Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900
On Fri, 26 Oct 2018, Richard Henderson wrote: > > Overall this source file is clearly a modified copy of an ancient version > > of the opcode table included with the opcodes library from binutils and I > > think it would benefit from a refresh. > > You can't do that because of GPL v3, sadly. I've been aware of that, however the changes I mentioned are pretty mechanical and can be easily made from scratch by someone them who hasn't looked at binutils, even based on the description I already made. You don't copyright an idea, only actual written code. Maciej
Re: [Qemu-devel] [libvirt] [PATCH 3/3] cirrus: mark as deprecated
On 10/26/2018 11:42 AM, Daniel P. Berrangé wrote: > On Fri, Oct 26, 2018 at 12:33:55PM +0530, P J P wrote: >> Hello Dan, all >> >> +-- On Thu, 25 Oct 2018, Daniel P. Berrangé wrote --+ >> | On Thu, Oct 25, 2018 at 10:52:56AM +0200, Gerd Hoffmann wrote: >> | > While being at it deprecate cirrus too. >> | > >> | > Reason (short version): use stdvga instead. >> | > Verbose version: >> | > >> https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered-harmful >> | >> | >> | I don't debate the points in the blog post above that stdvga is a >> | better choice, but I don't think that's enough to justify deprecating >> | cirrus at this point in time, because when it then gets deleted it >> | will break way too many existing deployments. >> | >> | We need to socialize info in that blog post above more widely and >> | especially ensure that apps are not using that by default. I don't >> | see it being viable to formally deprecate it in QEMU any time soon >> | though given existing usage. >> >> To note, IMO there are other devices/sources in QEMU which are potential >> candidates for deprecation, similar to adlib etc. It'll help if we could >> device a process to deprecate/remove such code base. Other than maintenance >> it >> invariably also becomes source of security issues. >> >> Ex.(similar to Fedora) we could announce such candidate on qemu-devel list >> and >> after review over a period of say a month, candidate will be >> deprecated/expunged. (thinking aloud) > > QEMU has a deprecation process: > > https://qemu.weilnetz.de/doc/qemu-doc.html#Deprecated-features > > Most of the stuff deprecated is CLI args / monitor commands, etc where > mgmt apps just adjust the way they are calling QEMU, so end user's VMs > are largely not impacted. > > Deprecating a device type that is widely used is not desirable because > that will cause breakage of existing guests. Distros are free to disable > devices in their builds if they want to reduce the scope for CVEs in > packages they maintain, but again they should think carefully about how > many users they are going to break by doing so. I agree with what Daniel said. Deprecating something that is in heavy use by users just because we have trouble maintaining it not going to help the QEMU project - quite the opposite.
Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900
Hi Maciej, > I'm not sure if every single random vendor-specific instruction (or a > bunch of) deserves its own ASE designation, be it internal or externally > exposed. I think the MMI set being a substantial architectural feature > makes sense to be shown in /proc/cpuinfo (in Linux), but I don't think > there's much more about it. It's limited to 2 implementations only, so > internally I think it can well be handled with a macro or static inline > function (as appropriate) which boil down to (CPU_R5900 || CPU_TX79). Are there benefits in leaving out features? Their utility, such as in choosing compiler options, may not correlate with their (lack of) architectural weight. A random pc, for instance, comes fully dressed flying the flags of fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm epb kaiser tpr_shadow vnmi flexpriority ept vpid xsaveopt dtherm ida arat pln pts in its /proc/cpuinfo. It also has a bugs field with cpu_meltdown spectre_v1 spectre_v2 where the R5900 could have an entry for its short loop bug. > And if you run out of bits for ASEs regardless, then I suggest just to > expand the field in question. In QEMU you can rely on the presence of the > `uint64_t' data type, so with only 8 bits exhausted you're far from > getting into trouble. DisasContext::insn_flags is already uint64_t, where bits 63..56 are reserved for vendor-specific ASEs. Of course, one could organise them differently, especially since they may be mutually exclusive, or one could use a new ASE-specific field for them. Fredrik
[Qemu-devel] [Bug 1800156] [NEW] windows 8.1 loose grab/leave window on windowed
Public bug reported: Hello, i am new to QEMU and i encounter that annoying issue (windowed) when i move the mouse a bit too much then it leave the window. Windows 8.1, Latest QEMU (Windows binaries). ** Affects: qemu Importance: Undecided Status: New ** Summary changed: - windows 8.1 loose grab on windowed + windows 8.1 loose grab/leave window on windowed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1800156 Title: windows 8.1 loose grab/leave window on windowed Status in QEMU: New Bug description: Hello, i am new to QEMU and i encounter that annoying issue (windowed) when i move the mouse a bit too much then it leave the window. Windows 8.1, Latest QEMU (Windows binaries). To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1800156/+subscriptions
Re: [Qemu-devel] Minutes of KVM Forum BoF on deprecating stuff
On Fri, Oct 26, 2018 at 04:03:51PM +0200, Markus Armbruster wrote: > This is from my (imperfect) notes, corrections welcome. > > Motivation: QEMU contains stuff of dubious value, which gets in the way > in various (sometimes painful and expensive) ways. > > Deprecation is the marking of an external interface as "we intend to > remove this, you should stop using it" (preferably with advice on what > to use instead). We have a deprecation policy to guide us through this > process. Something I meant to bring up but forgot is about the classification of devices, especially with a view towards security. It is not directly about deprecation, but it is somewhat related as it is related to the state of maintainence and quality level We've got alot of devices, but only a subset are written and maintained to a level where we'd consider them robust wrt malcious guests. Other devices are only suitable for friendly guest environments. We should clearly document which are the devices that we consider to provide a secure boundary to guests, so users can make suitably informed choices. I'd guess this means all virtio devices, and then few of the emulated devices that are commonly used & maintained in a KVM environment. This would be useful for distros/vendors/users who wish to limit their potential attack surface once we have a KConfig system for fine grained disablement of features. > Topics we covered, reordered for readability: > > * Dropping features inconveniences their users. Keeping them impedes > forward movement, and thus inconveniences other users. We need to > engage with the tradeoffs. > > * The cost of keeping both old and new for a deprecation grace period > (currently two releases) can be painfully high. Tradeoff again. > However, there's rough consensus not to mess with the deprecation > policy right now. > > * When something has been broken for the customary deprecation grace > period, removing it without going through the deprecation process > should be okay. > > * We may have to deprecate interfaces, but we may also have a need to > deprecate guarantees interfaces provide. Worse when the guarantees > are tacit. No good answers. Let's attack less thorny problems first. > > * One obvious class of candidates for removal is machines we don't know > how to boot, or can't boot, say because we lack required firmware > and/or OS. > > Of course, "can boot" should be an automated test. As a first step > towards that, we should at least document how to boot each machine. > We're going to ask machine maintainers to do that. > > * We need to communicate "you're using something that is deprecated". > How? Right now, we print a deprecation message. Okay when humans use > QEMU directly in a shell. However, when QEMU sits at the bottom of a > software stack, the message will likely end up in a log file that is > effectively write-only. > > - The one way to get people read log files is crashing their > application. A command line option --future could make QEMU crash > right after printing a deprecation message. This could help with > finding use of deprecated features in a testing environment. > > - A less destructive way to grab people's attention is to make things > run really, really slow: have QEMU go to sleep for a while after > printing a deprecation message. > > - We can also pass the buck to the next layer up: emit a QMP event. > > Sadly, by the time the next layer connects to QMP, plenty of stuff > already happened. We'd have to buffer deprecation events somehow. > > What would libvirt do with such an event? Log it, taint the domain, > emit a (libvirt) event to pass it on to the next layer up. > > - A completely different idea is to have a configuratin linter. To > support doing this at the libvirt level, QEMU could expose "is > deprecated" in interface introspection. Feels feasible for QMP, > where we already have sufficiently expressive introspection. For > CLI, we'd first have to provide that (but we want that anyway). > > - We might also want to dispay deprecation messages in QEMU's GUI > somehow, or on serial consoles. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [RFC v4 41/71] i386/hvf: convert to cpu_request_interrupt
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/i386/hvf/hvf.c| 8 +--- > target/i386/hvf/x86hvf.c | 26 +++--- > 2 files changed, 20 insertions(+), 14 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v2 02/29] targer/riscv: Activate decodetree and implemnt LUI & AUIPC
On Fri, 26 Oct 2018 07:53:17 PDT (-0700), Bastian Koppelmann wrote: On 10/26/18 3:58 PM, Richard Henderson wrote: On 10/26/18 11:49 AM, Bastian Koppelmann wrote: I think you can pick up everything up to the RVC conversion which still needs the work suggested by Richard. Thanks, for picking it up :) Even then I thought we were talking about splitting the RV64 insns into a separate file, reducing the ifdefs, and renaming the arg-sets to match the instruction formats described in the riscv spec. Yes, you are right I forgot that. OK, so I think I'll hold off for a v3, then.
[Qemu-devel] [PULL 18/20] hw/intc/gicv3: Remove useless parenthesis around DIV_ROUND_UP macro
From: Philippe Mathieu-Daudé Patch created mechanically by rerunning: $ spatch --sp-file scripts/coccinelle/round.cocci \ --macro-file scripts/cocci-macro-file.h \ --dir . --in-place Signed-off-by: Philippe Mathieu-Daudé Acked-by: Michael S. Tsirkin Message-Id: <20180705155811.20366-8-f4...@amsat.org> Signed-off-by: Laurent Vivier --- include/hw/intc/arm_gicv3_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h index b798486ecf..31ec9a1ae4 100644 --- a/include/hw/intc/arm_gicv3_common.h +++ b/include/hw/intc/arm_gicv3_common.h @@ -62,7 +62,7 @@ * avoids bugs where we forget to subtract GIC_INTERNAL from an * interrupt number. */ -#define GICV3_BMP_SIZE (DIV_ROUND_UP(GICV3_MAXIRQ, 32)) +#define GICV3_BMP_SIZE DIV_ROUND_UP(GICV3_MAXIRQ, 32) #define GIC_DECLARE_BITMAP(name) \ uint32_t name[GICV3_BMP_SIZE] -- 2.17.2
[Qemu-devel] [PATCH v6 3/3] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES
Note RSBA is specially treated -- no matter host support it or not, qemu
pretends it is supported.
Changes in v6: filter out MSR features whose dependent CPUID enumeration is not
there.
Signed-off-by: Robert Hoo
Reviewed-by: Eduardo Habkost
---
target/i386/cpu.c | 31 ++-
target/i386/cpu.h | 8
target/i386/kvm.c | 11 +++
3 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 0de21fa..6371722 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1141,6 +1141,27 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS]
= {
},
.tcg_features = ~0U,
},
+/*Below are MSR exposed features*/
+[FEAT_ARCH_CAPABILITIES] = {
+.type = MSR_FEATURE_WORD,
+.feat_names = {
+"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+"ssb-no", NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+},
+.msr = {
+.index = MSR_IA32_ARCH_CAPABILITIES,
+.cpuid_dep = {
+FEAT_7_0_EDX,
+CPUID_7_0_EDX_ARCH_CAPABILITIES
+}
+},
+},
};
typedef struct X86RegisterInfo32 {
@@ -3696,7 +3717,15 @@ static uint32_t
x86_cpu_get_supported_feature_word(FeatureWord w,
wi->cpuid.reg);
break;
case MSR_FEATURE_WORD:
-r = kvm_arch_get_supported_msr_feature(kvm_state, wi->msr.index);
+/* Special case:
+ * No matter host status, IA32_ARCH_CAPABILITIES.RSBA [bit 2]
+ * is always supported in guest.
