Re: [PATCH v4 2/3] target/riscv: Add stimecmp support
On Sat, May 14, 2022 at 4:39 AM Atish Patra wrote:
>
> stimecmp allows the supervisor mode to update stimecmp CSR directly
> to program the next timer interrupt. This CSR is part of the Sstc
> extension which was ratified recently.
>
> Signed-off-by: Atish Patra
> ---
> target/riscv/cpu.c | 8
> target/riscv/cpu.h | 7 +++
> target/riscv/cpu_bits.h| 4 ++
> target/riscv/csr.c | 92 +++
> target/riscv/machine.c | 2 +
> target/riscv/meson.build | 3 +-
> target/riscv/time_helper.c | 98 ++
> target/riscv/time_helper.h | 30
> 8 files changed, 243 insertions(+), 1 deletion(-)
> create mode 100644 target/riscv/time_helper.c
> create mode 100644 target/riscv/time_helper.h
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 19f4e8294042..d58dd2f857a7 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -23,6 +23,7 @@
> #include "qemu/log.h"
> #include "cpu.h"
> #include "internals.h"
> +#include "time_helper.h"
> #include "exec/exec-all.h"
> #include "qapi/error.h"
> #include "qemu/error-report.h"
> @@ -779,7 +780,12 @@ static void riscv_cpu_init(Object *obj)
> #ifndef CONFIG_USER_ONLY
> qdev_init_gpio_in(DEVICE(cpu), riscv_cpu_set_irq,
>IRQ_LOCAL_MAX + IRQ_LOCAL_GUEST_MAX);
> +
> +if (cpu->cfg.ext_sstc) {
> +riscv_timer_init(cpu);
> +}
> #endif /* CONFIG_USER_ONLY */
> +
> }
>
> static Property riscv_cpu_properties[] = {
> @@ -806,6 +812,7 @@ static Property riscv_cpu_properties[] = {
> DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
> DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
> DEFINE_PROP_BOOL("debug", RISCVCPU, cfg.debug, true),
> +DEFINE_PROP_BOOL("sstc", RISCVCPU, cfg.ext_sstc, true),
>
> DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
> DEFINE_PROP_STRING("vext_spec", RISCVCPU, cfg.vext_spec),
> @@ -965,6 +972,7 @@ static void riscv_isa_string_ext(RISCVCPU *cpu, char
> **isa_str, int max_str_len)
> ISA_EDATA_ENTRY(zbs, ext_zbs),
> ISA_EDATA_ENTRY(zve32f, ext_zve32f),
> ISA_EDATA_ENTRY(zve64f, ext_zve64f),
> +ISA_EDATA_ENTRY(sstc, ext_sstc),
> ISA_EDATA_ENTRY(svinval, ext_svinval),
> ISA_EDATA_ENTRY(svnapot, ext_svnapot),
> ISA_EDATA_ENTRY(svpbmt, ext_svpbmt),
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 1119d5201066..9a01e6d0f587 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -276,6 +276,11 @@ struct CPUArchState {
> uint64_t mfromhost;
> uint64_t mtohost;
>
> +/* Sstc CSRs */
> +uint64_t stimecmp;
> +/* For RV32 only */
> +uint8_t stimecmp_wr_done;
> +
> /* physical memory protection */
> pmp_table_t pmp_state;
> target_ulong mseccfg;
> @@ -329,6 +334,7 @@ struct CPUArchState {
> float_status fp_status;
>
> /* Fields from here on are preserved across CPU reset. */
> +QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
>
> hwaddr kernel_addr;
> hwaddr fdt_addr;
> @@ -379,6 +385,7 @@ struct RISCVCPUConfig {
> bool ext_counters;
> bool ext_ifencei;
> bool ext_icsr;
> +bool ext_sstc;
> bool ext_svinval;
> bool ext_svnapot;
> bool ext_svpbmt;
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index 4e5b630f5965..29d0e4a1be01 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -215,6 +215,10 @@
> #define CSR_STVAL 0x143
> #define CSR_SIP 0x144
>
> +/* Sstc supervisor CSRs */
> +#define CSR_STIMECMP0x14D
> +#define CSR_STIMECMPH 0x15D
> +
> /* Supervisor Protection and Translation */
> #define CSR_SPTBR 0x180
> #define CSR_SATP0x180
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 245f007e66e1..8952d1308008 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -21,6 +21,7 @@
> #include "qemu/log.h"
> #include "qemu/timer.h"
> #include "cpu.h"
> +#include "time_helper.h"
> #include "qemu/main-loop.h"
> #include "exec/exec-all.h"
> #include "sysemu/cpu-timers.h"
> @@ -537,6 +538,87 @@ static RISCVException read_timeh(CPURISCVState *env, int
> csrno,
> return RISCV_EXCP_NONE;
> }
>
> +static RISCVException sstc(CPURISCVState *env, int csrno)
> +{
> +CPUState *cs = env_cpu(env);
> +RISCVCPU *cpu = RISCV_CPU(cs);
> +
> +if (!cpu->cfg.ext_sstc || !env->rdtime_fn) {
> +return RISCV_EXCP_ILLEGAL_INST;
> +}
> +
> +if (env->priv == PRV_M) {
> +return RISCV_EXCP_NONE;
> +}
> +
> +if (env->priv != PRV_S) {
> +return RISCV_EXCP_ILLEGAL_INST;
> +}
> +
> +/*
> + * No need of separate function for rv32 as menvcfg stores both menvcfg
> + * menvcfgh for RV32.
> + */
> +if (!(get_field(env->mcounteren, COUNTEREN_TM) &&
> + get_field(env->menvcfg,
[PATCH] virtio/vhost-user: Fix wrong vhost notifier GPtrArray size
In fetch_or_create_notifier, idx begins with 0. So the GPtrArray size
should be idx + 1 and g_ptr_array_set_size should be called with idx + 1.
This wrong GPtrArray size causes fetch_or_create_notifier return an invalid
address. Passing this invalid pointer to vhost_user_host_notifier_remove
causes assert fail:
qemu/include/qemu/int128.h:27: int128_get64: Assertion `r == a' failed.
shutting down, reason=crashed
Backends like dpdk-vdpa which sends out vhost notifier requests almost always
hit qemu crash.
Fixes: 503e355465 ("virtio/vhost-user: dynamically assign
VhostUserHostNotifiers")
Signed-off-by: Yajun Wu
Acked-by: Parav Pandit
Change-Id: I87e0f7591ca9a59d210879b260704a2d9e9d6bcd
---
hw/virtio/vhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index b040c1ad2b..dbc690d16c 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1525,7 +1525,7 @@ static VhostUserHostNotifier
*fetch_or_create_notifier(VhostUserState *u,
{
VhostUserHostNotifier *n = NULL;
if (idx >= u->notifiers->len) {
-g_ptr_array_set_size(u->notifiers, idx);
+g_ptr_array_set_size(u->notifiers, idx + 1);
}
n = g_ptr_array_index(u->notifiers, idx);
--
2.36.0
Re: [RFC PATCH v4 13/36] i386/tdx: Validate TD attributes
On 5/24/2022 4:29 PM, Gerd Hoffmann wrote: On Tue, May 24, 2022 at 04:11:56PM +0800, Xiaoyao Li wrote: On 5/24/2022 2:59 PM, Gerd Hoffmann wrote: On Tue, May 24, 2022 at 12:19:51PM +0800, Xiaoyao Li wrote: On 5/23/2022 5:39 PM, Gerd Hoffmann wrote: So, how is this supposed to work? Patch #2 introduces attributes as user-settable property. So do users have to manually figure and pass the correct value, so the check passes? Specifically the fixed1 check? I think 'attributes' should not be user-settable in the first place. Each feature-bit which is actually user-settable (and not already covered by another option like pmu) should be a separate attribute for tdx-object. Then the tdx code can create attributes from hardware capabilities and user settings. In patch #2, tdx-guest.attributes is defined as a field to hold a 64 bits value of attributes but it doesn't provide any getter/setter for it. So it's *not* user-settable. Ok. Why it is declared as object property in the first place then? Is there another way to define a member/field of object besides property? Well, the C object struct is completely independent from the qapi struct. Typically qapi-generated structs are added as struct fields. Look at ui/input-linux.c for example. struct InputLinux holds all the object state. It has a GrabToggleKeys field, that is a qapi-generated enum (see qapi/common.json) and is user-configurable (there are getter and setter for it). So, you can have a private 'attributes' struct field in your tdx class, but the field doesn't have to be in the qapi struct for that. I see. Thanks for the explanation! I will remove the qom property definition in patch 2. HTH, Gerd
Re: [RFC PATCH v4 20/36] i386/tdx: Register a machine_init_done callback for TD
On 5/24/2022 3:09 PM, Gerd Hoffmann wrote:
On Thu, May 12, 2022 at 11:17:47AM +0800, Xiaoyao Li wrote:
Before a TD can run, it needs to
- setup/configure TD HOB list;
- initialize TDVF into TD's private memory;
- initialize TD vcpu state;
Register a machine_init_done callback to all those stuff.
+static void tdx_finalize_vm(Notifier *notifier, void *unused)
+{
+/* TODO */
+}
I'd suggest to squash this into the patch actually implementing
tdx_finalize_vm.
OK. I'll squash it into the next patch.
take care,
Gerd
Re: [RFC PATCH v4 18/36] i386/tdx: Skip BIOS shadowing setup
On 5/24/2022 3:08 PM, Gerd Hoffmann wrote: On Thu, May 12, 2022 at 11:17:45AM +0800, Xiaoyao Li wrote: TDX guest cannot go to real mode, so just skip the setup of isa-bios. Does isa-bios setup cause any actual problems? (same question for patch #19). It causes mem_region split and mem_slot deletion on KVM. TDVF marks pages starting from 0x80 as TEMP_MEM and TD_HOB, which are TD's private memory and are TDH_MEM_PAGE_ADD'ed to TD via KVM_TDX_INIT_MEM_REGION However, if isa-bios and pc.rom are not skipped, the memory_region initialization of them is after KVM_TDX_INIT_MEM_REGION in tdx_machine_done_notify(). (I didn't figure out why this order though) And the it causes memory region split that splits [0, ram_below_4g) to [0, 0xc0 000), [0xc0 000, 0xe0 000), [0xe0 000, 0x100 000), [0x100 000, ram_below_4g) which causes mem_slot deletion on KVM. On KVM side, we lose the page content when mem_slot deletion. Thus, the we lose the content of TD HOB. Yes, the better solution seems to be ensure KVM_TDX_INIT_MEM_REGION is called after all the mem region is settled down. But I haven't figured out the reason why the isa-bios and pc.rom initialization happens after machine_init_done_notifier on the other hand, to keep isa-bios and pc.rom, we need additional work to copy the content from the end_of_4G to end_of_1M. I'm not sure if isa-bios and pc.rom are needed from people on TD guest, so I just skip them for simplicity, "is not needed" IMHO isn't a good enough reason to special-case tdx here. take care, Gerd
Re: [PATCH v17 6/8] softmmu/dirtylimit: Implement virtual CPU throttle
On Wed, May 25, 2022 at 11:56 PM Peter Xu wrote: > > On Wed, May 25, 2022 at 11:38:26PM +0800, Hyman Huang wrote: > > > 2. Also this algorithm only control or limits dirty rate by guest > > > writes. There can be some memory dirtying done by virtio based devices > > > which is accounted only at qemu level so may not be accounted through > > > dirty rings so do we have plan for that in future? Those are not issue > > > for auto-converge as it slows full VM but dirty rate limit only slows > > > guest writes. > > > > > From the migration point of view, time spent on migrating memory is far > > greater than migrating devices emulated by qemu. I think we can do that when > > migrating device costs the same magnitude time as migrating memory. > > > > As to auto-converge, it throttle vcpu by kicking it and force it to sleep > > periodically. The two seems has no much difference from the perspective of > > internal method but the auto-converge is kind of "offensive" when doing > > restraint. I'll read the auto-converge implementation code and figure out > > the problem you point out. > > This seems to be not virtio-specific, but can be applied to any device DMA > writting to guest mem (if not including vfio). But indeed virtio can be > normally faster. > > I'm also curious how fast a device DMA could dirty memories. This could be > a question to answer to all vcpu-based throttling approaches (including the > quota based approach that was proposed on KVM list). Maybe for kernel > virtio drivers we can have some easier estimation? As you said below, it really depends on the speed of the backend. > My guess is it'll be > much harder for DPDK-in-guest (aka userspace drivers) because IIUC that > could use a large chunk of guest mem. Probably, for vhost-user backend, it could be ~20Mpps or even higher. Thanks > > [copy Jason too] > > -- > Peter Xu >
Re: [RFC PATCH v4 16/36] i386/tdvf: Introduce function to parse TDVF metadata
On 5/24/2022 3:02 PM, Gerd Hoffmann wrote: Hi, +static int tdvf_parse_section_entry(const TdvfSectionEntry *src, + TdxFirmwareEntry *entry) +/* sanity check */ That is what the whole function is doing. So rename it to tdvf_check_section_entry to clarify that? I will rename it to tdvf_parse_and_check_section_entry() since it first parses the section entries from TDVF to software defined data structure TdxFirmwareEntry take care, Gerd
Re: [PATCH v4 3/3] i386: Add notify VM exit support
On 5/25/2022 11:43 AM, Yuan Yao wrote:
On Tue, May 24, 2022 at 10:03:02PM +0800, Chenyi Qiang wrote:
There are cases that malicious virtual machine can cause CPU stuck (due
to event windows don't open up), e.g., infinite loop in microcode when
nested #AC (CVE-2015-5307). No event window means no event (NMI, SMI and
IRQ) can be delivered. It leads the CPU to be unavailable to host or
other VMs. Notify VM exit is introduced to mitigate such kind of
attacks, which will generate a VM exit if no event window occurs in VM
non-root mode for a specified amount of time (notify window).
A new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT is exposed to user space
so that the user can query the capability and set the expected notify
window when creating VMs. The format of the argument when enabling this
capability is as follows:
Bit 63:32 - notify window specified in qemu command
Bit 31:0 - some flags (e.g. KVM_X86_NOTIFY_VMEXIT_ENABLED is set to
enable the feature.)
Because there are some concerns, e.g. a notify VM exit may happen with
VM_CONTEXT_INVALID set in exit qualification (no cases are anticipated
that would set this bit), which means VM context is corrupted. To avoid
the false positive and a well-behaved guest gets killed, make this
feature disabled by default. Users can enable the feature by a new
machine property:
qemu -machine notify_vmexit=on,notify_window=0 ...
A new KVM exit reason KVM_EXIT_NOTIFY is defined for notify VM exit. If
it happens with VM_INVALID_CONTEXT, hypervisor exits to user space to
inform the fatal case. Then user space can inject a SHUTDOWN event to
the target vcpu. This is implemented by injecting a sythesized triple
fault event.
Signed-off-by: Chenyi Qiang
---
hw/i386/x86.c | 45 +
include/hw/i386/x86.h | 5
target/i386/kvm/kvm.c | 66 ++-
3 files changed, 96 insertions(+), 20 deletions(-)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 4cf107baea..a82f959cb9 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1296,6 +1296,37 @@ static void machine_set_sgx_epc(Object *obj, Visitor *v,
const char *name,
qapi_free_SgxEPCList(list);
}
+static bool x86_machine_get_notify_vmexit(Object *obj, Error **errp)
+{
+X86MachineState *x86ms = X86_MACHINE(obj);
+
+return x86ms->notify_vmexit;
+}
+
+static void x86_machine_set_notify_vmexit(Object *obj, bool value, Error
**errp)
+{
+X86MachineState *x86ms = X86_MACHINE(obj);
+
+x86ms->notify_vmexit = value;
+}
+
+static void x86_machine_get_notify_window(Object *obj, Visitor *v,
+const char *name, void *opaque, Error **errp)
+{
+X86MachineState *x86ms = X86_MACHINE(obj);
+uint32_t notify_window = x86ms->notify_window;
+
+visit_type_uint32(v, name, _window, errp);
+}
+
+static void x86_machine_set_notify_window(Object *obj, Visitor *v,
+ const char *name, void *opaque, Error **errp)
+{
+X86MachineState *x86ms = X86_MACHINE(obj);
+
+visit_type_uint32(v, name, >notify_window, errp);
+}
+
static void x86_machine_initfn(Object *obj)
{
X86MachineState *x86ms = X86_MACHINE(obj);
@@ -1306,6 +1337,8 @@ static void x86_machine_initfn(Object *obj)
x86ms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
x86ms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
x86ms->bus_lock_ratelimit = 0;
+x86ms->notify_vmexit = false;
+x86ms->notify_window = 0;
}
static void x86_machine_class_init(ObjectClass *oc, void *data)
@@ -1361,6 +1394,18 @@ static void x86_machine_class_init(ObjectClass *oc, void
*data)
NULL, NULL);
object_class_property_set_description(oc, "sgx-epc",
"SGX EPC device");
+
+object_class_property_add(oc, X86_MACHINE_NOTIFY_WINDOW, "uint32_t",
+ x86_machine_get_notify_window,
+ x86_machine_set_notify_window, NULL, NULL);
+object_class_property_set_description(oc, X86_MACHINE_NOTIFY_WINDOW,
+"Set the notify window required by notify VM exit");
+
+object_class_property_add_bool(oc, X86_MACHINE_NOTIFY_VMEXIT,
+ x86_machine_get_notify_vmexit,
+ x86_machine_set_notify_vmexit);
+object_class_property_set_description(oc, X86_MACHINE_NOTIFY_VMEXIT,
+"Enable notify VM exit");
}
static const TypeInfo x86_machine_info = {
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index 916cc325ee..571ee8b667 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -80,6 +80,9 @@ struct X86MachineState {
* which means no limitation on the guest's bus locks.
*/
uint64_t bus_lock_ratelimit;
+
+bool notify_vmexit;
+uint32_t notify_window;
};
#define X86_MACHINE_SMM "smm"
@@ -87,6 +90,8 @@ struct X86MachineState {
#define X86_MACHINE_OEM_ID
[PATCH 1/1] hw: m25p80: add W# pin and SRWD bit for write protection
From: Iris Chen
Add the W# pin and SRWD bit which control the status register write
ability.
Signed-off-by: Iris Chen
---
hw/block/m25p80.c | 72 +++
tests/qtest/aspeed_smc-test.c | 62 ++
2 files changed, 134 insertions(+)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 81ba3da4df..c845fa08d4 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -27,12 +27,14 @@
#include "hw/qdev-properties.h"
#include "hw/qdev-properties-system.h"
#include "hw/ssi/ssi.h"
+#include "hw/irq.h"
#include "migration/vmstate.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qemu/error-report.h"
#include "qapi/error.h"
+#include "qapi/visitor.h"
#include "trace.h"
#include "qom/object.h"
@@ -472,11 +474,13 @@ struct Flash {
uint8_t spansion_cr2v;
uint8_t spansion_cr3v;
uint8_t spansion_cr4v;
+bool write_protect_pin;
bool write_enable;
bool four_bytes_address_mode;
bool reset_enable;
bool quad_enable;
bool aai_enable;
+bool status_register_write_disabled;
uint8_t ear;
int64_t dirty_page;
@@ -723,6 +727,21 @@ static void complete_collecting_data(Flash *s)
flash_erase(s, s->cur_addr, s->cmd_in_progress);
break;
case WRSR:
+/*
+ * If W# is low and status_register_write_disabled is high,
+ * status register writes are disabled.
+ * This is also called "hardware protected mode" (HPM). All other
+ * combinations of the two states are called "software protected mode"
+ * (SPM), and status register writes are permitted.
+ */
+if ((s->write_protect_pin == 0 && s->status_register_write_disabled)
+|| !s->write_enable) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ "M25P80: Status register write is disabled!\n");
+break;
+}
+s->status_register_write_disabled = extract32(s->data[0], 7, 1);
+
switch (get_man(s)) {
case MAN_SPANSION:
s->quad_enable = !!(s->data[1] & 0x02);
@@ -1195,6 +1214,8 @@ static void decode_new_cmd(Flash *s, uint32_t value)
case RDSR:
s->data[0] = (!!s->write_enable) << 1;
+s->data[0] |= (!!s->status_register_write_disabled) << 7;
+
if (get_man(s) == MAN_MACRONIX || get_man(s) == MAN_ISSI) {
s->data[0] |= (!!s->quad_enable) << 6;
}
@@ -1484,6 +1505,15 @@ static uint32_t m25p80_transfer8(SSIPeripheral *ss,
uint32_t tx)
return r;
}
+static void m25p80_write_protect_pin_irq_handler(void *opaque, int n, int
level)
+{
+Flash *s = M25P80(opaque);
+bool wp = !!level;
+/* W# is just a single pin. */
+assert(n == 0);
+s->write_protect_pin = wp;
+}
+
static void m25p80_realize(SSIPeripheral *ss, Error **errp)
{
Flash *s = M25P80(ss);
@@ -1515,12 +1545,18 @@ static void m25p80_realize(SSIPeripheral *ss, Error
**errp)
s->storage = blk_blockalign(NULL, s->size);
memset(s->storage, 0xFF, s->size);
}
+
+qdev_init_gpio_in_named(DEVICE(s),
+m25p80_write_protect_pin_irq_handler, "W#", 1);
}
static void m25p80_reset(DeviceState *d)
{
Flash *s = M25P80(d);
+s->write_protect_pin = true;
+s->status_register_write_disabled = false;
+
reset_memory(s);
}
@@ -1601,6 +1637,7 @@ static const VMStateDescription vmstate_m25p80 = {
VMSTATE_UINT8(needed_bytes, Flash),
VMSTATE_UINT8(cmd_in_progress, Flash),
VMSTATE_UINT32(cur_addr, Flash),
+VMSTATE_BOOL(write_protect_pin, Flash),
VMSTATE_BOOL(write_enable, Flash),
VMSTATE_BOOL(reset_enable, Flash),
VMSTATE_UINT8(ear, Flash),
@@ -1622,6 +1659,38 @@ static const VMStateDescription vmstate_m25p80 = {
}
};
+static void m25p80_get_write_protect_pin(Object *obj,
+ Visitor *v,
+ const char *name,
+ void *opaque,
+ Error **errp)
+{
+Flash *s = M25P80(obj);
+bool value;
+
+value = s->write_protect_pin;
+
+visit_type_bool(v, name, , errp);
+}
+
+static void m25p80_set_write_protect_pin(Object *obj,
+ Visitor *v,
+ const char *name,
+ void *opaque,
+ Error **errp)
+{
+Flash *s = M25P80(obj);
+bool value;
+qemu_irq w;
+
+if (!visit_type_bool(v, name, , errp)) {
+return;
+}
+
+w = qdev_get_gpio_in_named(DEVICE(s), "W#", 0);
+qemu_set_irq(w, value);
+}
+
static void m25p80_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1636,6 +1705,9 @@ static void m25p80_class_init(ObjectClass *klass, void
*data)
[PATCH 0/1] hw: m25p80: add W# pin and SRWD bit for write protection
From: Iris Chen Hey everyone, My patch adds the W# pin and SRWD bit which work together to control the status register write ability. Accordingly, when W# is low and SRWD bit is high, hardware protection mode (HPM) is initiated. All other cases result in software protection. Acceptance tests have been added to verify all four scenarios: it tests the ability to write to SRWD depending on whether write protection is set. Thanks, Iris Iris Chen (1): hw: m25p80: add W# pin and SRWD bit for write protection hw/block/m25p80.c | 72 +++ tests/qtest/aspeed_smc-test.c | 62 ++ 2 files changed, 134 insertions(+) -- 2.30.2
Re: [PATCH v4 1/3] hw/intc: Move mtimer/mtimecmp to aclint
On Sat, May 14, 2022 at 4:37 AM Atish Patra wrote:
>
> Historically, The mtime/mtimecmp has been part of the CPU because
> they are per hart entities. However, they actually belong to aclint
> which is a MMIO device.
>
> Move them to the ACLINT device. This also emulates the real hardware
> more closely.
>
> Reviewed-by: Anup Patel
> Signed-off-by: Atish Patra
Reviewed-by: Alistair Francis
Alistair
> ---
> hw/intc/riscv_aclint.c | 41 --
> hw/timer/ibex_timer.c | 18 ++-
> include/hw/intc/riscv_aclint.h | 2 ++
> include/hw/timer/ibex_timer.h | 2 ++
> target/riscv/cpu.h | 2 --
> target/riscv/machine.c | 5 ++---
> 6 files changed, 42 insertions(+), 28 deletions(-)
>
> diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
> index 0412edc98257..83d317def395 100644
> --- a/hw/intc/riscv_aclint.c
> +++ b/hw/intc/riscv_aclint.c
> @@ -32,6 +32,7 @@
> #include "hw/intc/riscv_aclint.h"
> #include "qemu/timer.h"
> #include "hw/irq.h"
> +#include "migration/vmstate.h"
>
> typedef struct riscv_aclint_mtimer_callback {
> RISCVAclintMTimerState *s;
> @@ -65,8 +66,8 @@ static void
> riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
>
> uint64_t rtc_r = cpu_riscv_read_rtc(mtimer);
>
> -cpu->env.timecmp = value;
> -if (cpu->env.timecmp <= rtc_r) {
> +mtimer->timecmp[hartid] = value;
> +if (mtimer->timecmp[hartid] <= rtc_r) {
> /*
> * If we're setting an MTIMECMP value in the "past",
> * immediately raise the timer interrupt
> @@ -77,7 +78,7 @@ static void
> riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
>
> /* otherwise, set up the future timer interrupt */
> qemu_irq_lower(mtimer->timer_irqs[hartid - mtimer->hartid_base]);
> -diff = cpu->env.timecmp - rtc_r;
> +diff = mtimer->timecmp[hartid] - rtc_r;
> /* back to ns (note args switched in muldiv64) */
> uint64_t ns_diff = muldiv64(diff, NANOSECONDS_PER_SECOND, timebase_freq);
>
> @@ -102,7 +103,7 @@ static void
> riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
> next = MIN(next, INT64_MAX);
> }
>
> -timer_mod(cpu->env.timer, next);
> +timer_mod(mtimer->timers[hartid], next);
> }
>
> /*
> @@ -133,11 +134,11 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque,
> hwaddr addr,
>"aclint-mtimer: invalid hartid: %zu", hartid);
> } else if ((addr & 0x7) == 0) {
> /* timecmp_lo for RV32/RV64 or timecmp for RV64 */
> -uint64_t timecmp = env->timecmp;
> +uint64_t timecmp = mtimer->timecmp[hartid];
> return (size == 4) ? (timecmp & 0x) : timecmp;
> } else if ((addr & 0x7) == 4) {
> /* timecmp_hi */
> -uint64_t timecmp = env->timecmp;
> +uint64_t timecmp = mtimer->timecmp[hartid];
> return (timecmp >> 32) & 0x;
> } else {
> qemu_log_mask(LOG_UNIMP,
> @@ -177,7 +178,7 @@ static void riscv_aclint_mtimer_write(void *opaque,
> hwaddr addr,
> } else if ((addr & 0x7) == 0) {
> if (size == 4) {
> /* timecmp_lo for RV32/RV64 */
> -uint64_t timecmp_hi = env->timecmp >> 32;
> +uint64_t timecmp_hi = mtimer->timecmp[hartid] >> 32;
> riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu),
> hartid,
> timecmp_hi << 32 | (value & 0x));
> } else {
> @@ -188,7 +189,7 @@ static void riscv_aclint_mtimer_write(void *opaque,
> hwaddr addr,
> } else if ((addr & 0x7) == 4) {
> if (size == 4) {
> /* timecmp_hi for RV32/RV64 */
> -uint64_t timecmp_lo = env->timecmp;
> +uint64_t timecmp_lo = mtimer->timecmp[hartid];
> riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu),
> hartid,
> value << 32 | (timecmp_lo & 0x));
> } else {
> @@ -233,7 +234,7 @@ static void riscv_aclint_mtimer_write(void *opaque,
> hwaddr addr,
> continue;
> }
> riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu),
> - i, env->timecmp);
> + i, mtimer->timecmp[i]);
> }
> return;
> }
> @@ -283,6 +284,8 @@ static void riscv_aclint_mtimer_realize(DeviceState *dev,
> Error **errp)
> s->timer_irqs = g_new(qemu_irq, s->num_harts);
> qdev_init_gpio_out(dev, s->timer_irqs, s->num_harts);
>
> +s->timers = g_malloc0(s->num_harts * sizeof(QEMUTimer));
> +s->timecmp = g_new0(uint64_t, s->num_harts);
> /* Claim timer interrupt bits */
> for (i = 0; i < s->num_harts; i++) {
> RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(s->hartid_base + i));
> @@
[PATCH] iotests: fix source directory location
If you invoke the check script from outside of the tests/qemu-iotests directory, the directories initialized as source_iotests and build_iotests will be incorrect. We can use the location of the source file itself to be more accurate. Signed-off-by: John Snow Reviewed-by: Paolo Bonzini --- tests/qemu-iotests/testenv.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py index a864c74b123..9b0f01e84db 100644 --- a/tests/qemu-iotests/testenv.py +++ b/tests/qemu-iotests/testenv.py @@ -217,10 +217,10 @@ def __init__(self, imgfmt: str, imgproto: str, aiomode: str, self.build_iotests = os.path.dirname(os.path.abspath(sys.argv[0])) else: # called from the source tree -self.source_iotests = os.getcwd() +self.source_iotests = str(Path(__file__, '..').resolve()) self.build_iotests = self.source_iotests -self.build_root = os.path.join(self.build_iotests, '..', '..') +self.build_root = str(Path(self.build_iotests, '../..').resolve()) self.init_directories() self.init_binaries() -- 2.34.1
[PATCH 8/9] tests: add python3-venv to debian10.docker
This is needed to be able to add a venv-building step to 'make check'; the clang-user job in particular needs this to be able to run check-unit. Signed-off-by: John Snow --- tests/docker/dockerfiles/debian10.docker | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/docker/dockerfiles/debian10.docker b/tests/docker/dockerfiles/debian10.docker index b414af1b9f7..03be9230664 100644 --- a/tests/docker/dockerfiles/debian10.docker +++ b/tests/docker/dockerfiles/debian10.docker @@ -34,4 +34,5 @@ RUN apt update && \ python3 \ python3-sphinx \ python3-sphinx-rtd-theme \ +python3-venv \ $(apt-get -s build-dep --arch-only qemu | egrep ^Inst | fgrep '[all]' | cut -d\ -f2) -- 2.34.1
Re: [PATCH v4 10/17] target/m68k: Implement TRAPcc
Le 26/05/2022 à 00:26, Richard Henderson a écrit :
On 5/25/22 14:40, Laurent Vivier wrote:
+DISAS_INSN(trapcc)
+{
+ DisasCompare c;
+
+ /* Consume and discard the immediate operand. */
+ switch (extract32(insn, 0, 3)) {
+ case 2: /* trapcc.w */
+ (void)read_im16(env, s);
+ break;
+ case 3: /* trapcc.l */
+ (void)read_im32(env, s);
+ break;
Do we really need to read the data or do we only need to increment s->pc (as the data are only
here to be available for the trap handler)?
