, const > > > > struct > > > MemmapEntry *memmap, > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); > > > > qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2); > > > > > > > > -nodename = g_strdup_printf("/memory@%lx", > > > > -(long)memmap[SPIKE_DRAM].base); > > > > -qemu_fdt_add_subnode(fdt, nodename); > > > > -qemu_fdt_setprop_cells(fdt, nodename, "reg", > > > > +name = g_strdup_printf("/memory@%lx", > > > (long)memmap[SPIKE_DRAM].base); > > > > +qemu_fdt_add_subnode(fdt, name); > > > > +qemu_fdt_setprop_cells(fdt, name, "reg", > > > > memmap[SPIKE_DRAM].base >> 32, memmap[SPIKE_DRAM].base, > > > > mem_size >> 32, mem_size); > > > > -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); > > > > -g_free(nodename); > > > > +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); > > > > +g_free(name); > > > > > > > > qemu_fdt_add_subnode(fdt, "/cpus"); > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", > > > > SIFIVE_CLINT_TIMEBASE_FREQ); > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); > > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); > > > > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); > > > > > > > > -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { > > > > -nodename = g_strdup_printf("/cpus/cpu@%d", cpu); > > > > -char *intc = > > > > g_strdup_printf("/cpus/cpu@%d/interrupt-controller", > cpu); > > > > -char *isa = riscv_isa_string(>soc.harts[cpu]); > > > > -qemu_fdt_add_subnode(fdt, nodename); > > > > +for (socket = (s->num_socs - 1); socket >= 0; socket--) { > > > > +clust_name = g_strdup_printf("/cpus/cpu-map/cluster0%d", > > > > socket); > > > > +qemu_fdt_add_subnode(fdt, clust_name); > > > > + > > > > +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts > > > > + * 4); > > > > + > > > > +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) { > > > > +cpu_phandle = phandle++; > > > > + > > > > +cpu_name = g_strdup_printf("/cpus/cpu@%d", > > > > +s->soc[socket].hartid_base + cpu); > > > > +
Re: [PATCH v3 3/9] target/riscv: Add the lowRISC Ibex CPU
On 2020/5/27 1:12, Alistair Francis wrote: On Fri, May 22, 2020 at 12:51 AM LIU Zhiwei wrote: On 2020/5/20 5:31, Alistair Francis wrote: Ibex is a small and efficient, 32-bit, in-order RISC-V core with a 2-stage pipeline that implements the RV32IMC instruction set architecture. For more details on lowRISC see here: https://github.com/lowRISC/ibex Signed-off-by: Alistair Francis Reviewed-by: Bin Meng --- target/riscv/cpu.h | 1 + target/riscv/cpu.c | 10 ++ 2 files changed, 11 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index d0e7f5b9c5..8733d7467f 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -35,6 +35,7 @@ #define TYPE_RISCV_CPU_ANY RISCV_CPU_TYPE_NAME("any") #define TYPE_RISCV_CPU_BASE32 RISCV_CPU_TYPE_NAME("rv32") #define TYPE_RISCV_CPU_BASE64 RISCV_CPU_TYPE_NAME("rv64") +#define TYPE_RISCV_CPU_IBEX RISCV_CPU_TYPE_NAME("lowrisc-ibex") #define TYPE_RISCV_CPU_SIFIVE_E31 RISCV_CPU_TYPE_NAME("sifive-e31") #define TYPE_RISCV_CPU_SIFIVE_E34 RISCV_CPU_TYPE_NAME("sifive-e34") #define TYPE_RISCV_CPU_SIFIVE_E51 RISCV_CPU_TYPE_NAME("sifive-e51") diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 5eb3c02735..eb2bbc87ae 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -156,6 +156,15 @@ static void rv32gcsu_priv1_10_0_cpu_init(Object *obj) set_feature(env, RISCV_FEATURE_PMP); } +static void rv32imcu_nommu_cpu_init(Object *obj) +{ +CPURISCVState *env = _CPU(obj)->env; +set_misa(env, RV32 | RVI | RVM | RVC | RVU); +set_priv_version(env, PRIV_VERSION_1_10_0); +set_resetvec(env, 0x8090); Hi Alistair, I see all RISC-V cpus have an reset vector which acts as the first pc when machine boots up. However, the first pc is more like an attribute of a machine, not a cpu. In general it seems to be a CPU property. I assume that some CPUs would allow the reset vector to be selectable though, in which case it becomes a board property. Another reason is that the cpu names are a combination of ISA. Then the cpus from different vendors may have same ISA, with different reset vectors. Do you think so? If you are worried about CPUs with different vectors we could always make it a property in the future and have boards override it. I don't think we need that yet (only 1 CPU is different) but it is an easy future change. I think your are right. A cpu reset vector property is better. If there is a conflict in the future, we can add the property there. Reviewed-by: LIU Zhiwei Zhiwei Alistair Zhiwei +set_feature(env, RISCV_FEATURE_PMP); +} + static void rv32imacu_nommu_cpu_init(Object *obj) { CPURISCVState *env = _CPU(obj)->env; @@ -619,6 +628,7 @@ static const TypeInfo riscv_cpu_type_infos[] = { DEFINE_CPU(TYPE_RISCV_CPU_ANY, riscv_any_cpu_init), #if defined(TARGET_RISCV32) DEFINE_CPU(TYPE_RISCV_CPU_BASE32, riscv_base32_cpu_init), +DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31, rv32imacu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34, rv32imafcu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34, rv32gcsu_priv1_10_0_cpu_init),
Re: [PATCH v3 3/3] target/riscv: Drop support for ISA spec version 1.09.1
сре, 27. мај 2020. у 02:33 Alistair Francis је написао/ла: > > On Tue, May 26, 2020 at 4:55 PM Aleksandar Markovic > wrote: > > > > сре, 27. мај 2020. у 00:56 Alistair Francis > > је написао/ла: > > > > > > The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since > > > 4.1. It's not commonly used so let's remove support for it. > > > > > > > Hmmm, a very odd commit message. Do you suggest that there could be > > the case that spec version 1.09.1 has been deprecated, but, let's say, > > it remained commonly in use, and in that case, supposedly, it wouldn't > > be removed (even though it was annonced as deprecated), or, even > > "undeprecated"? I am not saying anything is wrong, but just looks like > > The commit message was just confirming why it was deprecated in the > first place. AFAIK no one is using the 1.09.1 version of the spec. > > In saying that I think that it could be "undeprecated". I don't use > the 1.09.1 and no one I know uses it, but if after deprecating it in > QEMU a large group of users voiced interest in it, I think we would > still keep it around. That would depend on the burden and teh level of > interest. So I think things could be "undeprecated" or at least the > deprecation timeline could be extended if required or requested. > > Alistair > Fair enough. > > an uncommon explanation for removing after deprecating, like a novel > > approach to the deprecation process. > > > > Best Regards, > > Aleksandar > > > > > > > > > Signed-off-by: Alistair Francis > > > --- > > > target/riscv/cpu.h| 1 - > > > target/riscv/cpu.c| 2 - > > > target/riscv/cpu_helper.c | 82 +--- > > > target/riscv/csr.c| 118 +++--- > > > .../riscv/insn_trans/trans_privileged.inc.c | 18 +-- > > > target/riscv/monitor.c| 5 - > > > target/riscv/op_helper.c | 17 +-- > > > 7 files changed, 56 insertions(+), 187 deletions(-) > > > > > > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h > > > index 76b98d7a33..c022539012 100644 > > > --- a/target/riscv/cpu.h > > > +++ b/target/riscv/cpu.h > > > @@ -73,7 +73,6 @@ enum { > > > RISCV_FEATURE_MISA > > > }; > > > > > > -#define PRIV_VERSION_1_09_1 0x00010901 > > > #define PRIV_VERSION_1_10_0 0x00011000 > > > #define PRIV_VERSION_1_11_0 0x00011100 > > > > > > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c > > > index 112f2e3a2f..eeb91f8513 100644 > > > --- a/target/riscv/cpu.c > > > +++ b/target/riscv/cpu.c > > > @@ -368,8 +368,6 @@ static void riscv_cpu_realize(DeviceState *dev, Error > > > **errp) > > > priv_version = PRIV_VERSION_1_11_0; > > > } else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) { > > > priv_version = PRIV_VERSION_1_10_0; > > > -} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.9.1")) { > > > -priv_version = PRIV_VERSION_1_09_1; > > > } else { > > > error_setg(errp, > > > "Unsupported privilege spec version '%s'", > > > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > > > index bc80aa87cf..62fe1ecc8f 100644 > > > --- a/target/riscv/cpu_helper.c > > > +++ b/target/riscv/cpu_helper.c > > > @@ -364,57 +364,36 @@ static int get_physical_address(CPURISCVState *env, > > > hwaddr *physical, > > > mxr = get_field(env->vsstatus, MSTATUS_MXR); > > > } > > > > > > -if (env->priv_ver >= PRIV_VERSION_1_10_0) { > > > -if (first_stage == true) { > > > -if (use_background) { > > > -base = (hwaddr)get_field(env->vsatp, SATP_PPN) << > > > PGSHIFT; > > > -vm = get_field(env->vsatp, SATP_MODE); > > > -} else { > > > -base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > > > -vm = get_field(env->satp, SATP_MODE); > > > -} > > > -widened = 0; > > > +if (first_stage == true) { > > > +if (use_background) { > > > +base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; > > > +vm = get_field(env->vsatp, SATP_MODE); > > > } else { > > > -base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; > > > -vm = get_field(env->hgatp, HGATP_MODE); > > > -widened = 2; > > > -} > > > -sum = get_field(env->mstatus, MSTATUS_SUM); > > > -switch (vm) { > > > -case VM_1_10_SV32: > > > - levels = 2; ptidxbits = 10; ptesize = 4; break; > > > -case VM_1_10_SV39: > > > - levels = 3; ptidxbits = 9; ptesize = 8; break; > > > -case VM_1_10_SV48: > > > - levels = 4; ptidxbits = 9; ptesize = 8; break; > > > -case VM_1_10_SV57: > > > - levels = 5; ptidxbits = 9; ptesize = 8; break; > > > -case VM_1_10_MBARE: > > > -*physical = addr; > >
Re: [PATCH v3 9/9] target/riscv: Use a smaller guess size for no-MMU PMP
On Wed, May 20, 2020 at 6:52 PM Bin Meng wrote: > > On Wed, May 20, 2020 at 5:40 AM Alistair Francis > wrote: > > > > Signed-off-by: Alistair Francis > > --- > > target/riscv/pmp.c | 14 +- > > 1 file changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c > > index 0e6b640fbd..607a991260 100644 > > --- a/target/riscv/pmp.c > > +++ b/target/riscv/pmp.c > > @@ -233,12 +233,16 @@ bool pmp_hart_has_privs(CPURISCVState *env, > > target_ulong addr, > > return true; > > } > > > > -/* > > - * if size is unknown (0), assume that all bytes > > - * from addr to the end of the page will be accessed. > > - */ > > if (size == 0) { > > -pmp_size = -(addr | TARGET_PAGE_MASK); > > +if (!riscv_feature(env, RISCV_FEATURE_MMU)) { > > My previous comments were not fully addressed. I think the logic should be: > > if (riscv_feature(env, RISCV_FEATURE_MMU)) > > Otherwise it does not match your comment and the commit title. Ah! You are right. This uncovered a bug with how we set the MMU as well. I have fixed this and added a new patch. Alistair > > > +/* > > + * If size is unknown (0), assume that all bytes > > + * from addr to the end of the page will be accessed. > > + */ > > +pmp_size = -(addr | TARGET_PAGE_MASK); > > +} else { > > +pmp_size = sizeof(target_ulong); > > +} > > } else { > > pmp_size = size; > > } > > Regards, > Bin
Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets
On Fri, May 22, 2020 at 3:10 AM Anup Patel wrote: > > > > > -Original Message- > > From: Palmer Dabbelt > > Sent: 22 May 2020 01:46 > > To: Anup Patel > > Cc: Peter Maydell ; Alistair Francis > > ; sag...@eecs.berkeley.edu; Atish Patra > > ; a...@brainfault.org; qemu-ri...@nongnu.org; > > qemu-devel@nongnu.org; Anup Patel > > Subject: Re: [PATCH 2/4] hw/riscv: spike: Allow creating multiple sockets > > > > On Fri, 15 May 2020 23:37:44 PDT (-0700), Anup Patel wrote: > > > We extend RISC-V spike machine to allow creating a multi-socket machine. > > > Each RISC-V spike machine socket is a set of HARTs and a CLINT instance. > > > Other peripherals are shared between all RISC-V spike machine sockets. > > > We also update RISC-V spike machine device tree to treat each socket > > > as a NUMA node. > > > > > > The number of sockets in RISC-V spike machine can be specified using > > > the "sockets=" sub-option of QEMU "-smp" command-line option. By > > > default, only one socket RISC-V spike machine will be created. > > > > > > Currently, we only allow creating upto maximum 4 sockets with minimum > > > 2 HARTs per socket. In future, this limits can be changed. > > > > > > Signed-off-by: Anup Patel > > > --- > > > hw/riscv/spike.c | 206 --- > > > include/hw/riscv/spike.h | 8 +- > > > 2 files changed, 133 insertions(+), 81 deletions(-) > > > > > > diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index > > > d5e0103d89..f63c57a87c 100644 > > > --- a/hw/riscv/spike.c > > > +++ b/hw/riscv/spike.c > > > @@ -64,9 +64,11 @@ static void create_fdt(SpikeState *s, const struct > > MemmapEntry *memmap, > > > uint64_t mem_size, const char *cmdline) { > > > void *fdt; > > > -int cpu; > > > -uint32_t *cells; > > > -char *nodename; > > > +int cpu, socket; > > > +uint32_t *clint_cells; > > > +unsigned long clint_addr; > > > +uint32_t cpu_phandle, intc_phandle, phandle = 1; > > > +char *name, *clint_name, *clust_name, *core_name, *cpu_name, > > > + *intc_name; > > > > > > fdt = s->fdt = create_device_tree(>fdt_size); > > > if (!fdt) { > > > @@ -88,68 +90,85 @@ static void create_fdt(SpikeState *s, const struct > > MemmapEntry *memmap, > > > qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2); > > > qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2); > > > > > > -nodename = g_strdup_printf("/memory@%lx", > > > -(long)memmap[SPIKE_DRAM].base); > > > -qemu_fdt_add_subnode(fdt, nodename); > > > -qemu_fdt_setprop_cells(fdt, nodename, "reg", > > > +name = g_strdup_printf("/memory@%lx", > > (long)memmap[SPIKE_DRAM].base); > > > +qemu_fdt_add_subnode(fdt, name); > > > +qemu_fdt_setprop_cells(fdt, name, "reg", > > > memmap[SPIKE_DRAM].base >> 32, memmap[SPIKE_DRAM].base, > > > mem_size >> 32, mem_size); > > > -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); > > > -g_free(nodename); > > > +qemu_fdt_setprop_string(fdt, name, "device_type", "memory"); > > > +g_free(name); > > > > > > qemu_fdt_add_subnode(fdt, "/cpus"); > > > qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", > > > SIFIVE_CLINT_TIMEBASE_FREQ); > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); > > > qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); > > > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map"); > > > > > > -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) { > > > -nodename = g_strdup_printf("/cpus/cpu@%d", cpu); > > > -char *intc = > > > g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu); > > > -char *isa = riscv_isa_string(>soc.harts[cpu]); > > > -qemu_fdt_add_subnode(fdt, nodename); > > > +for (socket = (s->num_socs - 1); socket >= 0; socket--) { > > > +clust_name = g_strdup_printf("/cpus/cpu-map/cluster0%d", socket); > > > +qemu_fdt_add_subnode(fdt, clust_name); > > > + > > > +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * > > > + 4); > > > + > > > +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) { > > > +cpu_phandle = phandle++; > > > + > > > +cpu_name = g_strdup_printf("/cpus/cpu@%d", > > > +s->soc[socket].hartid_base + cpu); > > > +qemu_fdt_add_subnode(fdt, cpu_name); > > > #if defined(TARGET_RISCV32) > > > -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv32"); > > > +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", > > > + "riscv,sv32"); > > > #else > > > -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48"); > > > +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", > > > + "riscv,sv48"); > > > #endif > > > -qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa); > > > -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv"); > > > -
Re: [PATCH v3 3/3] target/riscv: Drop support for ISA spec version 1.09.1
On Tue, May 26, 2020 at 4:55 PM Aleksandar Markovic wrote: > > сре, 27. мај 2020. у 00:56 Alistair Francis > је написао/ла: > > > > The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since > > 4.1. It's not commonly used so let's remove support for it. > > > > Hmmm, a very odd commit message. Do you suggest that there could be > the case that spec version 1.09.1 has been deprecated, but, let's say, > it remained commonly in use, and in that case, supposedly, it wouldn't > be removed (even though it was annonced as deprecated), or, even > "undeprecated"? I am not saying anything is wrong, but just looks like The commit message was just confirming why it was deprecated in the first place. AFAIK no one is using the 1.09.1 version of the spec. In saying that I think that it could be "undeprecated". I don't use the 1.09.1 and no one I know uses it, but if after deprecating it in QEMU a large group of users voiced interest in it, I think we would still keep it around. That would depend on the burden and teh level of interest. So I think things could be "undeprecated" or at least the deprecation timeline could be extended if required or requested. Alistair > an uncommon explanation for removing after deprecating, like a novel > approach to the deprecation process. > > Best Regards, > Aleksandar > > > > > Signed-off-by: Alistair Francis > > --- > > target/riscv/cpu.h| 1 - > > target/riscv/cpu.c| 2 - > > target/riscv/cpu_helper.c | 82 +--- > > target/riscv/csr.c| 118 +++--- > > .../riscv/insn_trans/trans_privileged.inc.c | 18 +-- > > target/riscv/monitor.c| 5 - > > target/riscv/op_helper.c | 17 +-- > > 7 files changed, 56 insertions(+), 187 deletions(-) > > > > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h > > index 76b98d7a33..c022539012 100644 > > --- a/target/riscv/cpu.h > > +++ b/target/riscv/cpu.h > > @@ -73,7 +73,6 @@ enum { > > RISCV_FEATURE_MISA > > }; > > > > -#define PRIV_VERSION_1_09_1 0x00010901 > > #define PRIV_VERSION_1_10_0 0x00011000 > > #define PRIV_VERSION_1_11_0 0x00011100 > > > > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c > > index 112f2e3a2f..eeb91f8513 100644 > > --- a/target/riscv/cpu.c > > +++ b/target/riscv/cpu.c > > @@ -368,8 +368,6 @@ static void riscv_cpu_realize(DeviceState *dev, Error > > **errp) > > priv_version = PRIV_VERSION_1_11_0; > > } else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) { > > priv_version = PRIV_VERSION_1_10_0; > > -} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.9.1")) { > > -priv_version = PRIV_VERSION_1_09_1; > > } else { > > error_setg(errp, > > "Unsupported privilege spec version '%s'", > > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > > index bc80aa87cf..62fe1ecc8f 100644 > > --- a/target/riscv/cpu_helper.c > > +++ b/target/riscv/cpu_helper.c > > @@ -364,57 +364,36 @@ static int get_physical_address(CPURISCVState *env, > > hwaddr *physical, > > mxr = get_field(env->vsstatus, MSTATUS_MXR); > > } > > > > -if (env->priv_ver >= PRIV_VERSION_1_10_0) { > > -if (first_stage == true) { > > -if (use_background) { > > -base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; > > -vm = get_field(env->vsatp, SATP_MODE); > > -} else { > > -base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > > -vm = get_field(env->satp, SATP_MODE); > > -} > > -widened = 0; > > +if (first_stage == true) { > > +if (use_background) { > > +base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; > > +vm = get_field(env->vsatp, SATP_MODE); > > } else { > > -base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; > > -vm = get_field(env->hgatp, HGATP_MODE); > > -widened = 2; > > -} > > -sum = get_field(env->mstatus, MSTATUS_SUM); > > -switch (vm) { > > -case VM_1_10_SV32: > > - levels = 2; ptidxbits = 10; ptesize = 4; break; > > -case VM_1_10_SV39: > > - levels = 3; ptidxbits = 9; ptesize = 8; break; > > -case VM_1_10_SV48: > > - levels = 4; ptidxbits = 9; ptesize = 8; break; > > -case VM_1_10_SV57: > > - levels = 5; ptidxbits = 9; ptesize = 8; break; > > -case VM_1_10_MBARE: > > -*physical = addr; > > -*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > > -return TRANSLATE_SUCCESS; > > -default: > > - g_assert_not_reached(); > > +base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > > +vm = get_field(env->satp, SATP_MODE); > > }