+ */
+if (wi->msr.index == MSR_IA32_ARCH_CAPABILITIES) {
+r = MSR_ARCH_CAP_RSBA;
+}
+r |= kvm_arch_get_supported_msr_feature(kvm_state,
+wi->msr.index);
break;
}
} else if (hvf_enabled()) {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index dd3de97..ff1ae32 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -507,6 +507,7 @@ typedef enum FeatureWord {
FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
MSR_FEATURE_WORD_BEGIN, /* Define MSR feature words below */
+FEAT_ARCH_CAPABILITIES = MSR_FEATURE_WORD_BEGIN,
FEATURE_WORDS,
} FeatureWord;
@@ -735,6 +736,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
#define CPUID_TOPOLOGY_LEVEL_SMT (1U << 8)
#define CPUID_TOPOLOGY_LEVEL_CORE (2U << 8)
+/* MSR Feature Bits */
+#define MSR_ARCH_CAP_RDCL_NO(1U << 0)
+#define MSR_ARCH_CAP_IBRS_ALL (1U << 1)
+#define MSR_ARCH_CAP_RSBA (1U << 2)
+#define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3)
+#define MSR_ARCH_CAP_SSB_NO (1U << 4)
+
#ifndef HYPERV_SPINLOCK_NEVER_RETRY
#define HYPERV_SPINLOCK_NEVER_RETRY 0x
#endif
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 161fc38..796a049 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1975,6 +1975,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
#endif
+/* If host supports feature MSR, write down. */
+if (kvm_feature_msrs) {
+int i;
+for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
+if (kvm_feature_msrs->indices[i] == MSR_IA32_ARCH_CAPABILITIES) {
+kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
+ env->features[FEAT_ARCH_CAPABILITIES]);
+break;
+}
+}
+
/*
* The following MSRs have side effects on the guest or are too heavy
* for normal writeback. Limit them to reset or full state updates.
--
1.8.3.1
[Qemu-devel] [PATCH v6 1/3] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl
Add kvm_get_supported_feature_msrs() to get supported MSR feature index list.
Add kvm_arch_get_supported_msr_feature() to get each MSR features value.
Signed-off-by: Robert Hoo
Reviewed-by: Eduardo Habkost
---
include/sysemu/kvm.h | 2 ++
target/i386/kvm.c| 80
2 files changed, 82 insertions(+)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 0b64b8e..97d8d9d 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -463,6 +463,8 @@ int kvm_vm_check_extension(KVMState *s, unsigned int
extension);
uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
uint32_t index, int reg);
+uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index);
+
void kvm_set_sigmask_len(KVMState *s, unsigned int sigmask_len);
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 115d8b4..161fc38 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -107,6 +107,7 @@ static int has_pit_state2;
static bool has_msr_mcg_ext_ctl;
static struct kvm_cpuid2 *cpuid_cache;
+static struct kvm_msr_list *kvm_feature_msrs;
int kvm_has_pit_state2(void)
{
@@ -420,6 +421,42 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
uint32_t function,
return ret;
}
+uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
+{
+struct {
+struct kvm_msrs info;
+struct kvm_msr_entry entries[1];
+} msr_data;
+uint32_t ret;
+
+if (kvm_feature_msrs == NULL) { /* Host doesn't support feature MSRs */
+return 0;
+}
+
+/* Check if requested MSR is supported feature MSR */
+int i;
+for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
+if (kvm_feature_msrs->indices[i] == index) {
+break;
+}
+if (i == kvm_feature_msrs->nmsrs) {
+return 0; /* if the feature MSR is not supported, simply return 0 */
+}
+
+msr_data.info.nmsrs = 1;
+msr_data.entries[0].index = index;
+
+ret = kvm_ioctl(s, KVM_GET_MSRS, _data);
+if (ret != 1) {
+error_report("KVM get MSR (index=0x%x) feature failed, %s",
+index, strerror(-ret));
+exit(1);
+}
+
+return msr_data.entries[0].data;
+}
+
+
typedef struct HWPoisonPage {
ram_addr_t ram_addr;
QLIST_ENTRY(HWPoisonPage) list;
@@ -1286,6 +1323,47 @@ void kvm_arch_do_init_vcpu(X86CPU *cpu)
}
}
+static int kvm_get_supported_feature_msrs(KVMState *s)
+{
+int ret = 0;
+
+if (kvm_feature_msrs != NULL) {
+return 0;
+}
+
+if (!kvm_check_extension(s, KVM_CAP_GET_MSR_FEATURES)) {
+return 0;
+}
+
+struct kvm_msr_list msr_list;
+
+msr_list.nmsrs = 0;
+ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, _list);
+if (ret < 0 && ret != -E2BIG) {
+error_report("Fetch KVM feature MSR list failed: %s",
+strerror(-ret));
+return ret;
+}
+
+assert(msr_list.nmsrs > 0);
+kvm_feature_msrs = (struct kvm_msr_list *) \
+g_malloc0(sizeof(msr_list) +
+ msr_list.nmsrs * sizeof(msr_list.indices[0]));
+
+kvm_feature_msrs->nmsrs = msr_list.nmsrs;
+ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, kvm_feature_msrs);
+
+if (ret < 0) {
+error_report("Fetch KVM feature MSR list failed: %s",
+strerror(-ret));
+g_free(kvm_feature_msrs);
+kvm_feature_msrs = NULL;
+return ret;
+}
+
+return 0;
+}
+
static int kvm_get_supported_msrs(KVMState *s)
{
static int kvm_supported_msrs;
@@ -1439,6 +1517,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
return ret;
}
+kvm_get_supported_feature_msrs(s);
+
uname();
lm_capable_kernel = strcmp(utsname.machine, "x86_64") == 0;
--
1.8.3.1
[Qemu-devel] [PATCH 4/6] Read and set FP ABI value from MIPS abiflags
From: Stefan Markovic Signed-off-by: Stefan Markovic --- linux-user/elfload.c | 4 1 file changed, 4 insertions(+) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 5881233..5bccd2e 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2396,6 +2396,7 @@ static void load_elf_image(const char *image_name, int image_fd, } } bswap_mips_abiflags(); +info->fp_abi = abiflags.fp_abi; #endif } } @@ -2708,6 +2709,9 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); } +#ifdef TARGET_MIPS +info->interp_fp_abi = interp_info.fp_abi; +#endif } bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, _ex, -- 1.9.1
[Qemu-devel] [PATCH 6/6] Add prctl() PR_SET_FP_MODE and PR_GET_FP_MODE implementations
From: Stefan Markovic
Signed-off-by: Stefan Markovic
---
linux-user/mips/target_syscall.h | 2 ++
linux-user/mips64/target_syscall.h | 2 ++
linux-user/syscall.c | 62 +++---
3 files changed, 62 insertions(+), 4 deletions(-)
diff --git a/linux-user/mips/target_syscall.h b/linux-user/mips/target_syscall.h
index 33177af..fa075c9 100644
--- a/linux-user/mips/target_syscall.h
+++ b/linux-user/mips/target_syscall.h
@@ -247,5 +247,7 @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
/* MIPS-specific prctl() options */
#define TARGET_PR_SET_FP_MODE 45
#define TARGET_PR_GET_FP_MODE 46
+#define TARGET_PR_FP_MODE_FR (1 << 0)
+#define TARGET_PR_FP_MODE_FRE (1 << 1)
#endif /* MIPS_TARGET_SYSCALL_H */
diff --git a/linux-user/mips64/target_syscall.h
b/linux-user/mips64/target_syscall.h
index c1160e6..c8a9027 100644
--- a/linux-user/mips64/target_syscall.h
+++ b/linux-user/mips64/target_syscall.h
@@ -244,5 +244,7 @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
/* MIPS-specific prctl() options */
#define TARGET_PR_SET_FP_MODE 45
#define TARGET_PR_GET_FP_MODE 46
+#define TARGET_PR_FP_MODE_FR (1 << 0)
+#define TARGET_PR_FP_MODE_FRE (1 << 1)
#endif /* MIPS64_TARGET_SYSCALL_H */
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 15b03e1..810a58b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9529,11 +9529,65 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
#endif
#ifdef TARGET_MIPS
case TARGET_PR_GET_FP_MODE:
-/* TODO: Implement TARGET_PR_SET_FP_MODE handling.*/
-return -TARGET_EINVAL;
+{
+CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
+ret = 0;
+if (env->CP0_Status & (1 << CP0St_FR)) {
+ret |= TARGET_PR_FP_MODE_FR;
+}
+if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
+ret |= TARGET_PR_FP_MODE_FRE;
+}
+return ret;
+}
case TARGET_PR_SET_FP_MODE:
-/* TODO: Implement TARGET_PR_GET_FP_MODE handling.*/
-return -TARGET_EINVAL;
+{
+CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
+bool old_fr = env->CP0_Status & (1 << CP0St_FR);
+bool new_fr = arg2 & TARGET_PR_FP_MODE_FR;
+bool new_fre = arg2 & TARGET_PR_FP_MODE_FRE;
+
+if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
+/* FR1 is not supported */
+return -TARGET_EOPNOTSUPP;
+}
+if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
+&& !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
+/* cannot set FR=0 */
+return -TARGET_EOPNOTSUPP;
+}
+if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
+/* Cannot set FRE=1 */
+return -TARGET_EOPNOTSUPP;
+}
+
+int i;
+fpr_t *fpr = env->active_fpu.fpr;
+for (i = 0; i < 32 ; i += 2) {
+if (!old_fr && new_fr) {
+fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
+} else if (old_fr && !new_fr) {
+fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
+}
+}
+
+if (new_fr) {
+env->CP0_Status |= (1 << CP0St_FR);
+env->hflags |= MIPS_HFLAG_F64;
+} else {
+env->CP0_Status &= ~(1 << CP0St_FR);
+}
+if (new_fre) {
+env->CP0_Config5 |= (1 << CP0C5_FRE);
+if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
+env->hflags |= MIPS_HFLAG_FRE;
+}
+} else {
+env->CP0_Config5 &= ~(1 << CP0C5_FRE);
+}
+
+return 0;
+}
#endif /* MIPS */
#ifdef TARGET_AARCH64
case TARGET_PR_SVE_SET_VL:
--
1.9.1
Re: [Qemu-devel] [RFC v4 38/71] i386/kvm: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/i386/kvm.c | 54 +++ > 1 file changed, 31 insertions(+), 23 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [Qemu-block] [PATCH 09/10] scripts/qemu.py: use a more consistent docstring style
On Mon, Oct 08, 2018 at 03:44:14PM -0400, John Snow wrote: > > > On 10/04/2018 12:18 PM, Cleber Rosa wrote: > > Signed-off-by: Cleber Rosa > > --- > > dtc | 2 +- > > scripts/qemu.py | 65 +++-- > > 2 files changed, 42 insertions(+), 25 deletions(-) > > > > diff --git a/dtc b/dtc > > index 88f18909db..e54388015a 16 > > --- a/dtc > > +++ b/dtc > > @@ -1 +1 @@ > > -Subproject commit 88f18909db731a627456f26d779445f84e449536 > > +Subproject commit e54388015af1fb4bf04d0bca99caba1074d9cc42 > > diff --git a/scripts/qemu.py b/scripts/qemu.py > > index f099ce7278..7abe26de69 100644 > > --- a/scripts/qemu.py > > +++ b/scripts/qemu.py > > @@ -53,9 +53,9 @@ class QEMUMachineAddDeviceError(QEMUMachineError): > > """ > > > > class MonitorResponseError(qmp.qmp.QMPError): > > -''' > > +""" > > Represents erroneous QMP monitor reply > > -''' > > +""" > > This seems obviously correct, as per the Python Dogma Handbook ... > [...] > > def add_fd(self, fd, fdset, opaque, opts=''): > > -'''Pass a file descriptor to the VM''' > > +""" > > +Pass a file descriptor to the VM > > +""" > > However, is it established practice among ne'er-do-wells to format > one-line docstrings as three-liners? (And without punctuation to boot -- > for shame!) > > PEP257 suggests that one-liners are allowed, but doesn't seem to > necessitate their usage. Does this kind of change have any kind of benefit? I don't mind having one-line docstrings. But if we're already touching multiple docstrings, consistency with the rest of the module code sounds nice. I'm queueing this on python-next. -- Eduardo
Re: [Qemu-devel] [PATCH 1/1] hostmem-file: remove the invalid pmem object id.