We need to read the data to (1) trigger sigsegv when this insn crosses a page and (2) passing to tcg
plugins.
For (1) I was wondering if the real CPU is actually doing it.
Nothing is said about it in the instruction definition.
Thanks,
Laurent
[PATCH 9/9] tests: run 'device-crash-test' from tests/venv
Remove the sys.path hacking from device-crash-test, and add in a little
user-friendly message for anyone who was used to running this script
directly from the source tree.
Modify the GitLab job recipes to create the tests/venv first, then run
device-crash-test from that venv.
Signed-off-by: John Snow
---
.gitlab-ci.d/buildtest.yml | 8 +---
scripts/device-crash-test | 14 +++---
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index e9620c30748..fde29c35aa3 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -110,7 +110,8 @@ crash-test-debian:
IMAGE: debian-amd64
script:
- cd build
-- scripts/device-crash-test -q ./qemu-system-i386
+- make check-venv
+- tests/venv/bin/python3 scripts/device-crash-test -q ./qemu-system-i386
build-system-fedora:
extends: .native_build_job_template
@@ -155,8 +156,9 @@ crash-test-fedora:
IMAGE: fedora
script:
- cd build
-- scripts/device-crash-test -q ./qemu-system-ppc
-- scripts/device-crash-test -q ./qemu-system-riscv32
+- make check-venv
+- tests/venv/bin/python3 scripts/device-crash-test -q ./qemu-system-ppc
+- tests/venv/bin/python3 scripts/device-crash-test -q ./qemu-system-riscv32
build-system-centos:
extends: .native_build_job_template
diff --git a/scripts/device-crash-test b/scripts/device-crash-test
index a203b3fdea2..73bcb986937 100755
--- a/scripts/device-crash-test
+++ b/scripts/device-crash-test
@@ -33,10 +33,18 @@ import re
import random
import argparse
from itertools import chain
+from pathlib import Path
-sys.path.append(os.path.join(os.path.dirname(__file__), '..', 'python'))
-from qemu.machine import QEMUMachine
-from qemu.qmp import ConnectError
+try:
+from qemu.machine import QEMUMachine
+from qemu.qmp import ConnectError
+except ModuleNotFoundError as exc:
+path = Path(__file__).resolve()
+print(f"Module '{exc.name}' not found.")
+print(" Try 'make check-venv' from your build directory,")
+print(" and then one way to run this script is like so:")
+print(f' > $builddir/tests/venv/bin/python3 "{path}"')
+sys.exit(1)
logger = logging.getLogger('device-crash-test')
dbg = logger.debug
--
2.34.1
[PATCH 6/9] tests: install "qemu" namespace package into venv
This patch adds the "qemu" namespace package to the $build/tests/venv directory. It does so in "editable" mode, which means that changes to the source python directory will actively be reflected by the venv. This patch also then removes any sys.path hacking from the avocado test scripts directly. By doing this, the environment of where to find these packages is managed entirely by the virtual environment and not by the scripts themselves. Signed-off-by: John Snow --- tests/Makefile.include | 1 + tests/avocado/avocado_qemu/__init__.py | 11 +-- tests/avocado/virtio_check_params.py | 1 - tests/avocado/virtio_version.py| 1 - tests/requirements.txt | 1 + 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index 052d7f56e9a..d13a3403e9f 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -110,6 +110,7 @@ quiet-venv-pip = $(quiet-@)$(call quiet-command-run, \ $(TESTS_VENV_DIR): $(TESTS_VENV_REQ) $(call quiet-command, $(PYTHON) -m venv $@, VENV, $@) + $(call quiet-venv-pip,install -e "$(SRC_PATH)/python/") $(call quiet-venv-pip,install -r $(TESTS_VENV_REQ)) $(call quiet-command, touch $@) diff --git a/tests/avocado/avocado_qemu/__init__.py b/tests/avocado/avocado_qemu/__init__.py index 39f15c1d518..b656a70c55b 100644 --- a/tests/avocado/avocado_qemu/__init__.py +++ b/tests/avocado/avocado_qemu/__init__.py @@ -21,6 +21,11 @@ from avocado.utils import cloudinit, datadrainer, process, ssh, vmimage from avocado.utils.path import find_command +from qemu.machine import QEMUMachine +from qemu.utils import (get_info_usernet_hostfwd_port, kvm_available, +tcg_available) + + #: The QEMU build root directory. It may also be the source directory #: if building from the source dir, but it's safer to use BUILD_DIR for #: that purpose. Be aware that if this code is moved outside of a source @@ -35,12 +40,6 @@ else: SOURCE_DIR = BUILD_DIR -sys.path.append(os.path.join(SOURCE_DIR, 'python')) - -from qemu.machine import QEMUMachine -from qemu.utils import (get_info_usernet_hostfwd_port, kvm_available, -tcg_available) - def has_cmd(name, args=None): """ diff --git a/tests/avocado/virtio_check_params.py b/tests/avocado/virtio_check_params.py index e869690473a..4093da8a674 100644 --- a/tests/avocado/virtio_check_params.py +++ b/tests/avocado/virtio_check_params.py @@ -22,7 +22,6 @@ import re import logging -sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python')) from qemu.machine import QEMUMachine from avocado_qemu import QemuSystemTest from avocado import skip diff --git a/tests/avocado/virtio_version.py b/tests/avocado/virtio_version.py index 208910bb844..c84e48813a1 100644 --- a/tests/avocado/virtio_version.py +++ b/tests/avocado/virtio_version.py @@ -11,7 +11,6 @@ import sys import os -sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python')) from qemu.machine import QEMUMachine from avocado_qemu import QemuSystemTest diff --git a/tests/requirements.txt b/tests/requirements.txt index a21b59b4439..0ba561b6bdf 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,5 +1,6 @@ # Add Python module requirements, one per line, to be installed # in the tests/venv Python virtual environment. For more info, # refer to: https://pip.pypa.io/en/stable/user_guide/#id1 +# Note that qemu.git/python/ is always implicitly installed. avocado-framework==88.1 pycdlib==1.11.0 -- 2.34.1
[PATCH 3/9] tests: use python3 as the python executable name
Use "python3" instead of "python" as per PEP0394: https://peps.python.org/pep-0394/ This should always be defined (in a venv, at least!), matching the preferred python shebang of "#!/usr/bin/env python3". Signed-off-by: John Snow --- tests/Makefile.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index 146aaa96a00..f68adda0650 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -89,7 +89,7 @@ TARGETS=$(patsubst libqemu-%.fa, %, $(filter libqemu-%.fa, $(ninja-targets))) TESTS_VENV_DIR=$(BUILD_DIR)/tests/venv TESTS_VENV_REQ=$(SRC_PATH)/tests/requirements.txt TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results -TESTS_PYTHON=$(TESTS_VENV_DIR)/bin/python +TESTS_PYTHON=$(TESTS_VENV_DIR)/bin/python3 ifndef AVOCADO_TESTS AVOCADO_TESTS=tests/avocado endif -- 2.34.1
[PATCH 4/9] tests: silence pip upgrade warnings during venv creation
Turn off the nag warning coaxing us to upgrade pip. It's not really that interesting to see in CI logs, and as long as nothing is broken -- nothing is broken. Signed-off-by: John Snow --- tests/Makefile.include | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index f68adda0650..839ffde876a 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -109,8 +109,8 @@ $(TESTS_VENV_DIR): $(TESTS_VENV_REQ) $(PYTHON) -m venv $@, \ VENV, $@) $(call quiet-command, \ -$(TESTS_PYTHON) -m pip -q install -r $(TESTS_VENV_REQ), \ -PIP, $(TESTS_VENV_REQ)) +$(TESTS_PYTHON) -m pip -q --disable-pip-version-check install \ +-r $(TESTS_VENV_REQ), PIP, $(TESTS_VENV_REQ)) $(call quiet-command, touch $@) $(TESTS_RESULTS_DIR): -- 2.34.1
[PATCH 7/9] tests: use tests/venv to run basevm.py-based scripts
This patch co-opts the virtual environment being used by avocado tests to also run the basevm.py tests. This is being done in preparation for for the qemu.qmp package being removed from qemu.git. As part of the change, remove any sys.path() hacks and treat "qemu" as a normal third-party import. Signed-off-by: John Snow Reviewed-by: Paolo Bonzini --- tests/vm/Makefile.include | 13 +++-- tests/vm/basevm.py| 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include index ae91f5043e5..588bc999cc9 100644 --- a/tests/vm/Makefile.include +++ b/tests/vm/Makefile.include @@ -84,10 +84,11 @@ vm-clean-all: $(IMAGES_DIR)/%.img: $(SRC_PATH)/tests/vm/% \ $(SRC_PATH)/tests/vm/basevm.py \ - $(SRC_PATH)/tests/vm/Makefile.include + $(SRC_PATH)/tests/vm/Makefile.include \ + check-venv @mkdir -p $(IMAGES_DIR) $(call quiet-command, \ - $(PYTHON) $< \ + $(TESTS_PYTHON) $< \ $(if $(V)$(DEBUG), --debug) \ $(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \ $(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \ @@ -101,9 +102,9 @@ $(IMAGES_DIR)/%.img:$(SRC_PATH)/tests/vm/% \ # Build in VM $(IMAGE) -vm-build-%: $(IMAGES_DIR)/%.img +vm-build-%: $(IMAGES_DIR)/%.img check-venv $(call quiet-command, \ - $(PYTHON) $(SRC_PATH)/tests/vm/$* \ + $(TESTS_PYTHON) $(SRC_PATH)/tests/vm/$* \ $(if $(V)$(DEBUG), --debug) \ $(if $(DEBUG), --interactive) \ $(if $(J),--jobs $(J)) \ @@ -127,9 +128,9 @@ vm-boot-serial-%: $(IMAGES_DIR)/%.img -device virtio-net-pci,netdev=vnet \ || true -vm-boot-ssh-%: $(IMAGES_DIR)/%.img +vm-boot-ssh-%: $(IMAGES_DIR)/%.img check-venv $(call quiet-command, \ - $(PYTHON) $(SRC_PATH)/tests/vm/$* \ + $(TESTS_PYTHON) $(SRC_PATH)/tests/vm/$* \ $(if $(J),--jobs $(J)) \ $(if $(V)$(DEBUG), --debug) \ $(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \ diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py index 254e11c932b..d7d0413df35 100644 --- a/tests/vm/basevm.py +++ b/tests/vm/basevm.py @@ -18,9 +18,6 @@ import logging import time import datetime -sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python')) -from qemu.machine import QEMUMachine -from qemu.utils import get_info_usernet_hostfwd_port, kvm_available import subprocess import hashlib import argparse @@ -31,6 +28,9 @@ import traceback import shlex +from qemu.machine import QEMUMachine +from qemu.utils import get_info_usernet_hostfwd_port, kvm_available + SSH_KEY_FILE = os.path.join(os.path.dirname(__file__), "..", "keys", "id_rsa") SSH_PUB_KEY_FILE = os.path.join(os.path.dirname(__file__), -- 2.34.1
[PATCH 2/9] tests: add "TESTS_PYTHON" variable to Makefile
This is a convenience feature: $(PYTHON) points to the Python executable we were instructed to use by the configure script. We use that Python to create a virtual environment with the "check-venv" target in tests/Makefile.include. $(TESTS_PYTHON) points to the Python executable belonging to the virtual environment tied to the build. This Python executable is a symlink to the binary used to create the venv, which will be the version provided at configure time. Using $(TESTS_PYTHON) therefore uses the $(PYTHON) executable, but with paths modified to use packages installed to the venv. Signed-off-by: John Snow Reviewed-by: Paolo Bonzini --- tests/Makefile.include | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index ec84b2ebc04..146aaa96a00 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -89,6 +89,7 @@ TARGETS=$(patsubst libqemu-%.fa, %, $(filter libqemu-%.fa, $(ninja-targets))) TESTS_VENV_DIR=$(BUILD_DIR)/tests/venv TESTS_VENV_REQ=$(SRC_PATH)/tests/requirements.txt TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results +TESTS_PYTHON=$(TESTS_VENV_DIR)/bin/python ifndef AVOCADO_TESTS AVOCADO_TESTS=tests/avocado endif @@ -108,7 +109,7 @@ $(TESTS_VENV_DIR): $(TESTS_VENV_REQ) $(PYTHON) -m venv $@, \ VENV, $@) $(call quiet-command, \ -$(TESTS_VENV_DIR)/bin/python -m pip -q install -r $(TESTS_VENV_REQ), \ +$(TESTS_PYTHON) -m pip -q install -r $(TESTS_VENV_REQ), \ PIP, $(TESTS_VENV_REQ)) $(call quiet-command, touch $@) @@ -126,7 +127,7 @@ FEDORA_31_DOWNLOAD=$(filter $(FEDORA_31_ARCHES),$(FEDORA_31_ARCHES_CANDIDATES)) # download one specific Fedora 31 image get-vm-image-fedora-31-%: check-venv $(call quiet-command, \ - $(TESTS_VENV_DIR)/bin/python -m avocado vmimage get \ + $(TESTS_PYTHON) -m avocado vmimage get \ --distro=fedora --distro-version=31 --arch=$*, \ "AVOCADO", "Downloading avocado tests VM image for $*") @@ -135,7 +136,7 @@ get-vm-images: check-venv $(patsubst %,get-vm-image-fedora-31-%, $(FEDORA_31_DOW check-avocado: check-venv $(TESTS_RESULTS_DIR) get-vm-images $(call quiet-command, \ -$(TESTS_VENV_DIR)/bin/python -m avocado \ +$(TESTS_PYTHON) -m avocado \ --show=$(AVOCADO_SHOW) run --job-results-dir=$(TESTS_RESULTS_DIR) \ $(if $(AVOCADO_TAGS),, --filter-by-tags-include-empty \ --filter-by-tags-include-empty-key) \ -- 2.34.1
[PATCH 5/9] tests: add quiet-venv-pip macro
Factor out the "test venv pip" macro; rewrite the "check-venv" rule to be a little more compact. Replace the "PIP" pseudo-command output with "VENVPIP" to make it 1% more clear that we are talking about using pip to install something into a venv. Signed-off-by: John Snow --- tests/Makefile.include | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index 839ffde876a..052d7f56e9a 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -104,13 +104,13 @@ else AVOCADO_CMDLINE_TAGS=$(addprefix -t , $(AVOCADO_TAGS)) endif +quiet-venv-pip = $(quiet-@)$(call quiet-command-run, \ +$(TESTS_PYTHON) -m pip -q --disable-pip-version-check $1, \ +"VENVPIP","$1") + $(TESTS_VENV_DIR): $(TESTS_VENV_REQ) - $(call quiet-command, \ -$(PYTHON) -m venv $@, \ -VENV, $@) - $(call quiet-command, \ -$(TESTS_PYTHON) -m pip -q --disable-pip-version-check install \ --r $(TESTS_VENV_REQ), PIP, $(TESTS_VENV_REQ)) + $(call quiet-command, $(PYTHON) -m venv $@, VENV, $@) + $(call quiet-venv-pip,install -r $(TESTS_VENV_REQ)) $(call quiet-command, touch $@) $(TESTS_RESULTS_DIR): -- 2.34.1
[PATCH 1/9] python: update for mypy 0.950
typeshed (included in mypy) recently updated to improve the typing for WriteTransport objects. I was working around this, but now there's a version where I shouldn't work around it. Unfortunately this creates some minor ugliness if I want to support both pre- and post-0.950 versions. For now, for my sanity, just disable the unused-ignores warning. Signed-off-by: John Snow Reviewed-by: Paolo Bonzini --- python/qemu/qmp/util.py | 4 +++- python/setup.cfg| 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/python/qemu/qmp/util.py b/python/qemu/qmp/util.py index eaa5fc7d5f9..ca6225e9cda 100644 --- a/python/qemu/qmp/util.py +++ b/python/qemu/qmp/util.py @@ -40,7 +40,9 @@ async def flush(writer: asyncio.StreamWriter) -> None: drain. The flow control limits are restored after the call is completed. """ -transport = cast(asyncio.WriteTransport, writer.transport) +transport = cast( # type: ignore[redundant-cast] +asyncio.WriteTransport, writer.transport +) # https://github.com/python/typeshed/issues/5779 low, high = transport.get_write_buffer_limits() # type: ignore diff --git a/python/setup.cfg b/python/setup.cfg index e877ea56475..c2c61c75190 100644 --- a/python/setup.cfg +++ b/python/setup.cfg @@ -79,6 +79,7 @@ strict = True python_version = 3.6 warn_unused_configs = True namespace_packages = True +warn_unused_ignores = False [mypy-qemu.utils.qom_fuse] # fusepy has no type stubs: -- 2.34.1
[PATCH 0/9] tests, python: prepare to expand usage of test venv
GitLab CI: https://gitlab.com/jsnow/qemu/-/pipelines/548326343 This series collects some of the uncontroversial elements that serve as pre-requisites for a later series that seeks to generate a testing venv by default. This series makes the following material changes: - Install the 'qemu' package into the avocado testing venv - Use the avocado testing venv to run vm-tests - Use the avocado testing venv to run device-crash-test None of these changes impact 'make check'; these are all specialty tests that are not run by default. This series also doesn't change how iotests are run, doesn't add any new dependencies for SRPM builds, etc. NOTE: patch 8 isn't strictly required for this series, but including it here "early" helps the subsequent series. Since the debian docker files are layered, testing downstream pipelines can fail because the base image is pulled from the main QEMU repo instead of the downstream. In other words: I need this patch in origin/main in order to have the venv module available for later patches that will actually need it in our debian10 derivative images. (in other-other-words: the 'clang-user' test *will* need it later.) John Snow (9): python: update for mypy 0.950 tests: add "TESTS_PYTHON" variable to Makefile tests: use python3 as the python executable name tests: silence pip upgrade warnings during venv creation tests: add quiet-venv-pip macro tests: install "qemu" namespace package into venv tests: use tests/venv to run basevm.py-based scripts tests: add python3-venv to debian10.docker tests: run 'device-crash-test' from tests/venv .gitlab-ci.d/buildtest.yml | 8 +--- python/qemu/qmp/util.py | 4 +++- python/setup.cfg | 1 + scripts/device-crash-test| 14 +++--- tests/Makefile.include | 18 ++ tests/avocado/avocado_qemu/__init__.py | 11 +-- tests/avocado/virtio_check_params.py | 1 - tests/avocado/virtio_version.py | 1 - tests/docker/dockerfiles/debian10.docker | 1 + tests/requirements.txt | 1 + tests/vm/Makefile.include| 13 +++-- tests/vm/basevm.py | 6 +++--- 12 files changed, 47 insertions(+), 32 deletions(-) -- 2.34.1
Re: [PATCH v2 15/15] tests/qtest: enable tests for virtio-gpio
Stefan Hajnoczi writes:
> [[PGP Signed Part:Undecided]]
> On Tue, May 24, 2022 at 04:40:56PM +0100, Alex Bennée wrote:
>> We don't have a virtio-gpio implementation in QEMU and only
>> support a vhost-user backend. The QEMU side of the code is minimal so
>> it should be enough to instantiate the device and pass some vhost-user
>> messages over the control socket. To do this we hook into the existing
>> vhost-user-test code and just add the bits required for gpio.
>>
>> Signed-off-by: Alex Bennée
>> Cc: Viresh Kumar
>> Cc: Paolo Bonzini
>> Cc: Eric Auger
>> Message-Id: <20220408155704.2777166-1-alex.ben...@linaro.org>
>>
>> ---
>> v2
>> - add more of the missing boilerplate
>> - don't request LOG_SHMD
>> - use get_features op
>> - report VIRTIO_F_VERSION_1
>> - more comments
>> ---
>> tests/qtest/libqos/virtio-gpio.h | 35 +++
>> tests/qtest/libqos/virtio-gpio.c | 171 +++
>> tests/qtest/libqos/virtio.c | 2 +-
>> tests/qtest/vhost-user-test.c| 66
>> tests/qtest/libqos/meson.build | 1 +
>> 5 files changed, 274 insertions(+), 1 deletion(-)
>> create mode 100644 tests/qtest/libqos/virtio-gpio.h
>> create mode 100644 tests/qtest/libqos/virtio-gpio.c
>>
>> diff --git a/tests/qtest/libqos/virtio-gpio.h
>> b/tests/qtest/libqos/virtio-gpio.h
>> new file mode 100644
>> index 00..f11d41bd19
>> --- /dev/null
>> +++ b/tests/qtest/libqos/virtio-gpio.h
>> @@ -0,0 +1,35 @@
>> +/*
>> + * virtio-gpio structures
>> + *
>> + * Copyright (c) 2022 Linaro Ltd
>> + *
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + */
>> +
>> +#ifndef TESTS_LIBQOS_VIRTIO_GPIO_H
>> +#define TESTS_LIBQOS_VIRTIO_GPIO_H
>> +
>> +#include "qgraph.h"
>> +#include "virtio.h"
>> +#include "virtio-pci.h"
>> +
>> +typedef struct QVhostUserGPIO QVhostUserGPIO;
>> +typedef struct QVhostUserGPIOPCI QVhostUserGPIOPCI;
>> +typedef struct QVhostUserGPIODevice QVhostUserGPIODevice;
>> +
>> +struct QVhostUserGPIO {
>> +QVirtioDevice *vdev;
>> +QVirtQueue **queues;
>> +};
>> +
>> +struct QVhostUserGPIOPCI {
>> +QVirtioPCIDevice pci_vdev;
>> +QVhostUserGPIO gpio;
>> +};
>> +
>> +struct QVhostUserGPIODevice {
>> +QOSGraphObject obj;
>> +QVhostUserGPIO gpio;
>> +};
>> +
>> +#endif
>> diff --git a/tests/qtest/libqos/virtio-gpio.c
>> b/tests/qtest/libqos/virtio-gpio.c
>> new file mode 100644
>> index 00..762aa6695b
>> --- /dev/null
>> +++ b/tests/qtest/libqos/virtio-gpio.c
>> @@ -0,0 +1,171 @@
>> +/*
>> + * virtio-gpio nodes for testing
>> + *
>> + * Copyright (c) 2022 Linaro Ltd
>> + *
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "standard-headers/linux/virtio_config.h"
>> +#include "../libqtest.h"
>> +#include "qemu/module.h"
>> +#include "qgraph.h"
>> +#include "virtio-gpio.h"
>> +
>> +static QGuestAllocator *alloc;
>> +
>> +static void virtio_gpio_cleanup(QVhostUserGPIO *gpio)
>> +{
>> +QVirtioDevice *vdev = gpio->vdev;
>> +int i;
>> +
>> +for (i = 0; i < 2; i++) {
>> +qvirtqueue_cleanup(vdev->bus, gpio->queues[i], alloc);
>> +}
>> +g_free(gpio->queues);
>> +}
>> +
>> +/*
>> + * This handles the VirtIO setup from the point of view of the driver
>> + * frontend and therefor doesn't present any vhost specific features
>> + * and in fact masks of the re-used bit.
>> + */
>> +static void virtio_gpio_setup(QVhostUserGPIO *gpio)
>> +{
>> +QVirtioDevice *vdev = gpio->vdev;
>> +uint64_t features;
>> +int i;
>> +
>> +features = qvirtio_get_features(vdev);
>> +features &= ~QVIRTIO_F_BAD_FEATURE;
>
> This looks questionable. qvirtio_get_features() should return VIRTIO
> feature bits. Is QVIRTIO_F_BAD_FEATURE masked out here because
> qvirtio_get_features() is returning raw vhost-user feature bits instead
> and you want to get rid of VHOST_USER_F_PROTOCOL_FEATURES?
Well it's an invalid bit for the driver/frontend<->hw/backend path -
although maybe we should error if we saw it?
>
> [[End of PGP Signed Part]]
--
Alex Bennée
Re: [PATCH v4 10/17] target/m68k: Implement TRAPcc
On 5/25/22 14:40, Laurent Vivier wrote:
+DISAS_INSN(trapcc)
+{
+ DisasCompare c;
+
+ /* Consume and discard the immediate operand. */
+ switch (extract32(insn, 0, 3)) {
+ case 2: /* trapcc.w */
+ (void)read_im16(env, s);
+ break;
+ case 3: /* trapcc.l */
+ (void)read_im32(env, s);
+ break;
Do we really need to read the data or do we only need to increment s->pc (as the data are
only here to be available for the trap handler)?
We need to read the data to (1) trigger sigsegv when this insn crosses a page and (2)
passing to tcg plugins.
r~
Re: [PULL 00/17] Misc patches for 2022-05-25
On 5/25/22 12:28, Paolo Bonzini wrote: The following changes since commit 3757b0d08b399c609954cf57f273b1167e5d7a8d: Merge tag 'pull-request-2022-05-18' of https://gitlab.com/thuth/qemu into staging (2022-05-20 08:04:30 -0700) are available in the Git repository at: https://gitlab.com/bonzini/qemu.git tags/for-upstream for you to fetch changes up to 9ad6634ec956bcf3558059aae8c6b2b5ee985307: i386: docs: Convert hyperv.txt to rST (2022-05-25 21:26:35 +0200) * ac97 cleanups (Zoltan) * default the amount of prealloc-threads to smp-cpus (Jaroslav) * fix disabling MPX on "-cpu host" with MPX-capable host (Maciej) * thread-pool performance optimizations (myself) * Hyper-V enlightenment enabling and docs (Vitaly) * check ELF header in elf2dmp (Viktor) * tweak LBREn migration (Weijiang) Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate. r~ BALATON Zoltan (3): hw/audio/ac97: Coding style fixes to avoid checkpatch errors hw/audio/ac97: Remove unimplemented reset functions hw/audio/ac97: Remove unneeded local variables Jaroslav Jindrak (1): hostmem: default the amount of prealloc-threads to smp-cpus Lev Kujawski (1): ide_ioport_read: Return lower octet of data register instead of 0xFF Maciej S. Szmigiero (1): target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host Paolo Bonzini (3): thread-pool: optimize scheduling of completion bottom half thread-pool: replace semaphore with condition variable thread-pool: remove stopping variable Viktor Prutyanov (1): contrib/elf2dmp: add ELF dump header checking Vitaly Kuznetsov (6): i386: Use hv_build_cpuid_leaf() for HV_CPUID_NESTED_FEATURES i386: Hyper-V Enlightened MSR bitmap feature i386: Hyper-V XMM fast hypercall input feature i386: Hyper-V Support extended GVA ranges for TLB flush hypercalls i386: Hyper-V Direct TLB flush hypercall i386: docs: Convert hyperv.txt to rST Yang Weijiang (1): target/i386: Remove LBREn bit check when access Arch LBR MSRs docs/hyperv.txt| 270 --- docs/system/i386/hyperv.rst| 288 docs/system/target-i386.rst| 1 + target/i386/cpu.h | 5 +- target/i386/kvm/hyperv-proto.h | 9 +- backends/hostmem.c | 2 +- contrib/elf2dmp/qemu_elf.c | 53 +++ hw/audio/ac97.c| 752 - hw/ide/core.c | 6 +- hw/ide/macio.c | 4 +- target/i386/cpu.c | 16 + target/i386/kvm/kvm.c | 76 +++-- util/thread-pool.c | 74 ++-- 13 files changed, 823 insertions(+), 733 deletions(-) delete mode 100644 docs/hyperv.txt create mode 100644 docs/system/i386/hyperv.rst
Re: [PATCH v2 01/11] scsi-disk: add FORMAT UNIT command
Le 24/04/2022 à 18:49, Mark Cave-Ayland a écrit : When initialising a drive ready to install MacOS, Apple HD SC Setup first attempts to format the drive. Add a simple FORMAT UNIT command which simply returns success to allow the format to succeed. Signed-off-by: Mark Cave-Ayland --- hw/scsi/scsi-disk.c | 4 hw/scsi/trace-events | 1 + 2 files changed, 5 insertions(+) Reviewed-by: Laurent Vivier
Re: [PATCH v4 08/17] target/m68k: Fix address argument for EXCP_TRACE
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
According to the M68040 Users Manual, section 8.4.3,
Six word stack frame (format 2), Trace (and others) is
supposed to record the next insn in PC and the address
of the trapping instruction in ADDRESS.
Create gen_raise_exception_format2 to record the trapping
pc in env->mmu.ar. Update m68k_interrupt_all to pass the
value to do_stack_frame. Update cpu_loop to handle EXCP_TRACE.