Re: [PATCH v3 3/3] target/riscv: Drop support for ISA spec version 1.09.1
сре, 27. мај 2020. у 00:56 Alistair Francis је написао/ла: > > The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since > 4.1. It's not commonly used so let's remove support for it. > Hmmm, a very odd commit message. Do you suggest that there could be the case that spec version 1.09.1 has been deprecated, but, let's say, it remained commonly in use, and in that case, supposedly, it wouldn't be removed (even though it was annonced as deprecated), or, even "undeprecated"? I am not saying anything is wrong, but just looks like an uncommon explanation for removing after deprecating, like a novel approach to the deprecation process. Best Regards, Aleksandar > Signed-off-by: Alistair Francis > --- > target/riscv/cpu.h| 1 - > target/riscv/cpu.c| 2 - > target/riscv/cpu_helper.c | 82 +--- > target/riscv/csr.c| 118 +++--- > .../riscv/insn_trans/trans_privileged.inc.c | 18 +-- > target/riscv/monitor.c| 5 - > target/riscv/op_helper.c | 17 +-- > 7 files changed, 56 insertions(+), 187 deletions(-) > > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h > index 76b98d7a33..c022539012 100644 > --- a/target/riscv/cpu.h > +++ b/target/riscv/cpu.h > @@ -73,7 +73,6 @@ enum { > RISCV_FEATURE_MISA > }; > > -#define PRIV_VERSION_1_09_1 0x00010901 > #define PRIV_VERSION_1_10_0 0x00011000 > #define PRIV_VERSION_1_11_0 0x00011100 > > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c > index 112f2e3a2f..eeb91f8513 100644 > --- a/target/riscv/cpu.c > +++ b/target/riscv/cpu.c > @@ -368,8 +368,6 @@ static void riscv_cpu_realize(DeviceState *dev, Error > **errp) > priv_version = PRIV_VERSION_1_11_0; > } else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) { > priv_version = PRIV_VERSION_1_10_0; > -} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.9.1")) { > -priv_version = PRIV_VERSION_1_09_1; > } else { > error_setg(errp, > "Unsupported privilege spec version '%s'", > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > index bc80aa87cf..62fe1ecc8f 100644 > --- a/target/riscv/cpu_helper.c > +++ b/target/riscv/cpu_helper.c > @@ -364,57 +364,36 @@ static int get_physical_address(CPURISCVState *env, > hwaddr *physical, > mxr = get_field(env->vsstatus, MSTATUS_MXR); > } > > -if (env->priv_ver >= PRIV_VERSION_1_10_0) { > -if (first_stage == true) { > -if (use_background) { > -base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; > -vm = get_field(env->vsatp, SATP_MODE); > -} else { > -base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > -vm = get_field(env->satp, SATP_MODE); > -} > -widened = 0; > +if (first_stage == true) { > +if (use_background) { > +base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; > +vm = get_field(env->vsatp, SATP_MODE); > } else { > -base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; > -vm = get_field(env->hgatp, HGATP_MODE); > -widened = 2; > -} > -sum = get_field(env->mstatus, MSTATUS_SUM); > -switch (vm) { > -case VM_1_10_SV32: > - levels = 2; ptidxbits = 10; ptesize = 4; break; > -case VM_1_10_SV39: > - levels = 3; ptidxbits = 9; ptesize = 8; break; > -case VM_1_10_SV48: > - levels = 4; ptidxbits = 9; ptesize = 8; break; > -case VM_1_10_SV57: > - levels = 5; ptidxbits = 9; ptesize = 8; break; > -case VM_1_10_MBARE: > -*physical = addr; > -*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > -return TRANSLATE_SUCCESS; > -default: > - g_assert_not_reached(); > +base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; > +vm = get_field(env->satp, SATP_MODE); > } > -} else { > widened = 0; > -base = (hwaddr)(env->sptbr) << PGSHIFT; > -sum = !get_field(env->mstatus, MSTATUS_PUM); > -vm = get_field(env->mstatus, MSTATUS_VM); > -switch (vm) { > -case VM_1_09_SV32: > - levels = 2; ptidxbits = 10; ptesize = 4; break; > -case VM_1_09_SV39: > - levels = 3; ptidxbits = 9; ptesize = 8; break; > -case VM_1_09_SV48: > - levels = 4; ptidxbits = 9; ptesize = 8; break; > -case VM_1_09_MBARE: > -*physical = addr; > -*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; > -return TRANSLATE_SUCCESS; > -default: > - g_assert_not_reached(); > -} > +} else { > +base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; > +
Re: [PATCH] or1k: Fix compilation hiccup
Patchew URL: https://patchew.org/QEMU/20200526185132.1652355-1-ebl...@redhat.com/ Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20200526185132.1652355-1-ebl...@redhat.com Subject: [PATCH] or1k: Fix compilation hiccup Type: series === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === Switched to a new branch 'test' d96d2fb or1k: Fix compilation hiccup === OUTPUT BEGIN === ERROR: spaces required around that '*' (ctx:WxV) #33: FILE: hw/openrisc/openrisc_sim.c:132: +qemu_irq *cpu_irqs[2] = {}; ^ total: 1 errors, 0 warnings, 8 lines checked Commit d96d2fbbc5db (or1k: Fix compilation hiccup) has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20200526185132.1652355-1-ebl...@redhat.com/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [PATCH] hw/registerfields: Prefix local variables with underscore in macros
On Tue, May 26, 2020 at 9:50 AM Philippe Mathieu-Daudé wrote: > > ping? I'll send a PR with this. Alistair > > On 5/10/20 10:34 PM, Philippe Mathieu-Daudé wrote: > > One can name a local variable holding a value as 'v', but it > > currently clashes with the registerfields macros. To save others > > to debug the same mistake, prefix the macro's local variables > > with an underscore. > > > > Signed-off-by: Philippe Mathieu-Daudé > > --- > > include/hw/registerfields.h | 40 ++--- > > 1 file changed, 20 insertions(+), 20 deletions(-) > > > > diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h > > index 0407edb7ec..93fa4a84c2 100644 > > --- a/include/hw/registerfields.h > > +++ b/include/hw/registerfields.h > > @@ -66,35 +66,35 @@ > > #define FIELD_DP8(storage, reg, field, val) ({\ > > struct { \ > > unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\ > > -} v = { .v = val }; \ > > -uint8_t d;\ > > -d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > - R_ ## reg ## _ ## field ## _LENGTH, v.v); \ > > -d; }) > > +} _v = { .v = val }; \ > > +uint8_t _d; \ > > +_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ > > +_d; }) > > #define FIELD_DP16(storage, reg, field, val) ({ \ > > struct { \ > > unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\ > > -} v = { .v = val }; \ > > -uint16_t d; \ > > -d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > - R_ ## reg ## _ ## field ## _LENGTH, v.v); \ > > -d; }) > > +} _v = { .v = val }; \ > > +uint16_t _d; \ > > +_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ > > +_d; }) > > #define FIELD_DP32(storage, reg, field, val) ({ \ > > struct { \ > > unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\ > > -} v = { .v = val }; \ > > -uint32_t d; \ > > -d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > - R_ ## reg ## _ ## field ## _LENGTH, v.v); \ > > -d; }) > > +} _v = { .v = val }; \ > > +uint32_t _d; \ > > +_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ > > +_d; }) > > #define FIELD_DP64(storage, reg, field, val) ({ \ > > struct { \ > > unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\ > > -} v = { .v = val }; \ > > -uint64_t d; \ > > -d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > - R_ ## reg ## _ ## field ## _LENGTH, v.v); \ > > -d; }) > > +} _v = { .v = val }; \ > > +uint64_t _d; \ > > +_d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT, \ > > + R_ ## reg ## _ ## field ## _LENGTH, _v.v); \ > > +_d; }) > > > > /* Deposit a field to array of registers. */ > > #define ARRAY_FIELD_DP32(regs, reg, field, val) \ > > >
[PATCH v3 3/3] target/riscv: Drop support for ISA spec version 1.09.1
The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since 4.1. It's not commonly used so let's remove support for it. Signed-off-by: Alistair Francis --- target/riscv/cpu.h| 1 - target/riscv/cpu.c| 2 - target/riscv/cpu_helper.c | 82 +--- target/riscv/csr.c| 118 +++--- .../riscv/insn_trans/trans_privileged.inc.c | 18 +-- target/riscv/monitor.c| 5 - target/riscv/op_helper.c | 17 +-- 7 files changed, 56 insertions(+), 187 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 76b98d7a33..c022539012 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -73,7 +73,6 @@ enum { RISCV_FEATURE_MISA }; -#define PRIV_VERSION_1_09_1 0x00010901 #define PRIV_VERSION_1_10_0 0x00011000 #define PRIV_VERSION_1_11_0 0x00011100 diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 112f2e3a2f..eeb91f8513 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -368,8 +368,6 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp) priv_version = PRIV_VERSION_1_11_0; } else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) { priv_version = PRIV_VERSION_1_10_0; -} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.9.1")) { -priv_version = PRIV_VERSION_1_09_1; } else { error_setg(errp, "Unsupported privilege spec version '%s'", diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index bc80aa87cf..62fe1ecc8f 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -364,57 +364,36 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, mxr = get_field(env->vsstatus, MSTATUS_MXR); } -if (env->priv_ver >= PRIV_VERSION_1_10_0) { -if (first_stage == true) { -if (use_background) { -base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; -vm = get_field(env->vsatp, SATP_MODE); -} else { -base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; -vm = get_field(env->satp, SATP_MODE); -} -widened = 0; +if (first_stage == true) { +if (use_background) { +base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT; +vm = get_field(env->vsatp, SATP_MODE); } else { -base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; -vm = get_field(env->hgatp, HGATP_MODE); -widened = 2; -} -sum = get_field(env->mstatus, MSTATUS_SUM); -switch (vm) { -case VM_1_10_SV32: - levels = 2; ptidxbits = 10; ptesize = 4; break; -case VM_1_10_SV39: - levels = 3; ptidxbits = 9; ptesize = 8; break; -case VM_1_10_SV48: - levels = 4; ptidxbits = 9; ptesize = 8; break; -case VM_1_10_SV57: - levels = 5; ptidxbits = 9; ptesize = 8; break; -case VM_1_10_MBARE: -*physical = addr; -*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; -return TRANSLATE_SUCCESS; -default: - g_assert_not_reached(); +base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT; +vm = get_field(env->satp, SATP_MODE); } -} else { widened = 0; -base = (hwaddr)(env->sptbr) << PGSHIFT; -sum = !get_field(env->mstatus, MSTATUS_PUM); -vm = get_field(env->mstatus, MSTATUS_VM); -switch (vm) { -case VM_1_09_SV32: - levels = 2; ptidxbits = 10; ptesize = 4; break; -case VM_1_09_SV39: - levels = 3; ptidxbits = 9; ptesize = 8; break; -case VM_1_09_SV48: - levels = 4; ptidxbits = 9; ptesize = 8; break; -case VM_1_09_MBARE: -*physical = addr; -*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; -return TRANSLATE_SUCCESS; -default: - g_assert_not_reached(); -} +} else { +base = (hwaddr)get_field(env->hgatp, HGATP_PPN) << PGSHIFT; +vm = get_field(env->hgatp, HGATP_MODE); +widened = 2; +} +sum = get_field(env->mstatus, MSTATUS_SUM); +switch (vm) { +case VM_1_10_SV32: + levels = 2; ptidxbits = 10; ptesize = 4; break; +case VM_1_10_SV39: + levels = 3; ptidxbits = 9; ptesize = 8; break; +case VM_1_10_SV48: + levels = 4; ptidxbits = 9; ptesize = 8; break; +case VM_1_10_SV57: + levels = 5; ptidxbits = 9; ptesize = 8; break; +case VM_1_10_MBARE: +*physical = addr; +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; +return TRANSLATE_SUCCESS; +default: + g_assert_not_reached(); } CPUState *cs = env_cpu(env); @@ -588,7 +567,6 @@ static void raise_mmu_exception(CPURISCVState
[PATCH v3 2/3] target/riscv: Remove the deprecated CPUs
Signed-off-by: Alistair Francis Reviewed-by: Bin Meng --- target/riscv/cpu.h | 7 --- target/riscv/cpu.c | 28 tests/qtest/machine-none-test.c | 4 ++-- 3 files changed, 2 insertions(+), 37 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index d0e7f5b9c5..76b98d7a33 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -40,13 +40,6 @@ #define TYPE_RISCV_CPU_SIFIVE_E51 RISCV_CPU_TYPE_NAME("sifive-e51") #define TYPE_RISCV_CPU_SIFIVE_U34 RISCV_CPU_TYPE_NAME("sifive-u34") #define TYPE_RISCV_CPU_SIFIVE_U54 RISCV_CPU_TYPE_NAME("sifive-u54") -/* Deprecated */ -#define TYPE_RISCV_CPU_RV32IMACU_NOMMU RISCV_CPU_TYPE_NAME("rv32imacu-nommu") -#define TYPE_RISCV_CPU_RV32GCSU_V1_09_1 RISCV_CPU_TYPE_NAME("rv32gcsu-v1.9.1") -#define TYPE_RISCV_CPU_RV32GCSU_V1_10_0 RISCV_CPU_TYPE_NAME("rv32gcsu-v1.10.0") -#define TYPE_RISCV_CPU_RV64IMACU_NOMMU RISCV_CPU_TYPE_NAME("rv64imacu-nommu") -#define TYPE_RISCV_CPU_RV64GCSU_V1_09_1 RISCV_CPU_TYPE_NAME("rv64gcsu-v1.9.1") -#define TYPE_RISCV_CPU_RV64GCSU_V1_10_0 RISCV_CPU_TYPE_NAME("rv64gcsu-v1.10.0") #define RV32 ((target_ulong)1 << (TARGET_LONG_BITS - 2)) #define RV64 ((target_ulong)2 << (TARGET_LONG_BITS - 2)) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 059d71f2c7..112f2e3a2f 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -135,16 +135,6 @@ static void riscv_base32_cpu_init(Object *obj) set_misa(env, 0); } -static void rv32gcsu_priv1_09_1_cpu_init(Object *obj) -{ -CPURISCVState *env = _CPU(obj)->env; -set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU); -set_priv_version(env, PRIV_VERSION_1_09_1); -set_resetvec(env, DEFAULT_RSTVEC); -set_feature(env, RISCV_FEATURE_MMU); -set_feature(env, RISCV_FEATURE_PMP); -} - static void rv32gcsu_priv1_10_0_cpu_init(Object *obj) { CPURISCVState *env = _CPU(obj)->env; @@ -182,16 +172,6 @@ static void riscv_base64_cpu_init(Object *obj) set_misa(env, 0); } -static void rv64gcsu_priv1_09_1_cpu_init(Object *obj) -{ -CPURISCVState *env = _CPU(obj)->env; -set_misa(env, RV64 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU); -set_priv_version(env, PRIV_VERSION_1_09_1); -set_resetvec(env, DEFAULT_RSTVEC); -set_feature(env, RISCV_FEATURE_MMU); -set_feature(env, RISCV_FEATURE_PMP); -} - static void rv64gcsu_priv1_10_0_cpu_init(Object *obj) { CPURISCVState *env = _CPU(obj)->env; @@ -621,18 +601,10 @@ static const TypeInfo riscv_cpu_type_infos[] = { DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31, rv32imacu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34, rv32imafcu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34, rv32gcsu_priv1_10_0_cpu_init), -/* Depreacted */ -DEFINE_CPU(TYPE_RISCV_CPU_RV32IMACU_NOMMU, rv32imacu_nommu_cpu_init), -DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_09_1, rv32gcsu_priv1_09_1_cpu_init), -DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_10_0, rv32gcsu_priv1_10_0_cpu_init) #elif defined(TARGET_RISCV64) DEFINE_CPU(TYPE_RISCV_CPU_BASE64, riscv_base64_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51, rv64imacu_nommu_cpu_init), DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54, rv64gcsu_priv1_10_0_cpu_init), -/* Deprecated */ -DEFINE_CPU(TYPE_RISCV_CPU_RV64IMACU_NOMMU, rv64imacu_nommu_cpu_init), -DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_09_1, rv64gcsu_priv1_09_1_cpu_init), -DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_10_0, rv64gcsu_priv1_10_0_cpu_init) #endif }; diff --git a/tests/qtest/machine-none-test.c b/tests/qtest/machine-none-test.c index 8bb54a6360..b52311ec2e 100644 --- a/tests/qtest/machine-none-test.c +++ b/tests/qtest/machine-none-test.c @@ -54,8 +54,8 @@ static struct arch2cpu cpus_map[] = { { "xtensa", "dc233c" }, { "xtensaeb", "fsf" }, { "hppa", "hppa" }, -{ "riscv64", "rv64gcsu-v1.10.0" }, -{ "riscv32", "rv32gcsu-v1.9.1" }, +{ "riscv64", "sifive-u54" }, +{ "riscv32", "sifive-u34" }, { "rx", "rx62n" }, }; -- 2.26.2
[PATCH v3 1/3] hw/riscv: spike: Remove deprecated ISA specific machines