On Wed, Oct 24, 2018 at 10:14:56PM +0800, Zhang Yi wrote: > We will never get the canonical path from the object > before object_property_add_child. > > Signed-off-by: Zhang Yi Thanks. I'm queueing it on machine-next, after rewriting the subject line as: hostmem-file: remove object id from pmem error message -- Eduardo
[Qemu-devel] [PULL 16/20] tests/bios-tables-test: Remove an useless cast
From: Philippe Mathieu-Daudé
Patch created mechanically by rerunning:
$ spatch --sp-file scripts/coccinelle/typecast.cocci \
--macro-file scripts/cocci-macro-file.h \
--dir . --in-place
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Markus Armbruster
Acked-by: Michael S. Tsirkin
Message-Id: <20180705155811.20366-5-f4...@amsat.org>
Signed-off-by: Laurent Vivier
---
tests/bios-tables-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index af4b1fb6bd..02e77ec811 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -319,7 +319,7 @@ static bool load_asl(GArray *sdts, AcpiSdtTable *sdt)
ret = g_spawn_command_line_sync(command_line->str, , _err, NULL,
);
g_assert_no_error(error);
if (ret) {
-ret = g_file_get_contents(sdt->asl_file, (gchar **)>asl,
+ret = g_file_get_contents(sdt->asl_file, >asl,
>asl_len, );
g_assert(ret);
g_assert_no_error(error);
--
2.17.2
[Qemu-devel] [PATCH v6 2/3] x86: Data structure changes to support MSR based features
Add FeatureWordType indicator in struct FeatureWordInfo.
Change feature_word_info[] accordingly.
Change existing functions that refer to feature_word_info[] accordingly.
Signed-off-by: Robert Hoo
---
target/i386/cpu.c | 205 --
target/i386/cpu.h | 7 +-
2 files changed, 159 insertions(+), 53 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1469a1b..0de21fa 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -770,17 +770,36 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t
vendor1,
/* missing:
CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
+typedef enum FeatureWordType {
+ CPUID_FEATURE_WORD,
+ MSR_FEATURE_WORD,
+} FeatureWordType;
+
typedef struct FeatureWordInfo {
+FeatureWordType type;
/* feature flags names are taken from "Intel Processor Identification and
* the CPUID Instruction" and AMD's "CPUID Specification".
* In cases of disagreement between feature naming conventions,
* aliases may be added.
*/
const char *feat_names[32];
-uint32_t cpuid_eax; /* Input EAX for CPUID */
-bool cpuid_needs_ecx; /* CPUID instruction uses ECX as input */
-uint32_t cpuid_ecx; /* Input ECX value for CPUID */
-int cpuid_reg;/* output register (R_* constant) */
+union {
+/* If type==CPUID_FEATURE_WORD */
+struct {
+uint32_t eax; /* Input EAX for CPUID */
+bool needs_ecx; /* CPUID instruction uses ECX as input */
+uint32_t ecx; /* Input ECX value for CPUID */
+int reg;/* output register (R_* constant) */
+} cpuid;
+/* If type==MSR_FEATURE_WORD */
+struct {
+uint32_t index;
+struct { /*CPUID that enumerate this MSR*/
+FeatureWord cpuid_class;
+uint32_tcpuid_flag;
+} cpuid_dep;
+} msr;
+};
uint32_t tcg_features; /* Feature flags supported by TCG */
uint32_t unmigratable_flags; /* Feature flags known to be unmigratable */
uint32_t migratable_flags; /* Feature flags known to be migratable */
@@ -790,6 +809,7 @@ typedef struct FeatureWordInfo {
static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
[FEAT_1_EDX] = {
+.type = CPUID_FEATURE_WORD,
.feat_names = {
"fpu", "vme", "de", "pse",
"tsc", "msr", "pae", "mce",
@@ -800,10 +820,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] =
{
"fxsr", "sse", "sse2", "ss",
"ht" /* Intel htt */, "tm", "ia64", "pbe",
},
-.cpuid_eax = 1, .cpuid_reg = R_EDX,
+.cpuid = {.eax = 1, .reg = R_EDX, },
.tcg_features = TCG_FEATURES,
},
[FEAT_1_ECX] = {
+.type = CPUID_FEATURE_WORD,
.feat_names = {
"pni" /* Intel,AMD sse3 */, "pclmulqdq", "dtes64", "monitor",
"ds-cpl", "vmx", "smx", "est",
@@ -814,7 +835,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
"tsc-deadline", "aes", "xsave", NULL /* osxsave */,
"avx", "f16c", "rdrand", "hypervisor",
},
-.cpuid_eax = 1, .cpuid_reg = R_ECX,
+.cpuid = { .eax = 1, .reg = R_ECX, },
.tcg_features = TCG_EXT_FEATURES,
},
/* Feature names that are already defined on feature_name[] but
@@ -823,6 +844,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
* to features[FEAT_8000_0001_EDX] if and only if CPU vendor is AMD.
*/
[FEAT_8000_0001_EDX] = {
+.type = CPUID_FEATURE_WORD,
.feat_names = {
NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
@@ -833,10 +855,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] =
{
NULL /* fxsr */, "fxsr-opt", "pdpe1gb", "rdtscp",
NULL, "lm", "3dnowext", "3dnow",
},
-.cpuid_eax = 0x8001, .cpuid_reg = R_EDX,
+.cpuid = { .eax = 0x8001, .reg = R_EDX, },
.tcg_features = TCG_EXT2_FEATURES,
},
[FEAT_8000_0001_ECX] = {
+.type = CPUID_FEATURE_WORD,
.feat_names = {
"lahf-lm", "cmp-legacy", "svm", "extapic",
"cr8legacy", "abm", "sse4a", "misalignsse",
@@ -847,7 +870,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
"perfctr-nb", NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
},
-.cpuid_eax = 0x8001, .cpuid_reg = R_ECX,
+.cpuid = { .eax = 0x8001, .reg = R_ECX, },
.tcg_features = TCG_EXT3_FEATURES,
/*
* TOPOEXT is always allowed but can't be enabled blindly by
@@ -857,6 +880,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
.no_autoenable_flags = CPUID_EXT3_TOPOEXT,
},
[FEAT_C000_0001_EDX] = {
+
Re: [Qemu-devel] [PATCH RFC 0/2] Fix migration issues
On 10/25/2018 08:55 PM, Dr. David Alan Gilbert wrote:
* Fei Li (f...@suse.com) wrote:
Hi,
these two patches are to fix live migration issues. The first is
about multifd, and the second is to fix some error handling.
But I have a question about using multifd migration.
In our current code, when multifd is used during migration, if there
is an error before the destination receives all new channels (I mean
multifd_recv_new_channel(ioc)), the destination does not exit but
keeps waiting (Hang in recvmsg() in qio_channel_socket_readv) until
the source exits.
My question is about the state of the destination host if fails during
this period. I did a test, after applying [1/2] patch, if
multifd_new_send_channel_async() fails, the destination host hangs for
a while then later pops up a window saying
"'QEMU (...) [stopped]' is not responding.
You may choose to wait a short while for it to continue or force
the application to quit entirely."
But after closing the window by clicking, the qemu on the dest still
hangs there until I exclusively kill the qemu on the source.
That sounds like the main thread is blocked for some reason?
Yes, the main thread on the dst is keeps looping.
But I don't
normally use the window setup; if you try with -nographic and can see
the HMP (or a QMP) monitor, can you see if the monitor still responds?
Thanks for the `-nographic` reminder, I harvested an interesting
phenonmenon:
If I do the `migrate -d tcp:ip_addr:port` before the guest's graphic appears
(it's dark now), there is no hang and the guest starts up properly later.
But if I do the live migration after the guest fully starts up, I mean when
I can operate something using my mouse inside the guest, the hang
situation is there.
This is true for using `-nographic` for both src and dst,
and using `-nographic` for only src or dst.
The hang phenonmenon is that the dst seems never responds (I
waited three minutes), and the cursor just keeps flashing. After I
exclusively kill the src, then the dst quit. Just as follows:
(Same result if gdb is not used in src)
src:
(qemu) ...
(qemu) q
(gdb) q
dst:
(qemu) Up to now, dst has received the 0 channel
Up to now, dst has received the 1 channel
(qemu)
(qemu)
To check the migtation state in the src:
(qemu) info migrate
globals:
store-global-state: on
only-migratable: off
send-configuration: on
send-section-footer: on
decompress-error-check: on
capabilities: xbzrle: off rdma-pin-all: off auto-converge: off
zero-blocks: off compress: off events: off postcopy-ram: off x-colo: off
release-ram: off block: off return-path: off pause-before-switchover:
off x-multifd: on dirty-bitmaps: off postcopy-blocktime: off
late-block-activate: off
Migration status: setup /* I added some codes to set the status to
"failed", but still not working, details see below */
total time: 0 milliseconds
I guess maybe the source should to proactive to tell the dst and
disconnects from the source side, so I tried to set the above
"Migration status" to be "failed", and use qemu_fclose(s->to_dst_file)
when multifd_new_send_channel_async() fails.
(BTW: I even tried:
if (s->vm_was_running) { vm_start(); } )
But the hang situation is still there.
If it doesn't then try and get a backtrace.
The monitor really shouldn't block, so it would be interesting to see.
Dave
I set two breakpoints and get the following backtrace, hope they can
help. :)
Thread 1 "qemu-system-x86" hit Breakpoint 1, multifd_recv_new_channel (
ioc=0x57995af0) at /build/gitcode/qemu-build/migration/ram.c:1368
1368 {
(gdb) c
Continuing.
Thread 1 "qemu-system-x86" hit Breakpoint 2, qio_channel_socket_readv (
ioc=0x57995af0, iov=0x568777d0, niov=1, fds=0x0, nfds=0x0,
errp=0x7fffdb38) at io/channel-socket.c:463
463 {
(gdb) n
464 QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
(gdb)
..