Signed-off-by: Richard Henderson
---
linux-user/m68k/cpu_loop.c | 3 +++
target/m68k/op_helper.c| 2 +-
target/m68k/translate.c| 49 +-
3 files changed, 36 insertions(+), 18 deletions(-)
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 45419d4471..000bb44cc3 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -53,6 +53,9 @@ void cpu_loop(CPUM68KState *env)
case EXCP_DIV0:
force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->mmu.ar);
break;
+case EXCP_TRACE:
+force_sig_fault(TARGET_SIGTRAP, TARGET_TRAP_TRACE, env->mmu.ar);
+break;
case EXCP_TRAP0:
{
abi_long ret;
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 729ee0e934..3cb71c9140 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -397,13 +397,13 @@ static void m68k_interrupt_all(CPUM68KState *env, int
is_hw)
case EXCP_ILLEGAL:
case EXCP_TRAPCC:
-case EXCP_TRACE:
/* FIXME: addr is not only env->pc */
do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
break;
case EXCP_CHK:
case EXCP_DIV0:
+case EXCP_TRACE:
do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
break;
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index d775345bfa..399d9232e4 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -114,6 +114,7 @@ typedef struct DisasContext {
DisasContextBase base;
CPUM68KState *env;
target_ulong pc;
+target_ulong pc_prev;
CCOp cc_op; /* Current CC operation */
int cc_op_synced;
TCGv_i64 mactmp;
@@ -298,6 +299,21 @@ static void gen_raise_exception(int nr)
tcg_temp_free_i32(tmp);
}
+static void gen_raise_exception_format2(DisasContext *s, int nr,
+target_ulong this_pc)
+{
+/*
+ * Pass the address of the insn to the exception handler,
+ * for recording in the Format $2 (6-word) stack frame.
+ * Re-use mmu.ar for the purpose, since that's only valid
+ * after tlb_fill.
+ */
+tcg_gen_st_i32(tcg_constant_i32(this_pc), cpu_env,
+ offsetof(CPUM68KState, mmu.ar));
+gen_raise_exception(nr);
+s->base.is_jmp = DISAS_NORETURN;
+}
+
static void gen_exception(DisasContext *s, uint32_t dest, int nr)
{
update_cc_op(s);
@@ -1494,12 +1510,13 @@ static void gen_exit_tb(DisasContext *s)
} while (0)
/* Generate a jump to an immediate address. */
-static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
+static void gen_jmp_tb(DisasContext *s, int n, target_ulong dest,
+ target_ulong src)
{
if (unlikely(s->ss_active)) {
update_cc_op(s);
tcg_gen_movi_i32(QREG_PC, dest);
-gen_raise_exception(EXCP_TRACE);
+gen_raise_exception_format2(s, EXCP_TRACE, src);
} else if (translator_use_goto_tb(>base, dest)) {
tcg_gen_goto_tb(n);
tcg_gen_movi_i32(QREG_PC, dest);
@@ -1548,9 +1565,9 @@ DISAS_INSN(dbcc)
tcg_gen_addi_i32(tmp, tmp, -1);
gen_partset_reg(OS_WORD, reg, tmp);
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, -1, l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
gen_set_label(l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
}
DISAS_INSN(undef_mac)
@@ -3096,13 +3113,13 @@ DISAS_INSN(branch)
/* Bcc */
TCGLabel *l1 = gen_new_label();
gen_jmpcc(s, ((insn >> 8) & 0xf) ^ 1, l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
gen_set_label(l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
} else {
/* Unconditional branch. */
update_cc_op(s);
-gen_jmp_tb(s, 0, base + offset);
+gen_jmp_tb(s, 0, base + offset, s->base.pc_next);
}
}
@@ -5485,9 +5502,9 @@ DISAS_INSN(fbcc)
l1 = gen_new_label();
update_cc_op(s);
gen_fjmpcc(s, insn & 0x3f, l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
gen_set_label(l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
}
DISAS_INSN(fscc)
@@ -6158,6 +6175,8 @@ static void
Re: [PATCH v4 17/17] target/m68k: Mark helper_raise_exception as noreturn
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Also mark raise_exception_ra and raise_exception, lest we
generate a warning about helper_raise_exception returning.
Signed-off-by: Richard Henderson
---
target/m68k/helper.h| 2 +-
target/m68k/op_helper.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index f016c4c1c2..c9bed2b884 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -109,7 +109,7 @@ DEF_HELPER_3(set_mac_extu, void, env, i32, i32)
DEF_HELPER_2(flush_flags, void, env, i32)
DEF_HELPER_2(set_ccr, void, env, i32)
DEF_HELPER_FLAGS_1(get_ccr, TCG_CALL_NO_WG_SE, i32, env)
-DEF_HELPER_2(raise_exception, void, env, i32)
+DEF_HELPER_2(raise_exception, noreturn, env, i32)
DEF_HELPER_FLAGS_3(bfffo_reg, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 61948d92bb..d9937ca8dc 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -532,7 +532,8 @@ bool m68k_cpu_exec_interrupt(CPUState *cs, int
interrupt_request)
#endif /* !CONFIG_USER_ONLY */
-static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
+G_NORETURN static void
+raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
{
CPUState *cs = env_cpu(env);
@@ -540,7 +541,7 @@ static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
cpu_loop_exit_restore(cs, raddr);
}
-static void raise_exception(CPUM68KState *env, int tt)
+G_NORETURN static void raise_exception(CPUM68KState *env, int tt)
{
raise_exception_ra(env, tt, 0);
}
Reviewed-by: Laurent Vivier
Re: [PATCH v4 14/17] tests/tcg/m68k: Add trap.c
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Test various trap instructions: chk, div, trap, trapv, trapcc, ftrapcc,
and the signals and addresses that we expect from them.
Signed-off-by: Richard Henderson
---
tests/tcg/m68k/trap.c | 129 +
tests/tcg/m68k/Makefile.target | 3 +
2 files changed, 132 insertions(+)
create mode 100644 tests/tcg/m68k/trap.c
diff --git a/tests/tcg/m68k/trap.c b/tests/tcg/m68k/trap.c
new file mode 100644
index 00..08ab56b2ca
--- /dev/null
+++ b/tests/tcg/m68k/trap.c
@@ -0,0 +1,129 @@
+/*
+ * Test m68k trap addresses.
+ */
+
+#define _GNU_SOURCE 1
+#include
+#include
+#include
+
+static int expect_sig;
+static int expect_si_code;
+static void *expect_si_addr;
+static greg_t expect_mc_pc;
+static volatile int got_signal;
+
+static void sig_handler(int sig, siginfo_t *si, void *puc)
+{
+ucontext_t *uc = puc;
+mcontext_t *mc = >uc_mcontext;
+
+assert(sig == expect_sig);
+assert(si->si_code == expect_si_code);
+assert(si->si_addr == expect_si_addr);
+assert(mc->gregs[R_PC] == expect_mc_pc);
+
+got_signal = 1;
+}
+
+#define FMT_INS [ad] "a"(_si_addr), [pc] "a"(_mc_pc)
+#define FMT0_STR(S) \
+"move.l #1f, (%[ad])\n\tmove.l #1f, (%[pc])\n" S "\n1:\n"
+#define FMT2_STR(S) \
+"move.l #0f, (%[ad])\n\tmove.l #1f, (%[pc])\n" S "\n1:\n"
+
+#define CHECK_SIG do { assert(got_signal); got_signal = 0; } while (0)
+
+int main(int argc, char **argv)
+{
+struct sigaction act = {
+.sa_sigaction = sig_handler,
+.sa_flags = SA_SIGINFO
+};
+int t0, t1;
+
+sigaction(SIGILL, , NULL);
+sigaction(SIGTRAP, , NULL);
+sigaction(SIGFPE, , NULL);
+
+expect_sig = SIGFPE;
+expect_si_code = FPE_INTOVF;
+asm volatile(FMT2_STR("0:\tchk %0, %1") : : "d"(0), "d"(-1), FMT_INS);
+CHECK_SIG;
+
+#if 0
+/* FIXME: chk2 not correctly translated. */
+int bounds[2] = { 0, 1 };
+asm volatile(FMT2_STR("0:\tchk2.l %0, %1")
+ : : "m"(bounds), "d"(2), FMT_INS);
+CHECK_SIG;
+#endif
+
+asm volatile(FMT2_STR("cmp.l %0, %1\n0:\ttrapv")
+ : : "d"(INT_MIN), "d"(1), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq.w #0x1234")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq.l #0x12345678")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("fcmp.x %0, %0\n0:\tftrapeq")
+ : : "f"(0.0L), FMT_INS);
+CHECK_SIG;
+
+expect_si_code = FPE_INTDIV;
+
+asm volatile(FMT2_STR("0:\tdivs.w %1, %0")
+ : "=d"(t0) : "d"(0), "0"(1), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("0:\tdivsl.l %2, %1:%0")
+ : "=d"(t0), "=d"(t1) : "d"(0), "0"(1), FMT_INS);
+CHECK_SIG;
+
+expect_sig = SIGILL;
+expect_si_code = ILL_ILLOPN;
+asm volatile(FMT0_STR("trap #1") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #2") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #3") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #4") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #5") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #6") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #7") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #8") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #9") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #10") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #11") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #12") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #13") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #14") : : FMT_INS);
+CHECK_SIG;
+
+expect_sig = SIGTRAP;
+expect_si_code = TRAP_BRKPT;
+asm volatile(FMT0_STR("trap #15") : : FMT_INS);
+CHECK_SIG;
+
+return 0;
+}
diff --git a/tests/tcg/m68k/Makefile.target b/tests/tcg/m68k/Makefile.target
index 62f109eef4..1163c7ef03 100644
--- a/tests/tcg/m68k/Makefile.target
+++ b/tests/tcg/m68k/Makefile.target
@@ -3,5 +3,8 @@
# m68k specific tweaks - specifically masking out broken tests
#
+VPATH += $(SRC_PATH)/tests/tcg/m68k
+TESTS += trap
+
# On m68k Linux supports 4k and 8k pages (but 8k is currently broken)
EXTRA_RUNS+=run-test-mmap-4096 # run-test-mmap-8192
Reviewed-by: Laurent Vivier
Re: [PATCH v4 13/17] target/m68k: Implement FTRAPcc
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Signed-off-by: Richard Henderson
---
target/m68k/translate.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0cd7ef89e3..a3141d7f77 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -5567,6 +5567,35 @@ DISAS_INSN(fscc)
tcg_temp_free(tmp);
}
+DISAS_INSN(ftrapcc)
+{
+DisasCompare c;
+uint16_t ext;
+int cond;
+
+ext = read_im16(env, s);
+cond = ext & 0x3f;
+
+/* Consume and discard the immediate operand. */
+switch (extract32(insn, 0, 3)) {
+case 2: /* ftrapcc.w */
+(void)read_im16(env, s);
+break;
+case 3: /* ftrapcc.l */
+(void)read_im32(env, s);
+break;
+case 4: /* ftrapcc (no operand) */
+break;
+default:
+/* Illegal insn */
+disas_undef(env, s, insn);
+return;
+}
+
+gen_fcc_cond(, s, cond);
+do_trapcc(s, );
+}
+
#if defined(CONFIG_SOFTMMU)
DISAS_INSN(frestore)
{
@@ -6190,6 +6219,7 @@ void register_m68k_insns (CPUM68KState *env)
INSN(fbcc, f280, ffc0, CF_FPU);
INSN(fpu, f200, ffc0, FPU);
INSN(fscc, f240, ffc0, FPU);
+INSN(ftrapcc, f278, fff8, FPU);
INSN(fbcc, f280, ff80, FPU);
#if defined(CONFIG_SOFTMMU)
INSN(frestore, f340, ffc0, CF_FPU);
Reviewed-by: Laurent Vivier
Re: [PATCH v4 12/17] target/m68k: Implement TRAPV
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Signed-off-by: Richard Henderson
---
target/m68k/translate.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index bb5ed1b7b1..0cd7ef89e3 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4911,6 +4911,14 @@ DISAS_INSN(trapcc)
do_trapcc(s, );
}
+DISAS_INSN(trapv)
+{
+DisasCompare c;
+
+gen_cc_cond(, s, 9); /* V set */
+do_trapcc(s, );
+}
+
static void gen_load_fcr(DisasContext *s, TCGv res, int reg)
{
switch (reg) {
@@ -6074,6 +6082,7 @@ void register_m68k_insns (CPUM68KState *env)
BASE(nop, 4e71, );
INSN(rtd, 4e74, , RTD);
BASE(rts, 4e75, );
+INSN(trapv, 4e76, , M68000);
INSN(rtr, 4e77, , M68000);
BASE(jump, 4e80, ffc0);
BASE(jump, 4ec0, ffc0);
Reviewed-by: Laurent Vivier
Re: [PATCH v4 11/17] target/m68k: Implement TPF in terms of TRAPcc
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
TPF stands for "trap false", and is a long-form nop for ColdFire.
Re-use the immediate consumption code from trapcc; the insn will
already expand to a nop because of the TCG_COND_NEVER test
within do_trapcc.
Signed-off-by: Richard Henderson
---
target/m68k/translate.c | 18 +-
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index c4fe8abc03..bb5ed1b7b1 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -3075,22 +3075,6 @@ DISAS_INSN(addsubq)
tcg_temp_free(dest);
}
-DISAS_INSN(tpf)
-{
-switch (insn & 7) {
-case 2: /* One extension word. */
-s->pc += 2;
-break;
-case 3: /* Two extension words. */
-s->pc += 4;
-break;
-case 4: /* No extension words. */
-break;
-default:
-disas_undef(env, s, insn);
-}
-}
-
DISAS_INSN(branch)
{
int32_t offset;
@@ -6099,7 +6083,7 @@ void register_m68k_insns (CPUM68KState *env)
INSN(scc, 50c0, f0c0, M68000); /* Scc.B */
INSN(dbcc, 50c8, f0f8, M68000);
INSN(trapcc,50f8, f0f8, TRAPCC);
-INSN(tpf, 51f8, fff8, CF_ISA_A);
+INSN(trapcc,51f8, fff8, CF_ISA_A); /* TPF (trapf) */
/* Branch instructions. */
BASE(branch,6000, f000);
Reviewed-by: Laurent Vivier
Re: [PATCH v4 10/17] target/m68k: Implement TRAPcc
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/754
Signed-off-by: Richard Henderson
---
target/m68k/cpu.h | 2 ++
linux-user/m68k/cpu_loop.c | 1 +
target/m68k/cpu.c | 1 +
target/m68k/op_helper.c| 6 +
target/m68k/translate.c| 49 ++
5 files changed, 54 insertions(+), 5 deletions(-)
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 558c3c67d6..4d8f48e8c7 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -534,6 +534,8 @@ enum m68k_features {
M68K_FEATURE_MOVEC,
/* Unaligned data accesses (680[2346]0) */
M68K_FEATURE_UNALIGNED_DATA,
+/* TRAPcc insn. (680[2346]0, and CPU32) */
+M68K_FEATURE_TRAPCC,
};
static inline int m68k_feature(CPUM68KState *env, int feature)
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 000bb44cc3..5007b24c03 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -48,6 +48,7 @@ void cpu_loop(CPUM68KState *env)
force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc);
break;
case EXCP_CHK:
+case EXCP_TRAPCC:
force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTOVF, env->mmu.ar);
break;
case EXCP_DIV0:
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index c7aeb7da9c..5f778773d1 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -162,6 +162,7 @@ static void m68020_cpu_initfn(Object *obj)
m68k_set_feature(env, M68K_FEATURE_CHK2);
m68k_set_feature(env, M68K_FEATURE_MSP);
m68k_set_feature(env, M68K_FEATURE_UNALIGNED_DATA);
+m68k_set_feature(env, M68K_FEATURE_TRAPCC);
}
/*
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index aa62158eb9..61948d92bb 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -399,14 +399,10 @@ static void m68k_interrupt_all(CPUM68KState *env, int
is_hw)
do_stack_frame(env, , 2, oldsr, 0, env->pc);
break;
-case EXCP_TRAPCC:
-/* FIXME: addr is not only env->pc */
-do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
-break;
-
case EXCP_CHK:
case EXCP_DIV0:
case EXCP_TRACE:
+case EXCP_TRAPCC:
do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
break;
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 399d9232e4..c4fe8abc03 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4879,6 +4879,54 @@ DISAS_INSN(trap)
gen_exception(s, s->pc, EXCP_TRAP0 + (insn & 0xf));
}
+static void do_trapcc(DisasContext *s, DisasCompare *c)
+{
+if (c->tcond != TCG_COND_NEVER) {
+TCGLabel *over = NULL;
+
+update_cc_op(s);
+
+if (c->tcond != TCG_COND_ALWAYS) {
+/* Jump over if !c. */
+over = gen_new_label();
+tcg_gen_brcond_i32(tcg_invert_cond(c->tcond), c->v1, c->v2, over);
+}
+
+tcg_gen_movi_i32(QREG_PC, s->pc);
+gen_raise_exception_format2(s, EXCP_TRAPCC, s->base.pc_next);
+
+if (over != NULL) {
+gen_set_label(over);
+s->base.is_jmp = DISAS_NEXT;
+}
+}
+free_cond(c);
+}
+
+DISAS_INSN(trapcc)
+{
+DisasCompare c;
+
+/* Consume and discard the immediate operand. */
+switch (extract32(insn, 0, 3)) {
+case 2: /* trapcc.w */
+(void)read_im16(env, s);
+break;
+case 3: /* trapcc.l */
+(void)read_im32(env, s);
+break;
Do we really need to read the data or do we only need to increment s->pc (as the data are only here
to be available for the trap handler)?
+case 4: /* trapcc (no operand) */
+break;
+default:
+/* Illegal insn */
+disas_undef(env, s, insn);
+return;
+}
+
+gen_cc_cond(, s, extract32(insn, 8, 4));
+do_trapcc(s, );
+}
+
static void gen_load_fcr(DisasContext *s, TCGv res, int reg)
{
switch (reg) {
@@ -6050,6 +6098,7 @@ void register_m68k_insns (CPUM68KState *env)
INSN(scc, 50c0, f0f8, CF_ISA_A); /* Scc.B Dx */
INSN(scc, 50c0, f0c0, M68000); /* Scc.B */
INSN(dbcc, 50c8, f0f8, M68000);
+INSN(trapcc,50f8, f0f8, TRAPCC);
INSN(tpf, 51f8, fff8, CF_ISA_A);
/* Branch instructions. */
Reviewed-by: Laurent Vivier
Re: [PATCH 0/2] i386: fixup number of logical CPUs when host-cache-info=on
On 5/25/2022 3:56 PM, Moger, Babu wrote: On 5/24/22 18:23, Alejandro Jimenez wrote: On 5/24/2022 3:48 PM, Moger, Babu wrote: On 5/24/22 10:19, Igor Mammedov wrote: On Tue, 24 May 2022 11:10:18 -0400 Igor Mammedov wrote: CCing AMD folks as that might be of interest to them I am trying to recreate the bug on my AMD system here.. Seeing this message.. qemu-system-x86_64: -numa node,nodeid=0,memdev=ram-node0: memdev=ram-node0 is ambiguous Here is my command line.. #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net nic -nographic -machine q35,accel=kvm -cpu host,host-cache-info=on,l3-cache=off -smp 20,sockets=2,dies=1,cores=10,threads=1 -numa node,nodeid=0,memdev=ram-node0 -numa node,nodeid=1,memdev=ram-node1 -numa cpu,socket-id=0,node-id=0 -numa cpu,socket-id=1,node-id=1 Am I missing something? Hi Babu, Hopefully this will help you reproduce the issue if you are testing on Milan/Genoa. Joao (CC'd) pointed out this warning to me late last year, while I was working on patches for encoding the topology CPUID leaf in different Zen platforms. What I found from my experiments on Milan, is that the warning will appear whenever the NUMA topology requested in QEMU cmdline assigns a number of CPUs to each node that is smaller than the default # of CPUs sharing a LLC on the host platform. In short, on a Milan host where we have 16 CPUs sharing a CCX: Yes. I recreated the issue with this following command line. #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net nic -nographic -machine q35,accel=kvm -cpu host,+topoext -smp 16,sockets=1,dies=1,cores=16,threads=1 -object memory-backend-ram,id=ram-node0,size=2G -object memory-backend-ram,id=ram-node1,size=2G -numa node,nodeid=0,cpus=0-7,memdev=ram-node0 -numa node,nodeid=1,cpus=8-15,memdev=ram-node1 But solving this will be bit complicated. For AMD, this information comes from CPUID 0x801d. But, when this cpuid is being populated we don't have all the information about numa nodes etc.. But you can work-around it by modifying the command line by including dies(dies=2 in this case) information. Something like this. Makes sense; using dies=2 makes it so the cache topology leaf is built with 8cores/CCX, matching the # of NUMA nodes so all is well. #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net nic -nographic -machine q35,accel=kvm -cpu host,+topoext,host-cache-info=on -smp 16,sockets=1,dies=2,cores=8,threads=1 -object memory-backend-ram,id=ram-node0,size=2G -object memory-backend-ram,id=ram-node1,size=2G -numa node,nodeid=0,cpus=0-7,memdev=ram-node0 -numa node,nodeid=1,cpus=8-15,memdev=ram-node1 But this may not be acceptable solution in all the cases. This is not specific to host-cache-info behavior so it is probably better to discuss it separately. With that being said... The idea that I considered was to automatically calculate a value of 'dies' iff a explicit value was not requested via the '-smp' options, instead of just using the current default of dies=1. i.e. automatically mimic the host cache topology in the guest so that if we are running on Rome, the guest OS sees 4cores/CCX, but when running on Milan it sees 8cores/CCX. This can be done by querying the host CPUID and using that info to build the guest CPUID leaf in QEMU, similar to what Igor is doing here but also adjusting the number of dies that is encoded. I built prototype code that seemed to work correctly, but did not consider the complication added by '-numa' options. I think there is a much larger debate involved about what defaults are "sane", so rather than derailing this thread more, I'll send a follow up message in the future when I can take another look at the prototype patches I have. Thank you, Alejandro # cat /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_list 0-7,128-135 If a guest is launched with the following arguments: -cpu host,+topoext \ -smp cpus=64,cores=32,threads=2,sockets=1 \ -numa node,nodeid=0,cpus=0-7 -numa node,nodeid=1,cpus=8-15 \ -numa node,nodeid=2,cpus=16-23 -numa node,nodeid=3,cpus=24-31 \ -numa node,nodeid=4,cpus=32-39 -numa node,nodeid=5,cpus=40-47 \ -numa node,nodeid=6,cpus=48-55 -numa node,nodeid=7,cpus=56-63 \ it assigns 8 cpus to each NUMA node, causing the error above to be displayed. Note that ultimately the guest topology is built based on the NUMA information, so the LLC domains on the guest only end up spanning a single NUMA node. e.g.: # cat /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_list 0-7 Hope that helps, Alejandro Igor Mammedov (2): x86: cpu: make sure number of addressable IDs for processor cores meets the spec x86: cpu: fixup number of addressable IDs for logical processors sharing cache target/i386/cpu.c | 20 1 file changed, 16 insertions(+), 4 deletions(-)
Re: [PATCH v4 09/17] target/m68k: Fix stack frame for EXCP_ILLEGAL
Le 30/04/2022 à 19:53, Richard Henderson a écrit : According to the M68040 Users Manual, section 8.4.3, Four word This is in section 8.4.1 Reviewed-by: Laurent Vivier stack frame (format 0), includes Illegal Instruction. Use the correct frame format, which does not use the ADDR argument. Signed-off-by: Richard Henderson --- target/m68k/op_helper.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c index 3cb71c9140..aa62158eb9 100644 --- a/target/m68k/op_helper.c +++ b/target/m68k/op_helper.c @@ -391,11 +391,14 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw) } break; +case EXCP_ILLEGAL: +do_stack_frame(env, , 0, oldsr, 0, env->pc); +break; + case EXCP_ADDRESS: do_stack_frame(env, , 2, oldsr, 0, env->pc); break; -case EXCP_ILLEGAL: case EXCP_TRAPCC: /* FIXME: addr is not only env->pc */ do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
Re: [PATCH v9 08/12] target/hexagon: import flex/bison to docker files
On 5/25/22 13:27, Anton Johansson wrote: On 5/25/22 22:16, Richard Henderson wrote: No: * one patch to update libvirt-ci and does nothing else. * one patch to update yml template. * one patch to refresh. Just like you enumerated before. r~ Ah, right! Thanks for clarifying. Should I keep all 3 patches in this series? Probably easiest. r~
Re: [PATCH 0/3] recover hardware corrupted page by virtio balloon
Some points to consider: The injected MCE has _done_ the damages to guest workload. Recovering the guest poisoned memory doesn't help with the already happened guest workload memory corruption / loss / interruption due to injected MCEs. The hypervisor _must_ emulate poisons identified in guest physical address space (could be transported from the source VM), this is to prevent silent data corruption in the guest. With a paravirtual approach like this patch series, the hypervisor can clear some of the poisoned HVAs knowing for certain that the guest OS has isolated the poisoned page. I wonder how much value it provides to the guest if the guest and workload are _not_ in a pressing need for the extra KB/MB worth of memory. Thanks, -Jue
[RFC 1/1] i2c/aspeed: Add slave device handling in new register mode
Signed-off-by: Peter Delevoryas
---
hw/i2c/aspeed_i2c.c | 118 ++--
include/hw/i2c/aspeed_i2c.h | 14 +++--
2 files changed, 124 insertions(+), 8 deletions(-)
diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 3f2dbe46df..01af647e0c 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -221,6 +221,10 @@
#define I2CM_DMA_LEN 0x1c
#define I2CS_INT_CTRL_REG 0x20
#define I2CS_INT_STS_REG 0x24
+#define I2CS_PKT_DONE BIT(16)
+#define I2CS_SLAVE_MATCHBIT(7)
+#define I2CS_STOP BIT(4)
+#define I2CS_RX_DONEBIT(2)
#define I2CS_CMD_STS_REG 0x28
#define I2CS_DMA_LEN 0x2c
#define I2CM_DMA_TX_BUF 0x30
@@ -334,16 +338,38 @@ static uint64_t aspeed_i2c_bus_read_new(void *opaque,
hwaddr offset,
value = (i2c_bus_busy(bus->bus) << 16);
break;
case I2CC_M_X_POOL_BUF_CTRL_REG:
+break;
case I2CS_INT_CTRL_REG:
+value = bus->slave_intr_ctrl;
+break;
case I2CS_INT_STS_REG:
+value = bus->slave_intr_status;
+break;
case I2CS_CMD_STS_REG:
+value = bus->slave_cmd;
+break;
case I2CS_DMA_LEN:
+value = bus->slave_dma_len;
+break;
case I2CS_DMA_TX_BUF:
+/* FIXME: Not sure if we should return same value as RX buf */
+value = bus->slave_dma_addr;
+break;
case I2CS_DMA_RX_BUF:
+value = bus->slave_dma_addr;
+break;
case I2CS_SA_REG:
+value = bus->dev_addr;
+break;
case I2CS_DMA_LEN_STS_REG:
+value = bus->slave_dma_len_tx | (bus->slave_dma_len_rx << 16);
+break;
case I2CC_DMA_OP_ADDR_REG:
+value = bus->slave_dma_addr;
+break;
case I2CC_DMA_OP_LEN_REG:
+value = bus->slave_dma_len;
+break;
default:
qemu_log_mask(LOG_GUEST_ERROR,
"%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__, offset);
@@ -870,9 +896,7 @@ static void aspeed_i2c_bus_write_new(void *opaque, hwaddr
offset,
switch (offset) {
case I2CC_M_S_FUNC_CTRL_REG:
if (value & I2CD_SLAVE_EN) {
-qemu_log_mask(LOG_UNIMP, "%s: slave mode not implemented\n",
- __func__);
-break;
+i2c_slave_set_address(>slave->i2c, bus->dev_addr);
}
bus->ctrl = value & 0x007F;
break;
@@ -934,16 +958,44 @@ static void aspeed_i2c_bus_write_new(void *opaque, hwaddr
offset,
bus->dma_len_rx = 0;
break;
case I2CC_M_X_POOL_BUF_CTRL_REG:
+break;
case I2CS_INT_CTRL_REG:
+bus->slave_intr_ctrl = value;
+break;
case I2CS_INT_STS_REG:
+if (value & I2CM_PKT_DONE) {
+value |= 0x280b5;
+}
+bus->slave_intr_status &= ~value;
+/* FIXME: Maybe need to check master interrupt status too. */
+if (!bus->slave_intr_status) {
+bus->controller->intr_status &= ~(1 << bus->id);
+qemu_irq_lower(aic->bus_get_irq(bus));
+}
+break;
case I2CS_CMD_STS_REG:
+assert(!(bus->slave_cmd >> 31));
+bus->slave_cmd = value;
+break;
+case I2CS_SA_REG:
+bus->dev_addr = value;
+break;
case I2CS_DMA_LEN:
+assert(value);
+bus->slave_dma_len = value;
+break;
case I2CS_DMA_TX_BUF:
case I2CS_DMA_RX_BUF:
-case I2CS_SA_REG:
+bus->slave_dma_addr = value;
+break;
case I2CS_DMA_LEN_STS_REG:
+bus->slave_dma_len_tx = 0;
+bus->slave_dma_len_rx = 0;
+break;
case I2CC_DMA_OP_ADDR_REG:
case I2CC_DMA_OP_LEN_REG:
+/* Invalid to write to DMA operating status registers */
+break;
default:
break;
}
@@ -1298,11 +1350,42 @@ static const TypeInfo aspeed_i2c_info = {
.abstract = true,
};
+static int aspeed_i2c_slave_event_new(AspeedI2CBus *bus, enum i2c_event event)
+{
+AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
+
+switch (event) {
+case I2C_START_SEND:
+bus->slave_dma_len_rx = 0;
+assert(bus->slave_dma_len_tx == 0);
+assert(bus->slave_dma_len);
+assert(bus->slave_dma_addr);
+i2c_ack(bus->bus);
+break;
+case I2C_FINISH:
+bus->slave_intr_status |= I2CS_PKT_DONE;
+bus->slave_intr_status |= I2CS_SLAVE_MATCH;
+bus->slave_intr_status |= I2CS_RX_DONE;
+bus->slave_intr_status |= I2CS_STOP;
+bus->controller->intr_status |= 1 << bus->id;
+qemu_irq_raise(aic->bus_get_irq(bus));
+break;
+default:
+break;
+}
+
+return 0;
+}
+
static int aspeed_i2c_slave_event(I2CSlave *slave, enum i2c_event event)
{
AspeedI2CSlave *s = ASPEED_I2C_SLAVE(slave);
AspeedI2CBus *bus = s->bus;
+if (aspeed_i2c_bus_is_new_mode(bus)) {
+return aspeed_i2c_slave_event_new(bus,
[RFC 0/1] i2c/aspeed: Add slave device handling in new register mode
The AST2600/AST1030 new register mode patches[1] and the I2C slave device patches[2] will be really useful, but we still need DMA slave device handling in the new register mode too for the use-cases I'm thinking of (OpenBIC Zephyr kernel using Aspeed SDK drivers[3]). My test images are on Github[4]. They can be used with the ast1030-evb, or the oby35-cl and oby35-bb machines in the fb qemu branch[5]. I'm submitting this as an RFC cause I just want to see how other people expect these changes to be made based on the previously submitted "new register mode" and "old register mode slave device" patches. Thanks, Peter [1] https://patchwork.kernel.org/project/qemu-devel/list/?series=626028=both [2] https://patchwork.kernel.org/project/qemu-devel/list/?series=627914=both [3] https://github.com/AspeedTech-BMC/zephyr/blob/db3dbcc9c52e67a47180890ac938ed380b33f91c/drivers/i2c/i2c_aspeed.c#L1362-L1368 [4] https://github.com/peterdelevoryas/OpenBIC/releases/tag/oby35-cl-2022.13.01 [5] https://github.com/facebook/openbmc-qemu Peter Delevoryas (1): i2c/aspeed: Add slave device handling in new register mode hw/i2c/aspeed_i2c.c | 118 ++-- include/hw/i2c/aspeed_i2c.h | 14 +++-- 2 files changed, 124 insertions(+), 8 deletions(-) -- 2.30.2
Re: [PULL 00/15] aspeed queue
On 5/25/22 09:01, Cédric Le Goater wrote: The following changes since commit 3757b0d08b399c609954cf57f273b1167e5d7a8d: Merge tag 'pull-request-2022-05-18' of https://gitlab.com/thuth/qemu into staging (2022-05-20 08:04:30 -0700) are available in the Git repository at: https://github.com/legoater/qemu/ tags/pull-aspeed-20220525 for you to fetch changes up to 52bcd997800fab67d57bea6d93e368f6f7a93b24: hw/arm/aspeed: Add i2c devices for AST2600 EVB (2022-05-25 16:22:37 +0200) aspeed queue: * Aspeed GPIO model extensions * GPIO support for the Aspeed AST1030 SoC * New fby35 machine (AST2600 based) * Extra unit tests for the GPIO and SMC models * Initialization of all UART with serial devices * AST2600 EVB and Documentation update Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate. r~ Cédric Le Goater (1): aspeed: Introduce a get_irq AspeedSoCClass method Howard Chiu (1): hw/arm/aspeed: Add i2c devices for AST2600 EVB Iris Chen (1): hw: m25p80: allow write_enable latch get/set Jamin Lin (5): docs: add minibmc section in aspeed document hw/gpio Add GPIO read/write trace event. hw/gpio: Add ASPEED GPIO model for AST1030 hw/gpio support GPIO index mode for write operation. hw/gpio: replace HWADDR_PRIx with PRIx64 Peter Delevoryas (7): hw/arm/aspeed: Add fby35 machine type docs: aspeed: Add fby35 board hw: aspeed: Add missing UART's hw: aspeed: Add uarts_num SoC attribute hw: aspeed: Ensure AST1030 respects uart-default hw: aspeed: Introduce common UART init function hw: aspeed: Init all UART's with serial devices docs/system/arm/aspeed.rst | 62 ++ include/hw/arm/aspeed_soc.h| 13 +++ include/hw/gpio/aspeed_gpio.h | 16 ++- tests/qtest/libqtest.h | 22 hw/arm/aspeed.c| 74 +++- hw/arm/aspeed_ast10x0.c| 48 ++-- hw/arm/aspeed_ast2600.c| 32 +++-- hw/arm/aspeed_soc.c| 46 ++-- hw/block/m25p80.c | 1 + hw/gpio/aspeed_gpio.c | 257 ++--- tests/qtest/aspeed_gpio-test.c | 40 ++- tests/qtest/aspeed_smc-test.c | 43 +++ tests/qtest/libqtest.c | 24 hw/gpio/trace-events | 4 + 14 files changed, 607 insertions(+), 75 deletions(-)
Re: [PATCH v9 08/12] target/hexagon: import flex/bison to docker files
On 5/25/22 22:16, Richard Henderson wrote: No: * one patch to update libvirt-ci and does nothing else. * one patch to update yml template. * one patch to refresh. Just like you enumerated before. r~ Ah, right! Thanks for clarifying. Should I keep all 3 patches in this series? -- Anton Johansson, rev.ng Labs Srl.