The ISA specific Spike machines have been deprecated in QEMU since 4.1, let's finally remove them. Signed-off-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Bin Meng --- include/hw/riscv/spike.h | 6 +- hw/riscv/spike.c | 217 --- 2 files changed, 2 insertions(+), 221 deletions(-) diff --git a/include/hw/riscv/spike.h b/include/hw/riscv/spike.h index dc770421bc..1cd72b85d6 100644 --- a/include/hw/riscv/spike.h +++ b/include/hw/riscv/spike.h @@ -39,11 +39,9 @@ enum { }; #if defined(TARGET_RISCV32) -#define SPIKE_V1_09_1_CPU TYPE_RISCV_CPU_RV32GCSU_V1_09_1 -#define SPIKE_V1_10_0_CPU TYPE_RISCV_CPU_RV32GCSU_V1_10_0 +#define SPIKE_V1_10_0_CPU TYPE_RISCV_CPU_BASE32 #elif defined(TARGET_RISCV64) -#define SPIKE_V1_09_1_CPU TYPE_RISCV_CPU_RV64GCSU_V1_09_1 -#define SPIKE_V1_10_0_CPU TYPE_RISCV_CPU_RV64GCSU_V1_10_0 +#define SPIKE_V1_10_0_CPU TYPE_RISCV_CPU_BASE64 #endif #endif diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index d0c4843712..7bbbdb5036 100644 --- a/hw/riscv/spike.c +++ b/hw/riscv/spike.c @@ -257,221 +257,6 @@ static void spike_board_init(MachineState *machine) false); } -static void spike_v1_10_0_board_init(MachineState *machine) -{ -const struct MemmapEntry *memmap = spike_memmap; - -SpikeState *s = g_new0(SpikeState, 1); -MemoryRegion *system_memory = get_system_memory(); -MemoryRegion *main_mem = g_new(MemoryRegion, 1); -MemoryRegion *mask_rom = g_new(MemoryRegion, 1); -int i; -unsigned int smp_cpus = machine->smp.cpus; - -if (!qtest_enabled()) { -info_report("The Spike v1.10.0 machine has been deprecated. " -"Please use the generic spike machine and specify the ISA " -"versions using -cpu."); -} - -/* Initialize SOC */ -object_initialize_child(OBJECT(machine), "soc", >soc, sizeof(s->soc), -TYPE_RISCV_HART_ARRAY, _abort, NULL); -object_property_set_str(OBJECT(>soc), SPIKE_V1_10_0_CPU, "cpu-type", -_abort); -object_property_set_int(OBJECT(>soc), smp_cpus, "num-harts", -_abort); -object_property_set_bool(OBJECT(>soc), true, "realized", -_abort); - -/* register system main memory (actual RAM) */ -memory_region_init_ram(main_mem, NULL, "riscv.spike.ram", - machine->ram_size, _fatal); -memory_region_add_subregion(system_memory, memmap[SPIKE_DRAM].base, -main_mem); - -/* create device tree */ -create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline); - -/* boot rom */ -memory_region_init_rom(mask_rom, NULL, "riscv.spike.mrom", - memmap[SPIKE_MROM].size, _fatal); -memory_region_add_subregion(system_memory, memmap[SPIKE_MROM].base, -mask_rom); - -if (machine->kernel_filename) { -riscv_load_kernel(machine->kernel_filename, htif_symbol_callback); -} - -/* reset vector */ -uint32_t reset_vec[8] = { -0x0297, /* 1: auipc t0, %pcrel_hi(dtb) */ -0x02028593, /* addi a1, t0, %pcrel_lo(1b) */ -0xf1402573, /* csrr a0, mhartid */ -#if defined(TARGET_RISCV32) -0x0182a283, /* lw t0, 24(t0) */ -#elif defined(TARGET_RISCV64) -0x0182b283, /* ld t0, 24(t0) */ -#endif -0x00028067, /* jr t0 */ -0x, -memmap[SPIKE_DRAM].base, /* start: .dword DRAM_BASE */ -0x, - /* dtb: */ -}; - -/* copy in the reset vector in little_endian byte order */ -for (i = 0; i < sizeof(reset_vec) >> 2; i++) { -reset_vec[i] = cpu_to_le32(reset_vec[i]); -} -rom_add_blob_fixed_as("mrom.reset", reset_vec, sizeof(reset_vec), - memmap[SPIKE_MROM].base, _space_memory); - -/* copy in the device tree */ -if (fdt_pack(s->fdt) || fdt_totalsize(s->fdt) > -memmap[SPIKE_MROM].size - sizeof(reset_vec)) { -error_report("not enough space to store device-tree"); -exit(1); -} -qemu_fdt_dumpdtb(s->fdt, fdt_totalsize(s->fdt)); -rom_add_blob_fixed_as("mrom.fdt", s->fdt, fdt_totalsize(s->fdt), - memmap[SPIKE_MROM].base + sizeof(reset_vec), - _space_memory); - -/* initialize HTIF using symbols found in load_kernel */ -htif_mm_init(system_memory, mask_rom, >soc.harts[0].env, serial_hd(0)); - -/* Core Local Interruptor (timer and IPI) */ -sifive_clint_create(memmap[SPIKE_CLINT].base, memmap[SPIKE_CLINT].size, -smp_cpus, SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE, -false); -} - -static void spike_v1_09_1_board_init(MachineState *machine) -{ -const
[PATCH v3 0/3] RTISC-V: Remove deprecated ISA, CPUs and machines
v3: - Don't use SiFive CPUs for Spike machine v2: - Remove the CPUs and ISA seperatley Alistair Francis (3): hw/riscv: spike: Remove deprecated ISA specific machines target/riscv: Remove the deprecated CPUs target/riscv: Drop support for ISA spec version 1.09.1 include/hw/riscv/spike.h | 6 +- target/riscv/cpu.h| 8 - hw/riscv/spike.c | 217 -- target/riscv/cpu.c| 30 --- target/riscv/cpu_helper.c | 82 +++ target/riscv/csr.c| 118 ++ .../riscv/insn_trans/trans_privileged.inc.c | 18 +- target/riscv/monitor.c| 5 - target/riscv/op_helper.c | 17 +- tests/qtest/machine-none-test.c | 4 +- 10 files changed, 60 insertions(+), 445 deletions(-) -- 2.26.2
Re: [PATCH] util/oslib-posix : qemu_init_exec_dir implementation for MacOS
>From ce857629697e8b6a2149fd3a1e16b7eea26aafca Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 26 May 2020 21:35:27 +0100 Subject: [PATCH] util/oslib: current process full path resolution on MacOS Using existing libproc to fill the path. Signed-off-by: David Carlier --- util/oslib-posix.c | 13 + 1 file changed, 13 insertions(+) diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 062236a1ab..445af2f9be 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -55,6 +55,10 @@ #include #endif +#ifdef __APPLE__ +#include +#endif + #include "qemu/mmap-alloc.h" #ifdef CONFIG_DEBUG_STACK_USAGE @@ -366,6 +370,15 @@ void qemu_init_exec_dir(const char *argv0) p = buf; } } +#elif defined(__APPLE__) +{ +int len; +len = proc_pidpath(getpid(), buf, sizeof(buf) - 1); +if (len > 0) { +buf[len] = 0; +p = buf; +} +} #endif /* If we don't have any way of figuring out the actual executable location then try argv[0]. */ -- 2.26.2 On Tue, 26 May 2020 at 21:40, David CARLIER wrote: > > From b24a6702beb2a4e2a9c1c03b69c6d1dd07d4cf08 Mon Sep 17 00:00:00 2001 > From: David Carlier > Date: Tue, 26 May 2020 21:35:27 +0100 > Subject: [PATCH] util/oslib: current process full path resolution on MacOS > > Using existing libproc to fill the path. > > Signed-off-by: David Carlier > --- > util/oslib-posix.c | 13 + > 1 file changed, 13 insertions(+) > > diff --git a/util/oslib-posix.c b/util/oslib-posix.c > index 062236a1ab..96f0405ee6 100644 > --- a/util/oslib-posix.c > +++ b/util/oslib-posix.c > @@ -55,6 +55,10 @@ > #include > #endif > > +#ifdef __APPLE__ > +#include > +#endif > + > #include "qemu/mmap-alloc.h" > > #ifdef CONFIG_DEBUG_STACK_USAGE > @@ -366,6 +370,15 @@ void qemu_init_exec_dir(const char *argv0) > p = buf; > } > } > +#elif defined(__APPLE__) > +{ > +uint32_t len; > +len = proc_pidpath(getpid(), buf, sizeof(buf) - 1); > +if (len > 0) { > +buf[len] = 0; > +p = buf; > +} > +} > #endif > /* If we don't have any way of figuring out the actual executable > location then try argv[0]. */ > -- > 2.26.2
Re: [PATCH v7 15/32] qcow2: Add qcow2_get_subcluster_range_type()
On 5/25/20 1:08 PM, Alberto Garcia wrote: There are situations in which we want to know how many contiguous subclusters of the same type there are in a given cluster. This can be done by simply iterating over the subclusters and repeatedly calling qcow2_get_subcluster_type() for each one of them. However once we determined the type of a subcluster we can check the rest efficiently by counting the number of adjacent ones (or zeroes) in the bitmap. This is what this function does. Signed-off-by: Alberto Garcia --- block/qcow2-cluster.c | 51 +++ 1 file changed, 51 insertions(+) +if (*type == QCOW2_SUBCLUSTER_INVALID) { +return -EINVAL; +} else if (!has_subclusters(s) || *type == QCOW2_SUBCLUSTER_COMPRESSED) { +return s->subclusters_per_cluster - sc_from; +} + +switch (*type) { +case QCOW2_SUBCLUSTER_NORMAL: +val = l2_bitmap | QCOW_OFLAG_SUB_ALLOC_RANGE(0, sc_from); +return cto32(val) - sc_from; Slick. Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH v4 5/5] block/io: refactor save/load vmstate
On 5/25/20 5:08 AM, Vladimir Sementsov-Ogievskiy wrote: Like for read/write in a previous commit, drop extra indirection layer, generate directly bdrv_readv_vmstate() and bdrv_writev_vmstate(). Signed-off-by: Vladimir Sementsov-Ogievskiy --- block/coroutines.h| 10 +++ include/block/block.h | 6 ++-- block/io.c| 67 ++- 3 files changed, 42 insertions(+), 41 deletions(-) Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
[Bug 1880763] [NEW] Missing page crossing check in use_goto_tb() for rx target
Public bug reported: Currently the rx target doesn't have the page crossing check in its use_goto_tb() function. This is a required feature for stable system mode emulations that all other targets implement. ** Affects: qemu Importance: Undecided Assignee: Ahmed Karaman (ahmedkrmn) Status: New ** Changed in: qemu Assignee: (unassigned) => Ahmed Karaman (ahmedkrmn) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1880763 Title: Missing page crossing check in use_goto_tb() for rx target Status in QEMU: New Bug description: Currently the rx target doesn't have the page crossing check in its use_goto_tb() function. This is a required feature for stable system mode emulations that all other targets implement. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1880763/+subscriptions
Re: [PATCH v4 4/5] block: drop bdrv_prwv
On 5/25/20 5:08 AM, Vladimir Sementsov-Ogievskiy wrote: Now, when we are not more paying extra code for coroutine wrappers, there no more sence in extra indirection layer: bdrv_prwv(). Let's drop it and instead genereate pure bdrv_preadv() and bdrv_pwritev(). Typos and grammar; I suggest: Now that we are not maintaining boilerplate code for coroutine wrappers, there is no more sense in keeping the extra indirection layer of bdrv_prwv(). Let's drop it and instead generate pure bdrv_preadv() and bdrv_pwritev(). Currently, bdrv_pwritev() and bdrv_preadv() are returning bytes on success, auto generated functions will instead return zero, as their _co_ prototype. Still, it's simple to make the conversion safe: the only external user of bdrv_pwritev() is test-bdrv-drain, and it is comfortable enough with bdrv_co_pwritev() instead. So prototypes are moved to local block/coroutines.h. Next, the only internal use is bdrv_pread() and bdrv_pwrite(), which are modified to return bytes on success. Does returning bytes on success buy us anything useful? We don't allow partial success, so blindly returning 0 on success is no less useful. True, we'd have to audit callers to make sure we aren't doing an inadvertent semantic change. Signed-off-by: Vladimir Sementsov-Ogievskiy --- block/coroutines.h | 10 - include/block/block.h | 2 -- block/io.c | 49 - tests/test-bdrv-drain.c | 2 +- 4 files changed, 15 insertions(+), 48 deletions(-) At any rate, I think this patch is reasonable. Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH v4 3/5] block: generate coroutine-wrapper code
On 5/25/20 5:07 AM, Vladimir Sementsov-Ogievskiy wrote: We have a very frequent pattern of creating coroutine from function with several arguments: - create structure to pack parameters - create _entry function to call original function taking parameters from struct - do different magic to handle completion: set ret to NOT_DONE or EINPROGRESS, use separate bool for void functions - fill the struct and create coroutine from _entry function and this struct as a parameter - do coroutine enter and BDRV_POLL_WHILE loop Let's reduce code duplication. Here: Functional part (BDRV_POLL_WHILE loop, aio_wait_kick()) moved to (non-generated) block/block-gen.h Mechanical part (arguments packing, different kind of needed wrappers) are generated from template by scripts/coroutine-wrapper.py to resulting file block/block-gen.c Signed-off-by: Vladimir Sementsov-Ogievskiy --- @@ -175,6 +177,10 @@ generated-files-y += $(TRACE_SOURCES) generated-files-y += $(BUILD_DIR)/trace-events-all generated-files-y += .git-submodule-status +COROUTINE_HEADERS = include/block/block.h block/coroutines.h +block/block-gen.c: $(COROUTINE_HEADERS) $(SRC_PATH)/scripts/coroutine-wrapper.py + $(call quiet-command, cat $(COROUTINE_HEADERS) | $(SRC_PATH)/scripts/coroutine-wrapper.py > $@,"GEN","$(TARGET_DIR)$@") + Not VPATH-friendly; I posted a proposed fixup! separately. trace-group-name = $(shell dirname $1 | sed -e 's/[^a-zA-Z0-9]/_/g') tracetool-y = $(SRC_PATH)/scripts/tracetool.py diff --git a/Makefile.objs b/Makefile.objs index 99774cfd25..8cb20f94c3 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -14,7 +14,7 @@ chardev-obj-y = chardev/ authz-obj-y = authz/ block-obj-y = block/ block/monitor/ nbd/ scsi/ -block-obj-y += block.o blockjob.o job.o +block-obj-y += block.o blockjob.o job.o block/block-gen.o It may be cleaner to add this in block/Makefile.objs rather than in top-level Makefile.objs. In fact, rearranging your mail a bit... > diff --git a/block/Makefile.objs b/block/Makefile.objs > index 3635b6b4c1..05e4d033c1 100644 > --- a/block/Makefile.objs > +++ b/block/Makefile.objs > @@ -45,6 +45,7 @@ block-obj-y += crypto.o > block-obj-y += aio_task.o > block-obj-y += backup-top.o > block-obj-y += filter-compress.o > +block-obj-y += block-gen.o > common-obj-y += monitor/ > > block-obj-y += stream.o ...you did just that. Dropping the change to top-level Makefile.objs seems to make no difference to a correct build. +++ b/block/block-gen.h @@ -0,0 +1,55 @@ +/* + * Block layer I/O functions Is this still the best one-line summary for this file? Especially since... + +/* This function is called at the end of generated coroutine entries. */ +static inline void bdrv_poll_co__on_exit(void) +{ +aio_wait_kick(); +} + +/* Base structure for argument packing structures */ +typedef struct BdrvPollCo { +BlockDriverState *bs; +bool in_progress; +int ret; +Coroutine *co; /* Keep pointer here for debugging */ +} BdrvPollCo; + +static inline int bdrv_poll_co(BdrvPollCo *s) +{ +assert(!qemu_in_coroutine()); + +bdrv_coroutine_enter(s->bs, s->co); +BDRV_POLL_WHILE(s->bs, s->in_progress); + +return s->ret; +} This part looks fine. +++ b/include/block/generated-co-wrapper.h @@ -0,0 +1,35 @@ +/* + * Block layer I/O functions ...you repeat it here? +/* + * generated_co_wrapper + * Function specifier, which does nothing but marking functions to be + * generated by scripts/coroutine-wrapper.py + */ +#define generated_co_wrapper + +#endif /* BLOCK_GENERATED_CO_WRAPPER_H */ Not sure if a separate header was needed for this, but I guess it doesn't hurt. I might have just used block_int.h. diff --git a/block.c b/block.c index 7f06e82880..c1132ab323 100644 --- a/block.c +++ b/block.c @@ -4640,43 +4640,6 @@ int coroutine_fn bdrv_co_check(BlockDriverState *bs, return bs->drv->bdrv_co_check(bs, res, fix); } -typedef struct CheckCo { -BlockDriverState *bs; -BdrvCheckResult *res; -BdrvCheckMode fix; -int ret; -} CheckCo; This patch is doing two things - introducing a new generator script that scans the code for generated_co_wrapper tags, _and_ adds the tags in as many places as possible. It makes for a big patch. Better might have been to introduce the script and the concept of a tag in one patch but not actually tag any new functions (so the generated file is basically empty, but you prove the build works and can audit the script without being bogged down by the mechanical changes), then do a separate patch with adding the tags and deleting the code now covered by the generator (which will be mostly mechanical). +++ b/scripts/coroutine-wrapper.py @@ -0,0 +1,168 @@ +#!/usr/bin/env python3 My python review skills are weak, so you'll probably want another reviewer here (although I _can_ state that I checked the generated block/block-gen.c file and it makes sense). +import re
[PATCH] fixup! block: generate coroutine-wrapper code
From: Vladimir Sementsov-Ogievskiy Fix Makefile usage for VPATH builds Signed-off-by: Eric Blake --- This fixup lets me build locally with my VPATH build; it probably also explains why patchew and other CLI tools (which use VPATH) were failing. Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ec15b8ea8900..d194cf067ba7 100644 --- a/Makefile +++ b/Makefile @@ -179,7 +179,9 @@ generated-files-y += .git-submodule-status COROUTINE_HEADERS = include/block/block.h block/coroutines.h block/block-gen.c: $(COROUTINE_HEADERS) $(SRC_PATH)/scripts/coroutine-wrapper.py - $(call quiet-command, cat $(COROUTINE_HEADERS) | $(SRC_PATH)/scripts/coroutine-wrapper.py > $@,"GEN","$(TARGET_DIR)$@") + $(call quiet-command, \ + cat $(addprefix $(SRC_PATH)/,$(COROUTINE_HEADERS)) | \ + $(SRC_PATH)/scripts/coroutine-wrapper.py > $@,"GEN","$(TARGET_DIR)$@") trace-group-name = $(shell dirname $1 | sed -e 's/[^a-zA-Z0-9]/_/g') -- 2.26.2
Re: [PATCH 1/9] tests/acceptance: allow console interaction with specific VMs
On Mon, May 25, 2020 at 8:20 AM Pavel Dovgalyuk wrote: > > Console interaction in avocado scripts was possible only with single > default VM. > This patch modifies the function parameters to allow passing a specific > VM as a parameter to interact with it. > > Signed-off-by: Pavel Dovgalyuk > --- > tests/acceptance/avocado_qemu/__init__.py | 12 +++- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/tests/acceptance/avocado_qemu/__init__.py > b/tests/acceptance/avocado_qemu/__init__.py > index 59e7b4f763..0bbaa8d2a6 100644 > --- a/tests/acceptance/avocado_qemu/__init__.py > +++ b/tests/acceptance/avocado_qemu/__init__.py > @@ -69,13 +69,15 @@ def pick_default_qemu_bin(arch=None): > > > def _console_interaction(test, success_message, failure_message, > - send_string, keep_sending=False): > + send_string, keep_sending=False, vm=None): > assert not keep_sending or send_string > -console = test.vm.console_socket.makefile() > +if vm is None: > +vm = test.vm > +console = vm.console_socket.makefile() > console_logger = logging.getLogger('console') > while True: > if send_string: > -test.vm.console_socket.sendall(send_string.encode()) > +vm.console_socket.sendall(send_string.encode()) > if not keep_sending: > send_string = None # send only once > msg = console.readline().strip() > @@ -115,7 +117,7 @@ def interrupt_interactive_console_until_pattern(test, > success_message, > _console_interaction(test, success_message, failure_message, > interrupt_string, True) > > -def wait_for_console_pattern(test, success_message, failure_message=None): > +def wait_for_console_pattern(test, success_message, failure_message=None, > vm=None): > """ > Waits for messages to appear on the console, while logging the content > > @@ -125,7 +127,7 @@ def wait_for_console_pattern(test, success_message, > failure_message=None): > :param success_message: if this message appears, test succeeds > :param failure_message: if this message appears, test fails > """ > -_console_interaction(test, success_message, failure_message, None) > +_console_interaction(test, success_message, failure_message, None, vm=vm) > > def exec_command_and_wait_for_pattern(test, command, >success_message, failure_message=None): > > Reviewed-by: Willian Rampazzo