483 retry:
(gdb)
484 ret = recvmsg(sioc->fd, , sflags);
(gdb) bt
#0 qio_channel_socket_readv (ioc=0x57995af0, iov=0x568777d0,
niov=1,
fds=0x0, nfds=0x0, errp=0x7fffdb38) at io/channel-socket.c:484
#1 0x55d156c5 in qio_channel_readv_full (ioc=0x57995af0,
iov=0x568777d0, niov=1, fds=0x0, nfds=0x0, errp=0x7fffdb38)
at io/channel.c:65
#2 0x55d15b26 in qio_channel_readv (ioc=0x57995af0,
iov=0x568777d0, niov=1, errp=0x7fffdb38) at io/channel.c:197
#3 0x55d15853 in qio_channel_readv_all_eof (ioc=0x57995af0,
iov=0x7fffda70, niov=1, errp=0x7fffdb38) at io/channel.c:106
#4 0x55d1595c in qio_channel_readv_all (ioc=0x57995af0,
iov=0x7fffda70, niov=1, errp=0x7fffdb38) at io/channel.c:142
#5 0x55d15d0c in qio_channel_read_all (ioc=0x57995af0,
buf=0x7fffdad0 "\340\"zVUU", buflen=25, errp=0x7fffdb38)
at io/channel.c:246
#6 0x5587695c in multifd_recv_initial_packet (c=0x57995af0,
errp=0x7fffdb38) at
Re: [Qemu-devel] [PULL v2 00/28] pci, pc, virtio: fixes, features
On 10/25/2018 07:59 PM, Michael S. Tsirkin wrote:
> On Thu, Oct 25, 2018 at 08:16:44PM +0100, Peter Maydell wrote:
>> On 25 October 2018 at 01:52, Michael S. Tsirkin wrote:
>>> The following changes since commit 13399aad4fa87b2878c49d02a5d3bafa6c966ba3:
>>>
>>>Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2018-10-22'
>>> into staging (2018-10-23 17:20:23 +0100)
>>>
>>> are available in the Git repository at:
>>>
>>>git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>>>
>>> for you to fetch changes up to 6a9fb4e1ba5594cde7739068617ad88e6117db93:
>>>
>>>vhost-scsi: prevent using uninitialized vqs (2018-10-24 20:50:13 -0400)
>>>
>>>
>>> pci, pc, virtio: fixes, features
>>>
>>> AMD IOMMU VAPIC support + fixes all over the place.
>>>
>>> Signed-off-by: Michael S. Tsirkin
>>
>> Hi; I get some compile failures and a test assertion, I'm afraid:
>>
>> On 32-bit hosts (where uint64_t and size_t are not the same):
>>
>> /home/peter.maydell/qemu/include/qemu/compiler.h:80:35: error: invalid
>> operands to binary - (have 'uint64_t * {aka long long unsigned int *}'
>> and 'size_t * {aka unsigned int *}')
>> #define type_check(t1,t2) ((t1*)0 - (t2*)0)
>> ^
>> /home/peter.maydell/qemu/include/hw/qdev-properties.h:77:15: note: in
>> expansion of macro 'type_check'
>> + type_check(_type, typeof_field(_state, _field)), \
>> ^
>> /home/peter.maydell/qemu/include/hw/qdev-properties.h:168:5: note: in
>> expansion of macro 'DEFINE_PROP_UNSIGNED'
>> DEFINE_PROP_UNSIGNED(_n, _s, _f, _d, qdev_prop_size, uint64_t)
>> ^
>> /home/peter.maydell/qemu/hw/misc/pci-testdev.c:322:5: note: in
>> expansion of macro 'DEFINE_PROP_SIZE'
>> DEFINE_PROP_SIZE("membar", PCITestDevState, membar_size, 0),
>> ^
>> /home/peter.maydell/qemu/rules.mak:69: recipe for target
>> 'hw/misc/pci-testdev.o' failed
>>
>> On the Windows w64 cross-compile:
>>
>> In file included from
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.c:26:0:
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.c: In function
>> 'amdvi_int_remap_msi':
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.h:247:46: error: left
>> shift count >= width of type [-Werror=shift-count-overflow]
>> #define AMDVI_DEV_NMI_PASS_MASK (1UL << 58)
>>^
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.c:1281:25: note: in
>> expansion of macro 'AMDVI_DEV_NMI_PASS_MASK'
>> pass = dte[3] & AMDVI_DEV_NMI_PASS_MASK;
>> ^
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.h:245:46: error: left
>> shift count >= width of type [-Werror=shift-count-overflow]
>> #define AMDVI_DEV_INT_PASS_MASK (1UL << 56)
>>^
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.c:1285:25: note: in
>> expansion of macro 'AMDVI_DEV_INT_PASS_MASK'
>> pass = dte[3] & AMDVI_DEV_INT_PASS_MASK;
>> ^
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.h:246:46: error: left
>> shift count >= width of type [-Werror=shift-count-overflow]
>> #define AMDVI_DEV_EINT_PASS_MASK(1UL << 57)
>>^
>> /home/petmay01/qemu-for-merges/hw/i386/amd_iommu.c:1289:25: note: in
>> expansion of macro 'AMDVI_DEV_EINT_PASS_MASK'
>> pass = dte[3] & AMDVI_DEV_EINT_PASS_MASK;
>> ^
>>
>> These should presumably all be "ULL". (The "UL" suffix is
>> usually a bug, as it's either unnecessary or should be ULL.)
>
> Yea. Fixed. Brijesh could you start cleaning up that header generally?
> It has all kind of weird code like using bitfields for hardware
> accesses. That isn't portable - switch to full dword fields with shift
> and | to operate them and proper cpu_to_le APIs or similar please.
>
Noted, I will look into cleaning up this and send patches for reviews.
thanks
[Qemu-devel] Minutes of KVM Forum BoF on deprecating stuff
This is from my (imperfect) notes, corrections welcome. Motivation: QEMU contains stuff of dubious value, which gets in the way in various (sometimes painful and expensive) ways. Deprecation is the marking of an external interface as "we intend to remove this, you should stop using it" (preferably with advice on what to use instead). We have a deprecation policy to guide us through this process. Topics we covered, reordered for readability: * Dropping features inconveniences their users. Keeping them impedes forward movement, and thus inconveniences other users. We need to engage with the tradeoffs. * The cost of keeping both old and new for a deprecation grace period (currently two releases) can be painfully high. Tradeoff again. However, there's rough consensus not to mess with the deprecation policy right now. * When something has been broken for the customary deprecation grace period, removing it without going through the deprecation process should be okay. * We may have to deprecate interfaces, but we may also have a need to deprecate guarantees interfaces provide. Worse when the guarantees are tacit. No good answers. Let's attack less thorny problems first. * One obvious class of candidates for removal is machines we don't know how to boot, or can't boot, say because we lack required firmware and/or OS. Of course, "can boot" should be an automated test. As a first step towards that, we should at least document how to boot each machine. We're going to ask machine maintainers to do that. * We need to communicate "you're using something that is deprecated". How? Right now, we print a deprecation message. Okay when humans use QEMU directly in a shell. However, when QEMU sits at the bottom of a software stack, the message will likely end up in a log file that is effectively write-only. - The one way to get people read log files is crashing their application. A command line option --future could make QEMU crash right after printing a deprecation message. This could help with finding use of deprecated features in a testing environment. - A less destructive way to grab people's attention is to make things run really, really slow: have QEMU go to sleep for a while after printing a deprecation message. - We can also pass the buck to the next layer up: emit a QMP event. Sadly, by the time the next layer connects to QMP, plenty of stuff already happened. We'd have to buffer deprecation events somehow. What would libvirt do with such an event? Log it, taint the domain, emit a (libvirt) event to pass it on to the next layer up. - A completely different idea is to have a configuratin linter. To support doing this at the libvirt level, QEMU could expose "is deprecated" in interface introspection. Feels feasible for QMP, where we already have sufficiently expressive introspection. For CLI, we'd first have to provide that (but we want that anyway). - We might also want to dispay deprecation messages in QEMU's GUI somehow, or on serial consoles.
Re: [Qemu-devel] [RFC v4 09/71] cris: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > And fix the temp leak along the way. > > Cc: "Edgar E. Iglesias" > Signed-off-by: Emilio G. Cota > --- > target/cris/translate.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 08/71] ppc: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Cc: David Gibson > Cc: Alexander Graf > Cc: qemu-...@nongnu.org > Signed-off-by: Emilio G. Cota > --- > target/ppc/translate.c | 6 ++ > 1 file changed, 2 insertions(+), 4 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 07/71] tcg-runtime: define helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote:
> +void HELPER(cpu_halted_set)(CPUArchState *env, uint32_t val)
> +{
> +CPUState *cpu = ENV_GET_CPU(env);
> +
> +cpu->halted = val;
> +}
I suppose this is fine as a first step. I'd like to clean up all of the
targets to also use a helper like this to also raise EXCP_HALTED. They all
perform the same actions, even though this isn't obvious (many of them
reuse helpers that also raise target-specific exceptions).
That said,
Reviewed-by: Richard Henderson
r~
Re: [Qemu-devel] [PATCH 1/9] qom/user-creatable: add a few helper macros
On Mon, Oct 22, 2018 at 03:33:30PM +0100, Igor Mammedov wrote:
> On Wed, 12 Sep 2018 16:55:23 +0400
> Marc-André Lureau wrote:
>
> > Improve a bit code readability.
> >
> > Signed-off-by: Marc-André Lureau
> > ---
> > include/qom/object_interfaces.h | 4
> > qom/object.c| 4 ++--
> > qom/object_interfaces.c | 9 +++--
> > 3 files changed, 9 insertions(+), 8 deletions(-)
> >
> > diff --git a/include/qom/object_interfaces.h
> > b/include/qom/object_interfaces.h
> > index 4d513fb329..46b0861457 100644
> > --- a/include/qom/object_interfaces.h
> > +++ b/include/qom/object_interfaces.h
> > @@ -9,9 +9,13 @@
> > #define USER_CREATABLE_CLASS(klass) \
> > OBJECT_CLASS_CHECK(UserCreatableClass, (klass), \
> > TYPE_USER_CREATABLE)
> > +#define IS_USER_CREATABLE_CLASS(klass) \
> > +object_class_dynamic_cast(OBJECT_CLASS(oc), TYPE_USER_CREATABLE)
> > #define USER_CREATABLE_GET_CLASS(obj) \
> > OBJECT_GET_CLASS(UserCreatableClass, (obj), \
> >TYPE_USER_CREATABLE)
> > +#define IS_USER_CREATABLE(obj) \
> > +object_dynamic_cast(OBJECT(obj), TYPE_USER_CREATABLE)
> > #define USER_CREATABLE(obj) \
> > INTERFACE_CHECK(UserCreatable, (obj), \
> > TYPE_USER_CREATABLE)
> > diff --git a/qom/object.c b/qom/object.c
> > index 75d1d48944..0703e8e4ff 100644
> > --- a/qom/object.c
> > +++ b/qom/object.c
> > @@ -424,7 +424,7 @@ void object_initialize_childv(Object *parentobj, const
> > char *propname,
> > goto out;
> > }
> >
> > -if (object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
> > +if (IS_USER_CREATABLE(obj)) {
> > user_creatable_complete(obj, _err);
> > if (local_err) {
> > object_unparent(obj);
> > @@ -605,7 +605,7 @@ Object *object_new_with_propv(const char *typename,
> > goto error;
> > }
> >
> > -if (object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
> > +if (IS_USER_CREATABLE(obj)) {
> > user_creatable_complete(obj, _err);
> > if (local_err) {
> > object_unparent(obj);
> > diff --git a/qom/object_interfaces.c b/qom/object_interfaces.c
> > index 72b97a8bed..e3084bc04a 100644
> > --- a/qom/object_interfaces.c
> > +++ b/qom/object_interfaces.c
> > @@ -10,18 +10,15 @@
> >
> > void user_creatable_complete(Object *obj, Error **errp)
> > {
> > -
> > UserCreatableClass *ucc;
> > -UserCreatable *uc =
> > -(UserCreatable *)object_dynamic_cast(obj, TYPE_USER_CREATABLE);
> >
> > -if (!uc) {
> > +if (!IS_USER_CREATABLE(obj)) {
> > return;
> > }
> >
> > -ucc = USER_CREATABLE_GET_CLASS(uc);
> > +ucc = USER_CREATABLE_GET_CLASS(obj);
> > if (ucc->complete) {
> > -ucc->complete(uc, errp);
> > +ucc->complete(USER_CREATABLE(obj), errp);
> ^^^
> even though function becomes more concise,
> this will call expensive dynamic cast 2nd time (IS_USER_CREATABLE was the 1st
> and discarded)
> so I'm not sure is a good idea to regress startup time for readability.