Re: [PATCH v9 08/12] target/hexagon: import flex/bison to docker files
On 5/25/22 13:14, Anton Johansson wrote: Just to make sure I understood you correctly, I should: 1. Make a standalone patch that updates libvirt-ci and runs the refresh script, in case any package mappings changed 2. Change this patch to add flex/bison to QEMU's qemu.yml, and run refresh No: * one patch to update libvirt-ci and does nothing else. * one patch to update yml template. * one patch to refresh. Just like you enumerated before. r~
Re: [PATCH v9 08/12] target/hexagon: import flex/bison to docker files
On 5/25/22 18:38, Alex Bennée wrote: Richard Henderson writes: On 5/25/22 05:29, Anton Johansson wrote: For clarity's sake, here are the exact steps taken to produce this patch: 1. Update QEMU's libvirt-ci to the commit https://gitlab.com/libvirt/libvirt-ci/-/commit/43927ff508e8ecb1ac225dabbc95b37c890db917 which adds flex/bison, and a native glib2 (required since idef-parser is a build-time tool.) This must be split out -- submodule updates should be a patch by themselves. Otherwise it can look like unintentional rebase breakage (which, sadly, happens more often than legitimate submodule updates). 2. Copy in new `tests/lcitool/projects/qemu.yml` from `libvirt-ci` 3. run `tests/lcitool/refresh` to generate new docker/cirrus files And, yes, having one patch that's simply auto-generated is helpful. To quote danpb: danpb: should our tests/lcitool/projects/qemu.yml match the one in the lcitool repo or are they different use cases? the one in libvirt-ci.git should be deleted really the one in qemu.git is the source of truth so please just update the qemu.git qemu.yml for just what you need for flex/bison without bringing in all the other (stale?) stuff. r~ I see, thanks! Just to make sure I understood you correctly, I should: 1. Make a standalone patch that updates libvirt-ci and runs the refresh script, in case any package mappings changed 2. Change this patch to add flex/bison to QEMU's qemu.yml, and run refresh -- Anton Johansson, rev.ng Labs Srl.
Re: [PATCH v4 17/17] target/m68k: Mark helper_raise_exception as noreturn
On 5/25/22 12:45, Laurent Vivier wrote:
+DEF_HELPER_2(raise_exception, noreturn, env, i32)
...
-static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
+G_NORETURN static void
+raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
{
CPUState *cs = env_cpu(env);
@@ -540,7 +541,7 @@ static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t
raddr)
cpu_loop_exit_restore(cs, raddr);
}
-static void raise_exception(CPUM68KState *env, int tt)
+G_NORETURN static void raise_exception(CPUM68KState *env, int tt)
{
raise_exception_ra(env, tt, 0);
}
And why not
G_NORETURN void HELPER(raise_exception)(CPUM68KState *env, uint32_t tt)
?
Because the declaration in the header file takes care of that.
No need to replicate it in the definition.
r~
Re: [PATCH 0/2] i386: fixup number of logical CPUs when host-cache-info=on
On 5/25/22 02:05, Igor Mammedov wrote: > On Tue, 24 May 2022 14:48:29 -0500 > "Moger, Babu" wrote: > >> On 5/24/22 10:19, Igor Mammedov wrote: >>> On Tue, 24 May 2022 11:10:18 -0400 >>> Igor Mammedov wrote: >>> >>> CCing AMD folks as that might be of interest to them >> I am trying to recreate the bug on my AMD system here.. Seeing this message.. >> >> qemu-system-x86_64: -numa node,nodeid=0,memdev=ram-node0: memdev=ram-node0 >> is ambiguous >> >> Here is my command line.. >> >> #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net >> nic -nographic -machine q35,accel=kvm -cpu >> host,host-cache-info=on,l3-cache=off -smp >> 20,sockets=2,dies=1,cores=10,threads=1 -numa >> node,nodeid=0,memdev=ram-node0 -numa node,nodeid=1,memdev=ram-node1 -numa >> cpu,socket-id=0,node-id=0 -numa cpu,socket-id=1,node-id=1 >> >> Am I missing something? > Yep, sorry I've omitted -object memory-backend-foo definitions for > ram-node0 and ram-node1 > > one can use any memory backend, it doesn't really matter in this case, > for example following should do: > -object memory-backend-ram,id=ram-node0,size=2G \ > -object memory-backend-ram,id=ram-node1,size=2G Thanks Igor. However these changes(patch 1 and 2) does not affect AMD systems as far i can see. Thanks Babu > >> >>> Igor Mammedov (2): x86: cpu: make sure number of addressable IDs for processor cores meets the spec x86: cpu: fixup number of addressable IDs for logical processors sharing cache target/i386/cpu.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) -- Thanks Babu Moger
Re: [PATCH 0/2] i386: fixup number of logical CPUs when host-cache-info=on
On 5/24/22 18:23, Alejandro Jimenez wrote: > On 5/24/2022 3:48 PM, Moger, Babu wrote: >> >> On 5/24/22 10:19, Igor Mammedov wrote: >>> On Tue, 24 May 2022 11:10:18 -0400 >>> Igor Mammedov wrote: >>> >>> CCing AMD folks as that might be of interest to them >> >> I am trying to recreate the bug on my AMD system here.. Seeing this >> message.. >> >> qemu-system-x86_64: -numa node,nodeid=0,memdev=ram-node0: memdev=ram-node0 >> is ambiguous >> >> Here is my command line.. >> >> #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net >> nic -nographic -machine q35,accel=kvm -cpu >> host,host-cache-info=on,l3-cache=off -smp >> 20,sockets=2,dies=1,cores=10,threads=1 -numa >> node,nodeid=0,memdev=ram-node0 -numa node,nodeid=1,memdev=ram-node1 -numa >> cpu,socket-id=0,node-id=0 -numa cpu,socket-id=1,node-id=1 >> >> Am I missing something? > Hi Babu, > > Hopefully this will help you reproduce the issue if you are testing on > Milan/Genoa. Joao (CC'd) pointed out this warning to me late last year, > while I was working on patches for encoding the topology CPUID leaf in > different Zen platforms. > > What I found from my experiments on Milan, is that the warning will > appear whenever the NUMA topology requested in QEMU cmdline assigns a > number of CPUs to each node that is smaller than the default # of CPUs > sharing a LLC on the host platform. In short, on a Milan host where we > have 16 CPUs sharing a CCX: Yes. I recreated the issue with this following command line. #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net nic -nographic -machine q35,accel=kvm -cpu host,+topoext -smp 16,sockets=1,dies=1,cores=16,threads=1 -object memory-backend-ram,id=ram-node0,size=2G -object memory-backend-ram,id=ram-node1,size=2G -numa node,nodeid=0,cpus=0-7,memdev=ram-node0 -numa node,nodeid=1,cpus=8-15,memdev=ram-node1 But solving this will be bit complicated. For AMD, this information comes from CPUID 0x801d. But, when this cpuid is being populated we don't have all the information about numa nodes etc.. But you can work-around it by modifying the command line by including dies(dies=2 in this case) information. Something like this. #qemu-system-x86_64 -name rhel8 -m 4096 -hda vdisk.qcow2 -enable-kvm -net nic -nographic -machine q35,accel=kvm -cpu host,+topoext,host-cache-info=on -smp 16,sockets=1,dies=2,cores=8,threads=1 -object memory-backend-ram,id=ram-node0,size=2G -object memory-backend-ram,id=ram-node1,size=2G -numa node,nodeid=0,cpus=0-7,memdev=ram-node0 -numa node,nodeid=1,cpus=8-15,memdev=ram-node1 But this may not be acceptable solution in all the cases. > > # cat /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_list > 0-7,128-135 > > If a guest is launched with the following arguments: > > -cpu host,+topoext \ > -smp cpus=64,cores=32,threads=2,sockets=1 \ > -numa node,nodeid=0,cpus=0-7 -numa node,nodeid=1,cpus=8-15 \ > -numa node,nodeid=2,cpus=16-23 -numa node,nodeid=3,cpus=24-31 \ > -numa node,nodeid=4,cpus=32-39 -numa node,nodeid=5,cpus=40-47 \ > -numa node,nodeid=6,cpus=48-55 -numa node,nodeid=7,cpus=56-63 \ > > it assigns 8 cpus to each NUMA node, causing the error above to be > displayed. > > Note that ultimately the guest topology is built based on the NUMA > information, so the LLC domains on the guest only end up spanning a > single NUMA node. e.g.: > > # cat /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_list > 0-7 > > Hope that helps, > Alejandro >> >> >>> Igor Mammedov (2): x86: cpu: make sure number of addressable IDs for processor cores meets the spec x86: cpu: fixup number of addressable IDs for logical processors sharing cache target/i386/cpu.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) > -- Thanks Babu Moger
[PULL 17/17] i386: docs: Convert hyperv.txt to rST
From: Vitaly Kuznetsov rSTify docs/hyperv.txt and link it from docs/system/target-i386.rst. Signed-off-by: Vitaly Kuznetsov Message-Id: <20220525115949.1294004-7-vkuzn...@redhat.com> Signed-off-by: Paolo Bonzini --- docs/hyperv.txt | 303 docs/system/i386/hyperv.rst | 288 ++ docs/system/target-i386.rst | 1 + 3 files changed, 289 insertions(+), 303 deletions(-) delete mode 100644 docs/hyperv.txt create mode 100644 docs/system/i386/hyperv.rst diff --git a/docs/hyperv.txt b/docs/hyperv.txt deleted file mode 100644 index 14a7f449ea..00 --- a/docs/hyperv.txt +++ /dev/null @@ -1,303 +0,0 @@ -Hyper-V Enlightenments -== - - -1. Description -=== -In some cases when implementing a hardware interface in software is slow, KVM -implements its own paravirtualized interfaces. This works well for Linux as -guest support for such features is added simultaneously with the feature itself. -It may, however, be hard-to-impossible to add support for these interfaces to -proprietary OSes, namely, Microsoft Windows. - -KVM on x86 implements Hyper-V Enlightenments for Windows guests. These features -make Windows and Hyper-V guests think they're running on top of a Hyper-V -compatible hypervisor and use Hyper-V specific features. - - -2. Setup -= -No Hyper-V enlightenments are enabled by default by either KVM or QEMU. In -QEMU, individual enlightenments can be enabled through CPU flags, e.g: - - qemu-system-x86_64 --enable-kvm --cpu host,hv_relaxed,hv_vpindex,hv_time, ... - -Sometimes there are dependencies between enlightenments, QEMU is supposed to -check that the supplied configuration is sane. - -When any set of the Hyper-V enlightenments is enabled, QEMU changes hypervisor -identification (CPUID 0x4000..0x400A) to Hyper-V. KVM identification -and features are kept in leaves 0x4100..0x4101. - - -3. Existing enlightenments -=== - -3.1. hv-relaxed - -This feature tells guest OS to disable watchdog timeouts as it is running on a -hypervisor. It is known that some Windows versions will do this even when they -see 'hypervisor' CPU flag. - -3.2. hv-vapic -== -Provides so-called VP Assist page MSR to guest allowing it to work with APIC -more efficiently. In particular, this enlightenment allows paravirtualized -(exit-less) EOI processing. - -3.3. hv-spinlocks=xxx -== -Enables paravirtualized spinlocks. The parameter indicates how many times -spinlock acquisition should be attempted before indicating the situation to the -hypervisor. A special value 0x indicates "never notify". - -3.4. hv-vpindex - -Provides HV_X64_MSR_VP_INDEX (0x4002) MSR to the guest which has Virtual -processor index information. This enlightenment makes sense in conjunction with -hv-synic, hv-stimer and other enlightenments which require the guest to know its -Virtual Processor indices (e.g. when VP index needs to be passed in a -hypercall). - -3.5. hv-runtime - -Provides HV_X64_MSR_VP_RUNTIME (0x4010) MSR to the guest. The MSR keeps the -virtual processor run time in 100ns units. This gives guest operating system an -idea of how much time was 'stolen' from it (when the virtual CPU was preempted -to perform some other work). - -3.6. hv-crash -== -Provides HV_X64_MSR_CRASH_P0..HV_X64_MSR_CRASH_P5 (0x4100..0x4105) and -HV_X64_MSR_CRASH_CTL (0x4105) MSRs to the guest. These MSRs are written to -by the guest when it crashes, HV_X64_MSR_CRASH_P0..HV_X64_MSR_CRASH_P5 MSRs -contain additional crash information. This information is outputted in QEMU log -and through QAPI. -Note: unlike under genuine Hyper-V, write to HV_X64_MSR_CRASH_CTL causes guest -to shutdown. This effectively blocks crash dump generation by Windows. - -3.7. hv-time -= -Enables two Hyper-V-specific clocksources available to the guest: MSR-based -Hyper-V clocksource (HV_X64_MSR_TIME_REF_COUNT, 0x4020) and Reference TSC -page (enabled via MSR HV_X64_MSR_REFERENCE_TSC, 0x4021). Both clocksources -are per-guest, Reference TSC page clocksource allows for exit-less time stamp -readings. Using this enlightenment leads to significant speedup of all timestamp -related operations. - -3.8. hv-synic -== -Enables Hyper-V Synthetic interrupt controller - an extension of a local APIC. -When enabled, this enlightenment provides additional communication facilities -to the guest: SynIC messages and Events. This is a pre-requisite for -implementing VMBus devices (not yet in QEMU). Additionally, this enlightenment -is needed to enable Hyper-V synthetic timers. SynIC is controlled through MSRs -HV_X64_MSR_SCONTROL..HV_X64_MSR_EOM (0x4080..0x4084) and -HV_X64_MSR_SINT0..HV_X64_MSR_SINT15 (0x4090..0x409F) - -Requires: hv-vpindex - -3.9. hv-stimer -=== -Enables
[PULL 14/17] i386: Hyper-V XMM fast hypercall input feature
From: Vitaly Kuznetsov
Hyper-V specification allows to pass parameters for certain hypercalls
using XMM registers ("XMM Fast Hypercall Input"). When the feature is
in use, it allows for faster hypercalls processing as KVM can avoid
reading guest's memory.
KVM supports the feature since v5.14.
Rename HV_HYPERCALL_{PARAMS_XMM_AVAILABLE -> XMM_INPUT_AVAILABLE} to
comply with KVM.
Signed-off-by: Vitaly Kuznetsov
Message-Id: <20220525115949.1294004-4-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini
---
docs/hyperv.txt| 6 ++
target/i386/cpu.h | 1 +
target/i386/kvm/hyperv-proto.h | 2 +-
target/i386/cpu.c | 2 ++
target/i386/kvm/kvm.c | 7 +++
5 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/docs/hyperv.txt b/docs/hyperv.txt
index 5d85569b99..af1b10c0b3 100644
--- a/docs/hyperv.txt
+++ b/docs/hyperv.txt
@@ -249,6 +249,12 @@ Enlightened VMCS ('hv-evmcs') feature to also be enabled.
Recommended: hv-evmcs (Intel)
+3.23. hv-xmm-input
+===
+Hyper-V specification allows to pass parameters for certain hypercalls using
XMM
+registers ("XMM Fast Hypercall Input"). When the feature is in use, it allows
+for faster hypercalls processing as KVM can avoid reading guest's memory.
+
4. Supplementary features
=
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index c788285736..37e9553584 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1107,6 +1107,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
#define HYPERV_FEAT_AVIC15
#define HYPERV_FEAT_SYNDBG 16
#define HYPERV_FEAT_MSR_BITMAP 17
+#define HYPERV_FEAT_XMM_INPUT 18
#ifndef HYPERV_SPINLOCK_NEVER_NOTIFY
#define HYPERV_SPINLOCK_NEVER_NOTIFY 0x
diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h
index cea18dbc0e..f5f16474fa 100644
--- a/target/i386/kvm/hyperv-proto.h
+++ b/target/i386/kvm/hyperv-proto.h
@@ -54,7 +54,7 @@
#define HV_GUEST_DEBUGGING_AVAILABLE(1u << 1)
#define HV_PERF_MONITOR_AVAILABLE (1u << 2)
#define HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE (1u << 3)
-#define HV_HYPERCALL_PARAMS_XMM_AVAILABLE (1u << 4)
+#define HV_HYPERCALL_XMM_INPUT_AVAILABLE(1u << 4)
#define HV_GUEST_IDLE_STATE_AVAILABLE (1u << 5)
#define HV_FREQUENCY_MSRS_AVAILABLE (1u << 8)
#define HV_GUEST_CRASH_MSR_AVAILABLE(1u << 10)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 474e9b582e..63cec0ea68 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6970,6 +6970,8 @@ static Property x86_cpu_properties[] = {
HYPERV_FEAT_AVIC, 0),
DEFINE_PROP_BIT64("hv-emsr-bitmap", X86CPU, hyperv_features,
HYPERV_FEAT_MSR_BITMAP, 0),
+DEFINE_PROP_BIT64("hv-xmm-input", X86CPU, hyperv_features,
+ HYPERV_FEAT_XMM_INPUT, 0),
DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
DEFINE_PROP_BIT64("hv-syndbg", X86CPU, hyperv_features,
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index f389bbedf2..7e6f934eda 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -980,6 +980,13 @@ static struct {
.bits = HV_NESTED_MSR_BITMAP}
}
},
+[HYPERV_FEAT_XMM_INPUT] = {
+.desc = "XMM fast hypercall input (hv-xmm-input)",
+.flags = {
+{.func = HV_CPUID_FEATURES, .reg = R_EDX,
+ .bits = HV_HYPERCALL_XMM_INPUT_AVAILABLE}
+}
+},
};
static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max,
--
2.36.1
[PULL 12/17] i386: Use hv_build_cpuid_leaf() for HV_CPUID_NESTED_FEATURES
From: Vitaly Kuznetsov
Previously, HV_CPUID_NESTED_FEATURES.EAX CPUID leaf was handled differently
as it was only used to encode the supported eVMCS version range. In fact,
there are also feature (e.g. Enlightened MSR-Bitmap) bits there. In
preparation to adding these features, move HV_CPUID_NESTED_FEATURES leaf
handling to hv_build_cpuid_leaf() and drop now-unneeded 'hyperv_nested'.
No functional change intended.
Signed-off-by: Vitaly Kuznetsov
Message-Id: <20220525115949.1294004-2-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.h | 1 -
target/i386/kvm/kvm.c | 25 +++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 0d528ac58f..2e918daf6b 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1804,7 +1804,6 @@ struct ArchCPU {
uint32_t hyperv_vendor_id[3];
uint32_t hyperv_interface_id[4];
uint32_t hyperv_limits[3];
-uint32_t hyperv_nested[4];
bool hyperv_enforce_cpuid;
uint32_t hyperv_ver_id_build;
uint16_t hyperv_ver_id_major;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index e2d675115b..38af0e4f04 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -831,6 +831,8 @@ static bool tsc_is_stable_and_known(CPUX86State *env)
|| env->user_tsc_khz;
}
+#define DEFAULT_EVMCS_VERSION ((1 << 8) | 1)
+
static struct {
const char *desc;
struct {
@@ -1254,6 +1256,13 @@ static uint32_t hv_build_cpuid_leaf(CPUState *cs,
uint32_t func, int reg)
}
}
+/* HV_CPUID_NESTED_FEATURES.EAX also encodes the supported eVMCS range */
+if (func == HV_CPUID_NESTED_FEATURES && reg == R_EAX) {
+if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
+r |= DEFAULT_EVMCS_VERSION;
+}
+}
+
return r;
}
@@ -1384,11 +1393,11 @@ static int hyperv_fill_cpuids(CPUState *cs,
struct kvm_cpuid_entry2 *c;
uint32_t signature[3];
uint32_t cpuid_i = 0, max_cpuid_leaf = 0;
+uint32_t nested_eax =
+hv_build_cpuid_leaf(cs, HV_CPUID_NESTED_FEATURES, R_EAX);
-max_cpuid_leaf = HV_CPUID_IMPLEMENT_LIMITS;
-if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
-max_cpuid_leaf = MAX(max_cpuid_leaf, HV_CPUID_NESTED_FEATURES);
-}
+max_cpuid_leaf = nested_eax ? HV_CPUID_NESTED_FEATURES :
+HV_CPUID_IMPLEMENT_LIMITS;
if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNDBG)) {
max_cpuid_leaf =
@@ -1461,7 +1470,7 @@ static int hyperv_fill_cpuids(CPUState *cs,
c->ecx = cpu->hyperv_limits[1];
c->edx = cpu->hyperv_limits[2];
-if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
+if (nested_eax) {
uint32_t function;
/* Create zeroed 0x4006..0x4009 leaves */
@@ -1473,7 +1482,7 @@ static int hyperv_fill_cpuids(CPUState *cs,
c = _ent[cpuid_i++];
c->function = HV_CPUID_NESTED_FEATURES;
-c->eax = cpu->hyperv_nested[0];
+c->eax = nested_eax;
}
if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNDBG)) {
@@ -1522,8 +1531,6 @@ static bool evmcs_version_supported(uint16_t
evmcs_version,
(max_version <= max_supported_version);
}
-#define DEFAULT_EVMCS_VERSION ((1 << 8) | 1)
-
static int hyperv_init_vcpu(X86CPU *cpu)
{
CPUState *cs = CPU(cpu);
@@ -1620,8 +1627,6 @@ static int hyperv_init_vcpu(X86CPU *cpu)
supported_evmcs_version >> 8);
return -ENOTSUP;
}
-
-cpu->hyperv_nested[0] = evmcs_version;
}
if (cpu->hyperv_enforce_cpuid) {
--
2.36.1
Re: [PATCH v4 17/17] target/m68k: Mark helper_raise_exception as noreturn
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Also mark raise_exception_ra and raise_exception, lest we
generate a warning about helper_raise_exception returning.
Signed-off-by: Richard Henderson
---
target/m68k/helper.h| 2 +-
target/m68k/op_helper.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index f016c4c1c2..c9bed2b884 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -109,7 +109,7 @@ DEF_HELPER_3(set_mac_extu, void, env, i32, i32)
DEF_HELPER_2(flush_flags, void, env, i32)
DEF_HELPER_2(set_ccr, void, env, i32)
DEF_HELPER_FLAGS_1(get_ccr, TCG_CALL_NO_WG_SE, i32, env)
-DEF_HELPER_2(raise_exception, void, env, i32)
+DEF_HELPER_2(raise_exception, noreturn, env, i32)
DEF_HELPER_FLAGS_3(bfffo_reg, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 61948d92bb..d9937ca8dc 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -532,7 +532,8 @@ bool m68k_cpu_exec_interrupt(CPUState *cs, int
interrupt_request)
#endif /* !CONFIG_USER_ONLY */
-static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
+G_NORETURN static void
+raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
{
CPUState *cs = env_cpu(env);
@@ -540,7 +541,7 @@ static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
cpu_loop_exit_restore(cs, raddr);
}
-static void raise_exception(CPUM68KState *env, int tt)
+G_NORETURN static void raise_exception(CPUM68KState *env, int tt)
{
raise_exception_ra(env, tt, 0);
}
And why not
G_NORETURN void HELPER(raise_exception)(CPUM68KState *env, uint32_t tt)
?
Thanks,
Laurent
Re: [PATCH v4 16/17] linux-user/strace: Adjust get_thread_area for m68k
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Unlike i386, m68k get_thread_area has no arguments.
Signed-off-by: Richard Henderson
---
linux-user/strace.list | 5 +
1 file changed, 5 insertions(+)
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 278596acd1..72e17b1acf 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -384,8 +384,13 @@
{ TARGET_NR_getsockopt, "getsockopt" , NULL, NULL, NULL },
#endif
#ifdef TARGET_NR_get_thread_area
+#if defined(TARGET_I386) && defined(TARGET_ABI32)
{ TARGET_NR_get_thread_area, "get_thread_area", "%s(0x"TARGET_ABI_FMT_lx")",
NULL, NULL },
+#elif defined(TARGET_M68K)
+{ TARGET_NR_get_thread_area, "get_thread_area" , "%s()",
+ NULL, print_syscall_ret_addr },
+#endif
#endif
#ifdef TARGET_NR_gettid
{ TARGET_NR_gettid, "gettid" , "%s()", NULL, NULL },
Reviewed-by: Laurent Vivier
[PULL 11/17] ide_ioport_read: Return lower octet of data register instead of 0xFF
From: Lev Kujawski
Prior to this patch, the pre-GRUB Solaris x86 bootloader would fail to
load on QEMU with the following screen output:
SunOS Secondary Boot version 3.00
prom_panic: Could not mount filesystem.