Re: [PATCH 2/9] tests/acceptance: add base class record/replay kernel tests
On Mon, May 25, 2020 at 8:22 AM Pavel Dovgalyuk wrote: > > This patch adds a base for testing kernel boot recording and replaying. > Each test has the phase of recording and phase of replaying. > Virtual machines just boot the kernel and do not interact with > the network. > Structure and image links for the tests are borrowed from > boot_linux_console.py > Testing controls the message pattern at the end of the kernel > boot for both record and replay modes. In replay mode QEMU is also > intended to finish the execution automatically. > > Signed-off-by: Pavel Dovgalyuk > --- > MAINTAINERS |1 > tests/acceptance/replay_kernel.py | 80 > + > 2 files changed, 81 insertions(+) > create mode 100644 tests/acceptance/replay_kernel.py > > diff --git a/MAINTAINERS b/MAINTAINERS > index 47ef3139e6..e9a9ce4f66 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -2497,6 +2497,7 @@ F: net/filter-replay.c > F: include/sysemu/replay.h > F: docs/replay.txt > F: stubs/replay.c > +F: tests/acceptance/replay_kernel.py > > IOVA Tree > M: Peter Xu > diff --git a/tests/acceptance/replay_kernel.py > b/tests/acceptance/replay_kernel.py > new file mode 100644 > index 00..3208179789 > --- /dev/null > +++ b/tests/acceptance/replay_kernel.py > @@ -0,0 +1,80 @@ > +# Record/replay test that boots a Linux kernel > +# > +# Copyright (c) 2020 ISP RAS > +# > +# Author: > +# Pavel Dovgalyuk > +# > +# This work is licensed under the terms of the GNU GPL, version 2 or > +# later. See the COPYING file in the top-level directory. > + > +import os > +import gzip > + > +from avocado_qemu import Test > +from avocado_qemu import wait_for_console_pattern > +from avocado.utils import process > +from avocado.utils import archive > + > +class ReplayKernel(Test): > +""" > +Boots a Linux kernel in record mode and checks that the console > +is operational and the kernel command line is properly passed > +from QEMU to the kernel. > +Then replays the same scenario and verifies, that QEMU correctly > +terminates. > +""" The best to do here, IMHO, is to split the BootLinuxConsole class on boot_linux_console.py into two classes, one with the necessary utilities inheriting from Test and the second with the tests itself, inheriting from the first. After that you can also inherit from the first class in the boot_linux_console.py here and avoid code duplication. > + > +timeout = 90 > + > +KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 ' > + > +def wait_for_console_pattern(self, success_message, vm): > +wait_for_console_pattern(self, success_message, > + failure_message='Kernel panic - not > syncing', > + vm=vm) > + > +def extract_from_deb(self, deb, path): > +""" > +Extracts a file from a deb package into the test workdir > + > +:param deb: path to the deb archive > +:param path: path within the deb archive of the file to be extracted > +:returns: path of the extracted file > +""" > +cwd = os.getcwd() > +os.chdir(self.workdir) > +file_path = process.run("ar t %s" % deb).stdout_text.split()[2] > +process.run("ar x %s %s" % (deb, file_path)) > +archive.extract(file_path, self.workdir) > +os.chdir(cwd) > +# Return complete path to extracted file. Because callers to > +# extract_from_deb() specify 'path' with a leading slash, it is > +# necessary to use os.path.relpath() as otherwise os.path.join() > +# interprets it as an absolute path and drops the self.workdir part. > +return os.path.normpath(os.path.join(self.workdir, > + os.path.relpath(path, '/'))) > + > +def run_vm(self, kernel_path, kernel_command_line, console_pattern, > record, shift, args): > +vm = self.get_vm() > +vm.set_console() > +if record: > +mode = 'record' > +else: > +mode = 'replay' > +vm.add_args('-icount', 'shift=%s,rr=%s,rrfile=%s' % > +(shift, mode, os.path.join(self.workdir, 'replay.bin')), > +'-kernel', kernel_path, > +'-append', kernel_command_line, > +'-net', 'none', > +*args) > +vm.launch() > +self.wait_for_console_pattern(console_pattern, vm) > +if record: > +vm.shutdown() > +else: > +vm.wait() > + > +def run_rr(self, kernel_path, kernel_command_line, console_pattern, > shift=7, args=()): Same comment from patch file 9, here you can use the default value of args as None and handle it in the run_vm method. It is usually recommended to use a None value for default arguments in Python instead of an empty structure. > +self.run_vm(kernel_path, kernel_command_line,
Re: [RESEND PATCH 1/1] vfio/nvlink: Remove exec permission to avoid SELinux AVCs
On Mon, 18 May 2020 12:05:24 -0300 Leonardo Bras wrote: > If SELinux is setup without 'execmem' permission for qemu, all mmap > with (PROT_WRITE | PROT_EXEC) will fail and print a warning in > SELinux log. > > If "nvlink2-mr" memory allocation fails (fist diff), it will cause > guest NUMA nodes to not be correctly configured (V100 memory will > not be visible for guest, nor its NUMA nodes). > > Not having 'execmem' permission is intesting for virtual machines to > avoid buffer-overflow based attacks, and it's adopted in distros > like RHEL. > > So, removing the PROT_EXEC flag seems the right thing to do. > > Browsing some other code that mmaps memory for usage with > memory_region_init_ram_device_ptr, I could notice it's usual to > not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be > no problem around this. > > Signed-off-by: Leonardo Bras > Reviewed-by: Alexey Kardashevskiy > > --- Seems David Gibson might be in a position to send a pull request including this before I can, so: Acked-by: Alex Williamson > - Alexey's review is here: > https://lists.nongnu.org/archive/html/qemu-devel/2020-05/msg6.html > > hw/vfio/pci-quirks.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c > index 2d348f8237..124d4f57e1 100644 > --- a/hw/vfio/pci-quirks.c > +++ b/hw/vfio/pci-quirks.c > @@ -1620,7 +1620,7 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, > Error **errp) > } > cap = (void *) hdr; > > -p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE | PROT_EXEC, > +p = mmap(NULL, nv2reg->size, PROT_READ | PROT_WRITE, > MAP_SHARED, vdev->vbasedev.fd, nv2reg->offset); > if (p == MAP_FAILED) { > ret = -errno; > @@ -1680,7 +1680,7 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error > **errp) > > /* Some NVLink bridges may not have assigned ATSD */ > if (atsdreg->size) { > -p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE | PROT_EXEC, > +p = mmap(NULL, atsdreg->size, PROT_READ | PROT_WRITE, > MAP_SHARED, vdev->vbasedev.fd, atsdreg->offset); > if (p == MAP_FAILED) { > ret = -errno; >
Re: [PATCH v4 0/5] coroutines: generate wrapper code
On 5/25/20 8:48 AM, Vladimir Sementsov-Ogievskiy wrote: 25.05.2020 16:14, no-re...@patchew.org wrote: Patchew URL:https://patchew.org/QEMU/20200525100801.13859-1-vsement...@virtuozzo.com/ Hi, This series failed the docker-quick@centos7 build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-centos7 V=1 NETWORK=1 time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make: *** [qemu-nbd] Error 1 Hmm. Who can help? I assume, that this is because I've added block/block-gen.o into ./Makefile.objs, and not into block/Makefile.objs. I'll try it with next resend. Are you doing in-tree or VPATH builds? When I tried a VPATH build, I got: $ make -C build block/block-gen.c V=1 make: Entering directory '/home/eblake/qemu/build' ... cat include/block/block.h block/coroutines.h | /home/eblake/qemu/scripts/coroutine-wrapper.py > block/block-gen.c cat: include/block/block.h: No such file or directory cat: block/coroutines.h: No such file or directory make: 'block/block-gen.c' is up to date. make: Leaving directory '/home/eblake/qemu/build' and a resulting block/block-gen.c that declares nothing but 3 #includes. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
[PATCH] util/oslib-posix : qemu_init_exec_dir implementation for MacOS
>From b24a6702beb2a4e2a9c1c03b69c6d1dd07d4cf08 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 26 May 2020 21:35:27 +0100 Subject: [PATCH] util/oslib: current process full path resolution on MacOS Using existing libproc to fill the path. Signed-off-by: David Carlier --- util/oslib-posix.c | 13 + 1 file changed, 13 insertions(+) diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 062236a1ab..96f0405ee6 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -55,6 +55,10 @@ #include #endif +#ifdef __APPLE__ +#include +#endif + #include "qemu/mmap-alloc.h" #ifdef CONFIG_DEBUG_STACK_USAGE @@ -366,6 +370,15 @@ void qemu_init_exec_dir(const char *argv0) p = buf; } } +#elif defined(__APPLE__) +{ +uint32_t len; +len = proc_pidpath(getpid(), buf, sizeof(buf) - 1); +if (len > 0) { +buf[len] = 0; +p = buf; +} +} #endif /* If we don't have any way of figuring out the actual executable location then try argv[0]. */ -- 2.26.2
Re: [PATCH v7 14/32] qcow2: Add QCow2SubclusterType and qcow2_get_subcluster_type()
On 5/25/20 1:08 PM, Alberto Garcia wrote: This patch adds QCow2SubclusterType, which is the subcluster-level version of QCow2ClusterType. All QCOW2_SUBCLUSTER_* values have the the same meaning as their QCOW2_CLUSTER_* equivalents (when they exist). See below for details and caveats. In images without extended L2 entries clusters are treated as having exactly one subcluster so it is possible to replace one data type with the other while keeping the exact same semantics. With extended L2 entries there are new possible values, and every subcluster in the same cluster can obviously have a different QCow2SubclusterType so functions need to be adapted to work on the subcluster level. There are several things that have to be taken into account: a) QCOW2_SUBCLUSTER_COMPRESSED means that the whole cluster is compressed. We do not support compression at the subcluster level. b) There are two different values for unallocated subclusters: QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN which means that the whole cluster is unallocated, and QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC which means that the cluster is allocated but the subcluster is not. The latter can only happen in images with extended L2 entries. c) QCOW2_SUBCLUSTER_INVALID is used to detect the cases where an L2 entry has a value that violates the specification. The caller is responsible for handling these situations. To prevent compatibility problems with images that have invalid values but are currently being read by QEMU without causing side effects, QCOW2_SUBCLUSTER_INVALID is only returned for images with extended L2 entries. qcow2_cluster_to_subcluster_type() is added as a separate function from qcow2_get_subcluster_type(), but this is only temporary and both will be merged in a subsequent patch. Signed-off-by: Alberto Garcia --- block/qcow2.h | 126 +- 1 file changed, 125 insertions(+), 1 deletion(-) diff --git a/block/qcow2.h b/block/qcow2.h index 5c6bf48c7a..27dbcbc502 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -80,6 +80,21 @@ #define QCOW_EXTL2_SUBCLUSTERS_PER_CLUSTER 32 +/* The subcluster X [0..31] is allocated */ +#define QCOW_OFLAG_SUB_ALLOC(X) (1ULL << (X)) +/* The subcluster X [0..31] reads as zeroes */ +#define QCOW_OFLAG_SUB_ZERO(X)(QCOW_OFLAG_SUB_ALLOC(X) << 32) +/* Subclusters [X, Y) (0 <= X <= Y <= 32) are allocated */ As you are now using a half-open range, should this be: (0 <= X < Y <= 32) +#define QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) \ +(QCOW_OFLAG_SUB_ALLOC(Y) - QCOW_OFLAG_SUB_ALLOC(X)) with <= instead of <, then it is impossible to distinguish between QCOW_OFLAG_SUB_ALLOC_RANGE(0,0) and QCOW_OFLAG_SUB_ALLOC_RANGE(31,31) which both resolve to 0. I guess it depends on whether the later uses of this macro require a non-zero mask ('X < Y') or tolerate the corner case of no subclusters selected ('X <= Y'). +/* Subclusters [X, Y) (0 <= X <= Y <= 32) read as zeroes */ +#define QCOW_OFLAG_SUB_ZERO_RANGE(X, Y) \ +(QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) << 32) +/* L2 entry bitmap with all allocation bits set */ +#define QCOW_L2_BITMAP_ALL_ALLOC (QCOW_OFLAG_SUB_ALLOC_RANGE(0, 32)) +/* L2 entry bitmap with all "read as zeroes" bits set */ +#define QCOW_L2_BITMAP_ALL_ZEROES (QCOW_OFLAG_SUB_ZERO_RANGE(0, 32)) + Fixing the comment (if necessary) does not change the code, and the rest of this patch is fine, so: Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
[PATCH v2] iotests: Dump QCOW2 dirty bitmaps metadata
Add dirty bitmap information to QCOW2 metadata dump in qcow2.py script. The sample output: Header extension: Bitmaps magic 0x23852875 length24 nb_bitmaps2 reserved320 bitmap_directory_size 0x40 bitmap_directory_offset 0x10 Bitmap name bitmap-1 flag "auto" bitmap_table_offset 0x9 bitmap_table_size 8 flags 2 type 1 granularity_bits 15 name_size 8 extra_data_size 0 Bitmap table 0 serialized, offset 0xa 1 all-zeroes, offset 0x0 2 all-zeroes, offset 0x0 3 all-zeroes, offset 0x0 4 all-zeroes, offset 0x0 5 all-zeroes, offset 0x0 6 all-zeroes, offset 0x0 7 all-zeroes, offset 0x0 Signed-off-by: Andrey Shinkevich --- v2: 01: Refactoring of the Python code in the script qcow2.py. New methods were added. The bitmap dictionary was instantiated. The all of bitmaps information is read completely before printing the dictionary. 02: The outputs of the tests 031, 036 and 061 were modified. tests/qemu-iotests/031.out | 22 +++--- tests/qemu-iotests/036.out | 4 +- tests/qemu-iotests/061.out | 14 ++-- tests/qemu-iotests/qcow2.py | 167 +--- 4 files changed, 179 insertions(+), 28 deletions(-) diff --git a/tests/qemu-iotests/031.out b/tests/qemu-iotests/031.out index 46f97c5..0383ebb 100644 --- a/tests/qemu-iotests/031.out +++ b/tests/qemu-iotests/031.out @@ -24,7 +24,7 @@ autoclear_features[] refcount_order4 header_length 72 -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' @@ -52,7 +52,7 @@ autoclear_features[] refcount_order4 header_length 72 -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' @@ -80,12 +80,12 @@ autoclear_features[] refcount_order4 header_length 72 -Header extension: +Header extension: Backing format magic 0xe2792aca length11 data 'host_device' -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' @@ -115,12 +115,12 @@ autoclear_features[] refcount_order4 header_length 104 -Header extension: +Header extension: Feature table magic 0x6803f857 length288 data -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' @@ -148,12 +148,12 @@ autoclear_features[] refcount_order4 header_length 104 -Header extension: +Header extension: Feature table magic 0x6803f857 length288 data -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' @@ -181,17 +181,17 @@ autoclear_features[] refcount_order4 header_length 104 -Header extension: +Header extension: Backing format magic 0xe2792aca length11 data 'host_device' -Header extension: +Header extension: Feature table magic 0x6803f857 length288 data -Header extension: +Header extension: Unknown magic 0x12345678 length31 data 'This is a test header extension' diff --git a/tests/qemu-iotests/036.out b/tests/qemu-iotests/036.out index 23b699c..d305f1a 100644 --- a/tests/qemu-iotests/036.out +++ b/tests/qemu-iotests/036.out @@ -24,7 +24,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 incompatible_features [] compatible_features [] autoclear_features[63] -Header extension: +Header extension: Feature table magic 0x6803f857 length288 data @@ -36,7 +36,7 @@ No errors were found on the image. incompatible_features [] compatible_features [] autoclear_features[] -Header extension: +Header extension: Feature table magic 0x6803f857 length288 data diff --git
Re: [PATCH Kernel v22 0/8] Add UAPIs to support migration for VFIO devices