(INTERFACE_CHECK is a nop if CONFIG_QOM_CAST_DEBUG is not
enabled, so I don't understand how it would regress startup time.
--
Eduardo
Re: [Qemu-devel] [RFC v4 40/71] i386/whpx-all: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/i386/whpx-all.c | 41 - > 1 file changed, 24 insertions(+), 17 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 39/71] i386/hax-all: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/i386/hax-all.c | 30 +- > 1 file changed, 17 insertions(+), 13 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v2 02/29] targer/riscv: Activate decodetree and implemnt LUI & AUIPC
On 10/26/18 11:49 AM, Bastian Koppelmann wrote: > I think you can pick up everything up to the RVC conversion which still needs > the work suggested by Richard. Thanks, for picking it up :) Even then I thought we were talking about splitting the RV64 insns into a separate file, reducing the ifdefs, and renaming the arg-sets to match the instruction formats described in the riscv spec. r~
[Qemu-devel] [PATCH 5/6] Determine the desired FPU mode
From: Stefan Markovic
Floating-point mode is calculated from MIPS.abiflags FP ABI value
(based on kernel implementation). Illegal combinations are rejected.
Signed-off-by: Stefan Markovic
---
linux-user/mips/cpu_loop.c | 75 ++
1 file changed, 75 insertions(+)
diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index c9c20cf..fd96e46 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -740,6 +740,34 @@ void target_cpu_copy_regs(CPUArchState *env, struct
target_pt_regs *regs)
struct image_info *info = ts->info;
int i;
+struct mode_req {
+bool single;
+bool soft;
+bool fr1;
+bool frdefault;
+bool fre;
+};
+
+static const struct mode_req fpu_reqs[] = {
+[MIPS_ABI_FP_ANY]= { true, true, true, true, true },
+[MIPS_ABI_FP_DOUBLE] = { false, false, false, true, true },
+[MIPS_ABI_FP_SINGLE] = { true, false, false, false, false },
+[MIPS_ABI_FP_SOFT] = { false, true, false, false, false },
+[MIPS_ABI_FP_OLD_64] = { false, false, false, false, false },
+[MIPS_ABI_FP_XX] = { false, false, true, true, true },
+[MIPS_ABI_FP_64] = { false, false, true, false, false },
+[MIPS_ABI_FP_64A]= { false, false, true, false, true }
+};
+
+/*
+ * Mode requirements when .MIPS.abiflags is not present in the ELF.
+ * Not present means that everything is acceptable except FR1.
+ */
+static struct mode_req none_req = { true, true, false, true, true };
+
+struct mode_req prog_req;
+struct mode_req interp_req;
+
for(i = 0; i < 32; i++) {
env->active_tc.gpr[i] = regs->regs[i];
}
@@ -747,6 +775,53 @@ void target_cpu_copy_regs(CPUArchState *env, struct
target_pt_regs *regs)
if (regs->cp0_epc & 1) {
env->hflags |= MIPS_HFLAG_M16;
}
+
+#ifdef TARGET_ABI_MIPSO32
+# define MAX_FP_ABI MIPS_ABI_FP_64A
+#else
+# define MAX_FP_ABI MIPS_ABI_FP_SOFT
+#endif
+ if ((info->fp_abi > MAX_FP_ABI && info->fp_abi != MIPS_ABI_FP_UNKNOWN)
+|| (info->interp_fp_abi > MAX_FP_ABI &&
+info->interp_fp_abi != MIPS_ABI_FP_UNKNOWN)) {
+fprintf(stderr, "qemu: Program and interpreter have "
+"unexpected FPU modes\n");
+exit(137);
+}
+
+prog_req = (info->fp_abi == MIPS_ABI_FP_UNKNOWN) ? none_req
+: fpu_reqs[info->fp_abi];
+interp_req = (info->interp_fp_abi == MIPS_ABI_FP_UNKNOWN) ? none_req
+: fpu_reqs[info->interp_fp_abi];
+
+prog_req.single &= interp_req.single;
+prog_req.soft &= interp_req.soft;
+prog_req.fr1 &= interp_req.fr1;
+prog_req.frdefault &= interp_req.frdefault;
+prog_req.fre &= interp_req.fre;
+
+bool cpu_has_mips_r2_r6 = env->insn_flags & ISA_MIPS32R2 ||
+ env->insn_flags & ISA_MIPS64R2 ||
+ env->insn_flags & ISA_MIPS32R6 ||
+ env->insn_flags & ISA_MIPS64R6;
+
+if (prog_req.fre && !prog_req.frdefault && !prog_req.fr1) {
+env->CP0_Config5 |= (1 << CP0C5_FRE);
+if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
+env->hflags |= MIPS_HFLAG_FRE;
+}
+} else if ((prog_req.fr1 && prog_req.frdefault) ||
+ (prog_req.single && !prog_req.frdefault)) {
+if ((env->active_fpu.fcr0 & (1 << FCR0_F64)
+&& cpu_has_mips_r2_r6) || prog_req.fr1) {
+env->CP0_Status |= (1 << CP0St_FR);
+env->hflags |= MIPS_HFLAG_F64;
+}
+} else if (!prog_req.fre && !prog_req.frdefault &&
+ !prog_req.fr1 && !prog_req.single && !prog_req.soft) {
+exit(137);
+}
+
if (env->insn_flags & ISA_NANOMIPS32) {
return;
}
--
1.9.1
[Qemu-devel] [PATCH 2/6] Extend image_info struct with MIPS specific fp_abi and interp_fp_abi fields
From: Stefan Markovic
Signed-off-by: Stefan Markovic
---
linux-user/qemu.h | 4
1 file changed, 4 insertions(+)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 1beb6a2..a752c1c 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -61,6 +61,10 @@ struct image_info {
abi_ulong interpreter_loadmap_addr;
abi_ulong interpreter_pt_dynamic_addr;
struct image_info *other_info;
+#ifdef TARGET_MIPS
+int fp_abi;
+int interp_fp_abi;
+#endif
};
#ifdef TARGET_I386
--
1.9.1
Re: [Qemu-devel] [RFC v4 03/71] cpu: introduce cpu_mutex_lock/unlock
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > The few direct users of >lock will be converted soon. > > Signed-off-by: Emilio G. Cota > --- > include/qom/cpu.h | 33 +++ > cpus.c | 48 +++-- > stubs/cpu-lock.c| 20 +++ > stubs/Makefile.objs | 1 + > 4 files changed, 100 insertions(+), 2 deletions(-) > create mode 100644 stubs/cpu-lock.c Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 23/71] riscv: convert to cpu_halted
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Cc: Michael Clark > Cc: Palmer Dabbelt > Cc: Sagar Karandikar > Cc: Bastian Koppelmann > Cc: Alistair Francis > Reviewed-by: Palmer Dabbelt > Signed-off-by: Emilio G. Cota > --- > target/riscv/op_helper.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 29/71] cpu-exec: convert to cpu_halted
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > accel/tcg/cpu-exec.c | 24 > 1 file changed, 20 insertions(+), 4 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 30/71] cpu: define cpu_interrupt_request helpers
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Add a comment about how atomic_read works here. The comment refers to > a "BQL-less CPU loop", which will materialize toward the end > of this series. > > Note that the modifications to cpu_reset_interrupt are there to > avoid deadlock during the CPU lock transition; once that is complete, > cpu_interrupt_request will be simple again. > > Signed-off-by: Emilio G. Cota > --- > include/qom/cpu.h | 37 + > qom/cpu.c | 27 +-- > 2 files changed, 58 insertions(+), 6 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v7 0/3] Bootstrap Python venv and acceptance/functional tests
On Thu, Oct 18, 2018 at 11:31:31AM -0400, Cleber Rosa wrote: > TL;DR > = > > Allow acceptance tests to be run with `make check-acceptance`. Queued on python-next, thanks! -- Eduardo
Re: [Qemu-devel] [PATCH RFC 0/2] Fix migration issues
On 10/25/2018 08:58 PM, Peter Xu wrote:
On Thu, Oct 25, 2018 at 05:04:00PM +0800, Fei Li wrote:
[...]
@@ -1325,22 +1325,24 @@ bool multifd_recv_all_channels_created(void)
/* Return true if multifd is ready for the migration, otherwise false */
bool multifd_recv_new_channel(QIOChannel *ioc)
{
+ MigrationIncomingState *mis = migration_incoming_get_current();
MultiFDRecvParams *p;
Error *local_err = NULL;
int id;
id = multifd_recv_initial_packet(ioc, _err);
if (id < 0) {
- multifd_recv_terminate_threads(local_err);
- return false;
+ error_reportf_err(local_err,
+ "failed to receive packet via multifd channel %x:
",
+ multifd_recv_state->count);
+ goto fail;
}
p = _recv_state->params[id];
if (p->c != NULL) {
error_setg(_err, "multifd: received id '%d' already setup'",
id);
- multifd_recv_terminate_threads(local_err);
- return false;
+ goto fail;
}
p->c = ioc;
object_ref(OBJECT(ioc));
@@ -1352,6 +1354,11 @@ bool multifd_recv_new_channel(QIOChannel *ioc)
QEMU_THREAD_JOINABLE);
atomic_inc(_recv_state->count);
return multifd_recv_state->count == migrate_multifd_channels();
+fail:
+ multifd_recv_terminate_threads(local_err);
+ qemu_fclose(mis->from_src_file);
+ mis->from_src_file = NULL;
+ exit(EXIT_FAILURE);
}
Yeah I think it makes sense to at least report some details when error
happens, but I'm not sure whether it's good to explicitly exit() here.
IMHO you can add an Error** in multifd_recv_new_channel() parameter
list to do that, and even through migration_ioc_process_incoming().
What do you think?
Regards,
You mean exit() in migration_ioc_process_incoming(), or further
caller migration_channel_process_incoming()? Actually either is
ok for me. :) But today I find if using postcopy and multifd together
to do live migration, it seems the hang still occurs even with the
above codes, so sad about that. I will keep debugging and see
how to fix this.