Entering boot debugger:
[136419]: _
This occurs because the bootloader issues an ATA IDENTIFY DEVICE
command, and then reads the resulting 256 words of parameter
information using inb rather than the correct inw. As the previous
behavior of QEMU was to return 0xFF and not advance the drive's sector
buffer, DRQ would never be cleared and the bootloader would be blocked
from selecting a secondary ATA device, such as an optical drive.
Resolves:
* [Bug 1639394] Unable to boot Solaris 8/9 x86 under Fedora 24
Signed-off-by: Lev Kujawski
Message-Id: <20220520235200.1138450-1-lku...@member.fsf.org>
Signed-off-by: Paolo Bonzini
---
hw/ide/core.c | 6 +-
hw/ide/macio.c | 4 +++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 3a5afff5d7..c2caa54285 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2166,7 +2166,11 @@ uint32_t ide_ioport_read(void *opaque, uint32_t addr)
hob = bus->cmd & (IDE_CTRL_HOB);
switch (reg_num) {
case ATA_IOPORT_RR_DATA:
-ret = 0xff;
+/*
+ * The pre-GRUB Solaris x86 bootloader relies upon inb
+ * consuming a word from the drive's sector buffer.
+ */
+ret = ide_data_readw(bus, addr) & 0xff;
break;
case ATA_IOPORT_RR_ERROR:
if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index f08318cf97..1c15c37ec5 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -267,7 +267,9 @@ static uint64_t pmac_ide_read(void *opaque, hwaddr addr,
unsigned size)
switch (reg) {
case 0x0:
-if (size == 2) {
+if (size == 1) {
+retval = ide_data_readw(>bus, 0) & 0xFF;
+} else if (size == 2) {
retval = ide_data_readw(>bus, 0);
} else if (size == 4) {
retval = ide_data_readl(>bus, 0);
--
2.36.1
[PULL 10/17] target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host
From: "Maciej S. Szmigiero"
Since KVM commit 5f76f6f5ff96 ("KVM: nVMX: Do not expose MPX VMX controls when
guest MPX disabled")
it is not possible to disable MPX on a "-cpu host" just by adding "-mpx"
there if the host CPU does indeed support MPX.
QEMU will fail to set MSR_IA32_VMX_TRUE_{EXIT,ENTRY}_CTLS MSRs in this case
and so trigger an assertion failure.
Instead, besides "-mpx" one has to explicitly add also
"-vmx-exit-clear-bndcfgs" and "-vmx-entry-load-bndcfgs" to QEMU command
line to make it work, which is a bit convoluted.
Make the MPX-related bits in FEAT_VMX_{EXIT,ENTRY}_CTLS dependent on MPX
being actually enabled so such workarounds are no longer necessary.
Signed-off-by: Maciej S. Szmigiero
Message-Id:
<51aa2125c76363204cc23c27165e778097c33f0b.1653323077.git.maciej.szmigi...@oracle.com>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.c | 8
1 file changed, 8 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 35c3475e6c..385691458f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1355,6 +1355,14 @@ static FeatureDep feature_dependencies[] = {
.from = { FEAT_7_0_EBX, CPUID_7_0_EBX_INVPCID },
.to = { FEAT_VMX_SECONDARY_CTLS,VMX_SECONDARY_EXEC_ENABLE_INVPCID
},
},
+{
+.from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
+.to = { FEAT_VMX_EXIT_CTLS, VMX_VM_EXIT_CLEAR_BNDCFGS },
+},
+{
+.from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
+.to = { FEAT_VMX_ENTRY_CTLS,VMX_VM_ENTRY_LOAD_BNDCFGS },
+},
{
.from = { FEAT_7_0_EBX, CPUID_7_0_EBX_RDSEED },
.to = { FEAT_VMX_SECONDARY_CTLS,VMX_SECONDARY_EXEC_RDSEED_EXITING
},
--
2.36.1
[PULL 13/17] i386: Hyper-V Enlightened MSR bitmap feature
From: Vitaly Kuznetsov
The newly introduced enlightenment allow L0 (KVM) and L1 (Hyper-V)
hypervisors to collaborate to avoid unnecessary updates to L2
MSR-Bitmap upon vmexits.
Signed-off-by: Vitaly Kuznetsov
Message-Id: <20220525115949.1294004-3-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini
---
docs/hyperv.txt| 9 +
target/i386/cpu.h | 1 +
target/i386/kvm/hyperv-proto.h | 5 +
target/i386/cpu.c | 2 ++
target/i386/kvm/kvm.c | 7 +++
5 files changed, 24 insertions(+)
diff --git a/docs/hyperv.txt b/docs/hyperv.txt
index 33588a0396..5d85569b99 100644
--- a/docs/hyperv.txt
+++ b/docs/hyperv.txt
@@ -239,6 +239,15 @@ This enlightenment requires a VMBus device (-device
vmbus-bridge,irq=15)
and the follow enlightenments to work:
hv-relaxed,hv_time,hv-vapic,hv-vpindex,hv-synic,hv-runtime,hv-stimer
+3.22. hv-emsr-bitmap
+=
+The enlightenment is nested specific, it targets Hyper-V on KVM guests. When
+enabled, it allows L0 (KVM) and L1 (Hyper-V) hypervisors to collaborate to
+avoid unnecessary updates to L2 MSR-Bitmap upon vmexits. While the protocol is
+supported for both VMX (Intel) and SVM (AMD), the VMX implementation requires
+Enlightened VMCS ('hv-evmcs') feature to also be enabled.
+
+Recommended: hv-evmcs (Intel)
4. Supplementary features
=
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2e918daf6b..c788285736 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1106,6 +1106,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
#define HYPERV_FEAT_STIMER_DIRECT 14
#define HYPERV_FEAT_AVIC15
#define HYPERV_FEAT_SYNDBG 16
+#define HYPERV_FEAT_MSR_BITMAP 17
#ifndef HYPERV_SPINLOCK_NEVER_NOTIFY
#define HYPERV_SPINLOCK_NEVER_NOTIFY 0x
diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h
index e40e59411c..cea18dbc0e 100644
--- a/target/i386/kvm/hyperv-proto.h
+++ b/target/i386/kvm/hyperv-proto.h
@@ -86,6 +86,11 @@
*/
#define HV_SYNDBG_CAP_ALLOW_KERNEL_DEBUGGING(1u << 1)
+/*
+ * HV_CPUID_NESTED_FEATURES.EAX bits
+ */
+#define HV_NESTED_MSR_BITMAP(1u << 19)
+
/*
* Basic virtualized MSRs
*/
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 385691458f..474e9b582e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6968,6 +6968,8 @@ static Property x86_cpu_properties[] = {
HYPERV_FEAT_STIMER_DIRECT, 0),
DEFINE_PROP_BIT64("hv-avic", X86CPU, hyperv_features,
HYPERV_FEAT_AVIC, 0),
+DEFINE_PROP_BIT64("hv-emsr-bitmap", X86CPU, hyperv_features,
+ HYPERV_FEAT_MSR_BITMAP, 0),
DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
DEFINE_PROP_BIT64("hv-syndbg", X86CPU, hyperv_features,
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 38af0e4f04..f389bbedf2 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -973,6 +973,13 @@ static struct {
.dependencies = BIT(HYPERV_FEAT_SYNIC) | BIT(HYPERV_FEAT_RELAXED)
},
#endif
+[HYPERV_FEAT_MSR_BITMAP] = {
+.desc = "enlightened MSR-Bitmap (hv-emsr-bitmap)",
+.flags = {
+{.func = HV_CPUID_NESTED_FEATURES, .reg = R_EAX,
+ .bits = HV_NESTED_MSR_BITMAP}
+}
+},
};
static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max,
--
2.36.1
[PULL 09/17] hw/audio/ac97: Remove unneeded local variables
From: BALATON Zoltan
Several functions have a local variable that is just a copy of one of
the function parameters. This is unneeded complication so just get rid
of these.
Signed-off-by: BALATON Zoltan
Reviewed-by: Peter Maydell
Message-Id:
Signed-off-by: Paolo Bonzini
---
hw/audio/ac97.c | 102 +++-
1 file changed, 49 insertions(+), 53 deletions(-)
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
index 6584aa749e..be2dd701a4 100644
--- a/hw/audio/ac97.c
+++ b/hw/audio/ac97.c
@@ -557,9 +557,8 @@ static uint32_t nam_readb(void *opaque, uint32_t addr)
static uint32_t nam_readw(void *opaque, uint32_t addr)
{
AC97LinkState *s = opaque;
-uint32_t index = addr;
s->cas = 0;
-return mixer_load(s, index);
+return mixer_load(s, addr);
}
static uint32_t nam_readl(void *opaque, uint32_t addr)
@@ -584,21 +583,21 @@ static void nam_writeb(void *opaque, uint32_t addr,
uint32_t val)
static void nam_writew(void *opaque, uint32_t addr, uint32_t val)
{
AC97LinkState *s = opaque;
-uint32_t index = addr;
+
s->cas = 0;
-switch (index) {
+switch (addr) {
case AC97_Reset:
mixer_reset(s);
break;
case AC97_Powerdown_Ctrl_Stat:
val &= ~0x800f;
-val |= mixer_load(s, index) & 0xf;
-mixer_store(s, index, val);
+val |= mixer_load(s, addr) & 0xf;
+mixer_store(s, addr, val);
break;
case AC97_PCM_Out_Volume_Mute:
case AC97_Master_Volume_Mute:
case AC97_Record_Gain_Mute:
-set_volume(s, index, val);
+set_volume(s, addr, val);
break;
case AC97_Record_Select:
record_select(s, val);
@@ -626,7 +625,7 @@ static void nam_writew(void *opaque, uint32_t addr,
uint32_t val)
break;
case AC97_PCM_Front_DAC_Rate:
if (mixer_load(s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
-mixer_store(s, index, val);
+mixer_store(s, addr, val);
dolog("Set front DAC rate to %d\n", val);
open_voice(s, PO_INDEX, val);
} else {
@@ -636,7 +635,7 @@ static void nam_writew(void *opaque, uint32_t addr,
uint32_t val)
break;
case AC97_MIC_ADC_Rate:
if (mixer_load(s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRM) {
-mixer_store(s, index, val);
+mixer_store(s, addr, val);
dolog("Set MIC ADC rate to %d\n", val);
open_voice(s, MC_INDEX, val);
} else {
@@ -646,7 +645,7 @@ static void nam_writew(void *opaque, uint32_t addr,
uint32_t val)
break;
case AC97_PCM_LR_ADC_Rate:
if (mixer_load(s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
-mixer_store(s, index, val);
+mixer_store(s, addr, val);
dolog("Set front LR ADC rate to %d\n", val);
open_voice(s, PI_INDEX, val);
} else {
@@ -673,7 +672,7 @@ static void nam_writew(void *opaque, uint32_t addr,
uint32_t val)
break;
default:
dolog("U nam writew 0x%x <- 0x%x\n", addr, val);
-mixer_store(s, index, val);
+mixer_store(s, addr, val);
break;
}
}
@@ -693,10 +692,9 @@ static uint32_t nabm_readb(void *opaque, uint32_t addr)
{
AC97LinkState *s = opaque;
AC97BusMasterRegs *r = NULL;
-uint32_t index = addr;
uint32_t val = ~0U;
-switch (index) {
+switch (addr) {
case CAS:
dolog("CAS %d\n", s->cas);
val = s->cas;
@@ -705,37 +703,37 @@ static uint32_t nabm_readb(void *opaque, uint32_t addr)
case PI_CIV:
case PO_CIV:
case MC_CIV:
-r = >bm_regs[GET_BM(index)];
+r = >bm_regs[GET_BM(addr)];
val = r->civ;
-dolog("CIV[%d] -> 0x%x\n", GET_BM(index), val);
+dolog("CIV[%d] -> 0x%x\n", GET_BM(addr), val);
break;
case PI_LVI:
case PO_LVI:
case MC_LVI:
-r = >bm_regs[GET_BM(index)];
+r = >bm_regs[GET_BM(addr)];
val = r->lvi;
-dolog("LVI[%d] -> 0x%x\n", GET_BM(index), val);
+dolog("LVI[%d] -> 0x%x\n", GET_BM(addr), val);
break;
case PI_PIV:
case PO_PIV:
case MC_PIV:
-r = >bm_regs[GET_BM(index)];
+r = >bm_regs[GET_BM(addr)];
val = r->piv;
-dolog("PIV[%d] -> 0x%x\n", GET_BM(index), val);
+dolog("PIV[%d] -> 0x%x\n", GET_BM(addr), val);
break;
case PI_CR:
case PO_CR:
case MC_CR:
-r = >bm_regs[GET_BM(index)];
+r = >bm_regs[GET_BM(addr)];
val = r->cr;
-dolog("CR[%d] -> 0x%x\n", GET_BM(index), val);
+dolog("CR[%d] -> 0x%x\n", GET_BM(addr), val);
break;
case PI_SR:
case PO_SR:
case MC_SR:
-r = >bm_regs[GET_BM(index)];
+r = >bm_regs[GET_BM(addr)];
val = r->sr & 0xff;
-dolog("SRb[%d] -> 0x%x\n", GET_BM(index), val);
+dolog("SRb[%d] -> 0x%x\n", GET_BM(addr), val);
break;
[PULL 16/17] i386: Hyper-V Direct TLB flush hypercall
From: Vitaly Kuznetsov
Hyper-V TLFS allows for L0 and L1 hypervisors to collaborate on L2's
TLB flush hypercalls handling. With the correct setup, L2's TLB flush
hypercalls can be handled by L0 directly, without the need to exit to
L1.
Signed-off-by: Vitaly Kuznetsov
Message-Id: <20220525115949.1294004-6-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini
---
docs/hyperv.txt| 11 +++
target/i386/cpu.h | 1 +
target/i386/kvm/hyperv-proto.h | 1 +
target/i386/cpu.c | 2 ++
target/i386/kvm/kvm.c | 8
5 files changed, 23 insertions(+)
diff --git a/docs/hyperv.txt b/docs/hyperv.txt
index 4b132b1c94..14a7f449ea 100644
--- a/docs/hyperv.txt
+++ b/docs/hyperv.txt
@@ -262,6 +262,17 @@ Allow for extended GVA ranges to be passed to Hyper-V TLB
flush hypercalls
Requires: hv-tlbflush
+3.25. hv-tlbflush-direct
+=
+The enlightenment is nested specific, it targets Hyper-V on KVM guests. When
+enabled, it allows L0 (KVM) to directly handle TLB flush hypercalls from L2
+guest without the need to exit to L1 (Hyper-V) hypervisor. While the feature is
+supported for both VMX (Intel) and SVM (AMD), the VMX implementation requires
+Enlightened VMCS ('hv-evmcs') feature to also be enabled.
+
+Requires: hv-vapic
+Recommended: hv-evmcs (Intel)
+
4. Supplementary features
=
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 5ff48257e5..82004b65b9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1109,6 +1109,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
#define HYPERV_FEAT_MSR_BITMAP 17
#define HYPERV_FEAT_XMM_INPUT 18
#define HYPERV_FEAT_TLBFLUSH_EXT19
+#define HYPERV_FEAT_TLBFLUSH_DIRECT 20
#ifndef HYPERV_SPINLOCK_NEVER_NOTIFY
#define HYPERV_SPINLOCK_NEVER_NOTIFY 0x
diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h
index c7854ed6d3..464fbf09e3 100644
--- a/target/i386/kvm/hyperv-proto.h
+++ b/target/i386/kvm/hyperv-proto.h
@@ -90,6 +90,7 @@
/*
* HV_CPUID_NESTED_FEATURES.EAX bits
*/
+#define HV_NESTED_DIRECT_FLUSH (1u << 17)
#define HV_NESTED_MSR_BITMAP(1u << 19)
/*
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3429a4e455..bb6a5dd498 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6974,6 +6974,8 @@ static Property x86_cpu_properties[] = {
HYPERV_FEAT_XMM_INPUT, 0),
DEFINE_PROP_BIT64("hv-tlbflush-ext", X86CPU, hyperv_features,
HYPERV_FEAT_TLBFLUSH_EXT, 0),
+DEFINE_PROP_BIT64("hv-tlbflush-direct", X86CPU, hyperv_features,
+ HYPERV_FEAT_TLBFLUSH_DIRECT, 0),
DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
DEFINE_PROP_BIT64("hv-syndbg", X86CPU, hyperv_features,
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index a11c8e88f6..f148a6d52f 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -995,6 +995,14 @@ static struct {
},
.dependencies = BIT(HYPERV_FEAT_TLBFLUSH)
},
+[HYPERV_FEAT_TLBFLUSH_DIRECT] = {
+.desc = "direct TLB flush (hv-tlbflush-direct)",
+.flags = {
+{.func = HV_CPUID_NESTED_FEATURES, .reg = R_EAX,
+ .bits = HV_NESTED_DIRECT_FLUSH}
+},
+.dependencies = BIT(HYPERV_FEAT_VAPIC)
+},
};
static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max,
--
2.36.1
[PULL 06/17] contrib/elf2dmp: add ELF dump header checking
From: Viktor Prutyanov
Add ELF header checking to prevent processing input file which is not
QEMU x86_64 guest memory dump or even not ELF.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1013
Signed-off-by: Viktor Prutyanov
Reviewed-by: Richard Henderson
Message-Id: <20220520084339.171684-1-viktor.prutya...@redhat.com>
Signed-off-by: Paolo Bonzini
---
contrib/elf2dmp/qemu_elf.c | 53 ++
1 file changed, 53 insertions(+)
diff --git a/contrib/elf2dmp/qemu_elf.c b/contrib/elf2dmp/qemu_elf.c
index b601b6d7ba..ebda60dcb8 100644
--- a/contrib/elf2dmp/qemu_elf.c
+++ b/contrib/elf2dmp/qemu_elf.c
@@ -118,6 +118,53 @@ static void exit_states(QEMU_Elf *qe)
free(qe->state);
}
+static bool check_ehdr(QEMU_Elf *qe)
+{
+Elf64_Ehdr *ehdr = qe->map;
+
+if (sizeof(Elf64_Ehdr) > qe->size) {
+eprintf("Invalid input dump file size\n");
+return false;
+}
+
+if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) {
+eprintf("Invalid ELF signature, input file is not ELF\n");
+return false;
+}
+
+if (ehdr->e_ident[EI_CLASS] != ELFCLASS64 ||
+ehdr->e_ident[EI_DATA] != ELFDATA2LSB) {
+eprintf("Invalid ELF class or byte order, must be 64-bit LE\n");
+return false;
+}
+
+if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) {
+eprintf("Invalid ELF version\n");
+return false;
+}
+
+if (ehdr->e_machine != EM_X86_64) {
+eprintf("Invalid input dump architecture, only x86_64 is supported\n");
+return false;
+}
+
+if (ehdr->e_type != ET_CORE) {
+eprintf("Invalid ELF type, must be core file\n");
+return false;
+}
+
+/*
+ * ELF dump file must contain one PT_NOTE and at least one PT_LOAD to
+ * restore physical address space.
+ */
+if (ehdr->e_phnum < 2) {
+eprintf("Invalid number of ELF program headers\n");
+return false;
+}
+
+return true;
+}
+
int QEMU_Elf_init(QEMU_Elf *qe, const char *filename)
{
GError *gerr = NULL;
@@ -133,6 +180,12 @@ int QEMU_Elf_init(QEMU_Elf *qe, const char *filename)
qe->map = g_mapped_file_get_contents(qe->gmf);
qe->size = g_mapped_file_get_length(qe->gmf);
+if (!check_ehdr(qe)) {
+eprintf("Input file has the wrong format\n");
+err = 1;
+goto out_unmap;
+}
+
if (init_states(qe)) {
eprintf("Failed to extract QEMU CPU states\n");
err = 1;
--
2.36.1
[PULL 05/17] thread-pool: remove stopping variable
Just setting the max threads to 0 is enough to stop all workers.
Message-Id: <20220514065012.1149539-4-pbonz...@redhat.com>
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Nicolas Saenz Julienne
Signed-off-by: Paolo Bonzini
---
util/thread-pool.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/util/thread-pool.c b/util/thread-pool.c
index 6e3d4e4a2f..31113b5860 100644
--- a/util/thread-pool.c
+++ b/util/thread-pool.c
@@ -69,7 +69,6 @@ struct ThreadPool {
int idle_threads;
int new_threads; /* backlog of threads we need to create */
int pending_threads; /* threads created but not running yet */
-bool stopping;
int min_threads;
int max_threads;
};
@@ -82,7 +81,7 @@ static void *worker_thread(void *opaque)
pool->pending_threads--;
do_spawn_thread(pool);
-while (!pool->stopping && pool->cur_threads <= pool->max_threads) {
+while (pool->cur_threads <= pool->max_threads) {
ThreadPoolElement *req;
int ret;
@@ -370,7 +369,7 @@ void thread_pool_free(ThreadPool *pool)
pool->new_threads = 0;
/* Wait for worker threads to terminate */
-pool->stopping = true;
+pool->max_threads = 0;
qemu_cond_broadcast(>request_cond);
while (pool->cur_threads > 0) {
qemu_cond_wait(>worker_stopped, >lock);
--
2.36.1
[PULL 15/17] i386: Hyper-V Support extended GVA ranges for TLB flush hypercalls
From: Vitaly Kuznetsov
KVM kind of supported "extended GVA ranges" (up to 4095 additional GFNs
per hypercall) since the implementation of Hyper-V PV TLB flush feature
(Linux-4.18) as regardless of the request, full TLB flush was always
performed. "Extended GVA ranges for TLB flush hypercalls" feature bit
wasn't exposed then. Now, as KVM gains support for fine-grained TLB
flush handling, exposing this feature starts making sense.
Signed-off-by: Vitaly Kuznetsov
Message-Id: <20220525115949.1294004-5-vkuzn...@redhat.com>
Signed-off-by: Paolo Bonzini
---
docs/hyperv.txt| 7 +++
target/i386/cpu.h | 1 +
target/i386/kvm/hyperv-proto.h | 1 +
target/i386/cpu.c | 2 ++
target/i386/kvm/kvm.c | 8
5 files changed, 19 insertions(+)
diff --git a/docs/hyperv.txt b/docs/hyperv.txt
index af1b10c0b3..4b132b1c94 100644
--- a/docs/hyperv.txt
+++ b/docs/hyperv.txt
@@ -255,6 +255,13 @@ Hyper-V specification allows to pass parameters for
certain hypercalls using XMM
registers ("XMM Fast Hypercall Input"). When the feature is in use, it allows
for faster hypercalls processing as KVM can avoid reading guest's memory.
+3.24. hv-tlbflush-ext
+=
+Allow for extended GVA ranges to be passed to Hyper-V TLB flush hypercalls
+(HvFlushVirtualAddressList/HvFlushVirtualAddressListEx).
+
+Requires: hv-tlbflush
+
4. Supplementary features
=
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 37e9553584..5ff48257e5 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1108,6 +1108,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
#define HYPERV_FEAT_SYNDBG 16
#define HYPERV_FEAT_MSR_BITMAP 17
#define HYPERV_FEAT_XMM_INPUT 18
+#define HYPERV_FEAT_TLBFLUSH_EXT19
#ifndef HYPERV_SPINLOCK_NEVER_NOTIFY
#define HYPERV_SPINLOCK_NEVER_NOTIFY 0x
diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h
index f5f16474fa..c7854ed6d3 100644
--- a/target/i386/kvm/hyperv-proto.h
+++ b/target/i386/kvm/hyperv-proto.h
@@ -59,6 +59,7 @@
#define HV_FREQUENCY_MSRS_AVAILABLE (1u << 8)
#define HV_GUEST_CRASH_MSR_AVAILABLE(1u << 10)
#define HV_FEATURE_DEBUG_MSRS_AVAILABLE (1u << 11)
+#define HV_EXT_GVA_RANGES_FLUSH_AVAILABLE (1u << 14)
#define HV_STIMER_DIRECT_MODE_AVAILABLE (1u << 19)
/*
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 63cec0ea68..3429a4e455 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6972,6 +6972,8 @@ static Property x86_cpu_properties[] = {
HYPERV_FEAT_MSR_BITMAP, 0),
DEFINE_PROP_BIT64("hv-xmm-input", X86CPU, hyperv_features,
HYPERV_FEAT_XMM_INPUT, 0),
+DEFINE_PROP_BIT64("hv-tlbflush-ext", X86CPU, hyperv_features,
+ HYPERV_FEAT_TLBFLUSH_EXT, 0),
DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
DEFINE_PROP_BIT64("hv-syndbg", X86CPU, hyperv_features,
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 7e6f934eda..a11c8e88f6 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -987,6 +987,14 @@ static struct {
.bits = HV_HYPERCALL_XMM_INPUT_AVAILABLE}
}
},
+[HYPERV_FEAT_TLBFLUSH_EXT] = {
+.desc = "Extended gva ranges for TLB flush hypercalls
(hv-tlbflush-ext)",
+.flags = {
+{.func = HV_CPUID_FEATURES, .reg = R_EDX,
+ .bits = HV_EXT_GVA_RANGES_FLUSH_AVAILABLE}
+},
+.dependencies = BIT(HYPERV_FEAT_TLBFLUSH)
+},
};
static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max,
--
2.36.1
[PULL 07/17] hw/audio/ac97: Coding style fixes to avoid checkpatch errors
From: BALATON Zoltan
Signed-off-by: BALATON Zoltan
Reviewed-by: Víctor Colombo
Message-Id:
<62862a057e9c9ec0bb45248b2b9a3a1babb346a6.1650706617.git.bala...@eik.bme.hu>
Signed-off-by: Paolo Bonzini
---
hw/audio/ac97.c | 727
1 file changed, 357 insertions(+), 370 deletions(-)
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
index 3cb8131060..6b1c12bece 100644
--- a/hw/audio/ac97.c
+++ b/hw/audio/ac97.c
@@ -87,39 +87,39 @@ enum {
#define GC_CR2 /* rw */
#define GC_VALID_MASK ((1 << 6) - 1)
-#define GS_MD3 (1<<17)/* rw */
-#define GS_AD3 (1<<16)/* rw */
-#define GS_RCS (1<<15)/* rwc */
-#define GS_B3S12 (1<<14)/* ro */
-#define GS_B2S12 (1<<13)/* ro */
-#define GS_B1S12 (1<<12)/* ro */
-#define GS_S1R1 (1<<11)/* rwc */
-#define GS_S0R1 (1<<10)/* rwc */
-#define GS_S1CR (1<<9) /* ro */
-#define GS_S0CR (1<<8) /* ro */
-#define GS_MINT (1<<7) /* ro */
-#define GS_POINT (1<<6) /* ro */
-#define GS_PIINT (1<<5) /* ro */
-#define GS_RSRVD ((1<<4)|(1<<3))
-#define GS_MOINT (1<<2) /* ro */
-#define GS_MIINT (1<<1) /* ro */
+#define GS_MD3 (1 << 17) /* rw */
+#define GS_AD3 (1 << 16) /* rw */
+#define GS_RCS (1 << 15) /* rwc */
+#define GS_B3S12 (1 << 14) /* ro */
+#define GS_B2S12 (1 << 13) /* ro */
+#define GS_B1S12 (1 << 12) /* ro */
+#define GS_S1R1 (1 << 11) /* rwc */
+#define GS_S0R1 (1 << 10) /* rwc */
+#define GS_S1CR (1 << 9) /* ro */
+#define GS_S0CR (1 << 8) /* ro */
+#define GS_MINT (1 << 7) /* ro */
+#define GS_POINT (1 << 6) /* ro */
+#define GS_PIINT (1 << 5) /* ro */
+#define GS_RSRVD ((1 << 4) | (1 << 3))
+#define GS_MOINT (1 << 2) /* ro */
+#define GS_MIINT (1 << 1) /* ro */
#define GS_GSCI 1 /* rwc */
-#define GS_RO_MASK (GS_B3S12| \
-GS_B2S12| \
-GS_B1S12| \
-GS_S1CR|\
-GS_S0CR|\
-GS_MINT|\
-GS_POINT| \
-GS_PIINT| \
-GS_RSRVD| \
-GS_MOINT| \
+#define GS_RO_MASK (GS_B3S12 | \
+GS_B2S12 | \
+GS_B1S12 | \
+GS_S1CR | \
+GS_S0CR | \
+GS_MINT | \
+GS_POINT | \
+GS_PIINT | \
+GS_RSRVD | \
+GS_MOINT | \
GS_MIINT)
#define GS_VALID_MASK ((1 << 18) - 1)
-#define GS_WCLEAR_MASK (GS_RCS|GS_S1R1|GS_S0R1|GS_GSCI)
+#define GS_WCLEAR_MASK (GS_RCS | GS_S1R1 | GS_S0R1 | GS_GSCI)
-#define BD_IOC (1<<31)
-#define BD_BUP (1<<30)
+#define BD_IOC (1 << 31)
+#define BD_BUP (1 << 30)
#define EACS_VRA 1
#define EACS_VRM 8
@@ -183,7 +183,7 @@ enum {
};
#ifdef DEBUG_AC97
-#define dolog(...) AUD_log ("ac97", __VA_ARGS__)
+#define dolog(...) AUD_log("ac97", __VA_ARGS__)
#else
#define dolog(...)