On Mon, 25 May 2020 18:50:54 +0530 Kirti Wankhede wrote: > On 5/25/2020 12:29 PM, Yan Zhao wrote: > > On Tue, May 19, 2020 at 10:58:04AM -0600, Alex Williamson wrote: > >> Hi folks, > >> > >> My impression is that we're getting pretty close to a workable > >> implementation here with v22 plus respins of patches 5, 6, and 8. We > >> also have a matching QEMU series and a proposal for a new i40e > >> consumer, as well as I assume GVT-g updates happening internally at > >> Intel. I expect all of the latter needs further review and discussion, > >> but we should be at the point where we can validate these proposed > >> kernel interfaces. Therefore I'd like to make a call for reviews so > >> that we can get this wrapped up for the v5.8 merge window. I know > >> Connie has some outstanding documentation comments and I'd like to make > >> sure everyone has an opportunity to check that their comments have been > >> addressed and we don't discover any new blocking issues. Please send > >> your Acked-by/Reviewed-by/Tested-by tags if you're satisfied with this > >> interface and implementation. Thanks! > >> > > hi Alex > > after porting gvt/i40e vf migration code to kernel/qemu v23, we spoted > > two bugs. > > 1. "Failed to get dirty bitmap for iova: 0xfe011000 size: 0x3fb0 err: 22" > > This is a qemu bug that the dirty bitmap query range is not the same > > as the dma map range. It can be fixed in qemu. and I just have a little > > concern for kernel to have this restriction. > > > > I never saw this unaligned size in my testing. In this case if you can > provide vfio_* event traces, that will helpful. Yeah, I'm curious why we're hitting such a call path, I think we were designing this under the assumption we wouldn't see these. I also wonder if we really need to enforce the dma mapping range for getting the dirty bitmap with the current implementation (unmap+dirty obviously still has the restriction). We do shift the bitmap in place for alignment, but I'm not sure why we couldn't shift it back and only clear the range that was reported. Kirti, do you see other issues? I think a patch to lift that restriction is something we could plan to include after the initial series is included and before we've committed to the uapi at the v5.8 release. > > 2. migration abortion, reporting > > "qemu-system-x86_64-lm: vfio_load_state: Error allocating buffer > > qemu-system-x86_64-lm: error while loading state section id 49(vfio) > > qemu-system-x86_64-lm: load of migration failed: Cannot allocate memory" > > > > It's still a qemu bug and we can fixed it by > > " > > if (migration->pending_bytes == 0) { > > +qemu_put_be64(f, 0); > > +qemu_put_be64(f, VFIO_MIG_FLAG_END_OF_STATE); > > " > > In which function in QEMU do you have to add this? I think this is relative to QEMU path 09/ where Yan had the questions below on v16 and again tried to get answers to them on v22: https://lore.kernel.org/qemu-devel/20200520031323.GB10369@joy-OptiPlex-7040/ Kirti, please address these questions. > > and actually there are some extra concerns about this part, as reported in > > [1][2]. > > > > [1] data_size should be read ahead of data_offset > > https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg02795.html. > > [2] should not repeatedly update pending_bytes in vfio_save_iterate() > > https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg02796.html. > > > > but as those errors are all in qemu, and we have finished basic tests in > > both gvt & i40e, we're fine with the kernel part interface in general now. > > (except for my concern [1], which needs to update kernel patch 1) > > > > >> what if pending_bytes is not 0, but vendor driver just does not want to > >> send data in this iteration? isn't it right to get data_size first > before > >> getting data_offset? > > If vendor driver doesn't want to send data but still has data in staging > buffer, vendor driver still can control to send pending_bytes for this > iteration as 0 as this is a trap field. > > I would defer this to Alex. This is my understanding of the protocol as well, when the device is running, pending_bytes might drop to zero if no internal state has changed and may be non-zero on the next iteration due to device activity. When the device is not running, pending_bytes reporting zero indicates the device is done, there is no further state to transmit. Does that meet your need/expectation? > > so I wonder which way in your mind is better, to give our reviewed-by to > > the kernel part now, or hold until next qemu fixes? > > and as performance data from gvt is requested from your previous mail, is > > that still required before the code is accepted? The QEMU series does not need to be perfect, I kind of expect we might see a few iterations of that beyond the kernel portion being accepted. We should have the QEMU series to the point that we've resolved any uapi issues though, which it
Re: [PATCH 16/19] util: fixed tsan warnings in thread_pool.c
On 22/05/20 18:07, Robert Foley wrote: > #include "trace.h" > #include "block/thread-pool.h" > #include "qemu/main-loop.h" > +#include "qemu/tsan.h" > > static void do_spawn_thread(ThreadPool *pool); > > @@ -97,7 +98,9 @@ static void *worker_thread(void *opaque) > } > > req = QTAILQ_FIRST(>request_list); > +TSAN_ANNOTATE_IGNORE_WRITES_BEGIN(); > QTAILQ_REMOVE(>request_list, req, reqs); > + > req->state = THREAD_ACTIVE; > qemu_mutex_unlock(>lock); > > @@ -107,7 +110,7 @@ static void *worker_thread(void *opaque) > /* Write ret before state. */ > smp_wmb(); > req->state = THREAD_DONE; > - > +TSAN_ANNOTATE_IGNORE_WRITES_END(); You should instead use atomic_read/set for req->state and req->ret. Paolo
Re: [PATCH 1/2] qapi: Fix comment format for @CpuInstanceProperties
On 5/25/20 12:03 PM, Michal Privoznik wrote: In 176d2cda0de, the @die-id attribute was introduced to CpuInstanceProperties type. However, it mangled the comment. Signed-off-by: Michal Privoznik --- qapi/machine.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Reviewed-by: Eric Blake diff --git a/qapi/machine.json b/qapi/machine.json index ff7b5032e3..39caa1d914 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -824,7 +824,8 @@ # @node-id: NUMA node ID the CPU belongs to # @socket-id: socket number within node/board the CPU belongs to # @die-id: die number within node/board the CPU belongs to (Since 4.1) -# @core-id: core number within die the CPU belongs to# @thread-id: thread number within core the CPU belongs to +# @core-id: core number within die the CPU belongs to +# @thread-id: thread number within core the CPU belongs to # # Note: currently there are 5 properties that could be present # but management should be prepared to pass through other -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH v6 07/32] qcow2: Document the Extended L2 Entries feature
On 5/24/20 9:51 AM, Alberto Garcia wrote: Subcluster allocation in qcow2 is implemented by extending the existing L2 table entries and adding additional information to indicate the allocation status of each subcluster. This patch documents the changes to the qcow2 format and how they affect the calculation of the L2 cache size. Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz --- docs/interop/qcow2.txt | 68 -- docs/qcow2-cache.txt | 19 +++- 2 files changed, 83 insertions(+), 4 deletions(-) Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH 9/9] tests/acceptance: Linux boot test for record/replay
On Mon, May 25, 2020 at 8:30 AM Pavel Dovgalyuk wrote: > > This patch adds a test for record/replay, which boots Linux > image from the disk and interacts with the network. > The idea and code of this test is borrowed from boot_linux.py > However, currently record/replay works only for x86_64, > therefore other tests were excluded. > > Each test consists of the following phases: > - downloading the disk image > - recording the execution > - replaying the execution > > Replay does not validates the output, but waits until QEMU > finishes the execution. This is reasonable, because > QEMU usually hangs when replay goes wrong. > > Signed-off-by: Pavel Dovgalyuk > --- > MAINTAINERS |1 > tests/acceptance/replay_linux.py | 140 > ++ > 2 files changed, 141 insertions(+) > create mode 100644 tests/acceptance/replay_linux.py > > diff --git a/MAINTAINERS b/MAINTAINERS > index e9a9ce4f66..97f066a9b2 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -2498,6 +2498,7 @@ F: include/sysemu/replay.h > F: docs/replay.txt > F: stubs/replay.c > F: tests/acceptance/replay_kernel.py > +F: tests/acceptance/replay_linux.py > > IOVA Tree > M: Peter Xu > diff --git a/tests/acceptance/replay_linux.py > b/tests/acceptance/replay_linux.py > new file mode 100644 > index 00..08eedb23ef > --- /dev/null > +++ b/tests/acceptance/replay_linux.py > @@ -0,0 +1,140 @@ > +# Record/replay test that boots a complete Linux system via a cloud image > +# > +# Copyright (c) 2020 ISP RAS > +# > +# Author: > +# Pavel Dovgalyuk > +# > +# This work is licensed under the terms of the GNU GPL, version 2 or > +# later. See the COPYING file in the top-level directory. > + > +import os > + > +from avocado_qemu import Test, BUILD_DIR > + > +from avocado.utils import cloudinit > +from avocado.utils import network > +from avocado.utils import vmimage > +from avocado.utils import datadrainer > +from avocado.utils.path import find_command > + > +class ReplayLinux(Test): > +""" > +Boots a Linux system, checking for a successful initialization > +""" > + > +timeout = 1800 > +chksum = None > +hdd = 'ide-hd' > +cd = 'ide-cd' > +bus = '' > + > +def setUp(self): > +super(ReplayLinux, self).setUp() > +self.prepare_boot() > +self.prepare_cloudinit() > + > +def vm_add_disk(self, vm, path, id, device): > +bus_string = '' > +if self.bus != '': > +bus_string = ',bus=%s.%d' % (self.bus, id,) > +vm.add_args('-drive', 'file=%s,snapshot,id=disk%s,if=none' % (path, > id)) > +vm.add_args('-drive', > 'driver=blkreplay,id=disk%s-rr,if=none,image=disk%s' % (id, id)) > +vm.add_args('-device', '%s,drive=disk%s-rr%s' % (device, id, > bus_string)) > + > +def prepare_boot(self): > +self.log.debug('Looking for and selecting a qemu-img binary to be ' > + 'used to create the bootable snapshot image') > +# If qemu-img has been built, use it, otherwise the system wide one > +# will be used. If none is available, the test will cancel. > +qemu_img = os.path.join(BUILD_DIR, 'qemu-img') > +if not os.path.exists(qemu_img): > +qemu_img = find_command('qemu-img', False) > +if qemu_img is False: > +self.cancel('Could not find "qemu-img", which is required to ' > +'create the bootable image') > +vmimage.QEMU_IMG = qemu_img > + > +self.log.info('Downloading/preparing boot image') > +# Fedora 31 only provides ppc64le images > +image_arch = self.arch > +if image_arch == 'ppc64': > +image_arch = 'ppc64le' > +try: > +self.boot = vmimage.get( > +'fedora', arch=image_arch, version='31', > +checksum=self.chksum, > +algorithm='sha256', > +cache_dir=self.cache_dirs[0], > +snapshot_dir=self.workdir) > +except: > +self.cancel('Failed to download/prepare boot image') > + > +def prepare_cloudinit(self): > +self.log.info('Preparing cloudinit image') > +try: > +self.cloudinit_iso = os.path.join(self.workdir, 'cloudinit.iso') > +self.phone_home_port = network.find_free_port() > +cloudinit.iso(self.cloudinit_iso, self.name, > + username='root', > + password='password', > + # QEMU's hard coded usermode router address > + phone_home_host='10.0.2.2', > + phone_home_port=self.phone_home_port) > +except Exception: > +self.cancel('Failed to prepared cloudinit image') > + > +def launch_and_wait(self, record, args, shift): > +vm = self.get_vm() > +vm.add_args('-smp', '1') > +vm.add_args('-m', '1024') > +
Re: [PATCH v4 2/5] block: declare some coroutine functions in block/coroutines.h
On 5/25/20 5:07 AM, Vladimir Sementsov-Ogievskiy wrote: We are going to keep coroutine-wrappers code (structure-packing parameters, BDRV_POLL wrapper functions) in a separate auto-generated s/a // files. So, we'll need a header with declaration of original _co_ functions, for those which are static now. As well, we'll need declarations for wrapper functions. Do these declarations now, as a preparation step. Signed-off-by: Vladimir Sementsov-Ogievskiy --- Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH v2 1/7] sysemu/accel: Restrict machine methods to system-mode
On Tue, May 26, 2020 at 07:24:21PM +0200, Philippe Mathieu-Daudé wrote: > Restrict init_machine(), setup_post() and has_memory() > to system-mode. > > Reviewed-by: Edgar E. Iglesias > Reviewed-by: Cornelia Huck > Signed-off-by: Philippe Mathieu-Daudé > --- > include/sysemu/accel.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/include/sysemu/accel.h b/include/sysemu/accel.h > index 47e5788530..e08b8ab8fa 100644 > --- a/include/sysemu/accel.h > +++ b/include/sysemu/accel.h > @@ -37,10 +37,12 @@ typedef struct AccelClass { > /*< public >*/ > > const char *name; > +#ifndef CONFIG_USER_ONLY > int (*init_machine)(MachineState *ms); > void (*setup_post)(MachineState *ms, AccelState *accel); > bool (*has_memory)(MachineState *ms, AddressSpace *as, > hwaddr start_addr, hwaddr size); > +#endif > bool *allowed; > /* > * Array of global properties that would be applied when specific > -- > 2.21.3 > Reviewed-by: Roman Bolshakov Thanks, Roman
Re: [PULL 0/5] 9p patches 2020-05-26
On Tue, 26 May 2020 at 12:50, Greg Kurz wrote: > > The following changes since commit fea8f3ed739536fca027cf56af7f5576f37ef9cd: > > Merge remote-tracking branch > 'remotes/philmd-gitlab/tags/pflash-next-20200522' into staging (2020-05-22 > 18:54:47 +0100) > > are available in the Git repository at: > > https://github.com/gkurz/qemu.git tags/9p-next-2020-05-26 > > for you to fetch changes up to 84af75577cceb195b044e2d5ba6d940206b169ca: > > xen/9pfs: increase max ring order to 9 (2020-05-25 11:45:40 +0200) > > > - fix build with musl libc > - fix potential deadlock of QEMU main event loop (cannot be hit with linux > client) > - revert 9pfs reply truncation (LP 1877688) > - xen backend waits for client to free space on the reply ring instead of > truncating or disconnecting > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1 for any user-visible changes. -- PMM
Re: [PATCH v4 1/5] block/io: refactor coroutine wrappers
On 5/25/20 5:07 AM, Vladimir Sementsov-Ogievskiy wrote: Most of our coroutine wrappers already follow this convention: We have 'coroutine_fn bdrv_co_()' as the core function, and a wrapper 'bdrv_()' which does a polling loop. The only outsiders are the bdrv_prwv_co and bdrv_common_block_status_above wrappers. Let's refactor them to behave as the others, it simplifies further conversion of coroutine wrappers. It might be worth mentioning that a later patch in the series will then further reduce the indirection present here. But R-b still stands. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Eric Blake --- block/io.c | 61 +- 1 file changed, 33 insertions(+), 28 deletions(-) -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH 8/9] tests/acceptance: record/replay tests with advcal images
On Mon, May 25, 2020 at 8:28 AM Pavel Dovgalyuk wrote: > > This patch adds more record/replay tests with kernel images. > > Signed-off-by: Pavel Dovgalyuk > --- > tests/acceptance/replay_kernel.py | 80 > + > 1 file changed, 80 insertions(+) > > diff --git a/tests/acceptance/replay_kernel.py > b/tests/acceptance/replay_kernel.py > index 4c786b1565..3849db7f3a 100644 > --- a/tests/acceptance/replay_kernel.py > +++ b/tests/acceptance/replay_kernel.py > @@ -191,3 +191,83 @@ class ReplayKernel(Test): > 'console=ttyS0 vga=off') > console_pattern = 'No filesystem could mount root' > self.run_rr(kernel_path, kernel_command_line, console_pattern) > + > +def do_test_advcal_2018(self, day, tar_hash, kernel_name, args=()): > +tar_url = ('https://www.qemu-advent-calendar.org' > + '/2018/download/day' + day + '.tar.xz') Making the file name flexible helps in the code organization. Still, in this specific case, due to limitations in the Avocado Asset parser, this construction is ignored in an `avocado assets fetch ` command. It results in the file being downloaded during the test run and the time spent to download the files being accounted for in the test time, and if the files are not saved in the Travis cache after this test runs, it also means the files will be downloaded again every time it runs. The straight forward solution to that is having the complete URL described and fetched for each test. > +file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) > +archive.extract(file_path, self.workdir) > + > +kernel_path = self.workdir + '/day' + day + '/' + kernel_name > +kernel_command_line = '' > +console_pattern = 'QEMU advent calendar' > +self.run_rr(kernel_path, kernel_command_line, console_pattern, > +args=args) > + > +def test_arm_vexpressa9(self): > +""" > +:avocado: tags=arch:arm > +:avocado: tags=machine:vexpress-a9 > +""" > +tar_hash = '32b7677ce8b6f1471fb0059865f451169934245b' > +self.do_test_advcal_2018('16', tar_hash, 'winter.zImage', > +('-dtb', self.workdir + '/day16/vexpress-v2p-ca9.dtb')) > + > +def test_m68k_mcf5208evb(self): > +""" > +:avocado: tags=arch:m68k > +:avocado: tags=machine:mcf5208evb > +""" > +tar_hash = 'ac688fd00561a2b6ce1359f9ff6aa2b98c9a570c' > +self.do_test_advcal_2018('07', tar_hash, 'sanity-clause.elf') > + > +def test_microblaze_s3adsp1800(self): > +""" > +:avocado: tags=arch:microblaze > +:avocado: tags=machine:petalogix-s3adsp1800 > +""" > +tar_hash = '08bf3e3bfb6b6c7ce1e54ab65d54e189f2caf13f' > +self.do_test_advcal_2018('17', tar_hash, 'ballerina.bin') > + > +def test_ppc64_e500(self): > +""" > +:avocado: tags=arch:ppc64 > +:avocado: tags=machine:ppce500 > +""" > +tar_hash = '6951d86d644b302898da2fd701739c9406527fe1' > +self.do_test_advcal_2018('19', tar_hash, 'uImage', ('-cpu', 'e5500')) > + > +def test_ppc_g3beige(self): > +""" > +:avocado: tags=arch:ppc > +:avocado: tags=machine:g3beige > +""" > +tar_hash = 'e0b872a5eb8fdc5bed19bd43ffe863900ebcedfc' > +self.do_test_advcal_2018('15', tar_hash, 'invaders.elf', > +('-M', 'graphics=off')) > + > +def test_ppc_mac99(self): > +""" > +:avocado: tags=arch:ppc > +:avocado: tags=machine:mac99 > +""" > +tar_hash = 'e0b872a5eb8fdc5bed19bd43ffe863900ebcedfc' > +self.do_test_advcal_2018('15', tar_hash, 'invaders.elf', > +('-M', 'graphics=off')) > + > +def test_sparc_ss20(self): > +""" > +:avocado: tags=arch:sparc > +:avocado: tags=machine:SS-20 > +""" > +tar_hash = 'b18550d5d61c7615d989a06edace051017726a9f' > +self.do_test_advcal_2018('11', tar_hash, 'zImage.elf') > + > +def test_xtensa_lx60(self): > +""" > +:avocado: tags=arch:xtensa > +:avocado: tags=machine:lx60 > +""" > +tar_hash = '49e88d9933742f0164b60839886c9739cb7a0d34' > +self.do_test_advcal_2018('02', tar_hash, 'santas-sleigh-ride.elf', > +('-cpu', 'dc233c')) > >
Re: [PATCH v2 3/7] sysemu/hvf: Only declare hvf_allowed when HVF is available
On Tue, May 26, 2020 at 07:24:23PM +0200, Philippe Mathieu-Daudé wrote: > When HVF is not available, the hvf_allowed variable does not exist. > > Reviewed-by: Edgar E. Iglesias > Reviewed-by: Cornelia Huck > Signed-off-by: Philippe Mathieu-Daudé > --- > v2: Fixed typo s/tcg_allowed/hvf_allowed/ (Edgar) > --- > include/sysemu/hvf.h | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h > index d211e808e9..fe95743124 100644 > --- a/include/sysemu/hvf.h > +++ b/include/sysemu/hvf.h > @@ -18,7 +18,6 @@ > #include "exec/memory.h" > #include "sysemu/accel.h" > > -extern bool hvf_allowed; > #ifdef CONFIG_HVF > #include > #include > @@ -26,11 +25,12 @@ extern bool hvf_allowed; > #include "target/i386/cpu.h" > uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx, > int reg); > +extern bool hvf_allowed; > #define hvf_enabled() (hvf_allowed) > -#else > +#else /* !CONFIG_HVF */ > #define hvf_enabled() 0 > #define hvf_get_supported_cpuid(func, idx, reg) 0 > -#endif > +#endif /* !CONFIG_HVF */ > > /* hvf_slot flags */ > #define HVF_SLOT_LOG (1 << 0) > -- > 2.21.3 > Reviewed-by: Roman Bolshakov Thanks, Roman