Have a nice day, thanks
Fei
[Qemu-devel] [PULL 2/9] tests/vm: Extract the kvm_available() handy function
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-2-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
scripts/qemu.py| 4
tests/vm/basevm.py | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/scripts/qemu.py b/scripts/qemu.py
index f099ce7278..9fc0be4828 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -26,6 +26,10 @@ import tempfile
LOG = logging.getLogger(__name__)
+def kvm_available(target_arch=None):
+return os.access("/dev/kvm", os.R_OK | os.W_OK)
+
+
#: Maps machine types to the preferred console device types
CONSOLE_DEV_TYPES = {
r'^clipper$': 'isa-serial',
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index cafbc6b3a5..834bc90cc1 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -18,7 +18,7 @@ import logging
import time
import datetime
sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "scripts"))
-from qemu import QEMUMachine
+from qemu import QEMUMachine, kvm_available
import subprocess
import hashlib
import optparse
@@ -72,7 +72,7 @@ class BaseVM(object):
"-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
if vcpus:
self._args += ["-smp", str(vcpus)]
-if os.access("/dev/kvm", os.R_OK | os.W_OK):
+if kvm_available():
self._args += ["-enable-kvm"]
else:
logging.info("KVM not available, not using -enable-kvm")
--
2.17.1
[Qemu-devel] [PULL 5/9] tests/vm: Display remaining seconds to wait for a VM to start
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-5-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
tests/vm/basevm.py | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 9415e7c33a..81a1cb05dd 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -177,11 +177,14 @@ class BaseVM(object):
def wait_ssh(self, seconds=300):
starttime = datetime.datetime.now()
+endtime = starttime + datetime.timedelta(seconds=seconds)
guest_up = False
-while (datetime.datetime.now() - starttime).total_seconds() < seconds:
+while datetime.datetime.now() < endtime:
if self.ssh("exit 0") == 0:
guest_up = True
break
+seconds = (endtime - datetime.datetime.now()).total_seconds()
+logging.debug("%ds before timeout", seconds)
time.sleep(1)
if not guest_up:
raise Exception("Timeout while waiting for guest ssh")
--
2.17.1
[Qemu-devel] [PATCH 0/6] target/mips: Add support for prctl() PR_GET_FP_MODE and PR_SET_FP_MODE
From: Stefan Markovic This series includes support for prctl() PR_GET_FP_MODE and PR_SET_FP_MODE. This requires extracting MIPS.abiflags section from ELF file and fp_abi value handling. Stefan Markovic (6): Define MIPS_ABI_FP_UNKNOWN macro Extend image_info struct with MIPS specific fp_abi and interp_fp_abi fields Extract MIPS abiflags from ELF file Read and set FP ABI value from MIPS abiflags Determine the desired FPU mode Add prctl() PR_SET_FP_MODE and PR_GET_FP_MODE implementations include/elf.h | 2 + linux-user/elfload.c | 37 +++ linux-user/mips/cpu_loop.c | 75 ++ linux-user/mips/target_syscall.h | 2 + linux-user/mips64/target_syscall.h | 2 + linux-user/qemu.h | 4 ++ linux-user/syscall.c | 62 +-- 7 files changed, 180 insertions(+), 4 deletions(-) -- 1.9.1
Re: [Qemu-devel] [RFC v4 04/71] cpu: make qemu_work_cond per-cpu
On 10/25/18 3:45 PM, Emilio G. Cota wrote:
> This eliminates the need to use the BQL to queue CPU work.
>
> While at it, give the per-cpu field a generic name ("cond") since
> it will soon be used for more than just queueing CPU work.
>
> Signed-off-by: Emilio G. Cota
> ---
> include/qom/cpu.h | 6 ++--
> cpus-common.c | 72 ++-
> cpus.c| 2 +-
> qom/cpu.c | 1 +
> 4 files changed, 63 insertions(+), 18 deletions(-)
Reviewed-by: Richard Henderson
r~
Re: [Qemu-devel] [RFC v4 10/71] hppa: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/hppa/translate.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 12/71] alpha: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/alpha/translate.c | 6 ++ > 1 file changed, 2 insertions(+), 4 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH 00/10] Trivial fixes and clean ups
On Thu, Oct 04, 2018 at 12:18:42PM -0400, Cleber Rosa wrote: > Just a collection of trivial fixes and clean ups that have been lying > around here for some time. I'm queueing patches 07-10 on python-next. I'm aware that Laurent already queued some of them (thanks!), but I want to avoid conflicts in case other patches touching these modules are queued on python-next. -- Eduardo
Re: [Qemu-devel] [RFC v4 36/71] arm: convert to cpu_interrupt_request
Emilio G. Cota writes:
> Cc: Peter Maydell
This will need to catch-up in the next re-base as there is a merge conflict.
> Cc: qemu-...@nongnu.org
> Reviewed-by: Richard Henderson
> Signed-off-by: Emilio G. Cota
> ---
> target/arm/cpu.c| 2 +-
> target/arm/helper.c | 12 +---
> 2 files changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 9c5cda8eb7..7330c2dae1 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -49,7 +49,7 @@ static bool arm_cpu_has_work(CPUState *cs)
> ARMCPU *cpu = ARM_CPU(cs);
>
> return (cpu->power_state != PSCI_OFF)
> -&& cs->interrupt_request &
> +&& cpu_interrupt_request(cs) &
> (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD
> | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ
> | CPU_INTERRUPT_EXITTB);
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index c83f7c1109..454954a56c 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -1294,11 +1294,12 @@ static uint64_t isr_read(CPUARMState *env, const
> ARMCPRegInfo *ri)
> {
> CPUState *cs = ENV_GET_CPU(env);
> uint64_t ret = 0;
> +uint32_t interrupt_request = cpu_interrupt_request(cs);
>
> -if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
> +if (interrupt_request & CPU_INTERRUPT_HARD) {
> ret |= CPSR_I;
> }
> -if (cs->interrupt_request & CPU_INTERRUPT_FIQ) {
> +if (interrupt_request & CPU_INTERRUPT_FIQ) {
> ret |= CPSR_F;
> }
> /* External aborts are not possible in QEMU so A bit is always clear */
> @@ -8579,10 +8580,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
> return;
> }
>
> -/* Hooks may change global state so BQL should be held, also the
> - * BQL needs to be held for any modification of
> - * cs->interrupt_request.
> - */
> +/* Hooks may change global state so BQL should be held */
> g_assert(qemu_mutex_iothread_locked());
>
> arm_call_pre_el_change_hook(cpu);
> @@ -8597,7 +8595,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
> arm_call_el_change_hook(cpu);
>
> if (!kvm_enabled()) {
> -cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
> +cpu_interrupt_request_or(cs, CPU_INTERRUPT_EXITTB);
> }
> }
--
Alex Bennée
Re: [Qemu-devel] [PATCH 01/11] target/mips: Rename ASE_MMI to ASE_TOSHIBA_MMI, with Toshiba namespace
> From: Fredrik Noring > Subject: [PATCH 01/11] target/mips: Rename ASE_MMI to ASE_TOSHIBA_MMI, with > Toshiba namespace > > Several vendors have multimedia instruction (MMI) sets and other > extensions of various kinds. ASE vendor namespaces make it clear these > are not generic architectural features and also avoid name clashes. ASE_XXX flags are not meant to identify a CPU or vendor. They are not wired to any configuration bit or CPU model. They are purely QEMU internal constructs, whose purpose was to make internal QEMU MIPS-specific code organization easier. In this case, ASE_MMI is an umbrella for all MMI-like ASEs, introduced with intent to make encapsulation of MMI-specific code better and easier. Differences between CPUs should be resolved by other means. Name 'ASE_MMI' is fine. Thanks, Aleksandar
[Qemu-devel] [PULL 6/9] tests/vm: Add a BaseVM::arch property
From: Philippe Mathieu-Daudé
The 'arch' property gives a hint on which architecture the guest image runs.
This can be use to select the correct QEMU binary path.
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-6-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
tests/vm/basevm.py | 4 +++-
tests/vm/centos | 1 +
tests/vm/freebsd | 1 +
tests/vm/netbsd | 1 +
tests/vm/openbsd | 1 +
tests/vm/ubuntu.i386 | 1 +
6 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 81a1cb05dd..b2e0de2022 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -42,6 +42,8 @@ class BaseVM(object):
BUILD_SCRIPT = ""
# The guest name, to be overridden by subclasses
name = "#base"
+# The guest architecture, to be overridden by subclasses
+arch = "#arch"
def __init__(self, debug=False, vcpus=None):
self._guest = None
self._tmpdir = os.path.realpath(tempfile.mkdtemp(prefix="vm-test-",
@@ -151,7 +153,7 @@ class BaseVM(object):
"-device", "virtio-blk,drive=drive0,bootindex=0"]
args += self._data_args + extra_args
logging.debug("QEMU args: %s", " ".join(args))
-qemu_bin = os.environ.get("QEMU", "qemu-system-x86_64")
+qemu_bin = os.environ.get("QEMU", "qemu-system-" + self.arch)
guest = QEMUMachine(binary=qemu_bin, args=args)
try:
guest.launch()
diff --git a/tests/vm/centos b/tests/vm/centos
index afd560c564..daa2dbca03 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -19,6 +19,7 @@ import time
class CentosVM(basevm.BaseVM):
name = "centos"
+arch = "x86_64"
BUILD_SCRIPT = """
set -e;
cd $(mktemp -d);
diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index b6983127d0..19a3729172 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -18,6 +18,7 @@ import basevm
class FreeBSDVM(basevm.BaseVM):
name = "freebsd"
+arch = "x86_64"
BUILD_SCRIPT = """
set -e;
rm -rf /var/tmp/qemu-test.*
diff --git a/tests/vm/netbsd b/tests/vm/netbsd
index a4e25820d5..fac6a7ce51 100755
--- a/tests/vm/netbsd
+++ b/tests/vm/netbsd
@@ -18,6 +18,7 @@ import basevm
class NetBSDVM(basevm.BaseVM):
name = "netbsd"
+arch = "x86_64"
BUILD_SCRIPT = """
set -e;
rm -rf /var/tmp/qemu-test.*
diff --git a/tests/vm/openbsd b/tests/vm/openbsd
index 52500ee52b..cfe0572c59 100755
--- a/tests/vm/openbsd
+++ b/tests/vm/openbsd
@@ -18,6 +18,7 @@ import basevm
class OpenBSDVM(basevm.BaseVM):
name = "openbsd"
+arch = "x86_64"
BUILD_SCRIPT = """
set -e;
rm -rf /var/tmp/qemu-test.*
diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
index 3f6ed48b74..1b7e1ab8f0 100755
--- a/tests/vm/ubuntu.i386
+++ b/tests/vm/ubuntu.i386
@@ -19,6 +19,7 @@ import time
class UbuntuX86VM(basevm.BaseVM):
name = "ubuntu.i386"
+arch = "i386"
BUILD_SCRIPT = """
set -e;
cd $(mktemp -d);
--
2.17.1
[Qemu-devel] [PULL 9/9] tests/vm: Do not abuse parallelism when HOST != TARGET architecture
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-9-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
tests/vm/basevm.py | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 9f4794898a..5caf77d6b8 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -200,10 +200,10 @@ class BaseVM(object):
def qmp(self, *args, **kwargs):
return self._guest.qmp(*args, **kwargs)
-def parse_args(vm_name):
+def parse_args(vmcls):
def get_default_jobs():
-if kvm_available():
+if kvm_available(vmcls.arch):
return multiprocessing.cpu_count() / 2
else:
return 1
@@ -216,7 +216,7 @@ def parse_args(vm_name):
"3 = test command failed")
parser.add_option("--debug", "-D", action="store_true",
help="enable debug output")
-parser.add_option("--image", "-i", default="%s.img" % vm_name,
+parser.add_option("--image", "-i", default="%s.img" % vmcls.name,
help="image file name")
parser.add_option("--force", "-f", action="store_true",
help="force build image even if image exists")
@@ -237,7 +237,7 @@ def parse_args(vm_name):
def main(vmcls):
try:
-args, argv = parse_args(vmcls.name)
+args, argv = parse_args(vmcls)
if not argv and not args.build_qemu and not args.build_image:
print("Nothing to do?")