#endif
@@ -206,9 +206,9 @@ enum {
LAST_INDEX
};
-MKREGS (PI, PI_INDEX * 16);
-MKREGS (PO, PO_INDEX * 16);
-MKREGS (MC, MC_INDEX * 16);
+MKREGS(PI, PI_INDEX * 16);
+MKREGS(PO, PO_INDEX * 16);
+MKREGS(MC, MC_INDEX * 16);
enum {
GLOB_CNT = 0x2c,
@@ -218,36 +218,35 @@ enum {
#define GET_BM(index) (((index) >> 4) & 3)
-static void po_callback (void *opaque, int free);
-static void pi_callback (void *opaque, int avail);
-static void mc_callback (void *opaque, int avail);
+static void po_callback(void *opaque, int free);
+static void pi_callback(void *opaque, int avail);
+static void mc_callback(void *opaque, int avail);
-static void warm_reset (AC97LinkState *s)
+static void warm_reset(AC97LinkState *s)
{
-(void) s;
+(void)s;
}
-static void cold_reset (AC97LinkState * s)
+static void cold_reset(AC97LinkState *s)
{
-(void) s;
+(void)s;
}
-static void fetch_bd (AC97LinkState *s, AC97BusMasterRegs *r)
+static void fetch_bd(AC97LinkState *s, AC97BusMasterRegs *r)
{
uint8_t b[8];
-pci_dma_read (>dev, r->bdbar + r->civ * 8, b, 8);
+pci_dma_read(>dev, r->bdbar + r->civ * 8, b, 8);
r->bd_valid = 1;
-r->bd.addr = le32_to_cpu (*(uint32_t *) [0]) & ~3;
-r->bd.ctl_len = le32_to_cpu (*(uint32_t *) [4]);
+r->bd.addr = le32_to_cpu(*(uint32_t *) [0]) & ~3;
+r->bd.ctl_len = le32_to_cpu(*(uint32_t *) [4]);
r->picb = r->bd.ctl_len & 0x;
-dolog ("bd %2d addr=%#x ctl=%#06x len=%#x(%d bytes)\n",
- r->civ, r->bd.addr, r->bd.ctl_len >> 16,
- r->bd.ctl_len & 0x,
- (r->bd.ctl_len & 0x) << 1);
+dolog("bd %2d addr=0x%x ctl=0x%06x len=0x%x(%d bytes)\n",
[PULL 04/17] thread-pool: replace semaphore with condition variable
Since commit f9fc8932b1 ("thread-posix: remove the posix semaphore
support", 2022-04-06) QemuSemaphore has its own mutex and condition
variable; this adds unnecessary overhead on I/O with small block sizes.
Check the QTAILQ directly instead of adding the indirection of a
semaphore's count. Using a semaphore has not been necessary since
qemu_cond_timedwait was introduced; the new code has to be careful about
spurious wakeups but it is simpler, for example thread_pool_cancel does
not have to worry about synchronizing the semaphore count with the number
of elements of pool->request_list.
Note that the return value of qemu_cond_timedwait (0 for timeout, 1 for
signal or spurious wakeup) is different from that of qemu_sem_timedwait
(-1 for timeout, 0 for success).
Reported-by: Lukáš Doktor
Suggested-by: Stefan Hajnoczi
Reviewed-by: Nicolas Saenz Julienne
Message-Id: <20220514065012.1149539-3-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini
---
util/thread-pool.c | 68 +++---
1 file changed, 28 insertions(+), 40 deletions(-)
diff --git a/util/thread-pool.c b/util/thread-pool.c
index 4979f30ca3..6e3d4e4a2f 100644
--- a/util/thread-pool.c
+++ b/util/thread-pool.c
@@ -57,7 +57,7 @@ struct ThreadPool {
QEMUBH *completion_bh;
QemuMutex lock;
QemuCond worker_stopped;
-QemuSemaphore sem;
+QemuCond request_cond;
QEMUBH *new_thread_bh;
/* The following variables are only accessed from one AioContext. */
@@ -74,23 +74,6 @@ struct ThreadPool {
int max_threads;
};
-static inline bool back_to_sleep(ThreadPool *pool, int ret)
-{
-/*
- * The semaphore timed out, we should exit the loop except when:
- * - There is work to do, we raced with the signal.
- * - The max threads threshold just changed, we raced with the signal.
- * - The thread pool forces a minimum number of readily available threads.
- */
-if (ret == -1 && (!QTAILQ_EMPTY(>request_list) ||
-pool->cur_threads > pool->max_threads ||
-pool->cur_threads <= pool->min_threads)) {
-return true;
-}
-
-return false;
-}
-
static void *worker_thread(void *opaque)
{
ThreadPool *pool = opaque;
@@ -99,20 +82,25 @@ static void *worker_thread(void *opaque)
pool->pending_threads--;
do_spawn_thread(pool);
-while (!pool->stopping) {
+while (!pool->stopping && pool->cur_threads <= pool->max_threads) {
ThreadPoolElement *req;
int ret;
-do {
+if (QTAILQ_EMPTY(>request_list)) {
pool->idle_threads++;
-qemu_mutex_unlock(>lock);
-ret = qemu_sem_timedwait(>sem, 1);
-qemu_mutex_lock(>lock);
+ret = qemu_cond_timedwait(>request_cond, >lock, 1);
pool->idle_threads--;
-} while (back_to_sleep(pool, ret));
-if (ret == -1 || pool->stopping ||
-pool->cur_threads > pool->max_threads) {
-break;
+if (ret == 0 &&
+QTAILQ_EMPTY(>request_list) &&
+pool->cur_threads > pool->min_threads) {
+/* Timed out + no work to do + no need for warm threads =
exit. */
+break;
+}
+/*
+ * Even if there was some work to do, check if there aren't
+ * too many worker threads before picking it up.
+ */
+continue;
}
req = QTAILQ_FIRST(>request_list);
@@ -134,6 +122,12 @@ static void *worker_thread(void *opaque)
pool->cur_threads--;
qemu_cond_signal(>worker_stopped);
qemu_mutex_unlock(>lock);
+
+/*
+ * Wake up another thread, in case we got a wakeup but decided
+ * to exit due to pool->cur_threads > pool->max_threads.
+ */
+qemu_cond_signal(>request_cond);
return NULL;
}
@@ -229,13 +223,7 @@ static void thread_pool_cancel(BlockAIOCB *acb)
trace_thread_pool_cancel(elem, elem->common.opaque);
QEMU_LOCK_GUARD(>lock);
-if (elem->state == THREAD_QUEUED &&
-/* No thread has yet started working on elem. we can try to "steal"
- * the item from the worker if we can get a signal from the
- * semaphore. Because this is non-blocking, we can do it with
- * the lock taken and ensure that elem will remain THREAD_QUEUED.
- */
-qemu_sem_timedwait(>sem, 0) == 0) {
+if (elem->state == THREAD_QUEUED) {
QTAILQ_REMOVE(>request_list, elem, reqs);
qemu_bh_schedule(pool->completion_bh);
@@ -280,7 +268,7 @@ BlockAIOCB *thread_pool_submit_aio(ThreadPool *pool,
}
QTAILQ_INSERT_TAIL(>request_list, req, reqs);
qemu_mutex_unlock(>lock);
-qemu_sem_post(>sem);
+qemu_cond_signal(>request_cond);
return >common;
}
@@ -323,7 +311,7 @@ void thread_pool_update_params(ThreadPool *pool, AioContext
*ctx)
* We either have to:
* - Increase the number available of threads until over
[PULL 03/17] thread-pool: optimize scheduling of completion bottom half
The completion bottom half was scheduled within the pool->lock critical section. That actually results in worse performance, because the worker thread can run its own small critical section and go to sleep before the bottom half starts running. Note that this simple change does not produce an improvement without changing the thread pool QemuSemaphore to a condition variable. Reviewed-by: Stefan Hajnoczi Reviewed-by: Nicolas Saenz Julienne Message-Id: <20220514065012.1149539-2-pbonz...@redhat.com> Signed-off-by: Paolo Bonzini --- util/thread-pool.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/util/thread-pool.c b/util/thread-pool.c index 196835b4d3..4979f30ca3 100644 --- a/util/thread-pool.c +++ b/util/thread-pool.c @@ -127,9 +127,8 @@ static void *worker_thread(void *opaque) smp_wmb(); req->state = THREAD_DONE; -qemu_mutex_lock(>lock); - qemu_bh_schedule(pool->completion_bh); +qemu_mutex_lock(>lock); } pool->cur_threads--; -- 2.36.1
[PULL 01/17] target/i386: Remove LBREn bit check when access Arch LBR MSRs
From: Yang Weijiang
Live migration can happen when Arch LBR LBREn bit is cleared,
e.g., when migration happens after guest entered SMM mode.
In this case, we still need to migrate Arch LBR MSRs.
Signed-off-by: Yang Weijiang
Message-Id: <20220517155024.33270-1-weijiang.y...@intel.com>
Signed-off-by: Paolo Bonzini
---
target/i386/kvm/kvm.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index a9ee8eebd7..e2d675115b 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3373,15 +3373,14 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
int i, ret;
/*
- * Only migrate Arch LBR states when: 1) Arch LBR is enabled
- * for migrated vcpu. 2) the host Arch LBR depth equals that
- * of source guest's, this is to avoid mismatch of guest/host
- * config for the msr hence avoid unexpected misbehavior.
+ * Only migrate Arch LBR states when the host Arch LBR depth
+ * equals that of source guest's, this is to avoid mismatch
+ * of guest/host config for the msr hence avoid unexpected
+ * misbehavior.
*/
ret = kvm_get_one_msr(cpu, MSR_ARCH_LBR_DEPTH, );
-if (ret == 1 && (env->msr_lbr_ctl & 0x1) && !!depth &&
-depth == env->msr_lbr_depth) {
+if (ret == 1 && !!depth && depth == env->msr_lbr_depth) {
kvm_msr_entry_add(cpu, MSR_ARCH_LBR_CTL, env->msr_lbr_ctl);
kvm_msr_entry_add(cpu, MSR_ARCH_LBR_DEPTH, env->msr_lbr_depth);
@@ -3801,13 +3800,11 @@ static int kvm_get_msrs(X86CPU *cpu)
if (kvm_enabled() && cpu->enable_pmu &&
(env->features[FEAT_7_0_EDX] & CPUID_7_0_EDX_ARCH_LBR)) {
-uint64_t ctl, depth;
-int i, ret2;
+uint64_t depth;
+int i, ret;
-ret = kvm_get_one_msr(cpu, MSR_ARCH_LBR_CTL, );
-ret2 = kvm_get_one_msr(cpu, MSR_ARCH_LBR_DEPTH, );
-if (ret == 1 && ret2 == 1 && (ctl & 0x1) &&
-depth == ARCH_LBR_NR_ENTRIES) {
+ret = kvm_get_one_msr(cpu, MSR_ARCH_LBR_DEPTH, );
+if (ret == 1 && depth == ARCH_LBR_NR_ENTRIES) {
kvm_msr_entry_add(cpu, MSR_ARCH_LBR_CTL, 0);
kvm_msr_entry_add(cpu, MSR_ARCH_LBR_DEPTH, 0);
--
2.36.1
[PULL 08/17] hw/audio/ac97: Remove unimplemented reset functions
From: BALATON Zoltan
The warm_reset() and cold_reset() functions are not implemented and do
nothing so no point in calling them or keep around as dead code.
Therefore remove them for now.
Signed-off-by: BALATON Zoltan
Reviewed-by: Víctor Colombo
Message-Id:
Signed-off-by: Paolo Bonzini
---
hw/audio/ac97.c | 17 +
1 file changed, 1 insertion(+), 16 deletions(-)
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
index 6b1c12bece..6584aa749e 100644
--- a/hw/audio/ac97.c
+++ b/hw/audio/ac97.c
@@ -222,16 +222,6 @@ static void po_callback(void *opaque, int free);
static void pi_callback(void *opaque, int avail);
static void mc_callback(void *opaque, int avail);
-static void warm_reset(AC97LinkState *s)
-{
-(void)s;
-}
-
-static void cold_reset(AC97LinkState *s)
-{
-(void)s;
-}
-
static void fetch_bd(AC97LinkState *s, AC97BusMasterRegs *r)
{
uint8_t b[8];
@@ -921,12 +911,7 @@ static void nabm_writel(void *opaque, uint32_t addr,
uint32_t val)
dolog("BDBAR[%d] <- 0x%x (bdbar 0x%x)\n", GET_BM(index), val,
r->bdbar);
break;
case GLOB_CNT:
-if (val & GC_WR) {
-warm_reset(s);
-}
-if (val & GC_CR) {
-cold_reset(s);
-}
+/* TODO: Handle WR or CR being set (warm/cold reset requests) */
if (!(val & (GC_WR | GC_CR))) {
s->glob_cnt = val & GC_VALID_MASK;
}
--
2.36.1
[PULL 02/17] hostmem: default the amount of prealloc-threads to smp-cpus
From: Jaroslav Jindrak
Prior to the introduction of the prealloc-threads property, the amount
of threads used to preallocate memory was derived from the value of
smp-cpus passed to qemu, the amount of physical cpus of the host
and a hardcoded maximum value. When the prealloc-threads property
was introduced, it included a default of 1 in backends/hostmem.c and
a default of smp-cpus using the sugar API for the property itself. The
latter default is not used when the property is not specified on qemu's
command line, so guests that were not adjusted for this change suddenly
started to use the default of 1 thread to preallocate memory, which
resulted in observable slowdowns in guest boots for guests with large
memory (e.g. when using libvirt <8.2.0 or managing guests manually).
This commit restores the original behavior for these cases while not
impacting guests started with the prealloc-threads property in any way.
Fixes: 220c1fd864e9d ("hostmem: introduce "prealloc-threads" property")
Signed-off-by: Jaroslav Jindrak
Message-Id: <20220517123858.7933-1-dzej...@gmail.com>
Signed-off-by: Paolo Bonzini
---
backends/hostmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backends/hostmem.c b/backends/hostmem.c
index a7bae3d713..624bb7ecd3 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -274,7 +274,7 @@ static void host_memory_backend_init(Object *obj)
backend->merge = machine_mem_merge(machine);
backend->dump = machine_dump_guest_core(machine);
backend->reserve = true;
-backend->prealloc_threads = 1;
+backend->prealloc_threads = machine->smp.cpus;
}
static void host_memory_backend_post_init(Object *obj)
--
2.36.1
[PULL 00/17] Misc patches for 2022-05-25
The following changes since commit 3757b0d08b399c609954cf57f273b1167e5d7a8d: Merge tag 'pull-request-2022-05-18' of https://gitlab.com/thuth/qemu into staging (2022-05-20 08:04:30 -0700) are available in the Git repository at: https://gitlab.com/bonzini/qemu.git tags/for-upstream for you to fetch changes up to 9ad6634ec956bcf3558059aae8c6b2b5ee985307: i386: docs: Convert hyperv.txt to rST (2022-05-25 21:26:35 +0200) * ac97 cleanups (Zoltan) * default the amount of prealloc-threads to smp-cpus (Jaroslav) * fix disabling MPX on "-cpu host" with MPX-capable host (Maciej) * thread-pool performance optimizations (myself) * Hyper-V enlightenment enabling and docs (Vitaly) * check ELF header in elf2dmp (Viktor) * tweak LBREn migration (Weijiang) BALATON Zoltan (3): hw/audio/ac97: Coding style fixes to avoid checkpatch errors hw/audio/ac97: Remove unimplemented reset functions hw/audio/ac97: Remove unneeded local variables Jaroslav Jindrak (1): hostmem: default the amount of prealloc-threads to smp-cpus Lev Kujawski (1): ide_ioport_read: Return lower octet of data register instead of 0xFF Maciej S. Szmigiero (1): target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host Paolo Bonzini (3): thread-pool: optimize scheduling of completion bottom half thread-pool: replace semaphore with condition variable thread-pool: remove stopping variable Viktor Prutyanov (1): contrib/elf2dmp: add ELF dump header checking Vitaly Kuznetsov (6): i386: Use hv_build_cpuid_leaf() for HV_CPUID_NESTED_FEATURES i386: Hyper-V Enlightened MSR bitmap feature i386: Hyper-V XMM fast hypercall input feature i386: Hyper-V Support extended GVA ranges for TLB flush hypercalls i386: Hyper-V Direct TLB flush hypercall i386: docs: Convert hyperv.txt to rST Yang Weijiang (1): target/i386: Remove LBREn bit check when access Arch LBR MSRs docs/hyperv.txt| 270 --- docs/system/i386/hyperv.rst| 288 docs/system/target-i386.rst| 1 + target/i386/cpu.h | 5 +- target/i386/kvm/hyperv-proto.h | 9 +- backends/hostmem.c | 2 +- contrib/elf2dmp/qemu_elf.c | 53 +++ hw/audio/ac97.c| 752 - hw/ide/core.c | 6 +- hw/ide/macio.c | 4 +- target/i386/cpu.c | 16 + target/i386/kvm/kvm.c | 76 +++-- util/thread-pool.c | 74 ++-- 13 files changed, 823 insertions(+), 733 deletions(-) delete mode 100644 docs/hyperv.txt create mode 100644 docs/system/i386/hyperv.rst -- 2.36.1
Re: [PATCH v4 15/17] linux-user/strace: Fix print_syscall_err
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Errors are not all negative numbers, but only the top 4k.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
linux-user/strace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/strace.c b/linux-user/strace.c
index 2cdbf030ba..dc4f810bd3 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -684,12 +684,12 @@ print_ipc(void *cpu_env, const struct syscallname *name,
*/
static bool
-print_syscall_err(abi_long ret)
+print_syscall_err(abi_ulong ret)
{
const char *errstr;
qemu_log(" = ");
-if (ret < 0) {
+if (ret > (abi_ulong)-4096) {
errstr = target_strerror(-ret);
if (errstr) {
qemu_log("-1 errno=%d (%s)", (int)-ret, errstr);
Perhaps we can use is_error() here?
Thanks,
Laurent
Re: [RFC PATCH v5 0/3] Sysbus device generic QAPI plug support
On 25/05/2022 12:45, Peter Maydell wrote:
On Wed, 25 May 2022 at 10:51, Damien Hedde wrote:
On 5/24/22 19:44, Mark Cave-Ayland wrote:
Sorry for coming late into this series, however one of the things I've
been thinking about a lot recently is that with the advent of QOM and
qdev, is there really any distinction between TYPE_DEVICE and
TYPE_SYS_BUS_DEVICE anymore, and whether it makes sense to keep
TYPE_SYS_BUS_DEVICE long term.
On QAPI/CLI level there is a huge difference since TYPE_SYS_BUS_DEVICE
is the only subtype of TYPE_DEVICE which is subject to special
treatment. It prevents to plug a sysbus device which has not be allowed
by code and that's what I want to get rid of (or workaround by allowing
all of them).
Yes, but the fact that TYPE_SYS_BUS_DEVICE is a special subclass
is an accident of history. At some point we really ought to tidy
this up so that any TYPE_DEVICE can have MMIO regions and IRQs,
and get rid of the subclass entirely. This isn't trivial, for
reasons including problems with reset handling, but I would
prefer it if we didn't bake "sysbus is special" into places like
the QMP commands.
Right, and in fact we can already do this today using QOM regardless of whether
something is a SysBusDevice or not. As an example here is the output of
qemu-system-sparc's "info qom-tree" for the slavio_misc device:
/device[20] (slavio_misc)
/configuration[0] (memory-region)
/diagnostic[0] (memory-region)
/leds[0] (memory-region)
/misc-system-functions[0] (memory-region)
/modem[0] (memory-region)
/software-powerdown-control[0] (memory-region)
/system-control[0] (memory-region)
/unnamed-gpio-in[0] (irq)
Now imagine that I instantiate a device with qdev_new():
DeviceState *dev = qdev_new("slavio_misc");
I can obtain a reference to the "configuration" memory-region using something
like:
MemoryRegion *config_mr = MEMORY_REGION(object_resolve_path_component(
OBJECT(dev), "configuration[0]"));
and for the IRQ I can do either:
qemu_irq *irq = IRQ(object_resolve_path_component(
OBJECT(dev), "unnamed-gpio-in[0]"));
or simply:
qemu_irq *irq = qdev_get_gpio_in(dev, 0);
Maybe for simplicity we could even add a qdev wrapper function to obtain a reference
for memory regions similar to qdev gpios i.e. qdev_get_mmio(dev, "configuration", 0)
based upon the above example?
Now from the monitor we can already enumerate this information using qom-list if we
have the QOM path:
(qemu) qom-list /machine/unattached/device[20]
type (string)
parent_bus (link)
hotplugged (bool)
hotpluggable (bool)
realized (bool)
diagnostic[0] (child)
unnamed-gpio-in[0] (child)
modem[0] (child)
leds[0] (child)
misc-system-functions[0] (child)
sysbus-irq[1] (link)
sysbus-irq[0] (link)
system-control[0] (child)
configuration[0] (child)
software-powerdown-control[0] (child)
From this I think we're missing just 2 things: i) a method to look up properties
from a device id which can be used to facilitate introspection, and ii) a function to
map a memory region from a device (similar to Damien's patch). Those could be
something like:
device_list
- looks up the QOM path for device "id" and calls qom-list on the result
device_map[]
- map device "id" region named mr at given offset. If parent_mr is
unspecified, assume it is the root address space (get_system_memory()).
It may also be worth adding a device_connect wrapper to simplify your qom-set
example:
device_connect
The only thing I see here that SYS_BUS_DEVICE offers that we don't have is the
ability to restrict which memory regions/irqs are available for mapping - but does
this matter if we have introspection and don't mind addressing everything by name?
More generally, I don't think that the correct answer to "is this
device OK to cold-plug via commandline and QMP is "is it a sysbus
device?". I don't know what the right way to identify cold-pluggable
devices is but I suspect it needs to be more complicated.
I think that connecting devices like this can only work if there is no additional bus
logic, in which case could we say a device is cold-pluggable if it has no bus
specified, or the bus is the root sysbus?
I'm note sure what you mean by identification and enumeration. I do not
do any introspection and rely on knowing which mmio or irq index
corresponds to what. The "id" in `device_add` allows to reference the
device in following commands.
This is then baking in a device's choices of MMIO region
ordering and arrangement and its IRQ numbering into a
user-facing ABI. I can't say I'm very keen on that -- it
would block us from being able to do a variety of
refactorings and cleanups.
Absolutely agree. The main reason we need something like qom-find-device-path is
because QOM paths are not stable: there are a large number of
Re: [PATCH v4 04/17] linux-user/m68k: Handle EXCP_TRAP1 through EXCP_TRAP15
Le 30/04/2022 à 19:53, Richard Henderson a écrit : These are raised by guest instructions, and should not fall through into the default abort case. Signed-off-by: Richard Henderson --- linux-user/m68k/cpu_loop.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c index 56417f7401..6ca3e1e63a 100644 --- a/linux-user/m68k/cpu_loop.c +++ b/linux-user/m68k/cpu_loop.c @@ -44,6 +44,7 @@ void cpu_loop(CPUM68KState *env) case EXCP_ILLEGAL: case EXCP_LINEA: case EXCP_LINEF: +case EXCP_TRAP0 + 1 ... EXCP_TRAP0 + 14: force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc); In kernel, VEC_TRAP1 to VEC_TRAP14 use ILL_ILLTRP for si_code. Thanks, Laurent
Re: [PATCH] target/arm/hvf: Include missing "cpregs.h"
On 5/25/22 09:19, Philippe Mathieu-Daudé wrote:
From: Philippe Mathieu-Daudé
Fix when building HVF on macOS Aarch64:
target/arm/hvf/hvf.c:586:15: error: unknown type name 'ARMCPRegInfo'; did
you mean 'ARMCPUInfo'?
const ARMCPRegInfo *ri;
^~~~
ARMCPUInfo
target/arm/cpu-qom.h:38:3: note: 'ARMCPUInfo' declared here
} ARMCPUInfo;
^
target/arm/hvf/hvf.c:589:14: error: implicit declaration of function
'get_arm_cp_reginfo' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, key);
^
target/arm/hvf/hvf.c:589:12: warning: incompatible integer to pointer
conversion assigning to 'const ARMCPUInfo *' (aka 'const struct ARMCPUInfo *')
from 'int' [-Wint-conversion]
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, key);
^ ~
target/arm/hvf/hvf.c:591:26: error: no member named 'type' in 'struct
ARMCPUInfo'
assert(!(ri->type & ARM_CP_NO_RAW));
~~ ^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h:99:25:
note: expanded from macro 'assert'
(__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __ASSERT_FILE_NAME,
__LINE__, #e) : (void)0)
^
target/arm/hvf/hvf.c:591:33: error: use of undeclared identifier
'ARM_CP_NO_RAW'
assert(!(ri->type & ARM_CP_NO_RAW));
^
1 warning and 4 errors generated.
Fixes: cf7c6d1004 ("target/arm: Split out cpregs.h")
Reported-by: Duncan Bayne
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1029
Signed-off-by: Philippe Mathieu-Daudé
Oops, sorry about that.
Reviewed-by: Richard Henderson
r~
Re: [PULL 0/1] Block patches
On 5/25/22 05:49, Stefan Hajnoczi wrote: The following changes since commit 0cac736e73723850a99e5142e35d14d8f8efb232: Merge tag 'pull-riscv-to-apply-20220525' of github.com:alistair23/qemu into staging (2022-05-24 15:55:12 -0700) are available in the Git repository at: https://gitlab.com/stefanha/qemu.git tags/block-pull-request for you to fetch changes up to 29320530cf6684646b3a642fdbb5bc77ee8039de: docs: Correct the default thread-pool-size (2022-05-25 11:01:38 +0100) Pull request A small documentation fix. Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate. r~ Liu Yiding (1): docs: Correct the default thread-pool-size docs/tools/virtiofsd.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Re: [PATCH v4 03/17] target/m68k: Fix coding style in m68k_interrupt_all
Le 30/04/2022 à 19:53, Richard Henderson a écrit :
Add parenthesis around & vs &&.
Remove assignment to sr in function call argument -- note that
sr is unused after the call, so the assignment was never needed,
only the result of the & expression.
Suggested-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/m68k/op_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 2b94a6ec84..0f41c2dce3 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -408,11 +408,11 @@ static void m68k_interrupt_all(CPUM68KState *env, int
is_hw)
break;
case EXCP_SPURIOUS ... EXCP_INT_LEVEL_7:
-if (is_hw && oldsr & SR_M) {
+if (is_hw && (oldsr & SR_M)) {
do_stack_frame(env, , 0, oldsr, 0, retaddr);
oldsr = sr;
env->aregs[7] = sp;
-cpu_m68k_set_sr(env, sr &= ~SR_M);
+cpu_m68k_set_sr(env, sr & ~SR_M);
sp = env->aregs[7];
if (!m68k_feature(env, M68K_FEATURE_UNALIGNED_DATA)) {
sp &= ~1;
Reviewed-by: Laurent Vivier
Re: [PULL 0/8] Linux user for 7.1 patches
On 5/25/22 03:40, Laurent Vivier wrote:
The following changes since commit 3757b0d08b399c609954cf57f273b1167e5d7a8d:
Merge tag 'pull-request-2022-05-18' of https://gitlab.com/thuth/qemu into
staging (2022-05-20 08:04:30 -0700)
are available in the Git repository at:
https://gitlab.com/laurent_vivier/qemu.git
tags/linux-user-for-7.1-pull-request
for you to fetch changes up to 565a84c1e61acb6e2bce03e5ca88b5ce400231ca:
linux-user/host/s390: Treat EX and EXRL as writes (2022-05-23 22:54:02 +0200)
Pull request linux-user 20220525
s390x fixes
CPUArchState cleanup
elfload cleanup
fix for uclibc-ng and by musl
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as
appropriate.
r~
Fabrice Fontaine (1):
linux-user/syscall.c: fix build without RLIMIT_RTTIME
Ilya Leoshkevich (3):
linux-user/s390x: Fix unwinding from signal handlers
tests/tcg/s390x: Test unwinding from signal handlers
linux-user/host/s390: Treat EX and EXRL as writes
Philippe Mathieu-Daudé (3):
linux-user/elfload: Remove pointless non-const CPUArchState cast
linux-user: Have do_syscall() use CPUArchState* instead of void*
linux-user: Remove pointless CPU{ARCH}State casts
Richard Henderson (1):
linux-user: Clean up arg_start/arg_end confusion
linux-user/elfload.c | 12 +-
linux-user/include/host/s390/host-signal.h | 7 +
linux-user/linuxload.c | 12 +-
linux-user/main.c | 4 +-
linux-user/qemu.h | 12 +-
linux-user/s390x/signal.c | 5 +
linux-user/strace.c| 202 ++---
linux-user/strace.h| 4 +-
linux-user/syscall.c | 83 +
linux-user/uname.c | 4 +-
linux-user/uname.h | 2 +-
linux-user/user-internals.h| 18 +-
semihosting/arm-compat-semi.c | 4 +-
tests/tcg/s390x/signals-s390x.c| 69 +--
14 files changed, 252 insertions(+), 186 deletions(-)
[PATCH] target/i386/tcg: Fix masking of real-mode addresses with A20 bit
The correct A20 masking is done if paging is enabled (protected mode) but it
seems to have been forgotten in real mode. For example from the AMD64 APM Vol. 2
section 1.2.4:
> If the sum of the segment base and effective address carries over into bit 20,
> that bit can be optionally truncated to mimic the 20-bit address wrapping of
> the
> 8086 processor by using the A20M# input signal to mask the A20 address bit.
Most BIOSes will enable the A20 line on boot, but I found by disabling the A20
line
afterwards, the correct wrapping wasn't taking place.
`handle_mmu_fault' in target/i386/tcg/sysemu/excp_helper.c seems to be the
culprit.
In real mode, it fills the TLB with the raw unmasked address. However, for the
protected mode, the `mmu_translate' function does the correct A20 masking.
The fix then should be to just apply the A20 mask in the first branch of the if
statement.