Re: [RFC v3 4/4] cpus: extract out accel-specific code to each accel
On Mon, May 25, 2020 at 04:54:40PM +0200, Claudio Fontana wrote: > each accelerator registers a new "CpusAccelInterface" > on initialization, providing functions for starting a vcpu, > kicking a vcpu, and sychronizing state. > > This way the code in cpus.cc is now all general softmmu code, > nothing (or almost nothing) accelerator-specific anymore. > > Signed-off-by: Claudio Fontana > --- > MAINTAINERS | 1 + > accel/kvm/Makefile.objs | 2 + > accel/kvm/kvm-all.c | 15 +- > accel/kvm/kvm-cpus-interface.c | 94 > accel/kvm/kvm-cpus-interface.h | 8 + > accel/qtest.c| 82 > accel/stubs/kvm-stub.c | 3 +- > accel/tcg/Makefile.objs | 1 + > accel/tcg/tcg-all.c | 12 +- > accel/tcg/tcg-cpus-interface.c | 523 > accel/tcg/tcg-cpus-interface.h | 8 + > hw/core/cpu.c| 1 + > include/sysemu/cpus.h| 32 ++ > include/sysemu/hvf.h | 1 - > include/sysemu/hw_accel.h| 57 +-- > include/sysemu/kvm.h | 2 +- > softmmu/cpus.c | 911 > +++ > stubs/Makefile.objs | 1 + > stubs/cpu-synchronize-state.c| 15 + > target/i386/Makefile.objs| 7 +- > target/i386/hax-all.c| 6 +- > target/i386/hax-cpus-interface.c | 85 > target/i386/hax-cpus-interface.h | 8 + > target/i386/hax-i386.h | 2 + > target/i386/hax-posix.c | 12 + > target/i386/hax-windows.c| 20 + > target/i386/hvf/Makefile.objs| 2 +- > target/i386/hvf/hvf-cpus-interface.c | 92 > target/i386/hvf/hvf-cpus-interface.h | 8 + > target/i386/hvf/hvf.c| 5 +- > target/i386/whpx-all.c | 3 + > target/i386/whpx-cpus-interface.c| 96 > target/i386/whpx-cpus-interface.h| 8 + > 33 files changed, 1220 insertions(+), 903 deletions(-) > create mode 100644 accel/kvm/kvm-cpus-interface.c > create mode 100644 accel/kvm/kvm-cpus-interface.h > create mode 100644 accel/tcg/tcg-cpus-interface.c > create mode 100644 accel/tcg/tcg-cpus-interface.h > create mode 100644 stubs/cpu-synchronize-state.c > create mode 100644 target/i386/hax-cpus-interface.c > create mode 100644 target/i386/hax-cpus-interface.h > create mode 100644 target/i386/hvf/hvf-cpus-interface.c > create mode 100644 target/i386/hvf/hvf-cpus-interface.h > create mode 100644 target/i386/whpx-cpus-interface.c > create mode 100644 target/i386/whpx-cpus-interface.h Hi Claudio, Overall it looks good. I wonder if the new structure should get singular form, i.e. softmmu/cpu.c instead of softmmu/cpus.c Perhaps cpus.c had plural form because it was related to implementation of multiple CPUs/accels. After the split, each accel got it's own implementation of accel interface. "-cpus-interface.c" contains implementation rather than interface it's a bit confusing. Perhaps it should be called: "-cpu.c" or even "-accel.c". By the way, If we use registration for each accel, does it mean that include/sysemu/.h and accel stubs are no longer needed in shared location? There's an AccelClass in accel/accel.c, I wonder if it should be re-used for accel CPU registration? I don't know but may be generic the leftover of cpus.c also belongs to accel/ rather than softmmu/? > > diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h > index 149de000a0..cae22afe4d 100644 > --- a/include/sysemu/cpus.h > +++ b/include/sysemu/cpus.h > @@ -4,7 +4,39 @@ > #include "qemu/timer.h" > > /* cpus.c */ > + > +/* CPU execution threads */ > + > +typedef struct CpusAccelInterface { > +void (*create_vcpu_thread)(CPUState *cpu); > +void (*kick_vcpu_thread)(CPUState *cpu); > + > +void (*cpu_synchronize_post_reset)(CPUState *cpu); > +void (*cpu_synchronize_post_init)(CPUState *cpu); > +void (*cpu_synchronize_state)(CPUState *cpu); > +void (*cpu_synchronize_pre_loadvm)(CPUState *cpu); > +} CpusAccelInterface; I think plural name may be replaced to singular. Interface suffix doesn't seem to be used in QEMU. cpu_ and _vcpu are sort meaning the same and may be replaced to generic cpu_ prefix. There's a CPUState, CPUState, and IMO shorter CPUAccel seems to match the naming. I also don't know if cpu_ prefix should be kept. So here's how I see the interface: typedef struct CPUAccel { void (*create_thread)(CPUState *cpu); void (*kick_thread)(CPUState *cpu); void (*synchronize_post_reset)(CPUState *cpu); void (*synchronize_post_init)(CPUState *cpu); void (*synchronize_state)(CPUState *cpu); void (*synchronize_pre_loadvm)(CPUState *cpu); } CPUAccel; > + > +/* register accel-specific interface */ > +void cpus_register_accel_interface(CpusAccelInterface *i); > + > +/* interface
Re: [PATCH 9/9] tests/acceptance: Linux boot test for record/replay
On Mon, May 25, 2020 at 8:30 AM Pavel Dovgalyuk wrote: > > This patch adds a test for record/replay, which boots Linux > image from the disk and interacts with the network. > The idea and code of this test is borrowed from boot_linux.py > However, currently record/replay works only for x86_64, > therefore other tests were excluded. > > Each test consists of the following phases: > - downloading the disk image > - recording the execution > - replaying the execution > > Replay does not validates the output, but waits until QEMU > finishes the execution. This is reasonable, because > QEMU usually hangs when replay goes wrong. > > Signed-off-by: Pavel Dovgalyuk > --- > MAINTAINERS |1 > tests/acceptance/replay_linux.py | 140 > ++ > 2 files changed, 141 insertions(+) > create mode 100644 tests/acceptance/replay_linux.py > > diff --git a/MAINTAINERS b/MAINTAINERS > index e9a9ce4f66..97f066a9b2 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -2498,6 +2498,7 @@ F: include/sysemu/replay.h > F: docs/replay.txt > F: stubs/replay.c > F: tests/acceptance/replay_kernel.py > +F: tests/acceptance/replay_linux.py > > IOVA Tree > M: Peter Xu > diff --git a/tests/acceptance/replay_linux.py > b/tests/acceptance/replay_linux.py > new file mode 100644 > index 00..08eedb23ef > --- /dev/null > +++ b/tests/acceptance/replay_linux.py > @@ -0,0 +1,140 @@ > +# Record/replay test that boots a complete Linux system via a cloud image > +# > +# Copyright (c) 2020 ISP RAS > +# > +# Author: > +# Pavel Dovgalyuk > +# > +# This work is licensed under the terms of the GNU GPL, version 2 or > +# later. See the COPYING file in the top-level directory. > + > +import os > + > +from avocado_qemu import Test, BUILD_DIR > + > +from avocado.utils import cloudinit > +from avocado.utils import network > +from avocado.utils import vmimage > +from avocado.utils import datadrainer > +from avocado.utils.path import find_command > + > +class ReplayLinux(Test): There is no need to copy/paste the whole BootLinux class. You can inherit from it and re-implement the lauch_and_wait method. Inheriting avoids duplication of code. > +""" > +Boots a Linux system, checking for a successful initialization > +""" > + > +timeout = 1800 > +chksum = None > +hdd = 'ide-hd' > +cd = 'ide-cd' > +bus = '' > + > +def setUp(self): > +super(ReplayLinux, self).setUp() > +self.prepare_boot() > +self.prepare_cloudinit() > + > +def vm_add_disk(self, vm, path, id, device): > +bus_string = '' > +if self.bus != '': > +bus_string = ',bus=%s.%d' % (self.bus, id,) > +vm.add_args('-drive', 'file=%s,snapshot,id=disk%s,if=none' % (path, > id)) > +vm.add_args('-drive', > 'driver=blkreplay,id=disk%s-rr,if=none,image=disk%s' % (id, id)) > +vm.add_args('-device', '%s,drive=disk%s-rr%s' % (device, id, > bus_string)) > + > +def prepare_boot(self): > +self.log.debug('Looking for and selecting a qemu-img binary to be ' > + 'used to create the bootable snapshot image') > +# If qemu-img has been built, use it, otherwise the system wide one > +# will be used. If none is available, the test will cancel. > +qemu_img = os.path.join(BUILD_DIR, 'qemu-img') > +if not os.path.exists(qemu_img): > +qemu_img = find_command('qemu-img', False) > +if qemu_img is False: > +self.cancel('Could not find "qemu-img", which is required to ' > +'create the bootable image') > +vmimage.QEMU_IMG = qemu_img > + > +self.log.info('Downloading/preparing boot image') > +# Fedora 31 only provides ppc64le images > +image_arch = self.arch > +if image_arch == 'ppc64': > +image_arch = 'ppc64le' > +try: > +self.boot = vmimage.get( > +'fedora', arch=image_arch, version='31', > +checksum=self.chksum, > +algorithm='sha256', > +cache_dir=self.cache_dirs[0], > +snapshot_dir=self.workdir) > +except: > +self.cancel('Failed to download/prepare boot image') > + > +def prepare_cloudinit(self): > +self.log.info('Preparing cloudinit image') > +try: > +self.cloudinit_iso = os.path.join(self.workdir, 'cloudinit.iso') > +self.phone_home_port = network.find_free_port() > +cloudinit.iso(self.cloudinit_iso, self.name, > + username='root', > + password='password', > + # QEMU's hard coded usermode router address > + phone_home_host='10.0.2.2', > + phone_home_port=self.phone_home_port) > +except Exception: > +self.cancel('Failed to prepared cloudinit image') > +
Re: [PATCH] iotests: Dump QCOW2 dirty bitmaps metadata
On 5/26/20 9:54 AM, Andrey Shinkevich wrote: Add dirty bitmap information to QCOW2 metadata dump in qcow2.py script. The sample output: Header extension (Bitmaps): This change to the output is independently useful. However, per patchew, it does cause 'make check' to fail: https://patchew.org/logs/1590504866-679474-1-git-send-email-andrey.shinkev...@virtuozzo.com/testing.docker-quick@centos7/?type=message ... --- /tmp/qemu-test/src/tests/qemu-iotests/031.out 2020-05-26 14:44:51.0 + +++ /tmp/qemu-test/build/tests/qemu-iotests/031.out.bad 2020-05-26 18:07:11.753556518 + @@ -24,7 +24,7 @@ refcount_order4 header_length 72 -Header extension: +Header extension (Unknown): ... Failures: 031 036 061 I think it would be wise to split this into two patches, one that makes _just_ the following change: @@ -143,30 +267,39 @@ class QcowHeader: print("%-25s" % f[2], value_str) print("") -def dump_extensions(self): +def dump_extensions(self, fd): for ex in self.extensions: +print("Header extension (%s):" % self.extension_name(ex.magic)) +print("%-25s %#x" % ("magic", ex.magic)) +print("%-25s %d" % ("length", ex.length)) and whatever is needed to support that, plus the changes necessary to the iotests output to keep them passing (hopefully, the 3 tests identified by 'make check' covers all of the existing tests already using qcow2.py), then the second patch adding the rest of this that then gives details about the bitmap contents. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
[PATCH] or1k: Fix compilation hiccup
On my Fedora 32 machine, gcc 10.1.1 at -O2 (the default for a bare './configure') has a false-positive complaint: CC or1k-softmmu/hw/openrisc/openrisc_sim.o /home/eblake/qemu/hw/openrisc/openrisc_sim.c: In function ‘openrisc_sim_init’: /home/eblake/qemu/hw/openrisc/openrisc_sim.c:87:42: error: ‘cpu_irqs[0]’ may be used uninitialized in this function [-Werror=maybe-uninitialized] 87 | sysbus_connect_irq(s, i, cpu_irqs[i][irq_pin]); | ^~~ Initializing both pointers of cpu_irqs[] to NULL is sufficient to shut up the compiler, even though they are definitely assigned in openrisc_sim_init() prior to the inlined call to openrisc_sim_ompic_init() containing the line in question. Signed-off-by: Eric Blake --- hw/openrisc/openrisc_sim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c index d08ce6181199..95011a8015b4 100644 --- a/hw/openrisc/openrisc_sim.c +++ b/hw/openrisc/openrisc_sim.c @@ -129,7 +129,7 @@ static void openrisc_sim_init(MachineState *machine) const char *kernel_filename = machine->kernel_filename; OpenRISCCPU *cpu = NULL; MemoryRegion *ram; -qemu_irq *cpu_irqs[2]; +qemu_irq *cpu_irqs[2] = {}; qemu_irq serial_irq; int n; unsigned int smp_cpus = machine->smp.cpus; -- 2.26.2
Re: [PATCH 13/19] accel/tcg: Fixed tsan warnings.
On 22/05/20 18:07, Robert Foley wrote: > For example: > WARNING: ThreadSanitizer: data race (pid=35425) > Write of size 4 at 0x7bbc00ac by main thread (mutexes: write M875): > #0 cpu_reset_interrupt hw/core/cpu.c:107:28 (qemu-system-aarch64+0x843790) > #1 arm_cpu_set_irq target/arm/cpu.c (qemu-system-aarch64+0x616265) > #2 qemu_set_irq hw/core/irq.c:44:5 (qemu-system-aarch64+0x8462ca) > Previous atomic read of size 4 at 0x7bbc00ac by thread T6: > #0 __tsan_atomic32_load (qemu-system-aarch64+0x394c1c) > #1 cpu_handle_interrupt accel/tcg/cpu-exec.c:534:9 > (qemu-system-aarch64+0x4b7e79) > #2 cpu_exec accel/tcg/cpu-exec.c:720:17 (qemu-system-aarch64+0x4b7e79) > or > WARNING: ThreadSanitizer: data race (pid=25425) > Read of size 8 at 0x7f8ad8e138d0 by thread T10: > #0 tb_lookup_cmp accel/tcg/cpu-exec.c:307:13 > (qemu-system-aarch64+0x4ac4d2) > #1 qht_do_lookup util/qht.c:502:34 (qemu-system-aarch64+0xd05264) > Previous write of size 8 at 0x7f8ad8e138d0 by thread T15 (mutexes: write > M728311726235541804): > #0 tb_link_page accel/tcg/translate-all.c:1625:26 > (qemu-system-aarch64+0x4b0bf2) > #1 tb_gen_code accel/tcg/translate-all.c:1865:19 > (qemu-system-aarch64+0x4b0bf2) > #2 tb_find accel/tcg/cpu-exec.c:407:14 (qemu-system-aarch64+0x4ad77c) > > Cc: Richard Henderson > Cc: Paolo Bonzini > Signed-off-by: Robert Foley > --- > accel/tcg/tcg-all.c | 4 ++-- > accel/tcg/tcg-runtime.c | 7 ++- > accel/tcg/translate-all.c | 6 +- > hw/core/cpu.c | 2 +- > 4 files changed, 14 insertions(+), 5 deletions(-) > > diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c > index 3b4fda5640..f94ea4c4b3 100644 > --- a/accel/tcg/tcg-all.c > +++ b/accel/tcg/tcg-all.c > @@ -54,8 +54,8 @@ static void tcg_handle_interrupt(CPUState *cpu, int mask) > int old_mask; > g_assert(qemu_mutex_iothread_locked()); > > -old_mask = cpu->interrupt_request; > -cpu->interrupt_request |= mask; > +old_mask = atomic_read(>interrupt_request); > +atomic_or(>interrupt_request, mask); You can use atomic_fetch_or here. Paolo
Re: [PATCH] iotests: Dump QCOW2 dirty bitmaps metadata
Patchew URL: https://patchew.org/QEMU/1590504866-679474-1-git-send-email-andrey.shinkev...@virtuozzo.com/ Hi, This series failed the docker-quick@centos7 build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-centos7 V=1 NETWORK=1 time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === Not run: 259 Failures: 031 036 061 Failed 3 of 119 iotests make: *** [check-tests/check-block.sh] Error 1 make: *** Waiting for unfinished jobs TESTcheck-qtest-aarch64: tests/qtest/test-hmp TESTcheck-qtest-aarch64: tests/qtest/qos-test --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=350f72f6732d405b861f0e9334ef155a', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-kwr2oe7u/src/docker-src.2020-05-26-14.02.04.28988:/var/tmp/qemu:z,ro', 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=350f72f6732d405b861f0e9334ef155a make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-kwr2oe7u/src' make: *** [docker-run-test-quick@centos7] Error 2 real14m37.383s user0m8.950s The full log is available at http://patchew.org/logs/1590504866-679474-1-git-send-email-andrey.shinkev...@virtuozzo.com/testing.docker-quick@centos7/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
[PATCH] block/block-copy: block_copy_dirty_clusters: fix failure check
ret may be > 0 on success path at this point. Fix assertion, which may crash currently. Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e Signed-off-by: Vladimir Sementsov-Ogievskiy --- block/block-copy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/block-copy.c b/block/block-copy.c index bb8d0569f2..f7428a7c08 100644 --- a/block/block-copy.c +++ b/block/block-copy.c @@ -622,8 +622,10 @@ out: * block_copy_task_run. If it fails, it means some task already failed * for real reason, let's return first failure. * Still, assert that we don't rewrite failure by success. + * + * Note: ret may be positive here because of block-status result. */ -assert(ret == 0 || aio_task_pool_status(aio) < 0); +assert(ret >= 0 || aio_task_pool_status(aio) < 0); ret = aio_task_pool_status(aio); aio_task_pool_free(aio); -- 2.18.0
Re: [PATCH 14/14] hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask()
On Mon, May 25, 2020 at 11:36 PM Philippe Mathieu-Daudé wrote: > > Replace printf() calls by qemu_log_mask(UNIMP), which is > disabled by default. This avoid flooding the terminal when > fuzzing the device. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/pxa2xx_lcd.c | 26 ++ > 1 file changed, 14 insertions(+), 12 deletions(-) > > diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c > index d5f2e82a4e..ff90104b80 100644 > --- a/hw/display/pxa2xx_lcd.c > +++ b/hw/display/pxa2xx_lcd.c > @@ -426,9 +426,10 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr > offset, > if ((s->control[0] & LCCR0_ENB) && !(value & LCCR0_ENB)) > s->status[0] |= LCSR0_QD; > > -if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT)) > -printf("%s: internal frame buffer unsupported\n", __func__); > - > +if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT)) { > +qemu_log_mask(LOG_UNIMP, > + "%s: internal frame buffer unsupported\n", > __func__); > +} > if ((s->control[3] & LCCR3_API) && > (value & LCCR0_ENB) && !(value & LCCR0_LCDT)) > s->status[0] |= LCSR0_ABC; > @@ -462,9 +463,9 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, > break; > > case OVL1C1: > -if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN)) > -printf("%s: Overlay 1 not supported\n", __func__); > - > +if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN)) { > +qemu_log_mask(LOG_UNIMP, "%s: Overlay 1 not supported\n", > __func__); > +} > s->ovl1c[0] = value & 0x80ff; > s->dma_ch[1].up = (value & OVLC1_EN) || (s->control[0] & LCCR0_SDS); > break; > @@ -474,9 +475,9 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, > break; > > case OVL2C1: > -if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN)) > -printf("%s: Overlay 2 not supported\n", __func__); > - > +if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN)) { > +qemu_log_mask(LOG_UNIMP, "%s: Overlay 2 not supported\n", > __func__); > +} > s->ovl2c[0] = value & 0x80ff; > s->dma_ch[2].up = !!(value & OVLC1_EN); > s->dma_ch[3].up = !!(value & OVLC1_EN); > @@ -488,9 +489,10 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr > offset, > break; > > case CCR: > -if (!(s->ccr & CCR_CEN) && (value & CCR_CEN)) > -printf("%s: Hardware cursor unimplemented\n", __func__); > - > +if (!(s->ccr & CCR_CEN) && (value & CCR_CEN)) { > +qemu_log_mask(LOG_UNIMP, > + "%s: Hardware cursor unimplemented\n", __func__); > +} > s->ccr = value & 0x81e7; > s->dma_ch[5].up = !!(value & CCR_CEN); > break; > -- > 2.21.3 > >