return 1
--
2.17.1
[Qemu-devel] [PULL 7/9] tests/vm: Let kvm_available() work in cross environments
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-7-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
scripts/qemu.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/qemu.py b/scripts/qemu.py
index 9fc0be4828..bcd24aad82 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -27,6 +27,8 @@ LOG = logging.getLogger(__name__)
def kvm_available(target_arch=None):
+if target_arch and target_arch != os.uname()[4]:
+return False
return os.access("/dev/kvm", os.R_OK | os.W_OK)
--
2.17.1
[Qemu-devel] [PULL 8/9] tests/vm: Do not use -enable-kvm if HOST != TARGET architecture
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-8-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
tests/vm/basevm.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index b2e0de2022..9f4794898a 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -74,7 +74,7 @@ class BaseVM(object):
"-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
if vcpus and vcpus > 1:
self._args += ["-smp", str(vcpus)]
-if kvm_available():
+if kvm_available(self.arch):
self._args += ["-enable-kvm"]
else:
logging.info("KVM not available, not using -enable-kvm")
--
2.17.1
[Qemu-devel] [PATCH 1/6] Define MIPS_ABI_FP_UNKNOWN macro
From: Stefan Markovic Signed-off-by: Stefan Markovic --- include/elf.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/elf.h b/include/elf.h index 5f45f9b..c151164 100644 --- a/include/elf.h +++ b/include/elf.h @@ -87,6 +87,8 @@ typedef int64_t Elf64_Sxword; #define EF_MIPS_MACH_LS3A 0x00a2 /* ST Microelectronics Loongson 3A */ #define EF_MIPS_MACH 0x00ff /* EF_MIPS_MACH_xxx selection mask */ +#define MIPS_ABI_FP_UNKNOWN (-1)/* Unknown FP ABI (internal) */ + #define MIPS_ABI_FP_ANY 0x0 /* FP ABI doesn't matter */ #define MIPS_ABI_FP_DOUBLE0x1 /* -mdouble-float */ #define MIPS_ABI_FP_SINGLE0x2 /* -msingle-float */ -- 1.9.1
Re: [Qemu-devel] [RFC v4 13/71] microblaze: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Cc: "Edgar E. Iglesias" > Signed-off-by: Emilio G. Cota > --- > target/microblaze/translate.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) Reviewed-by: Richard Henderson r~
[Qemu-devel] [PULL 12/20] tests: Fix typos in comments and help message (found by codespell)
From: Stefan Weil
Fix also a grammar issue.
Signed-off-by: Stefan Weil
Reviewed-by: Alex Bennée
Message-Id: <20180713054755.23323-1...@weilnetz.de>
Signed-off-by: Laurent Vivier
---
tests/bios-tables-test.c | 2 +-
tests/docker/Makefile.include | 2 +-
tests/docker/docker.py| 4 ++--
tests/guest-debug/test-gdbstub.py | 2 +-
tests/qemu-iotests/common.qemu| 2 +-
tests/tcg/Makefile.include| 2 +-
tests/tcg/Makefile.probe | 2 +-
tests/tcg/mips/mips64-dsp/subq_s_pw.c | 2 +-
8 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 4e24930c4b..af4b1fb6bd 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -390,7 +390,7 @@ try_again:
if (g_file_test(aml_file, G_FILE_TEST_EXISTS)) {
exp_sdt.aml_file = aml_file;
} else if (*ext != '\0') {
-/* try fallback to generic (extention less) expected file */
+/* try fallback to generic (extension less) expected file */
ext = "";
g_free(aml_file);
goto try_again;
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 6e03235ab9..9467e9d088 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -41,7 +41,7 @@ docker-qemu-src: $(DOCKER_SRC_COPY)
docker-image: ${DOCKER_TARGETS}
# General rule for building docker images. If we are a sub-make
-# invoked with SKIP_DOCKER_BUILD we still check the image is upto date
+# invoked with SKIP_DOCKER_BUILD we still check the image is up to date
# though
ifdef SKIP_DOCKER_BUILD
docker-image-%: $(DOCKER_FILES_DIR)/%.docker
diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 44d5f7493b..02d8a83847 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -97,7 +97,7 @@ def _get_so_libs(executable):
return libs
def _copy_binary_with_libs(src, dest_dir):
-"""Copy a binary executable and all its dependant libraries.
+"""Copy a binary executable and all its dependent libraries.
This does rely on the host file-system being fairly multi-arch
aware so the file don't clash with the guests layout."""
@@ -284,7 +284,7 @@ class SubCommand(object):
name = None # Subcommand name
def shared_args(self, parser):
parser.add_argument("--quiet", action="store_true",
-help="Run quietly unless an error occured")
+help="Run quietly unless an error occurred")
def args(self, parser):
"""Setup argument parser"""
diff --git a/tests/guest-debug/test-gdbstub.py
b/tests/guest-debug/test-gdbstub.py
index 474d2c5c65..0e4ac01426 100644
--- a/tests/guest-debug/test-gdbstub.py
+++ b/tests/guest-debug/test-gdbstub.py
@@ -122,7 +122,7 @@ class CatchBreakpoint(gdb.Breakpoint):
def run_test():
-"Run throught the tests one by one"
+"Run through the tests one by one"
print ("Checking we can step the first few instructions")
step_ok = 0
diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu
index f285484951..dadde2a266 100644
--- a/tests/qemu-iotests/common.qemu
+++ b/tests/qemu-iotests/common.qemu
@@ -257,7 +257,7 @@ function _launch_qemu()
}
-# Silenty kills the QEMU process
+# Silently kills the QEMU process
#
# If $wait is set to anything other than the empty string, the process will not
# be killed but only waited for, and any output will be forwarded to stdout. If
diff --git a/tests/tcg/Makefile.include b/tests/tcg/Makefile.include
index 57470b2a2c..c581bd6ffc 100644
--- a/tests/tcg/Makefile.include
+++ b/tests/tcg/Makefile.include
@@ -2,7 +2,7 @@
#
# TCG tests (per-target rules)
#
-# This Makefile fragement is included from the per-target
+# This Makefile fragment is included from the per-target
# Makefile.target so will be invoked for each linux-user program we
# build. We have two options for compiling, either using a configured
# guest compiler or calling one of our docker images to do it for us.
diff --git a/tests/tcg/Makefile.probe b/tests/tcg/Makefile.probe
index 15c0412657..9dc654663d 100644
--- a/tests/tcg/Makefile.probe
+++ b/tests/tcg/Makefile.probe
@@ -2,7 +2,7 @@
#
# TCG Compiler Probe
#
-# This Makefile fragement is included multiple times in the main make
+# This Makefile fragment is included multiple times in the main make
# script to probe for available compilers. This is used to build up a
# selection of required docker targets before we invoke a sub-make for
# each target.
diff --git a/tests/tcg/mips/mips64-dsp/subq_s_pw.c
b/tests/tcg/mips/mips64-dsp/subq_s_pw.c
index e8e0b0567e..4c080b785a 100644
--- a/tests/tcg/mips/mips64-dsp/subq_s_pw.c
+++ b/tests/tcg/mips/mips64-dsp/subq_s_pw.c
@@ -24,7 +24,7 @@ int main(void)
rt = 0x123456789ABCDEF1;
rs = 0x123456789ABCDEF2;
result = 0x0001;
-/* This time we do
[Qemu-devel] [PATCH v2] ppc/pnv: check size before data buffer access
From: Prasad J Pandit
While performing PowerNV memory r/w operations, the access length
'sz' could exceed the data[4] buffer size. Add check to avoid OOB
access.
Reported-by: Moguofang
Signed-off-by: Prasad J Pandit
---
hw/ppc/pnv_lpc.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
Update v2: add error log message
-> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg05750.html
diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index d7721320a2..172a915cfc 100644
--- a/hw/ppc/pnv_lpc.c
+++ b/hw/ppc/pnv_lpc.c
@@ -155,9 +155,15 @@ static void pnv_lpc_do_eccb(PnvLpcController *lpc,
uint64_t cmd)
/* XXX Check for magic bits at the top, addr size etc... */
unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH;
uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK;
-uint8_t data[4];
+uint8_t data[8];
bool success;
+if (sz > sizeof(data)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"ECCB: invalid operation at @0x%08x size %d\n", opb_addr, sz);
+return;
+}
+
if (cmd & ECCB_CTL_READ) {
success = opb_read(lpc, opb_addr, data, sz);
if (success) {
--
2.17.2
Re: [Qemu-devel] [PATCH v3 2/7] qapi: correctly parse uint64_t values from strings
> > It's not obvious to me why this looks so different from the code in > parse_type_int64(). Should we be using qemu_strtoi64() in the > pre-existing function, instead of what's there now? The existing function has to be that complicated because it calls into the same function used to parse ranges. We don't need ranges (or create/modify) any, so this is not necessary. This function is similar to the other parse functions (not parsing ranges), e.g. parse_type_bool(). Thanks! > >> >> static void parse_type_size(Visitor *v, const char *name, uint64_t *obj, > -- Thanks, David / dhildenb
Re: [Qemu-devel] [RFC v4 15/71] tcg-runtime: convert to cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > accel/tcg/tcg-runtime.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 17/71] ppc: convert to cpu_halted
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > In ppce500_spin.c, acquire the lock just once to update > both cpu->halted and cpu->stopped. > > In hw/ppc/spapr_hcall.c, acquire the lock just once to > update cpu->halted and call cpu_has_work, since later > in the series we'll acquire the BQL (if not already held) > from cpu_has_work. > > Cc: David Gibson > Cc: Alexander Graf > Cc: qemu-...@nongnu.org > Signed-off-by: Emilio G. Cota > --- Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 32/71] exec: use cpu_reset_interrupt
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > exec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 37/71] i386: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > target/i386/cpu.c| 2 +- > target/i386/helper.c | 4 ++-- > target/i386/svm_helper.c | 4 ++-- > 3 files changed, 5 insertions(+), 5 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH RFC 0/2] Fix migration issues
* Peter Xu (pet...@redhat.com) wrote:
> On Fri, Oct 26, 2018 at 09:10:19PM +0800, Fei Li wrote:
> >
> >
> > On 10/25/2018 08:58 PM, Peter Xu wrote:
> > > On Thu, Oct 25, 2018 at 05:04:00PM +0800, Fei Li wrote:
> > >
> > > [...]
> > >
> > > > @@ -1325,22 +1325,24 @@ bool multifd_recv_all_channels_created(void)
> > > > /* Return true if multifd is ready for the migration, otherwise false
> > > > */
> > > > bool multifd_recv_new_channel(QIOChannel *ioc)
> > > > {
> > > > + MigrationIncomingState *mis = migration_incoming_get_current();
> > > > MultiFDRecvParams *p;
> > > > Error *local_err = NULL;
> > > > int id;
> > > >
> > > > id = multifd_recv_initial_packet(ioc, _err);
> > > > if (id < 0) {
> > > > - multifd_recv_terminate_threads(local_err);
> > > > - return false;
> > > > + error_reportf_err(local_err,
> > > > + "failed to receive packet via multifd
> > > > channel %x:
> > > > ",
> > > > + multifd_recv_state->count);
> > > > + goto fail;
> > > > }
> > > >
> > > > p = _recv_state->params[id];
> > > > if (p->c != NULL) {
> > > > error_setg(_err, "multifd: received id '%d' already
> > > > setup'",
> > > > id);
> > > > - multifd_recv_terminate_threads(local_err);
> > > > - return false;
> > > > + goto fail;
> > > > }
> > > > p->c = ioc;
> > > > object_ref(OBJECT(ioc));
> > > > @@ -1352,6 +1354,11 @@ bool multifd_recv_new_channel(QIOChannel *ioc)
> > > > QEMU_THREAD_JOINABLE);
> > > > atomic_inc(_recv_state->count);
> > > > return multifd_recv_state->count == migrate_multifd_channels();
> > > > +fail:
> > > > + multifd_recv_terminate_threads(local_err);
> > > > + qemu_fclose(mis->from_src_file);
> > > > + mis->from_src_file = NULL;
> > > > + exit(EXIT_FAILURE);
> > > > }
> > > Yeah I think it makes sense to at least report some details when error
> > > happens, but I'm not sure whether it's good to explicitly exit() here.