Signed-off-by: Stephen Michael Jothen
---
target/i386/tcg/sysemu/excp_helper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/i386/tcg/sysemu/excp_helper.c
b/target/i386/tcg/sysemu/excp_helper.c
index e1b6d88683..48feba7e75 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -359,6 +359,7 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int
size,
CPUX86State *env = >env;
int error_code = PG_ERROR_OK;
int pg_mode, prot, page_size;
+int32_t a20_mask;
hwaddr paddr;
hwaddr vaddr;
@@ -368,7 +369,8 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int
size,
#endif
if (!(env->cr[0] & CR0_PG_MASK)) {
-paddr = addr;
+a20_mask = x86_get_a20_mask(env);
+paddr = addr & a20_mask;
#ifdef TARGET_X86_64
if (!(env->hflags & HF_LMA_MASK)) {
/* Without long mode we can only address 32bits in real mode */
--
2.30.1 (Apple Git-130)
Re: [PATCH v2 5/6] hw/isa/piix4: QOM'ify PIIX4 PM creation
On 22/05/2022 22:24, Bernhard Beschow wrote:
Just like the real hardware, create the PIIX4 ACPI controller as part of
the PIIX4 southbridge. This also mirrors how the IDE and USB functions
are already created.
Signed-off-by: Bernhard Beschow
---
hw/isa/piix4.c| 14 +++---
hw/mips/malta.c | 3 ++-
include/hw/southbridge/piix.h | 2 +-
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 4968c69da9..1645f63450 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -206,6 +206,7 @@ static void piix4_realize(PCIDevice *dev, Error **errp)
PIIX4State *s = PIIX4_PCI_DEVICE(dev);
PCIDevice *pci;
PCIBus *pci_bus = pci_get_bus(dev);
+I2CBus *smbus;
ISABus *isa_bus;
qemu_irq *i8259_out_irq;
@@ -252,6 +253,11 @@ static void piix4_realize(PCIDevice *dev, Error **errp)
/* USB */
pci_create_simple(pci_bus, dev->devfn + 2, "piix4-usb-uhci");
+/* ACPI controller */
+smbus = piix4_pm_init(pci_bus, pci->devfn + 3, 0x1100, s->isa[9],
+ NULL, 0, NULL);
+object_property_add_const_link(OBJECT(s), "smbus", OBJECT(smbus));
+
Interesting hack here to expose the smbus so it is available to qdev_get_child_bus(),
but really this is still really working around the fact that piix4_pm_init() itself
should be removed first. Once that is done, you can then use a standard QOM pattern
to initialise the "internal" PCI devices via object_initialize_child() and realize
them in piix4_realize() instead of using pci_create_simple().
Is that something you could take a look at? If not, I may be able to put something
together towards the end of the week. Other than that I think the rest of the series
looks good.
pci_bus_irqs(pci_bus, piix4_set_irq, pci_slot_get_pirq, s,
PIIX_NUM_PIRQS);
}
@@ -301,7 +307,7 @@ static void piix4_register_types(void)
type_init(piix4_register_types)
-DeviceState *piix4_create(PCIBus *pci_bus, I2CBus **smbus)
+DeviceState *piix4_create(PCIBus *pci_bus)
{
PCIDevice *pci;
DeviceState *dev;
@@ -311,11 +317,5 @@ DeviceState *piix4_create(PCIBus *pci_bus, I2CBus **smbus)
TYPE_PIIX4_PCI_DEVICE);
dev = DEVICE(pci);
-if (smbus) {
-*smbus = piix4_pm_init(pci_bus, devfn + 3, 0x1100,
- qdev_get_gpio_in_named(dev, "isa", 9),
- NULL, 0, NULL);
-}
-
return dev;
}
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index e446b25ad0..b0fc84ccbb 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1399,8 +1399,9 @@ void mips_malta_init(MachineState *machine)
empty_slot_init("GT64120", 0, 0x2000);
/* Southbridge */
-dev = piix4_create(pci_bus, );
+dev = piix4_create(pci_bus);
isa_bus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
+smbus = I2C_BUS(qdev_get_child_bus(dev, "smbus"));
/* Interrupt controller */
qdev_connect_gpio_out_named(dev, "intr", 0, i8259_irq);
diff --git a/include/hw/southbridge/piix.h b/include/hw/southbridge/piix.h
index 0bec7f8ca3..2c21359efa 100644
--- a/include/hw/southbridge/piix.h
+++ b/include/hw/southbridge/piix.h
@@ -76,6 +76,6 @@ DECLARE_INSTANCE_CHECKER(PIIX3State, PIIX3_PCI_DEVICE,
PIIX3State *piix3_create(PCIBus *pci_bus);
-DeviceState *piix4_create(PCIBus *pci_bus, I2CBus **smbus);
+DeviceState *piix4_create(PCIBus *pci_bus);
#endif
ATB,
Mark.
[PATCH] target/arm/hvf: Fix build failure due to missing cpregs.h header file
cpregs.h was previously split out from cpu.h into a separate file, but I think this was forgotten to be included in hvf.c. I got a build failure when trying to build on Apple Silicon: [...] ../target/arm/hvf/hvf.c:591:33: error: use of undeclared identifier 'ARM_CP_NO_RAW' assert(!(ri->type & ARM_CP_NO_RAW)); Signed-off-by: Stephen Michael Jothen --- target/arm/hvf/hvf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index 86710509d2..6ecf4669a0 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -26,6 +26,7 @@ #include "sysemu/cpus.h" #include "arm-powerctl.h" #include "target/arm/cpu.h" +#include "target/arm/cpregs.h" #include "target/arm/internals.h" #include "trace/trace-target_arm_hvf.h" #include "migration/vmstate.h" -- 2.30.1 (Apple Git-130)
[PATCH] target/arm/hvf: Include missing "cpregs.h"
From: Philippe Mathieu-Daudé
Fix when building HVF on macOS Aarch64:
target/arm/hvf/hvf.c:586:15: error: unknown type name 'ARMCPRegInfo'; did you
mean 'ARMCPUInfo'?
const ARMCPRegInfo *ri;
^~~~
ARMCPUInfo
target/arm/cpu-qom.h:38:3: note: 'ARMCPUInfo' declared here
} ARMCPUInfo;
^
target/arm/hvf/hvf.c:589:14: error: implicit declaration of function
'get_arm_cp_reginfo' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, key);
^
target/arm/hvf/hvf.c:589:12: warning: incompatible integer to pointer
conversion assigning to 'const ARMCPUInfo *' (aka 'const struct ARMCPUInfo *')
from 'int' [-Wint-conversion]
ri = get_arm_cp_reginfo(arm_cpu->cp_regs, key);
^ ~
target/arm/hvf/hvf.c:591:26: error: no member named 'type' in 'struct
ARMCPUInfo'
assert(!(ri->type & ARM_CP_NO_RAW));
~~ ^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h:99:25:
note: expanded from macro 'assert'
(__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __ASSERT_FILE_NAME,
__LINE__, #e) : (void)0)
^
target/arm/hvf/hvf.c:591:33: error: use of undeclared identifier
'ARM_CP_NO_RAW'
assert(!(ri->type & ARM_CP_NO_RAW));
^
1 warning and 4 errors generated.
Fixes: cf7c6d1004 ("target/arm: Split out cpregs.h")
Reported-by: Duncan Bayne
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1029
Signed-off-by: Philippe Mathieu-Daudé
---
target/arm/hvf/hvf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 86710509d2..1fdc5eef92 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -17,6 +17,7 @@
#include "sysemu/hvf_int.h"
#include "sysemu/hw_accel.h"
#include "hvf_arm.h"
+#include "cpregs.h"
#include
--
2.36.1
[PATCH] gitlab-ci: add meson JUnit test result into report
From: Marc-André Lureau Signed-off-by: Marc-André Lureau --- .gitlab-ci.d/buildtest-template.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml index dc6d67aacf..b381345dbc 100644 --- a/.gitlab-ci.d/buildtest-template.yml +++ b/.gitlab-ci.d/buildtest-template.yml @@ -44,6 +44,8 @@ expire_in: 7 days paths: - build/meson-logs/testlog.txt +reports: + junit: build/meson-logs/testlog.junit.xml .avocado_test_job_template: extends: .common_test_job_template -- 2.36.1
[PATCH v3 2/6] hw/acpi/viot: move the individual PCI host bridge entry generation to a new function
Instead of generating each table entry inline, move the individual PCI host
bridge
table entry generation to a separate build_pci_host_range() function.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Ani Sinha
Reviewed-by: Philippe Mathieu-Daudé
---
hw/acpi/viot.c | 48 +++-
1 file changed, 27 insertions(+), 21 deletions(-)
diff --git a/hw/acpi/viot.c b/hw/acpi/viot.c
index a41daded71..5dafcbf5ef 100644
--- a/hw/acpi/viot.c
+++ b/hw/acpi/viot.c
@@ -16,6 +16,31 @@ struct viot_pci_ranges {
uint16_t output_node;
};
+static void build_pci_host_range(GArray *table_data, int min_bus, int max_bus,
+ uint16_t output_node)
+{
+/* Type */
+build_append_int_noprefix(table_data, 1 /* PCI range */, 1);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 1);
+/* Length */
+build_append_int_noprefix(table_data, 24, 2);
+/* Endpoint start */
+build_append_int_noprefix(table_data, PCI_BUILD_BDF(min_bus, 0), 4);
+/* PCI Segment start */
+build_append_int_noprefix(table_data, 0, 2);
+/* PCI Segment end */
+build_append_int_noprefix(table_data, 0, 2);
+/* PCI BDF start */
+build_append_int_noprefix(table_data, PCI_BUILD_BDF(min_bus, 0), 2);
+/* PCI BDF end */
+build_append_int_noprefix(table_data, PCI_BUILD_BDF(max_bus, 0xff), 2);
+/* Output node */
+build_append_int_noprefix(table_data, output_node, 2);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 6);
+}
+
/* Build PCI range for a given PCI host bridge */
static int enumerate_pci_host_bridges(Object *obj, void *opaque)
{
@@ -30,27 +55,8 @@ static int enumerate_pci_host_bridges(Object *obj, void
*opaque)
pci_bus_range(bus, _bus, _bus);
-/* Type */
-build_append_int_noprefix(blob, 1 /* PCI range */, 1);
-/* Reserved */
-build_append_int_noprefix(blob, 0, 1);
-/* Length */
-build_append_int_noprefix(blob, 24, 2);
-/* Endpoint start */
-build_append_int_noprefix(blob, PCI_BUILD_BDF(min_bus, 0), 4);
-/* PCI Segment start */
-build_append_int_noprefix(blob, 0, 2);
-/* PCI Segment end */
-build_append_int_noprefix(blob, 0, 2);
-/* PCI BDF start */
-build_append_int_noprefix(blob, PCI_BUILD_BDF(min_bus, 0), 2);
-/* PCI BDF end */
-build_append_int_noprefix(blob, PCI_BUILD_BDF(max_bus, 0xff), 2);
-/* Output node */
-build_append_int_noprefix(blob, pci_ranges->output_node, 2);
-/* Reserved */
-build_append_int_noprefix(blob, 0, 6);
-
+build_pci_host_range(blob, min_bus, max_bus,
+ pci_ranges->output_node);
pci_ranges->count++;
}
}
--
2.20.1
[PATCH v3 4/6] tests/acpi: virt: allow VIOT acpi table changes
Signed-off-by: Mark Cave-Ayland Acked-by: Ani Sinha Reviewed-by: Philippe Mathieu-Daudé --- tests/qtest/bios-tables-test-allowed-diff.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..8367ffe1d4 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,2 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/virt/VIOT", -- 2.20.1
[PATCH v3 1/6] hw/acpi/viot: rename build_pci_range_node() to enumerate_pci_host_bridges()
This is in preparation for separating out the VIOT ACPI table build from the
PCI host bridge numeration.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Ani Sinha
Reviewed-by: Philippe Mathieu-Daudé
---
hw/acpi/viot.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/acpi/viot.c b/hw/acpi/viot.c
index c1af75206e..a41daded71 100644
--- a/hw/acpi/viot.c
+++ b/hw/acpi/viot.c
@@ -17,7 +17,7 @@ struct viot_pci_ranges {
};
/* Build PCI range for a given PCI host bridge */
-static int build_pci_range_node(Object *obj, void *opaque)
+static int enumerate_pci_host_bridges(Object *obj, void *opaque)
{
struct viot_pci_ranges *pci_ranges = opaque;
GArray *blob = pci_ranges->blob;
@@ -78,7 +78,7 @@ void build_viot(MachineState *ms, GArray *table_data,
BIOSLinker *linker,
};
/* Build the list of PCI ranges that this viommu manages */
-object_child_foreach_recursive(OBJECT(ms), build_pci_range_node,
+object_child_foreach_recursive(OBJECT(ms), enumerate_pci_host_bridges,
_ranges);
/* ACPI table header */
--
2.20.1
[PATCH v3 5/6] hw/acpi/viot: sort VIOT ACPI table entries by PCI host bridge min_bus
This ensures that the VIOT ACPI table output is always stable for a given PCI
topology by ensuring that entries are ordered according to min_bus.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Ani Sinha
Reviewed-by: Philippe Mathieu-Daudé
---
hw/acpi/viot.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/hw/acpi/viot.c b/hw/acpi/viot.c
index c32bbdd180..4e0bf69067 100644
--- a/hw/acpi/viot.c
+++ b/hw/acpi/viot.c
@@ -64,6 +64,20 @@ static int enumerate_pci_host_bridges(Object *obj, void
*opaque)
return 0;
}
+static gint pci_host_range_compare(gconstpointer a, gconstpointer b)
+{
+struct viot_pci_host_range *range_a = (struct viot_pci_host_range *)a;
+struct viot_pci_host_range *range_b = (struct viot_pci_host_range *)b;
+
+if (range_a->min_bus < range_b->min_bus) {
+return -1;
+} else if (range_a->min_bus > range_b->min_bus) {
+return 1;
+} else {
+return 0;
+}
+}
+
/*
* Generate a VIOT table with one PCI-based virtio-iommu that manages PCI
* endpoints.
@@ -87,6 +101,9 @@ void build_viot(MachineState *ms, GArray *table_data,
BIOSLinker *linker,
object_child_foreach_recursive(OBJECT(ms), enumerate_pci_host_bridges,
pci_host_ranges);
+/* Sort the pci host ranges by min_bus */
+g_array_sort(pci_host_ranges, pci_host_range_compare);
+
/* ACPI table header */
acpi_table_begin(, table_data);
/* Node count */
--
2.20.1
[PATCH v3 6/6] tests/acpi: virt: update golden masters for VIOT
Differences between disassembled ASL files for VIOT: +++ /tmp/asl-V69GM1.dsl 2022-05-18 10:22:27.239796759 +0100 @@ -36,11 +36,11 @@ [041h 0065 1] Reserved : 00 [042h 0066 2] Length : 0018 -[044h 0068 4] Endpoint start : 3000 +[044h 0068 4] Endpoint start : 1000 [048h 0072 2]PCI Segment start : [04Ah 0074 2] PCI Segment end : -[04Ch 0076 2]PCI BDF start : 3000 -[04Eh 0078 2] PCI BDF end : 30FF +[04Ch 0076 2]PCI BDF start : 1000 +[04Eh 0078 2] PCI BDF end : 10FF [050h 0080 2] Output node : 0030 [052h 0082 6] Reserved : @@ -48,11 +48,11 @@ [059h 0089 1] Reserved : 00 [05Ah 0090 2] Length : 0018 -[05Ch 0092 4] Endpoint start : 1000 +[05Ch 0092 4] Endpoint start : 3000 [060h 0096 2]PCI Segment start : [062h 0098 2] PCI Segment end : -[064h 0100 2]PCI BDF start : 1000 -[066h 0102 2] PCI BDF end : 10FF +[064h 0100 2]PCI BDF start : 3000 +[066h 0102 2] PCI BDF end : 30FF [068h 0104 2] Output node : 0030 [06Ah 0106 6] Reserved : @@ -62,6 +62,6 @@ 0010: 42 58 50 43 20 20 20 20 01 00 00 00 42 58 50 43 // BXPCBXPC 0020: 01 00 00 00 03 00 30 00 00 00 00 00 00 00 00 00 // ..0. 0030: 03 00 10 00 00 00 10 00 00 00 00 00 00 00 00 00 // -0040: 01 00 18 00 00 30 00 00 00 00 00 00 00 30 FF 30 // .0...0.0 -0050: 30 00 00 00 00 00 00 00 01 00 18 00 00 10 00 00 // 0... -0060: 00 00 00 00 00 10 FF 10 30 00 00 00 00 00 00 00 // 0... +0040: 01 00 18 00 00 10 00 00 00 00 00 00 00 10 FF 10 // +0050: 30 00 00 00 00 00 00 00 01 00 18 00 00 30 00 00 // 00.. +0060: 00 00 00 00 00 30 FF 30 30 00 00 00 00 00 00 00 // .0.00... Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- tests/data/acpi/q35/VIOT.viot | Bin 112 -> 112 bytes tests/qtest/bios-tables-test-allowed-diff.h | 1 - 2 files changed, 1 deletion(-) diff --git a/tests/data/acpi/q35/VIOT.viot b/tests/data/acpi/q35/VIOT.viot index 9b179266ccbf84f1c250ee646812d17e27987764..275c78fbe8e93190321d957c91c3f17551f865d4 100644 GIT binary patch delta 10 RcmXRYnBY1wR(PU=1OOI`1E2r^ delta 10 RcmXRYnBY1wR(PU=1OOI`1E2r^ diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index 8367ffe1d4..dfb8523c8b 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1,2 +1 @@ /* List of comma-separated changed AML files to ignore */ -"tests/data/acpi/virt/VIOT", -- 2.20.1
[PATCH v3 3/6] hw/acpi/viot: build array of PCI host bridges before generating VIOT ACPI table
Perform the generation of the VIOT ACPI table in 2 separate passes: the first
pass
enumerates all of the PCI host bridges and adds the min_bus and max_bus
information
to an array.
Once this is done the VIOT table header is generated using the size of the array
to calculate the node count, which means it is no longer necessary to use a
sub-array to hold the PCI host bridge range information along with viommu_off.
Finally the PCI host bridge array is iterated again to add the required entries
to the final VIOT ACPI table.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Ani Sinha
Reviewed-by: Philippe Mathieu-Daudé
---
hw/acpi/viot.c | 42 --
1 file changed, 24 insertions(+), 18 deletions(-)
diff --git a/hw/acpi/viot.c b/hw/acpi/viot.c
index 5dafcbf5ef..c32bbdd180 100644
--- a/hw/acpi/viot.c
+++ b/hw/acpi/viot.c
@@ -10,10 +10,9 @@
#include "hw/pci/pci.h"
#include "hw/pci/pci_host.h"
-struct viot_pci_ranges {
-GArray *blob;
-size_t count;
-uint16_t output_node;
+struct viot_pci_host_range {
+int min_bus;
+int max_bus;
};
static void build_pci_host_range(GArray *table_data, int min_bus, int max_bus,
@@ -44,8 +43,7 @@ static void build_pci_host_range(GArray *table_data, int
min_bus, int max_bus,
/* Build PCI range for a given PCI host bridge */
static int enumerate_pci_host_bridges(Object *obj, void *opaque)
{
-struct viot_pci_ranges *pci_ranges = opaque;
-GArray *blob = pci_ranges->blob;
+GArray *pci_host_ranges = opaque;
if (object_dynamic_cast(obj, TYPE_PCI_HOST_BRIDGE)) {
PCIBus *bus = PCI_HOST_BRIDGE(obj)->bus;
@@ -55,9 +53,11 @@ static int enumerate_pci_host_bridges(Object *obj, void
*opaque)
pci_bus_range(bus, _bus, _bus);
-build_pci_host_range(blob, min_bus, max_bus,
- pci_ranges->output_node);
-pci_ranges->count++;
+const struct viot_pci_host_range pci_host_range = {
+.min_bus = min_bus,
+.max_bus = max_bus,
+};
+g_array_append_val(pci_host_ranges, pci_host_range);
}
}
@@ -78,19 +78,19 @@ void build_viot(MachineState *ms, GArray *table_data,
BIOSLinker *linker,
int viommu_off = 48;
AcpiTable table = { .sig = "VIOT", .rev = 0,
.oem_id = oem_id, .oem_table_id = oem_table_id };
-struct viot_pci_ranges pci_ranges = {
-.output_node = viommu_off,
-.blob = g_array_new(false, true /* clear */, 1),
-};
+GArray *pci_host_ranges = g_array_new(false, true,
+ sizeof(struct viot_pci_host_range));
+struct viot_pci_host_range *pci_host_range;
+int i;
/* Build the list of PCI ranges that this viommu manages */
object_child_foreach_recursive(OBJECT(ms), enumerate_pci_host_bridges,
- _ranges);
+ pci_host_ranges);
/* ACPI table header */
acpi_table_begin(, table_data);
/* Node count */
-build_append_int_noprefix(table_data, pci_ranges.count + 1, 2);
+build_append_int_noprefix(table_data, pci_host_ranges->len + 1, 2);
/* Node offset */
build_append_int_noprefix(table_data, viommu_off, 2);
/* Reserved */
@@ -111,9 +111,15 @@ void build_viot(MachineState *ms, GArray *table_data,
BIOSLinker *linker,
build_append_int_noprefix(table_data, 0, 8);
/* PCI ranges found above */
-g_array_append_vals(table_data, pci_ranges.blob->data,
-pci_ranges.blob->len);
-g_array_free(pci_ranges.blob, true);
+for (i = 0; i < pci_host_ranges->len; i++) {
+pci_host_range = _array_index(pci_host_ranges,
+struct viot_pci_host_range, i);
+
+build_pci_host_range(table_data, pci_host_range->min_bus,
+ pci_host_range->max_bus, viommu_off);
+}
+
+g_array_free(pci_host_ranges, true);
acpi_table_end(linker, );
}
--
2.20.1
[PATCH v3 0/6] hw/acpi/viot: generate stable VIOT ACPI tables
I was working away at some improvements for PS2 devices when I noticed that one small change to the instantiation of a PS2 mouse device caused a regression in tests/qtest/bios-tables-test, specifically the /x86_64/acpi/q35/viot subtest. Closer examination of the failed test output showed the problem was that the order of the PCI host bridge entries had changed within the table causing the generated binary to fail to match the version in tests/data/acpi/q35/VIOT.viot. The error occurs because there is no guarantee in the order of PCI host bridges being returned from object_child_foreach_recursive() used within hw/acpi/viot.c's build_viot() function, so any change to the QOM tree can potentially change the generated ACPI VIOT table ordering and cause the regression tests to fail. Fortunately the solution is fairly easy: change build_viot() to build an array of PCI host bridges and then sort them first before generating the final ACPI VIOT table. I've chosen to sort the PCI host bridges based upon the min_bus number which seems to work okay here. The changes in this patchset were heavily inspired by the build_iort() function in hw/arm/virt-acpi-build.c which already does the right thing here. Patches 1-5 make the required changes before patch 6 updates the VIOT binary to match the updated ACPI VIOT table ordering. Signed-off-by: Mark Cave-Ayland v3: - Rebase onto master - Add Reviewed-by tag from Ani in patch 1 - Declare struct viot_pci_host_range as const in enumerate_pci_host_bridges() in patch 3 - Add Reviewed-by tags for the series from Phil v2: - Rebase onto master - Rename pci_host_bridges() to enumerate_pci_host_bridges() in patch 1 - Change return type of pci_host_range_compare() from int to gint in patch 5 - Tweak subject line in patch 5: s/PCI host bus/PCI host bridge/ - Add Acked-by and Reviewed-by tags from Ani Mark Cave-Ayland (6): hw/acpi/viot: rename build_pci_range_node() to enumerate_pci_host_bridges() hw/acpi/viot: move the individual PCI host bridge entry generation to a new function hw/acpi/viot: build array of PCI host bridges before generating VIOT ACPI table tests/acpi: virt: allow VIOT acpi table changes hw/acpi/viot: sort VIOT ACPI table entries by PCI host bridge min_bus tests/acpi: virt: update golden masters for VIOT hw/acpi/viot.c| 107 +- tests/data/acpi/q35/VIOT.viot | Bin 112 -> 112 bytes 2 files changed, 68 insertions(+), 39 deletions(-) -- 2.20.1
Re: [PATCH v2 04/15] include/hw/virtio: document vhost_ack_features
On Tue, May 24, 2022 at 04:40:45PM +0100, Alex Bennée wrote: > Signed-off-by: Alex Bennée > --- > include/hw/virtio/vhost.h | 10 ++ > 1 file changed, 10 insertions(+) Reviewed-by: Stefan Hajnoczi signature.asc Description: PGP signature
Re: [PATCH v2 03/15] include/hw/virtio: document vhost_get_features
On Tue, May 24, 2022 at 04:40:44PM +0100, Alex Bennée wrote: > Signed-off-by: Alex Bennée > --- > include/hw/virtio/vhost.h | 11 +++ > 1 file changed, 11 insertions(+) Reviewed-by: Stefan Hajnoczi signature.asc Description: PGP signature
Re: [PATCH v9 08/12] target/hexagon: import flex/bison to docker files
Richard Henderson writes: > On 5/25/22 05:29, Anton Johansson wrote: >> For clarity's sake, here are the exact steps taken to produce this patch: >> 1. Update QEMU's libvirt-ci to the commit >> https://gitlab.com/libvirt/libvirt-ci/-/commit/43927ff508e8ecb1ac225dabbc95b37c890db917 >> which adds flex/bison, and a native glib2 (required since >> idef-parser >> is a build-time tool.) > > This must be split out -- submodule updates should be a patch by > themselves. Otherwise it can look like unintentional rebase breakage > (which, sadly, happens more often than legitimate submodule updates). > >> 2. Copy in new `tests/lcitool/projects/qemu.yml` from `libvirt-ci` >> 3. run `tests/lcitool/refresh` to generate new docker/cirrus >> files > > And, yes, having one patch that's simply auto-generated is helpful. To quote danpb: danpb: should our tests/lcitool/projects/qemu.yml match the one in the lcitool repo or are they different use cases? the one in libvirt-ci.git should be deleted really the one in qemu.git is the source of truth so please just update the qemu.git qemu.yml for just what you need for flex/bison without bringing in all the other (stale?) stuff. > > > r~ -- Alex Bennée
Re: [PATCH v2 01/15] contrib/vhost-user-blk: fix 32 bit build and enable
On Tue, May 24, 2022 at 04:40:42PM +0100, Alex Bennée wrote: > We were not building the vhost-user-blk server due to 32 bit > compilation problems. The problem was due to format string types so > fix that and then enable the build. Tweak the rule to follow the same > rules as other vhost-user daemons. > > Signed-off-by: Alex Bennée > Message-Id: <20220321153037.3622127-12-alex.ben...@linaro.org> > --- > meson.build | 2 +- > contrib/vhost-user-blk/vhost-user-blk.c | 6 +++--- > contrib/vhost-user-blk/meson.build | 3 +-- > 3 files changed, 5 insertions(+), 6 deletions(-) Reviewed-by: Stefan Hajnoczi signature.asc Description: PGP signature
[PULL 15/15] hw/arm/aspeed: Add i2c devices for AST2600 EVB
From: Howard Chiu
Add EEPROM and LM75 temperature sensor according to hardware schematic
Signed-off-by: Howard Chiu
Reviewed-by: Cédric Le Goater
Signed-off-by: Cédric Le Goater
---
hw/arm/aspeed.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 725c169488dc..98dc185acd9a 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -527,8 +527,15 @@ static void ast2500_evb_i2c_init(AspeedMachineState *bmc)
static void ast2600_evb_i2c_init(AspeedMachineState *bmc)
{
-/* Start with some devices on our I2C busses */
-ast2500_evb_i2c_init(bmc);
+AspeedSoCState *soc = >soc;
+uint8_t *eeprom_buf = g_malloc0(8 * 1024);
+
+smbus_eeprom_init_one(aspeed_i2c_get_bus(>i2c, 7), 0x50,
+ eeprom_buf);
+
+/* LM75 is compatible with TMP105 driver */
+i2c_slave_create_simple(aspeed_i2c_get_bus(>i2c, 8),
+ TYPE_TMP105, 0x4d);
}
static void romulus_bmc_i2c_init(AspeedMachineState *bmc)
--
2.35.3
Re: [PATCH v2 0/1] tests: Bump Fedora image version for cross-compilation
Konstantin Kostiuk writes: > v1 -> v2: Fix spelling in the commit message > v1: https://patchew.org/QEMU/2022052418.922031-1-kkost...@redhat.com/ > > Konstantin Kostiuk (1): > tests: Bump Fedora image version for cross-compilation Queued to testing/next, thanks. -- Alex Bennée
Re: [PULL v2 0/4] qemu-ga patches
On 5/25/22 02:29, Konstantin Kostiuk wrote: The following changes since commit 0cac736e73723850a99e5142e35d14d8f8efb232: Merge tag 'pull-riscv-to-apply-20220525' of github.com:alistair23/qemu into staging (2022-05-24 15:55:12 -0700) are available in the Git repository at: g...@github.com:kostyanf14/qemu.git tags/qga-win32-pull-2022-05-25 for you to fetch changes up to b9a002609fd887447eca8ee10777690d691f91d4: qga-win32: Add support for NVME bus type (2022-05-25 12:12:02 +0300) qga-win32-pull-2022-05-25 v2: - fix Fedora cross-compilation Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate. r~ Konstantin Kostiuk (3): trivial: qga: Log version on start tests: Bump Fedora image version for cross-compilation qga-win32: Add support for NVME bus type luzhipeng (1): qga: add guest-get-diskstats command for Linux guests qga/commands-posix.c | 123 + qga/commands-win32.c | 11 ++ qga/main.c | 2 + qga/qapi-schema.json | 86 ++ tests/docker/dockerfiles/fedora-win32-cross.docker | 2 +- tests/docker/dockerfiles/fedora-win64-cross.docker | 2 +- 6 files changed, 224 insertions(+), 2 deletions(-) -- 2.25.1
[PULL 13/15] hw/gpio support GPIO index mode for write operation.