Re: [PATCH 0/2] Update use_goto_tb() in hppa and rx targets
> > > > I think your last sentence in the bug report is not entirely correct. > > It is not known what would be performance results in case of > > correcting mmap.c. So, if possible, and unless Richard or someone else > > disagrees, please change that last sentence to: "By doing so, a better > > performance results could be achieved, compared to the case of the > > workaround described above." > > > > Also, please add the tag "linux-user". > > Ahmed, since rx target supports system only mode at the moment, they must include page crossing check in use_goto_tb(), which is missing right now. So, since the rx bug is of a little bit of different nature, please file another bug for rx target only - they have the bug in system mode too, as opposed to other targets. Their fix should and could be applied independently on any user-mode modifications for any other target. Sincerely, Aleksandar
Re: [PATCH 13/14] hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP)
On Mon, May 25, 2020 at 11:35 PM Philippe Mathieu-Daudé wrote: > > Replace fprintf() call by qemu_log_mask(LOG_UNIMP), which is > disabled by default. This avoid flooding the terminal when > fuzzing the device. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/omap_dss.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/display/omap_dss.c b/hw/display/omap_dss.c > index 32dc0d6aa7..21fde58a26 100644 > --- a/hw/display/omap_dss.c > +++ b/hw/display/omap_dss.c > @@ -619,7 +619,7 @@ static void omap_rfbi_transfer_start(struct omap_dss_s *s) > if (s->rfbi.control & (1 << 1)) { /* BYPASS */ > /* TODO: in non-Bypass mode we probably need to just assert the > * DRQ and wait for DMA to write the pixels. */ > -fprintf(stderr, "%s: Bypass mode unimplemented\n", __func__); > +qemu_log_mask(LOG_UNIMP, "%s: Bypass mode unimplemented\n", > __func__); > return; > } > > -- > 2.21.3 > >
[PATCH] hw/vfio/common: Trace in which mode a IOMMU is opened
One might want to check which IOMMU version the host kernel provide. Add a trace event to see in which mode we opened our container. Signed-off-by: Philippe Mathieu-Daudé --- hw/vfio/common.c | 19 ++- hw/vfio/trace-events | 1 + 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index 0b3593b3c0..6b69a259c1 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -1157,15 +1157,24 @@ static void vfio_put_address_space(VFIOAddressSpace *space) static int vfio_get_iommu_type(VFIOContainer *container, Error **errp) { -int iommu_types[] = { VFIO_TYPE1v2_IOMMU, VFIO_TYPE1_IOMMU, - VFIO_SPAPR_TCE_v2_IOMMU, VFIO_SPAPR_TCE_IOMMU }; +static const struct { +int type; +const char *name; +} iommu[] = { +{VFIO_TYPE1v2_IOMMU, "Type1 (v2)"}, +{VFIO_TYPE1_IOMMU, "Type1 (v1)"}, +{VFIO_SPAPR_TCE_v2_IOMMU, "sPAPR TCE (v2)"}, +{VFIO_SPAPR_TCE_IOMMU, "sPAPR TCE (v1)"} +}; int i; -for (i = 0; i < ARRAY_SIZE(iommu_types); i++) { -if (ioctl(container->fd, VFIO_CHECK_EXTENSION, iommu_types[i])) { -return iommu_types[i]; +for (i = 0; i < ARRAY_SIZE(iommu); i++) { +if (ioctl(container->fd, VFIO_CHECK_EXTENSION, iommu[i].type)) { +trace_vfio_get_iommu_type(iommu[i].type, iommu[i].name); +return iommu[i].type; } } +trace_vfio_get_iommu_type(-1, "Not available or not supported"); error_setg(errp, "No available IOMMU models"); return -EINVAL; } diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events index b1ef55a33f..8166c4c50d 100644 --- a/hw/vfio/trace-events +++ b/hw/vfio/trace-events @@ -115,6 +115,7 @@ vfio_region_sparse_mmap_header(const char *name, int index, int nr_areas) "Devic vfio_region_sparse_mmap_entry(int i, unsigned long start, unsigned long end) "sparse entry %d [0x%lx - 0x%lx]" vfio_get_dev_region(const char *name, int index, uint32_t type, uint32_t subtype) "%s index %d, %08x/%0x8" vfio_dma_unmap_overflow_workaround(void) "" +vfio_get_iommu_type(int iommu_type, const char *iommu_name) "IOMMU type %d (%s)" # platform.c vfio_platform_base_device_init(char *name, int groupid) "%s belongs to group #%d" -- 2.21.3
Re: [PATCH 12/14] hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR)
On Mon, May 25, 2020 at 11:34 PM Philippe Mathieu-Daudé wrote: > > Replace DPRINT_ERROR() by qemu_log_mask(GUEST_ERROR). > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/exynos4210_fimd.c | 46 +++- > 1 file changed, 29 insertions(+), 17 deletions(-) > > diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c > index 1c0266ce9f..4b7286b7c9 100644 > --- a/hw/display/exynos4210_fimd.c > +++ b/hw/display/exynos4210_fimd.c > @@ -31,6 +31,7 @@ > #include "ui/pixel_ops.h" > #include "qemu/bswap.h" > #include "qemu/module.h" > +#include "qemu/log.h" > > /* Debug messages configuration */ > #define EXYNOS4210_FIMD_DEBUG 0 > @@ -39,20 +40,15 @@ > #if EXYNOS4210_FIMD_DEBUG == 0 > #define DPRINT_L1(fmt, args...) do { } while (0) > #define DPRINT_L2(fmt, args...) do { } while (0) > -#define DPRINT_ERROR(fmt, args...)do { } while (0) > #elif EXYNOS4210_FIMD_DEBUG == 1 > #define DPRINT_L1(fmt, args...) \ > do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) > #define DPRINT_L2(fmt, args...) do { } while (0) > -#define DPRINT_ERROR(fmt, args...) \ > -do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0) > #else > #define DPRINT_L1(fmt, args...) \ > do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) > #define DPRINT_L2(fmt, args...) \ > do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) > -#define DPRINT_ERROR(fmt, args...) \ > -do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0) > #endif > > #if EXYNOS4210_FIMD_MODE_TRACE == 0 > @@ -1108,7 +1104,7 @@ static inline int > fimd_get_buffer_id(Exynos4210fimdWindow *w) > case FIMD_WINCON_BUF2_STAT: > return 2; > default: > -DPRINT_ERROR("Non-existent buffer index\n"); > +qemu_log_mask(LOG_GUEST_ERROR, "FIMD: Non-existent buffer index\n"); > return 0; > } > } > @@ -1160,20 +1156,24 @@ static void > fimd_update_memory_section(Exynos4210fimdState *s, unsigned win) > > if (int128_get64(w->mem_section.size) != w->fb_len || > !memory_region_is_ram(w->mem_section.mr)) { > -DPRINT_ERROR("Failed to find window %u framebuffer region\n", win); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: Failed to find window %u framebuffer region\n", > + win); > goto error_return; > } > > w->host_fb_addr = cpu_physical_memory_map(fb_start_addr, _mapped_len, >false); > if (!w->host_fb_addr) { > -DPRINT_ERROR("Failed to map window %u framebuffer\n", win); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: Failed to map window %u framebuffer\n", win); > goto error_return; > } > > if (fb_mapped_len != w->fb_len) { > -DPRINT_ERROR("Window %u mapped framebuffer length is less then " > -"expected\n", win); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: Window %u mapped framebuffer length is less > than " > + "expected\n", win); > cpu_physical_memory_unmap(w->host_fb_addr, fb_mapped_len, 0, 0); > goto error_return; > } > @@ -1490,7 +1490,9 @@ static void exynos4210_fimd_write(void *opaque, hwaddr > offset, > break; > case 3: > if (w != 1 && w != 2) { > -DPRINT_ERROR("Bad write offset 0x%08x\n", offset); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: Bad write offset 0x%08"HWADDR_PRIx"\n", > + offset); > return; > } > s->window[w].osdsize = val; > @@ -1624,7 +1626,9 @@ static void exynos4210_fimd_write(void *opaque, hwaddr > offset, > break; > case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2: > if (offset & 0x0004) { > -DPRINT_ERROR("bad write offset 0x%08x\n", offset); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", > + offset); > break; > } > w = (offset - FIMD_VIDW0ADD0_B2) >> 3; > @@ -1638,14 +1642,18 @@ static void exynos4210_fimd_write(void *opaque, > hwaddr offset, > break; > case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END: > if (offset & 0x0004) { > -DPRINT_ERROR("bad write offset 0x%08x\n", offset); > +qemu_log_mask(LOG_GUEST_ERROR, > + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", > + offset); > break; > } > s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start = > val; > break; > case
Re: [PATCH 08/14] hw/display/dpcd: Convert debug printf()s to trace events
On Mon, May 25, 2020 at 11:25 PM Philippe Mathieu-Daudé wrote: > > Convert DPRINTF() to trace events and remove ifdef'ry. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/dpcd.c | 16 +++- > hw/display/trace-events | 4 > 2 files changed, 7 insertions(+), 13 deletions(-) > > diff --git a/hw/display/dpcd.c b/hw/display/dpcd.c > index 0c1b7b35fb..64463654a1 100644 > --- a/hw/display/dpcd.c > +++ b/hw/display/dpcd.c > @@ -32,16 +32,7 @@ > #include "hw/misc/auxbus.h" > #include "migration/vmstate.h" > #include "hw/display/dpcd.h" > - > -#ifndef DEBUG_DPCD > -#define DEBUG_DPCD 0 > -#endif > - > -#define DPRINTF(fmt, ...) do { > \ > -if (DEBUG_DPCD) { > \ > -qemu_log("dpcd: " fmt, ## __VA_ARGS__); > \ > -} > \ > -} while (0) > +#include "trace.h" > > #define DPCD_READABLE_AREA 0x600 > > @@ -70,8 +61,8 @@ static uint64_t dpcd_read(void *opaque, hwaddr offset, > unsigned size) > offset); > ret = 0; > } > +trace_dpcd_read(offset, ret); > > -DPRINTF("read 0x%" PRIX8 " @0x%" HWADDR_PRIX "\n", ret, offset); > return ret; > } > > @@ -80,8 +71,7 @@ static void dpcd_write(void *opaque, hwaddr offset, > uint64_t value, > { > DPCDState *e = DPCD(opaque); > > -DPRINTF("write 0x%" PRIX8 " @0x%" HWADDR_PRIX "\n", (uint8_t)value, > offset); > - > +trace_dpcd_write(offset, value); > if (offset < DPCD_READABLE_AREA) { > e->dpcd_info[offset] = value; > } else { > diff --git a/hw/display/trace-events b/hw/display/trace-events > index bb089a5f5e..72d4c9812c 100644 > --- a/hw/display/trace-events > +++ b/hw/display/trace-events > @@ -157,3 +157,7 @@ artist_draw_line(unsigned int start_x, unsigned int > start_y, unsigned int end_x, > # cg3.c > cg3_read(uint32_t addr, uint32_t val, unsigned size) "read > addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" > cg3_write(uint32_t addr, uint32_t val, unsigned size) "write > addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" > + > +# dpcd.c > +dpcd_read(uint32_t addr, uint8_t val) "read addr:0x%"PRIx32" val:0x%02x" > +dpcd_write(uint32_t addr, uint8_t val) "write addr:0x%"PRIx32" val:0x%02x" > -- > 2.21.3 > >
Re: [PATCH 10/14] hw/display/vmware_vga: Replace printf() calls by qemu_log_mask(ERROR)
On Mon, May 25, 2020 at 11:32 PM Philippe Mathieu-Daudé wrote: > > Avoid flooding stdio by converting printf() calls to > qemu_log_mask(GUEST_ERROR), which are disabled by default. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/vmware_vga.c | 16 +++- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c > index 58ea82e3e5..5c0fc49d9d 100644 > --- a/hw/display/vmware_vga.c > +++ b/hw/display/vmware_vga.c > @@ -26,6 +26,7 @@ > #include "qemu/module.h" > #include "qemu/units.h" > #include "qapi/error.h" > +#include "qemu/log.h" > #include "hw/loader.h" > #include "trace.h" > #include "ui/vnc.h" > @@ -953,7 +954,8 @@ static uint32_t vmsvga_value_read(void *opaque, uint32_t > address) > ret = s->scratch[s->index - SVGA_SCRATCH_BASE]; > break; > } > -printf("%s: Bad register %02x\n", __func__, s->index); > +qemu_log_mask(LOG_GUEST_ERROR, > + "%s: Bad register %02x\n", __func__, s->index); > ret = 0; > break; > } > @@ -1002,7 +1004,8 @@ static void vmsvga_value_write(void *opaque, uint32_t > address, uint32_t value) > s->new_width = value; > s->invalidated = 1; > } else { > -printf("%s: Bad width: %i\n", __func__, value); > +qemu_log_mask(LOG_GUEST_ERROR, > + "%s: Bad width: %i\n", __func__, value); > } > break; > > @@ -1011,13 +1014,15 @@ static void vmsvga_value_write(void *opaque, uint32_t > address, uint32_t value) > s->new_height = value; > s->invalidated = 1; > } else { > -printf("%s: Bad height: %i\n", __func__, value); > +qemu_log_mask(LOG_GUEST_ERROR, > + "%s: Bad height: %i\n", __func__, value); > } > break; > > case SVGA_REG_BITS_PER_PIXEL: > if (value != 32) { > -printf("%s: Bad bits per pixel: %i bits\n", __func__, value); > +qemu_log_mask(LOG_GUEST_ERROR, > + "%s: Bad bits per pixel: %i bits\n", __func__, > value); > s->config = 0; > s->invalidated = 1; > } > @@ -1082,7 +1087,8 @@ static void vmsvga_value_write(void *opaque, uint32_t > address, uint32_t value) > s->scratch[s->index - SVGA_SCRATCH_BASE] = value; > break; > } > -printf("%s: Bad register %02x\n", __func__, s->index); > +qemu_log_mask(LOG_GUEST_ERROR, > + "%s: Bad register %02x\n", __func__, s->index); > } > } > > -- > 2.21.3 > >
Re: [PATCH 09/14] hw/display/xlnx_dp: Replace disabled DPRINTF() by error_report()
On Mon, May 25, 2020 at 11:29 PM Philippe Mathieu-Daudé wrote: > > DPRINTF() calls are disabled by default, so when unexpected > data is used, the whole process abort without information. > > Display a bit of information with error_report() before crashing. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/xlnx_dp.c | 14 -- > 1 file changed, 8 insertions(+), 6 deletions(-) > > diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c > index 3e5fb44e06..8d940cd8d1 100644 > --- a/hw/display/xlnx_dp.c > +++ b/hw/display/xlnx_dp.c > @@ -1,5 +1,5 @@ > /* > - * xlnx_dp.c > + * Xilinx Display Port > * > * Copyright (C) 2015 : GreenSocs Ltd > * http://www.greensocs.com/ , email: i...@greensocs.com > @@ -24,6 +24,7 @@ > > #include "qemu/osdep.h" > #include "qapi/error.h" > +#include "qemu/error-report.h" > #include "qemu/log.h" > #include "qemu/module.h" > #include "hw/display/xlnx_dp.h" > @@ -465,7 +466,7 @@ static uint8_t xlnx_dp_aux_pop_tx_fifo(XlnxDPState *s) > uint8_t ret; > > if (fifo8_is_empty(>tx_fifo)) { > -DPRINTF("tx_fifo underflow..\n"); > +error_report("%s: TX_FIFO underflow", __func__); > abort(); > } > ret = fifo8_pop(>tx_fifo); > @@ -525,6 +526,7 @@ static void xlnx_dp_aux_set_command(XlnxDPState *s, > uint32_t value) > qemu_log_mask(LOG_UNIMP, "xlnx_dp: Write i2c status not > implemented\n"); > break; > default: > +error_report("%s: invalid command: %u", __func__, cmd); > abort(); > } > > @@ -631,8 +633,8 @@ static void xlnx_dp_change_graphic_fmt(XlnxDPState *s) > s->g_plane.format = PIXMAN_b8g8r8; > break; > default: > -DPRINTF("error: unsupported graphic format %u.\n", > -s->avbufm_registers[AV_BUF_FORMAT] & DP_GRAPHIC_MASK); > +error_report("%s: unsupported graphic format %u", __func__, > + s->avbufm_registers[AV_BUF_FORMAT] & DP_GRAPHIC_MASK); > abort(); > } > > @@ -647,8 +649,8 @@ static void xlnx_dp_change_graphic_fmt(XlnxDPState *s) > s->v_plane.format = PIXMAN_x8b8g8r8; > break; > default: > -DPRINTF("error: unsupported video format %u.\n", > -s->avbufm_registers[AV_BUF_FORMAT] & DP_NL_VID_FMT_MASK); > +error_report("%s: unsupported video format %u", __func__, > + s->avbufm_registers[AV_BUF_FORMAT] & > DP_NL_VID_FMT_MASK); > abort(); > } > > -- > 2.21.3 > >
Re: [PATCH 07/14] hw/display/dpcd: Fix memory region size
On Mon, May 25, 2020 at 11:27 PM Philippe Mathieu-Daudé wrote: > > The memory region size is 512K. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/display/dpcd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/display/dpcd.c b/hw/display/dpcd.c > index 170545c605..0c1b7b35fb 100644 > --- a/hw/display/dpcd.c > +++ b/hw/display/dpcd.c > @@ -1,5 +1,5 @@ > /* > - * dpcd.c > + * Xilinx Display Port Control Data > * > * Copyright (C) 2015 : GreenSocs Ltd > * http://www.greensocs.com/ , email: i...@greensocs.com > @@ -137,7 +137,7 @@ static void dpcd_init(Object *obj) > { > DPCDState *s = DPCD(obj); > > -memory_region_init_io(>iomem, obj, _ops, s, TYPE_DPCD, 0x7); > +memory_region_init_io(>iomem, obj, _ops, s, TYPE_DPCD, 0x8); > aux_init_mmio(AUX_SLAVE(obj), >iomem); > } > > -- > 2.21.3 > >
Re: [PATCH 5/5] virtio: enable VIRTIO_F_RING_PACKED for all devices
* Stefan Hajnoczi (stefa...@redhat.com) wrote: > The packed virtqueue layout was introduced in VIRTIO 1.1. It is a single > ring instead of a split avail/used ring design. There are CPU cache > advantages to this layout and it is also suited better to hardware > implementation. > > The vhost-net backend has already supported packed virtqueues for some > time. Performance benchmarks show that virtio-blk performance on NVMe > drives is also improved. > > Go ahead and enable this feature for all VIRTIO devices. Keep it > disabled for QEMU 5.0 and earlier machine types. > > Signed-off-by: Stefan Hajnoczi Reviewed-by: Dr. David Alan Gilbert > --- > include/hw/virtio/virtio.h | 2 +- > hw/core/machine.c | 18 +- > 2 files changed, 18 insertions(+), 2 deletions(-) > > diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h > index b69d517496..fd5b4a2044 100644 > --- a/include/hw/virtio/virtio.h > +++ b/include/hw/virtio/virtio.h > @@ -292,7 +292,7 @@ typedef struct VirtIORNGConf VirtIORNGConf; > DEFINE_PROP_BIT64("iommu_platform", _state, _field, \ >VIRTIO_F_IOMMU_PLATFORM, false), \ > DEFINE_PROP_BIT64("packed", _state, _field, \ > - VIRTIO_F_RING_PACKED, false) > + VIRTIO_F_RING_PACKED, true) > > hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n); > bool virtio_queue_enabled(VirtIODevice *vdev, int n); > diff --git a/hw/core/machine.c b/hw/core/machine.c > index bb3a7b18b1..3598c3c825 100644 > --- a/hw/core/machine.c > +++ b/hw/core/machine.c > @@ -28,7 +28,23 @@ > #include "hw/mem/nvdimm.h" > #include "migration/vmstate.h" > > -GlobalProperty hw_compat_5_0[] = {}; > +GlobalProperty hw_compat_5_0[] = { > +{ "vhost-user-blk", "packed", "off" }, > +{ "vhost-user-fs-device", "packed", "off" }, > +{ "vhost-vsock-device", "packed", "off" }, > +{ "virtio-9p-device", "packed", "off" }, > +{ "virtio-balloon-device", "packed", "off" }, > +{ "virtio-blk-device", "packed", "off" }, > +{ "virtio-crypto-device", "packed", "off" }, > +{ "virtio-gpu-device", "packed", "off" }, > +{ "virtio-input-device", "packed", "off" }, > +{ "virtio-iommu-device", "packed", "off" }, > +{ "virtio-net-device", "packed", "off" }, > +{ "virtio-pmem", "packed", "off" }, > +{ "virtio-rng-device", "packed", "off" }, > +{ "virtio-scsi-common", "packed", "off" }, > +{ "virtio-serial-device", "packed", "off" }, > +}; > const size_t hw_compat_5_0_len = G_N_ELEMENTS(hw_compat_5_0); > > GlobalProperty hw_compat_4_2[] = { > -- > 2.25.3 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