From: Jamin Lin
It did not support GPIO index mode for read operation.
Signed-off-by: Jamin Lin
Reviewed-by: Cédric Le Goater
Message-Id: <20220525053444.27228-4-jamin_...@aspeedtech.com>
Signed-off-by: Cédric Le Goater
---
include/hw/gpio/aspeed_gpio.h | 14 +++
hw/gpio/aspeed_gpio.c | 168 ++
2 files changed, 182 insertions(+)
diff --git a/include/hw/gpio/aspeed_gpio.h b/include/hw/gpio/aspeed_gpio.h
index 6dee3cd43893..41b36524d062 100644
--- a/include/hw/gpio/aspeed_gpio.h
+++ b/include/hw/gpio/aspeed_gpio.h
@@ -50,6 +50,20 @@ enum GPIORegType {
gpio_reg_input_mask,
};
+/* GPIO index mode */
+enum GPIORegIndexType {
+gpio_reg_idx_data = 0,
+gpio_reg_idx_direction,
+gpio_reg_idx_interrupt,
+gpio_reg_idx_debounce,
+gpio_reg_idx_tolerance,
+gpio_reg_idx_cmd_src,
+gpio_reg_idx_input_mask,
+gpio_reg_idx_reserved,
+gpio_reg_idx_new_w_cmd_src,
+gpio_reg_idx_new_r_cmd_src,
+};
+
typedef struct AspeedGPIOReg {
uint16_t set_idx;
enum GPIORegType type;
diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
index 5138fe812b9e..c834bf19f5ce 100644
--- a/hw/gpio/aspeed_gpio.c
+++ b/hw/gpio/aspeed_gpio.c
@@ -16,6 +16,7 @@
#include "hw/irq.h"
#include "migration/vmstate.h"
#include "trace.h"
+#include "hw/registerfields.h"
#define GPIOS_PER_GROUP 8
@@ -204,6 +205,28 @@
#define GPIO_1_8V_MEM_SIZE0x1D8
#define GPIO_1_8V_REG_ARRAY_SIZE (GPIO_1_8V_MEM_SIZE >> 2)
+/*
+ * GPIO index mode support
+ * It only supports write operation
+ */
+REG32(GPIO_INDEX_REG, 0x2AC)
+FIELD(GPIO_INDEX_REG, NUMBER, 0, 8)
+FIELD(GPIO_INDEX_REG, COMMAND, 12, 1)
+FIELD(GPIO_INDEX_REG, TYPE, 16, 4)
+FIELD(GPIO_INDEX_REG, DATA_VALUE, 20, 1)
+FIELD(GPIO_INDEX_REG, DIRECTION, 20, 1)
+FIELD(GPIO_INDEX_REG, INT_ENABLE, 20, 1)
+FIELD(GPIO_INDEX_REG, INT_SENS_0, 21, 1)
+FIELD(GPIO_INDEX_REG, INT_SENS_1, 22, 1)
+FIELD(GPIO_INDEX_REG, INT_SENS_2, 23, 1)
+FIELD(GPIO_INDEX_REG, INT_STATUS, 24, 1)
+FIELD(GPIO_INDEX_REG, DEBOUNCE_1, 20, 1)
+FIELD(GPIO_INDEX_REG, DEBOUNCE_2, 21, 1)
+FIELD(GPIO_INDEX_REG, RESET_TOLERANT, 20, 1)
+FIELD(GPIO_INDEX_REG, COMMAND_SRC_0, 20, 1)
+FIELD(GPIO_INDEX_REG, COMMAND_SRC_1, 21, 1)
+FIELD(GPIO_INDEX_REG, INPUT_MASK, 20, 1)
+
static int aspeed_evaluate_irq(GPIOSets *regs, int gpio_prev_high, int gpio)
{
uint32_t falling_edge = 0, rising_edge = 0;
@@ -596,6 +619,144 @@ static uint64_t aspeed_gpio_read(void *opaque, hwaddr
offset, uint32_t size)
return value;
}
+static void aspeed_gpio_write_index_mode(void *opaque, hwaddr offset,
+uint64_t data, uint32_t size)
+{
+
+AspeedGPIOState *s = ASPEED_GPIO(opaque);
+AspeedGPIOClass *agc = ASPEED_GPIO_GET_CLASS(s);
+const GPIOSetProperties *props;
+GPIOSets *set;
+uint32_t reg_idx_number = FIELD_EX32(data, GPIO_INDEX_REG, NUMBER);
+uint32_t reg_idx_type = FIELD_EX32(data, GPIO_INDEX_REG, TYPE);
+uint32_t reg_idx_command = FIELD_EX32(data, GPIO_INDEX_REG, COMMAND);
+uint32_t set_idx = reg_idx_number / ASPEED_GPIOS_PER_SET;
+uint32_t pin_idx = reg_idx_number % ASPEED_GPIOS_PER_SET;
+uint32_t group_idx = pin_idx / GPIOS_PER_GROUP;
+uint32_t reg_value = 0;
+uint32_t cleared;
+
+set = >sets[set_idx];
+props = >props[set_idx];
+
+if (reg_idx_command)
+qemu_log_mask(LOG_GUEST_ERROR, "%s: offset 0x%" PRIx64 "data 0x%"
+PRIx64 "index mode wrong command 0x%x\n",
+__func__, offset, data, reg_idx_command);
+
+switch (reg_idx_type) {
+case gpio_reg_idx_data:
+reg_value = set->data_read;
+reg_value = deposit32(reg_value, pin_idx, 1,
+ FIELD_EX32(data, GPIO_INDEX_REG, DATA_VALUE));
+reg_value &= props->output;
+reg_value = update_value_control_source(set, set->data_value,
+reg_value);
+set->data_read = reg_value;
+aspeed_gpio_update(s, set, reg_value);
+return;
+case gpio_reg_idx_direction:
+reg_value = set->direction;
+reg_value = deposit32(reg_value, pin_idx, 1,
+ FIELD_EX32(data, GPIO_INDEX_REG, DIRECTION));
+/*
+ * where data is the value attempted to be written to the pin:
+ *pin type | input mask | output mask | expected value
+ *
+ * bidirectional | 1 | 1| data
+ * input only | 1 | 0| 0
+ * output only| 0 | 1| 1
+ * no pin | 0 | 0| 0
+ *
+ * which is captured by:
+ * data = ( data | ~input) & output;
+ */
+reg_value = (reg_value | ~props->input) & props->output;
+
[PULL 11/15] hw/gpio Add GPIO read/write trace event.
From: Jamin Lin
Add GPIO read/write trace event for aspeed model.
Signed-off-by: Jamin Lin
Reviewed-by: Cédric Le Goater
Message-Id: <20220525053444.27228-2-jamin_...@aspeedtech.com>
Signed-off-by: Cédric Le Goater
---
hw/gpio/aspeed_gpio.c | 54 +++
hw/gpio/trace-events | 4
2 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
index 9b736e7a9f26..4620ea8e8b83 100644
--- a/hw/gpio/aspeed_gpio.c
+++ b/hw/gpio/aspeed_gpio.c
@@ -15,6 +15,7 @@
#include "qapi/visitor.h"
#include "hw/irq.h"
#include "migration/vmstate.h"
+#include "trace.h"
#define GPIOS_PER_GROUP 8
@@ -523,11 +524,15 @@ static uint64_t aspeed_gpio_read(void *opaque, hwaddr
offset, uint32_t size)
uint64_t idx = -1;
const AspeedGPIOReg *reg;
GPIOSets *set;
+uint32_t value = 0;
+uint64_t debounce_value;
idx = offset >> 2;
if (idx >= GPIO_DEBOUNCE_TIME_1 && idx <= GPIO_DEBOUNCE_TIME_3) {
idx -= GPIO_DEBOUNCE_TIME_1;
-return (uint64_t) s->debounce_regs[idx];
+debounce_value = (uint64_t) s->debounce_regs[idx];
+trace_aspeed_gpio_read(offset, debounce_value);
+return debounce_value;
}
reg = >reg_table[idx];
@@ -540,38 +545,55 @@ static uint64_t aspeed_gpio_read(void *opaque, hwaddr
offset, uint32_t size)
set = >sets[reg->set_idx];
switch (reg->type) {
case gpio_reg_data_value:
-return set->data_value;
+value = set->data_value;
+break;
case gpio_reg_direction:
-return set->direction;
+value = set->direction;
+break;
case gpio_reg_int_enable:
-return set->int_enable;
+value = set->int_enable;
+break;
case gpio_reg_int_sens_0:
-return set->int_sens_0;
+value = set->int_sens_0;
+break;
case gpio_reg_int_sens_1:
-return set->int_sens_1;
+value = set->int_sens_1;
+break;
case gpio_reg_int_sens_2:
-return set->int_sens_2;
+value = set->int_sens_2;
+break;
case gpio_reg_int_status:
-return set->int_status;
+value = set->int_status;
+break;
case gpio_reg_reset_tolerant:
-return set->reset_tol;
+value = set->reset_tol;
+break;
case gpio_reg_debounce_1:
-return set->debounce_1;
+value = set->debounce_1;
+break;
case gpio_reg_debounce_2:
-return set->debounce_2;
+value = set->debounce_2;
+break;
case gpio_reg_cmd_source_0:
-return set->cmd_source_0;
+value = set->cmd_source_0;
+break;
case gpio_reg_cmd_source_1:
-return set->cmd_source_1;
+value = set->cmd_source_1;
+break;
case gpio_reg_data_read:
-return set->data_read;
+value = set->data_read;
+break;
case gpio_reg_input_mask:
-return set->input_mask;
+value = set->input_mask;
+break;
default:
qemu_log_mask(LOG_GUEST_ERROR, "%s: no getter for offset 0x%"
HWADDR_PRIx"\n", __func__, offset);
return 0;
}
+
+trace_aspeed_gpio_read(offset, value);
+return value;
}
static void aspeed_gpio_write(void *opaque, hwaddr offset, uint64_t data,
@@ -585,6 +607,8 @@ static void aspeed_gpio_write(void *opaque, hwaddr offset,
uint64_t data,
GPIOSets *set;
uint32_t cleared;
+trace_aspeed_gpio_write(offset, data);
+
idx = offset >> 2;
if (idx >= GPIO_DEBOUNCE_TIME_1 && idx <= GPIO_DEBOUNCE_TIME_3) {
idx -= GPIO_DEBOUNCE_TIME_1;
diff --git a/hw/gpio/trace-events b/hw/gpio/trace-events
index 1dab99c5604d..9736b362ac18 100644
--- a/hw/gpio/trace-events
+++ b/hw/gpio/trace-events
@@ -27,3 +27,7 @@ sifive_gpio_read(uint64_t offset, uint64_t r) "offset 0x%"
PRIx64 " value 0x%" P
sifive_gpio_write(uint64_t offset, uint64_t value) "offset 0x%" PRIx64 " value
0x%" PRIx64
sifive_gpio_set(int64_t line, int64_t value) "line %" PRIi64 " value %" PRIi64
sifive_gpio_update_output_irq(int64_t line, int64_t value) "line %" PRIi64 "
value %" PRIi64
+
+# aspeed_gpio.c
+aspeed_gpio_read(uint64_t offset, uint64_t value) "offset: 0x%" PRIx64 " value
0x%" PRIx64
+aspeed_gpio_write(uint64_t offset, uint64_t value) "offset: 0x%" PRIx64 "
value 0x%" PRIx64
--
2.35.3
Re: [PATCH v2 15/15] tests/qtest: enable tests for virtio-gpio
On Tue, May 24, 2022 at 04:40:56PM +0100, Alex Bennée wrote:
> We don't have a virtio-gpio implementation in QEMU and only
> support a vhost-user backend. The QEMU side of the code is minimal so
> it should be enough to instantiate the device and pass some vhost-user
> messages over the control socket. To do this we hook into the existing
> vhost-user-test code and just add the bits required for gpio.
>
> Signed-off-by: Alex Bennée
> Cc: Viresh Kumar
> Cc: Paolo Bonzini
> Cc: Eric Auger
> Message-Id: <20220408155704.2777166-1-alex.ben...@linaro.org>
>
> ---
> v2
> - add more of the missing boilerplate
> - don't request LOG_SHMD
> - use get_features op
> - report VIRTIO_F_VERSION_1
> - more comments
> ---
> tests/qtest/libqos/virtio-gpio.h | 35 +++
> tests/qtest/libqos/virtio-gpio.c | 171 +++
> tests/qtest/libqos/virtio.c | 2 +-
> tests/qtest/vhost-user-test.c| 66
> tests/qtest/libqos/meson.build | 1 +
> 5 files changed, 274 insertions(+), 1 deletion(-)
> create mode 100644 tests/qtest/libqos/virtio-gpio.h
> create mode 100644 tests/qtest/libqos/virtio-gpio.c
>
> diff --git a/tests/qtest/libqos/virtio-gpio.h
> b/tests/qtest/libqos/virtio-gpio.h
> new file mode 100644
> index 00..f11d41bd19
> --- /dev/null
> +++ b/tests/qtest/libqos/virtio-gpio.h
> @@ -0,0 +1,35 @@
> +/*
> + * virtio-gpio structures
> + *
> + * Copyright (c) 2022 Linaro Ltd
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#ifndef TESTS_LIBQOS_VIRTIO_GPIO_H
> +#define TESTS_LIBQOS_VIRTIO_GPIO_H
> +
> +#include "qgraph.h"
> +#include "virtio.h"
> +#include "virtio-pci.h"
> +
> +typedef struct QVhostUserGPIO QVhostUserGPIO;
> +typedef struct QVhostUserGPIOPCI QVhostUserGPIOPCI;
> +typedef struct QVhostUserGPIODevice QVhostUserGPIODevice;
> +
> +struct QVhostUserGPIO {
> +QVirtioDevice *vdev;
> +QVirtQueue **queues;
> +};
> +
> +struct QVhostUserGPIOPCI {
> +QVirtioPCIDevice pci_vdev;
> +QVhostUserGPIO gpio;
> +};
> +
> +struct QVhostUserGPIODevice {
> +QOSGraphObject obj;
> +QVhostUserGPIO gpio;
> +};
> +
> +#endif
> diff --git a/tests/qtest/libqos/virtio-gpio.c
> b/tests/qtest/libqos/virtio-gpio.c
> new file mode 100644
> index 00..762aa6695b
> --- /dev/null
> +++ b/tests/qtest/libqos/virtio-gpio.c
> @@ -0,0 +1,171 @@
> +/*
> + * virtio-gpio nodes for testing
> + *
> + * Copyright (c) 2022 Linaro Ltd
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#include "qemu/osdep.h"
> +#include "standard-headers/linux/virtio_config.h"
> +#include "../libqtest.h"
> +#include "qemu/module.h"
> +#include "qgraph.h"
> +#include "virtio-gpio.h"
> +
> +static QGuestAllocator *alloc;
> +
> +static void virtio_gpio_cleanup(QVhostUserGPIO *gpio)
> +{
> +QVirtioDevice *vdev = gpio->vdev;
> +int i;
> +
> +for (i = 0; i < 2; i++) {
> +qvirtqueue_cleanup(vdev->bus, gpio->queues[i], alloc);
> +}
> +g_free(gpio->queues);
> +}
> +
> +/*
> + * This handles the VirtIO setup from the point of view of the driver
> + * frontend and therefor doesn't present any vhost specific features
> + * and in fact masks of the re-used bit.
> + */
> +static void virtio_gpio_setup(QVhostUserGPIO *gpio)
> +{
> +QVirtioDevice *vdev = gpio->vdev;
> +uint64_t features;
> +int i;
> +
> +features = qvirtio_get_features(vdev);
> +features &= ~QVIRTIO_F_BAD_FEATURE;
This looks questionable. qvirtio_get_features() should return VIRTIO
feature bits. Is QVIRTIO_F_BAD_FEATURE masked out here because
qvirtio_get_features() is returning raw vhost-user feature bits instead
and you want to get rid of VHOST_USER_F_PROTOCOL_FEATURES?
signature.asc
Description: PGP signature
Re: [PATCH v2 00/15] virtio-gpio and various virtio cleanups
On Tue, May 24, 2022 at 04:40:41PM +0100, Alex Bennée wrote: > Hi, > > This series ostensibly adds virtio-user-gpio stubs to the build for > use with an external vhost-user daemon. We've been testing it with our > rust daemons from: > > https://github.com/rust-vmm/vhost-device > > Getting the test enabled took some doing most likely because the need > for CONFIG support exercised additional paths in the code that were > not used for the simpler virtio-net tests. As a result the series has > a number of cleanup and documentation patches. > > The final thing that needed fixing was the ensuring that > VHOST_USER_F_PROTOCOL_FEATURES didn't get squashed in the negotiation > process. This was the hardest thing to track down as we store the > feature bits in several places variously as: > > in VirtIODevice as: > uint64_t guest_features; > uint64_t host_features; > uint64_t backend_features; None of these know about VHOST_USER_F_PROTOCOL_FEATURES and vhost-user's unfiltered feature bits should never be passed to VirtIODevice. > > in vhost_dev as: > uint64_t features; > uint64_t acked_features; > uint64_t backend_features; I don't think these should know about VHOST_USER_F_PROTOCOL_FEATURES either. AFAIK vhost_dev deals with VIRTIO feature bits, not raw vhost-user GET_FEATURES. Stefan signature.asc Description: PGP signature
[PULL 06/15] hw: aspeed: Add missing UART's
From: Peter Delevoryas
This adds the missing UART memory and IRQ mappings for the AST2400, AST2500,
AST2600, and AST1030.
This also includes the new UART interfaces added in the AST2600 and AST1030
from UART6 to UART13. The addresses and interrupt numbers for these two
later chips are identical.
Signed-off-by: Peter Delevoryas
Reviewed-by: Cédric Le Goater
Message-Id: <20220516062328.298336-2-p...@fb.com>
Signed-off-by: Cédric Le Goater
---
include/hw/arm/aspeed_soc.h | 8
hw/arm/aspeed_ast10x0.c | 24
hw/arm/aspeed_ast2600.c | 19 +++
hw/arm/aspeed_soc.c | 6 ++
4 files changed, 57 insertions(+)
diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 3789f38603e5..709a78285b59 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -105,6 +105,14 @@ enum {
ASPEED_DEV_UART3,
ASPEED_DEV_UART4,
ASPEED_DEV_UART5,
+ASPEED_DEV_UART6,
+ASPEED_DEV_UART7,
+ASPEED_DEV_UART8,
+ASPEED_DEV_UART9,
+ASPEED_DEV_UART10,
+ASPEED_DEV_UART11,
+ASPEED_DEV_UART12,
+ASPEED_DEV_UART13,
ASPEED_DEV_VUART,
ASPEED_DEV_FMC,
ASPEED_DEV_SPI1,
diff --git a/hw/arm/aspeed_ast10x0.c b/hw/arm/aspeed_ast10x0.c
index 9ae9efaac144..fa2cc4406c0d 100644
--- a/hw/arm/aspeed_ast10x0.c
+++ b/hw/arm/aspeed_ast10x0.c
@@ -33,14 +33,38 @@ static const hwaddr aspeed_soc_ast1030_memmap[] = {
[ASPEED_DEV_SBC] = 0x7E6F2000,
[ASPEED_DEV_GPIO] = 0x7E78,
[ASPEED_DEV_TIMER1]= 0x7E782000,
+[ASPEED_DEV_UART1] = 0x7E783000,
+[ASPEED_DEV_UART2] = 0x7E78D000,
+[ASPEED_DEV_UART3] = 0x7E78E000,
+[ASPEED_DEV_UART4] = 0x7E78F000,
[ASPEED_DEV_UART5] = 0x7E784000,
+[ASPEED_DEV_UART6] = 0x7E79,
+[ASPEED_DEV_UART7] = 0x7E790100,
+[ASPEED_DEV_UART8] = 0x7E790200,
+[ASPEED_DEV_UART9] = 0x7E790300,
+[ASPEED_DEV_UART10]= 0x7E790400,
+[ASPEED_DEV_UART11]= 0x7E790500,
+[ASPEED_DEV_UART12]= 0x7E790600,
+[ASPEED_DEV_UART13]= 0x7E790700,
[ASPEED_DEV_WDT] = 0x7E785000,
[ASPEED_DEV_LPC] = 0x7E789000,
[ASPEED_DEV_I2C] = 0x7E7B,
};
static const int aspeed_soc_ast1030_irqmap[] = {
+[ASPEED_DEV_UART1] = 47,
+[ASPEED_DEV_UART2] = 48,
+[ASPEED_DEV_UART3] = 49,
+[ASPEED_DEV_UART4] = 50,
[ASPEED_DEV_UART5] = 8,
+[ASPEED_DEV_UART6] = 57,
+[ASPEED_DEV_UART7] = 58,
+[ASPEED_DEV_UART8] = 59,
+[ASPEED_DEV_UART9] = 60,
+[ASPEED_DEV_UART10]= 61,
+[ASPEED_DEV_UART11]= 62,
+[ASPEED_DEV_UART12]= 63,
+[ASPEED_DEV_UART13]= 64,
[ASPEED_DEV_GPIO] = 11,
[ASPEED_DEV_TIMER1]= 16,
[ASPEED_DEV_TIMER2]= 17,
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 4161a0cc4bbe..f3ecc0f3b7c0 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -61,7 +61,18 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
[ASPEED_DEV_IBT] = 0x1E789140,
[ASPEED_DEV_I2C] = 0x1E78A000,
[ASPEED_DEV_UART1] = 0x1E783000,
+[ASPEED_DEV_UART2] = 0x1E78D000,
+[ASPEED_DEV_UART3] = 0x1E78E000,
+[ASPEED_DEV_UART4] = 0x1E78F000,
[ASPEED_DEV_UART5] = 0x1E784000,
+[ASPEED_DEV_UART6] = 0x1E79,
+[ASPEED_DEV_UART7] = 0x1E790100,
+[ASPEED_DEV_UART8] = 0x1E790200,
+[ASPEED_DEV_UART9] = 0x1E790300,
+[ASPEED_DEV_UART10]= 0x1E790400,
+[ASPEED_DEV_UART11]= 0x1E790500,
+[ASPEED_DEV_UART12]= 0x1E790600,
+[ASPEED_DEV_UART13]= 0x1E790700,
[ASPEED_DEV_VUART] = 0x1E787000,
[ASPEED_DEV_I3C] = 0x1E7A,
[ASPEED_DEV_SDRAM] = 0x8000,
@@ -78,6 +89,14 @@ static const int aspeed_soc_ast2600_irqmap[] = {
[ASPEED_DEV_UART3] = 49,
[ASPEED_DEV_UART4] = 50,
[ASPEED_DEV_UART5] = 8,
+[ASPEED_DEV_UART6] = 57,
+[ASPEED_DEV_UART7] = 58,
+[ASPEED_DEV_UART8] = 59,
+[ASPEED_DEV_UART9] = 60,
+[ASPEED_DEV_UART10]= 61,
+[ASPEED_DEV_UART11]= 62,
+[ASPEED_DEV_UART12]= 63,
+[ASPEED_DEV_UART13]= 64,
[ASPEED_DEV_VUART] = 8,
[ASPEED_DEV_FMC] = 39,
[ASPEED_DEV_SDMC] = 0,
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index c339b5c74de5..96bc060680c9 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -48,6 +48,9 @@ static const hwaddr aspeed_soc_ast2400_memmap[] = {
[ASPEED_DEV_ETH1] = 0x1E66,
[ASPEED_DEV_ETH2] = 0x1E68,
[ASPEED_DEV_UART1] = 0x1E783000,
+[ASPEED_DEV_UART2] = 0x1E78D000,
+[ASPEED_DEV_UART3] = 0x1E78E000,
+[ASPEED_DEV_UART4] = 0x1E78F000,
[ASPEED_DEV_UART5] = 0x1E784000,
[ASPEED_DEV_VUART] = 0x1E787000,
[ASPEED_DEV_SDRAM] = 0x4000,
@@ -80,6 +83,9 @@ static const hwaddr
Re: [PATCH v2 02/15] include/hw/virtio: more comment for VIRTIO_F_BAD_FEATURE
On Tue, May 24, 2022 at 04:40:43PM +0100, Alex Bennée wrote: > When debugging a new vhost user you may be surprised to see > VHOST_USER_F_PROTOCOL getting squashed in the maze of > backend_features, acked_features and guest_features. Expand the > description here to help the next poor soul trying to work through > this. > > Signed-off-by: Alex Bennée > --- > include/hw/virtio/virtio.h | 7 ++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h > index db1c0ddf6b..2b2587d324 100644 > --- a/include/hw/virtio/virtio.h > +++ b/include/hw/virtio/virtio.h > @@ -24,7 +24,12 @@ > #include "qom/object.h" > #include "hw/virtio/vhost.h" > > -/* A guest should never accept this. It implies negotiation is broken. */ > +/* > + * A guest should never accept this. It implies negotiation is > + * broken between the driver frontend and the device. This bit is > + * re-used for vhost to advertise VHOST_USER_F_PROTOCOL_FEATURES s/vhost/vhost-user/ > + * between QEMU and a vhost backend. > + */ > #define VIRTIO_F_BAD_FEATURE 30 > > #define VIRTIO_LEGACY_FEATURES ((0x1ULL << VIRTIO_F_BAD_FEATURE) | \ > -- > 2.30.2 > signature.asc Description: PGP signature
Re: [RFC PATCH] python: add qmp-send program to send raw qmp commands to qemu
On Wed, Mar 16, 2022 at 10:54:55AM +0100, Damien Hedde wrote:
> +def raw_load(file: TextIO) -> List[QMPMessage]:
> +"""parse a raw qmp command file.
> +
> +JSON formatted commands can expand on several lines but must
> +be separated by an end-of-line (two commands can not share the
> +same line).
> +File must not end with empty lines.
> +"""
> +cmds: List[QMPMessage] = []
> +linecnt = 0
> +while True:
> +buf = file.readline()
> +if not buf:
> +return cmds
If you change this to 'break'...
> +prev_err_pos = None
> +buf_linecnt = 1
> +while True:
> +try:
> +cmds.append(json.loads(buf))
...and this to
yield json.loads(buf)
then
> +break
> +except json.JSONDecodeError as err:
> +if prev_err_pos == err.pos:
> +# adding a line made no progress so
> +# + either we're at EOF and json data is truncated
> +# + or the parsing error is before
> +raise QmpRawDecodeError(err.msg, linecnt + err.lineno,
> +err.colno) from err
> +prev_err_pos = err.pos
> +buf += file.readline()
> +buf_linecnt += 1
> +linecnt += buf_linecnt
> +
> +
> +def report_error(msg: str) -> None:
> +"""Write an error to stderr."""
> +sys.stderr.write('ERROR: %s\n' % msg)
> +
> +
> +def main() -> None:
> +"""
> +qmp-send entry point: parse command line arguments and start the REPL.
> +"""
> +parser = argparse.ArgumentParser(
> +description="""
> +Send raw qmp commands to qemu as long as they succeed. It either
> +connects to a remote qmp server using the provided socket or wrap
> +the qemu process. It stops sending the provided commands when a
> +command fails (disconnection or error response).
> +""",
> +epilog="""
> +When qemu wrap option is used, this script waits for qemu
> +to terminate but never send any quit or kill command. This
> +needs to be done manually.
> +""")
> +
> +parser.add_argument('-f', '--file', action='store',
> +help='Input file containing the commands')
> +parser.add_argument('-s', '--socket', action='store',
> +help='< UNIX socket path | TCP address:port >')
> +parser.add_argument('-v', '--verbose', action='store_true',
> +help='Verbose (echo commands sent and received)')
> +parser.add_argument('-p', '--pretty', action='store_true',
> +help='Pretty-print JSON')
> +
> +parser.add_argument('--wrap', nargs=argparse.REMAINDER,
> +help='QEMU command line to invoke')
> +
> +args = parser.parse_args()
> +
> +socket = args.socket
> +wrap_qemu = args.wrap is not None
> +
> +if wrap_qemu:
> +if len(args.wrap) != 0:
> +qemu_cmdline = args.wrap
> +else:
> +qemu_cmdline = ["qemu-system-x86_64"]
> +if socket is None:
> +socket = "qmp-send-wrap-%d" % os.getpid()
> +qemu_cmdline += ["-qmp", "unix:%s" % socket]
> +
> +try:
> +address = QMPSend.parse_address(socket)
> +except QMPBadPortError:
> +parser.error(f"Bad port number: {socket}")
> +return # pycharm doesn't know error() is noreturn
> +
> +try:
> +with open(args.file, mode='rt', encoding='utf8') as file:
> +qmp_cmds = raw_load(file)
> +except QmpRawDecodeError as err:
> +report_error(str(err))
> +sys.exit(1)
...change this to
fh = sys.stdin
if args.file is not None and args.file != '-':
fh = open(args.file, mode='rt', encoding='utf8')
> +
> +try:
> +with QMPSend(address, args.pretty, args.verbose,
> + server=wrap_qemu) as qmp:
> +# starting with python 3.7 we could use contextlib.nullcontext
> +qemu = Popen(qemu_cmdline) if wrap_qemu else
> contextlib.suppress()
> +with qemu:
> +try:
> +qmp.setup_connection()
> +except ConnectError as err:
> +if isinstance(err.exc, OSError):
> +report_error(f"Couldn't connect to {socket}:
> {err!s}")
> +else:
> +report_error(str(err))
> +sys.exit(1)
> +try:
> +for cmd in qmp_cmds:
...finally this to
for cmd in raw_load(fh)
This means we can use qmp-send in a pipeline with commands
sent to QEMU on the fly as they arrive, rather than having
to read all the commands upfront before QEMU is started.
BTW, as an example usage I was trying your impl here in the following
way to