[PATCH v2 4/7] target/ppc: Restrict PPCVirtualHypervisorClass to system-mode
The code related to PPC Virtual Hypervisor is pointless in user-mode. Acked-by: David Gibson Signed-off-by: Philippe Mathieu-Daudé --- target/ppc/cpu.h| 4 ++-- target/ppc/kvm_ppc.h| 22 +++--- target/ppc/translate_init.inc.c | 4 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h index 7db7882f52..13d6976534 100644 --- a/target/ppc/cpu.h +++ b/target/ppc/cpu.h @@ -1176,6 +1176,7 @@ PowerPCCPUClass *ppc_cpu_class_by_pvr(uint32_t pvr); PowerPCCPUClass *ppc_cpu_class_by_pvr_mask(uint32_t pvr); PowerPCCPUClass *ppc_cpu_get_family_class(PowerPCCPUClass *pcc); +#ifndef CONFIG_USER_ONLY struct PPCVirtualHypervisorClass { InterfaceClass parent; void (*hypercall)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu); @@ -1189,10 +1190,8 @@ struct PPCVirtualHypervisorClass { void (*hpte_set_r)(PPCVirtualHypervisor *vhyp, hwaddr ptex, uint64_t pte1); void (*get_pate)(PPCVirtualHypervisor *vhyp, ppc_v3_pate_t *entry); target_ulong (*encode_hpt_for_kvm_pr)(PPCVirtualHypervisor *vhyp); -#ifndef CONFIG_USER_ONLY void (*cpu_exec_enter)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu); void (*cpu_exec_exit)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu); -#endif }; #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor" @@ -1204,6 +1203,7 @@ struct PPCVirtualHypervisorClass { #define PPC_VIRTUAL_HYPERVISOR_GET_CLASS(obj) \ OBJECT_GET_CLASS(PPCVirtualHypervisorClass, (obj), \ TYPE_PPC_VIRTUAL_HYPERVISOR) +#endif /* CONFIG_USER_ONLY */ void ppc_cpu_do_interrupt(CPUState *cpu); bool ppc_cpu_exec_interrupt(CPUState *cpu, int int_req); diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h index fcaf745516..701c0c262b 100644 --- a/target/ppc/kvm_ppc.h +++ b/target/ppc/kvm_ppc.h @@ -280,6 +280,17 @@ static inline bool kvmppc_has_cap_spapr_vfio(void) return false; } +static inline void kvmppc_read_hptes(ppc_hash_pte64_t *hptes, + hwaddr ptex, int n) +{ +abort(); +} + +static inline void kvmppc_write_hpte(hwaddr ptex, uint64_t pte0, uint64_t pte1) +{ +abort(); +} + #endif /* !CONFIG_USER_ONLY */ static inline bool kvmppc_has_cap_epr(void) @@ -310,17 +321,6 @@ static inline int kvmppc_load_htab_chunk(QEMUFile *f, int fd, uint32_t index, abort(); } -static inline void kvmppc_read_hptes(ppc_hash_pte64_t *hptes, - hwaddr ptex, int n) -{ -abort(); -} - -static inline void kvmppc_write_hpte(hwaddr ptex, uint64_t pte0, uint64_t pte1) -{ -abort(); -} - static inline bool kvmppc_has_cap_fixup_hcalls(void) { abort(); diff --git a/target/ppc/translate_init.inc.c b/target/ppc/translate_init.inc.c index d8adc1bd49..09f8b10e27 100644 --- a/target/ppc/translate_init.inc.c +++ b/target/ppc/translate_init.inc.c @@ -10941,16 +10941,20 @@ static const TypeInfo ppc_cpu_type_info = { .class_init = ppc_cpu_class_init, }; +#ifndef CONFIG_USER_ONLY static const TypeInfo ppc_vhyp_type_info = { .name = TYPE_PPC_VIRTUAL_HYPERVISOR, .parent = TYPE_INTERFACE, .class_size = sizeof(PPCVirtualHypervisorClass), }; +#endif static void ppc_cpu_register_types(void) { type_register_static(_cpu_type_info); +#ifndef CONFIG_USER_ONLY type_register_static(_vhyp_type_info); +#endif } type_init(ppc_cpu_register_types) -- 2.21.3
[PATCH v2 6/7] target/s390x/helper: Clean ifdef'ry
All this code is guarded checking CONFIG_USER_ONLY definition. Drop the duplicated checks. Reviewed-by: David Hildenbrand Reviewed-by: Cornelia Huck Signed-off-by: Philippe Mathieu-Daudé --- target/s390x/helper.c | 5 - 1 file changed, 5 deletions(-) diff --git a/target/s390x/helper.c b/target/s390x/helper.c index 09f60406aa..9257d388ba 100644 --- a/target/s390x/helper.c +++ b/target/s390x/helper.c @@ -42,9 +42,6 @@ void s390x_cpu_timer(void *opaque) { cpu_inject_cpu_timer((S390CPU *) opaque); } -#endif - -#ifndef CONFIG_USER_ONLY hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr) { @@ -98,14 +95,12 @@ void s390_handle_wait(S390CPU *cpu) CPUState *cs = CPU(cpu); if (s390_cpu_halt(cpu) == 0) { -#ifndef CONFIG_USER_ONLY if (is_special_wait_psw(cpu->env.psw.addr)) { qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN); } else { cpu->env.crash_reason = S390_CRASH_REASON_DISABLED_WAIT; qemu_system_guest_panicked(cpu_get_crash_info(cs)); } -#endif } } -- 2.21.3
[PATCH v2 5/7] target/s390x: Only compile decode_basedisp() on system-mode
The decode_basedisp*() methods are only used in ioinst.c, which is only build in system-mode emulation. I/O instructions are privileged, and other S instructions are decoded elsewhere. Reviewed-by: Cornelia Huck Signed-off-by: Philippe Mathieu-Daudé --- target/s390x/internal.h | 4 1 file changed, 4 insertions(+) diff --git a/target/s390x/internal.h b/target/s390x/internal.h index 8c95c734db..c1678dc6bc 100644 --- a/target/s390x/internal.h +++ b/target/s390x/internal.h @@ -204,6 +204,8 @@ enum cc_op { CC_OP_MAX }; +#ifndef CONFIG_USER_ONLY + static inline hwaddr decode_basedisp_s(CPUS390XState *env, uint32_t ipb, uint8_t *ar) { @@ -225,6 +227,8 @@ static inline hwaddr decode_basedisp_s(CPUS390XState *env, uint32_t ipb, /* Base/displacement are at the same locations. */ #define decode_basedisp_rs decode_basedisp_s +#endif /* CONFIG_USER_ONLY */ + /* arch_dump.c */ int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs, int cpuid, void *opaque); -- 2.21.3
[PATCH v2 3/7] sysemu/hvf: Only declare hvf_allowed when HVF is available
When HVF is not available, the hvf_allowed variable does not exist. Reviewed-by: Edgar E. Iglesias Reviewed-by: Cornelia Huck Signed-off-by: Philippe Mathieu-Daudé --- v2: Fixed typo s/tcg_allowed/hvf_allowed/ (Edgar) --- include/sysemu/hvf.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h index d211e808e9..fe95743124 100644 --- a/include/sysemu/hvf.h +++ b/include/sysemu/hvf.h @@ -18,7 +18,6 @@ #include "exec/memory.h" #include "sysemu/accel.h" -extern bool hvf_allowed; #ifdef CONFIG_HVF #include #include @@ -26,11 +25,12 @@ extern bool hvf_allowed; #include "target/i386/cpu.h" uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx, int reg); +extern bool hvf_allowed; #define hvf_enabled() (hvf_allowed) -#else +#else /* !CONFIG_HVF */ #define hvf_enabled() 0 #define hvf_get_supported_cpuid(func, idx, reg) 0 -#endif +#endif /* !CONFIG_HVF */ /* hvf_slot flags */ #define HVF_SLOT_LOG (1 << 0) -- 2.21.3
[PATCH v2 7/7] target/s390x: Restrict system-mode declarations
As these declarations are restricted to !CONFIG_USER_ONLY in helper.c, only declare them when system-mode emulation is used. Signed-off-by: Philippe Mathieu-Daudé --- v2: Keep load_psw() is /* cc_helper.c */ section (cohuck) --- target/s390x/internal.h | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/target/s390x/internal.h b/target/s390x/internal.h index c1678dc6bc..b1e0ebf67f 100644 --- a/target/s390x/internal.h +++ b/target/s390x/internal.h @@ -236,9 +236,11 @@ int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs, /* cc_helper.c */ const char *cc_name(enum cc_op cc_op); -void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr); uint32_t calc_cc(CPUS390XState *env, uint32_t cc_op, uint64_t src, uint64_t dst, uint64_t vr); +#ifndef CONFIG_USER_ONLY +void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr); +#endif /* CONFIG_USER_ONLY */ /* cpu.c */ @@ -303,18 +305,18 @@ void s390_cpu_gdb_init(CPUState *cs); /* helper.c */ void s390_cpu_dump_state(CPUState *cpu, FILE *f, int flags); -hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); -hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr); +void do_restart_interrupt(CPUS390XState *env); +#ifndef CONFIG_USER_ONLY uint64_t get_psw_mask(CPUS390XState *env); void s390_cpu_recompute_watchpoints(CPUState *cs); void s390x_tod_timer(void *opaque); void s390x_cpu_timer(void *opaque); -void do_restart_interrupt(CPUS390XState *env); void s390_handle_wait(S390CPU *cpu); +hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); +hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr); #define S390_STORE_STATUS_DEF_ADDR offsetof(LowCore, floating_pt_save_area) int s390_store_status(S390CPU *cpu, hwaddr addr, bool store_arch); int s390_store_adtl_status(S390CPU *cpu, hwaddr addr, hwaddr len); -#ifndef CONFIG_USER_ONLY LowCore *cpu_map_lowcore(CPUS390XState *env); void cpu_unmap_lowcore(LowCore *lowcore); #endif /* CONFIG_USER_ONLY */ -- 2.21.3
[PATCH v2 1/7] sysemu/accel: Restrict machine methods to system-mode
Restrict init_machine(), setup_post() and has_memory() to system-mode. Reviewed-by: Edgar E. Iglesias Reviewed-by: Cornelia Huck Signed-off-by: Philippe Mathieu-Daudé --- include/sysemu/accel.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/sysemu/accel.h b/include/sysemu/accel.h index 47e5788530..e08b8ab8fa 100644 --- a/include/sysemu/accel.h +++ b/include/sysemu/accel.h @@ -37,10 +37,12 @@ typedef struct AccelClass { /*< public >*/ const char *name; +#ifndef CONFIG_USER_ONLY int (*init_machine)(MachineState *ms); void (*setup_post)(MachineState *ms, AccelState *accel); bool (*has_memory)(MachineState *ms, AddressSpace *as, hwaddr start_addr, hwaddr size); +#endif bool *allowed; /* * Array of global properties that would be applied when specific -- 2.21.3
[PATCH v2 2/7] sysemu/tcg: Only declare tcg_allowed when TCG is available
When TCG is not available, the tcg_allowed variable does not exist. Reviewed-by: Edgar E. Iglesias Reviewed-by: Cornelia Huck Signed-off-by: Philippe Mathieu-Daudé --- include/sysemu/tcg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/sysemu/tcg.h b/include/sysemu/tcg.h index 7d116d2e80..d9d3ca8559 100644 --- a/include/sysemu/tcg.h +++ b/include/sysemu/tcg.h @@ -8,9 +8,9 @@ #ifndef SYSEMU_TCG_H #define SYSEMU_TCG_H -extern bool tcg_allowed; void tcg_exec_init(unsigned long tb_size); #ifdef CONFIG_TCG +extern bool tcg_allowed; #define tcg_enabled() (tcg_allowed) #else #define tcg_enabled() 0 -- 2.21.3
[PATCH v2 0/7] exec/cpu: Cleanups around "exec/hwaddr.h" (reserved to system-mode)
The 'hwaddr' type declared in "exec/hwaddr.h" is meant for system-mode emulation only. This series is a preparatory cleanup to allow later poisoning it in user-mode code. Missing review: patche 7 - target/s390x: Restrict system-mode declarations Maybe PPC/S390X maintainers can take their patches and let the rest to Paolo, or he can take all the series. They are not dependents. Since v1: - Do not poison hwaddr type - Addressed Cornelia & David review comments - Added R-b/A-b $ git backport-diff -u v1 Key: [] : patches are identical [] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/7:[] [--] 'sysemu/accel: Restrict machine methods to system-mode' 002/7:[] [--] 'sysemu/tcg: Only declare tcg_allowed when TCG is available' 003/7:[] [--] 'sysemu/hvf: Only declare hvf_allowed when HVF is available' 004/7:[] [--] 'target/ppc: Restrict PPCVirtualHypervisorClass to system-mode' 005/7:[] [--] 'target/s390x: Only compile decode_basedisp() on system-mode' 006/7:[0002] [FC] 'target/s390x/helper: Clean ifdef'ry' 007/7:[0005] [FC] 'target/s390x: Restrict system-mode declarations' Supersedes: <20200509130910.26335-1-f4...@amsat.org> Philippe Mathieu-Daudé (7): sysemu/accel: Restrict machine methods to system-mode sysemu/tcg: Only declare tcg_allowed when TCG is available sysemu/hvf: Only declare hvf_allowed when HVF is available target/ppc: Restrict PPCVirtualHypervisorClass to system-mode target/s390x: Only compile decode_basedisp() on system-mode target/s390x/helper: Clean ifdef'ry target/s390x: Restrict system-mode declarations include/sysemu/accel.h | 2 ++ include/sysemu/hvf.h| 6 +++--- include/sysemu/tcg.h| 2 +- target/ppc/cpu.h| 4 ++-- target/ppc/kvm_ppc.h| 22 +++--- target/s390x/internal.h | 16 +++- target/ppc/translate_init.inc.c | 4 target/s390x/helper.c | 5 - 8 files changed, 34 insertions(+), 27 deletions(-) -- 2.21.3
Re: [PATCH v3 3/9] target/riscv: Add the lowRISC Ibex CPU
On Fri, May 22, 2020 at 12:51 AM LIU Zhiwei wrote: > > > > On 2020/5/20 5:31, Alistair Francis wrote: > > Ibex is a small and efficient, 32-bit, in-order RISC-V core with > > a 2-stage pipeline that implements the RV32IMC instruction set > > architecture. > > > > For more details on lowRISC see here: > > https://github.com/lowRISC/ibex > > > > Signed-off-by: Alistair Francis > > Reviewed-by: Bin Meng > > --- > > target/riscv/cpu.h | 1 + > > target/riscv/cpu.c | 10 ++ > > 2 files changed, 11 insertions(+) > > > > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h > > index d0e7f5b9c5..8733d7467f 100644 > > --- a/target/riscv/cpu.h > > +++ b/target/riscv/cpu.h > > @@ -35,6 +35,7 @@ > > #define TYPE_RISCV_CPU_ANY RISCV_CPU_TYPE_NAME("any") > > #define TYPE_RISCV_CPU_BASE32 RISCV_CPU_TYPE_NAME("rv32") > > #define TYPE_RISCV_CPU_BASE64 RISCV_CPU_TYPE_NAME("rv64") > > +#define TYPE_RISCV_CPU_IBEX RISCV_CPU_TYPE_NAME("lowrisc-ibex") > > #define TYPE_RISCV_CPU_SIFIVE_E31 RISCV_CPU_TYPE_NAME("sifive-e31") > > #define TYPE_RISCV_CPU_SIFIVE_E34 RISCV_CPU_TYPE_NAME("sifive-e34") > > #define TYPE_RISCV_CPU_SIFIVE_E51 RISCV_CPU_TYPE_NAME("sifive-e51") > > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c > > index 5eb3c02735..eb2bbc87ae 100644 > > --- a/target/riscv/cpu.c > > +++ b/target/riscv/cpu.c > > @@ -156,6 +156,15 @@ static void rv32gcsu_priv1_10_0_cpu_init(Object *obj) > > set_feature(env, RISCV_FEATURE_PMP); > > } > > > > +static void rv32imcu_nommu_cpu_init(Object *obj) > > +{ > > +CPURISCVState *env = _CPU(obj)->env; > > +set_misa(env, RV32 | RVI | RVM | RVC | RVU); > > +set_priv_version(env, PRIV_VERSION_1_10_0); > > +set_resetvec(env, 0x8090); > Hi Alistair, > > I see all RISC-V cpus have an reset vector which acts as the first pc > when machine boots up. > However, the first pc is more like an attribute of a machine, not a cpu. In general it seems to be a CPU property. I assume that some CPUs would allow the reset vector to be selectable though, in which case it becomes a board property. > > Another reason is that the cpu names are a combination of ISA. > Then the cpus from different vendors may have same ISA, with different > reset vectors. > > Do you think so? If you are worried about CPUs with different vectors we could always make it a property in the future and have boards override it. I don't think we need that yet (only 1 CPU is different) but it is an easy future change. Alistair > > Zhiwei > > +set_feature(env, RISCV_FEATURE_PMP); > > +} > > + > > static void rv32imacu_nommu_cpu_init(Object *obj) > > { > > CPURISCVState *env = _CPU(obj)->env; > > @@ -619,6 +628,7 @@ static const TypeInfo riscv_cpu_type_infos[] = { > > DEFINE_CPU(TYPE_RISCV_CPU_ANY, riscv_any_cpu_init), > > #if defined(TARGET_RISCV32) > > DEFINE_CPU(TYPE_RISCV_CPU_BASE32, riscv_base32_cpu_init), > > +DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init), > > DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31, rv32imacu_nommu_cpu_init), > > DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34, > > rv32imafcu_nommu_cpu_init), > > DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34, > > rv32gcsu_priv1_10_0_cpu_init), > >
[Bug 1880722] Re: Problems related to checking page crossing in use_goto_tb()
** Summary changed: - Changing executable page permissions with mmap causes user-mode failures + Problems related to checking page crossing in use_goto_tb() ** Description changed: - The discussion that led to this bug discovery can be found in this + The discussion that led to this bug discovery can be found in this mailing list thread: https://lists.nongnu.org/archive/html/qemu-devel/2020-05/msg05426.html - A workaround for this problem would be to check for page crossings for - both the user and system modes in the use_goto_tb() function across + A workaround for this problem would be to check for page crossings for + both the user and system modes in the use_goto_tb() function across targets. Some targets like "hppa" already implement this fix but others don't. - To solve the root cause of this problem, the linux-user/mmap.c should - be fixed to do all the invalidations required. By doing so, up to 6.93% - performance improvements will be achieved. + To solve the root cause of this problem, the linux-user/mmap.c should + be fixed to do all the invalidations required. By doing so, better + performance results could be achieved, compared to the case of the + workaround described above. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1880722 Title: Problems related to checking page crossing in use_goto_tb() Status in QEMU: New Bug description: The discussion that led to this bug discovery can be found in this mailing list thread: https://lists.nongnu.org/archive/html/qemu-devel/2020-05/msg05426.html A workaround for this problem would be to check for page crossings for both the user and system modes in the use_goto_tb() function across targets. Some targets like "hppa" already implement this fix but others don't. To solve the root cause of this problem, the linux-user/mmap.c should be fixed to do all the invalidations required. By doing so, better performance results could be achieved, compared to the case of the workaround described above. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1880722/+subscriptions