> > > IMHO you can add an Error** in multifd_recv_new_channel() parameter
> > > list to do that, and even through migration_ioc_process_incoming().
> > > What do you think?
> > >
> > > Regards,
> > >
> > You mean exit() in migration_ioc_process_incoming(), or further
> > caller migration_channel_process_incoming()? Actually either is
> > ok for me. :) But today I find if using postcopy and multifd together
> > to do live migration, it seems the hang still occurs even with the
> > above codes, so sad about that. I will keep debugging and see
> > how to fix this.
>
> Maybe you can move the error_report_err() in
> migration_channel_process_incoming() out of the TLS path so we can
> report the error if either TLS or non-TLS case got something wrong.
>
> And I don't even know whether multifd could work with postcopy...
Nope, it's not expected to work yet.
Dave
> Regards,
>
> --
> Peter Xu
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
Re: [Qemu-devel] [RFC v4 42/71] ppc: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Cc: David Gibson > Cc: Alexander Graf > Cc: qemu-...@nongnu.org > Signed-off-by: Emilio G. Cota > --- > hw/ppc/ppc.c| 2 +- > target/ppc/excp_helper.c| 2 +- > target/ppc/kvm.c| 4 ++-- > target/ppc/translate_init.inc.c | 14 +++--- > 4 files changed, 11 insertions(+), 11 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated.
+-- On Fri, 26 Oct 2018, Daniel P. Berrangé wrote --+ | > No, since the adlib device is not used as much and is being deprecated, I'm | > not inclined to get one. | | Any security issue that affects code in QEMU that is currently being | shipped by distros should have a CVE. | | Whether we intend to deprecate & delete it later should not be a factor | because we are free to cancel the deprecation process at any time if we | find a reason to keep the feature around. Okay, will follow up with a CVE process. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
[Qemu-devel] [PATCH v6 0/3] x86: QEMU side support on MSR based features
KVM side has added the framework (kvm.git:d1d93fa90) to support MSR based features. Here is the QEMU part, including data structure changes/expanding, referring functions changes, and the implementations on KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl. Changelog: v6: In cpu feature filtering, filter out MSR features whose CPUID feature dependency is not there. Check feature word type for other accelerator, like hvf, for otherwise it would return bogus EAX/ECX values in x86_cpu_get_supported_feature_word(). v5: Re-order patches. Complement feature MSR set routines. v4: Re-organize patch set to conform to request of individually build pass. Add KVM capability check for KVM_GET_MSR_INDEX_LIST before fetch. Special treatment for MSR_IA32_ARCH_CAPABILITIES.RSBA. Use more convenient glib wrapper (g_strdup_printf) instead of native (sprintf). v3: patch 2&3 in v2 are corrupted. Re-format patches. v2: coding style changes to pass ./scripts/checkpatch.pl. Robert Hoo (3): kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl x86: Data structure changes to support MSR based features x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES include/sysemu/kvm.h | 2 + target/i386/cpu.c| 234 +++ target/i386/cpu.h| 15 +++- target/i386/kvm.c| 91 4 files changed, 289 insertions(+), 53 deletions(-) -- 1.8.3.1
Re: [Qemu-devel] [PATCH RFC 0/2] Fix migration issues
On Fri, Oct 26, 2018 at 09:10:19PM +0800, Fei Li wrote:
>
>
> On 10/25/2018 08:58 PM, Peter Xu wrote:
> > On Thu, Oct 25, 2018 at 05:04:00PM +0800, Fei Li wrote:
> >
> > [...]
> >
> > > @@ -1325,22 +1325,24 @@ bool multifd_recv_all_channels_created(void)
> > > /* Return true if multifd is ready for the migration, otherwise false */
> > > bool multifd_recv_new_channel(QIOChannel *ioc)
> > > {
> > > + MigrationIncomingState *mis = migration_incoming_get_current();
> > > MultiFDRecvParams *p;
> > > Error *local_err = NULL;
> > > int id;
> > >
> > > id = multifd_recv_initial_packet(ioc, _err);
> > > if (id < 0) {
> > > - multifd_recv_terminate_threads(local_err);
> > > - return false;
> > > + error_reportf_err(local_err,
> > > + "failed to receive packet via multifd channel
> > > %x:
> > > ",
> > > + multifd_recv_state->count);
> > > + goto fail;
> > > }
> > >
> > > p = _recv_state->params[id];
> > > if (p->c != NULL) {
> > > error_setg(_err, "multifd: received id '%d' already
> > > setup'",
> > > id);
> > > - multifd_recv_terminate_threads(local_err);
> > > - return false;
> > > + goto fail;
> > > }
> > > p->c = ioc;
> > > object_ref(OBJECT(ioc));
> > > @@ -1352,6 +1354,11 @@ bool multifd_recv_new_channel(QIOChannel *ioc)
> > > QEMU_THREAD_JOINABLE);
> > > atomic_inc(_recv_state->count);
> > > return multifd_recv_state->count == migrate_multifd_channels();
> > > +fail:
> > > + multifd_recv_terminate_threads(local_err);
> > > + qemu_fclose(mis->from_src_file);
> > > + mis->from_src_file = NULL;
> > > + exit(EXIT_FAILURE);
> > > }
> > Yeah I think it makes sense to at least report some details when error
> > happens, but I'm not sure whether it's good to explicitly exit() here.
> > IMHO you can add an Error** in multifd_recv_new_channel() parameter
> > list to do that, and even through migration_ioc_process_incoming().
> > What do you think?
> >
> > Regards,
> >
> You mean exit() in migration_ioc_process_incoming(), or further
> caller migration_channel_process_incoming()? Actually either is
> ok for me. :) But today I find if using postcopy and multifd together
> to do live migration, it seems the hang still occurs even with the
> above codes, so sad about that. I will keep debugging and see
> how to fix this.
Maybe you can move the error_report_err() in
migration_channel_process_incoming() out of the TLS path so we can
report the error if either TLS or non-TLS case got something wrong.
And I don't even know whether multifd could work with postcopy...
Regards,
--
Peter Xu
[Qemu-devel] [PULL 0/9] Testing patches
The following changes since commit 808ebd66e467f77c0d1f8c6346235f81e9c99cf2: Merge remote-tracking branch 'remotes/riscv/tags/riscv-for-master-3.1-sf0' into staging (2018-10-25 17:41:03 +0100) are available in the Git repository at: git://github.com/famz/qemu.git tags/testing-pull-request for you to fetch changes up to 63a24c5e2354833a84f18bdf0e857fad8812f65b: tests/vm: Do not abuse parallelism when HOST != TARGET architecture (2018-10-26 22:03:21 +0800) Testing patches One fix for mingw build and some improvements in VM based testing, many thanks to Paolo and Phil. Paolo Bonzini (1): tests: docker: update test-mingw for GTK+ 2.0 removal Philippe Mathieu-Daudé (8): tests/vm: Extract the kvm_available() handy function tests/vm: Do not abuse parallelism when KVM is not available tests/vm: Do not use the -smp option with a single cpu tests/vm: Display remaining seconds to wait for a VM to start tests/vm: Add a BaseVM::arch property tests/vm: Let kvm_available() work in cross environments tests/vm: Do not use -enable-kvm if HOST != TARGET architecture tests/vm: Do not abuse parallelism when HOST != TARGET architecture scripts/qemu.py | 6 ++ tests/docker/test-mingw | 3 +-- tests/vm/basevm.py | 30 +- tests/vm/centos | 1 + tests/vm/freebsd| 1 + tests/vm/netbsd | 1 + tests/vm/openbsd| 1 + tests/vm/ubuntu.i386| 1 + 8 files changed, 33 insertions(+), 11 deletions(-) -- 2.17.1
[Qemu-devel] [PULL 4/9] tests/vm: Do not use the -smp option with a single cpu
From: Philippe Mathieu-Daudé Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20181013004034.6968-4-f4...@amsat.org> Reviewed-by: Richard Henderson Signed-off-by: Fam Zheng --- tests/vm/basevm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py index 2bd32dc6ce..9415e7c33a 100755 --- a/tests/vm/basevm.py +++ b/tests/vm/basevm.py @@ -70,7 +70,7 @@ class BaseVM(object): "-device", "virtio-net-pci,netdev=vnet", "-vnc", "127.0.0.1:0,to=20", "-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")] -if vcpus: +if vcpus and vcpus > 1: self._args += ["-smp", str(vcpus)] if kvm_available(): self._args += ["-enable-kvm"] -- 2.17.1
Re: [Qemu-devel] [RFC v4 11/71] m68k: convert to helper_cpu_halted_set
On 10/25/18 3:45 PM, Emilio G. Cota wrote: > Cc: Laurent Vivier > Signed-off-by: Emilio G. Cota > --- > target/m68k/translate.c | 9 - > 1 file changed, 4 insertions(+), 5 deletions(-) Reviewed-by: Richard Henderson r~
[Qemu-devel] [PULL 02/20] vga_int: remove unused function protype
From: yuchenlin Signed-off-by: yuchenlin Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20181022080053.9379-1-yuchen...@synology.com> Signed-off-by: Laurent Vivier --- hw/display/vga_int.h | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h index 6e4fa48a79..55c418eab5 100644 --- a/hw/display/vga_int.h +++ b/hw/display/vga_int.h @@ -166,7 +166,6 @@ MemoryRegion *vga_init_io(VGACommonState *s, Object *obj, const MemoryRegionPortio **vbe_ports); void vga_common_reset(VGACommonState *s); -void vga_sync_dirty_bitmap(VGACommonState *s); void vga_dirty_log_start(VGACommonState *s); void vga_dirty_log_stop(VGACommonState *s); -- 2.17.2
Re: [Qemu-devel] [RFC v4 62/71] s390x: convert to cpu_has_work_with_iothread_lock
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Soon we will call cpu_has_work without the BQL. > > Cc: Cornelia Huck > Cc: Alexander Graf > Cc: David Hildenbrand > Cc: qemu-s3...@nongnu.org > Signed-off-by: Emilio G. Cota > --- > target/s390x/cpu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 61/71] mips: convert to cpu_has_work_with_iothread_lock
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Soon we will call cpu_has_work without the BQL. > > Cc: Aurelien Jarno > Cc: Aleksandar Markovic > Signed-off-by: Emilio G. Cota > --- > target/mips/cpu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH 3/3] cirrus: mark as deprecated
+-- On Fri, 26 Oct 2018, Daniel P. Berrangé wrote --+ | ... | One thing we should do, however, is to make it clear which of the | device models we consider secure, and which we consider only usable | in a friendly guest environment, as we have very different code | maintainership & quality standards for different parts of QEMU. | | Essentially virtio devices, and then only a handful of the emulated | devices are things we consider suitable for usage in secure envs. | Likewise for machine types probably. True, +1. It did come up in another thread. It'll surely be helpful to list these professional and friendly components. 'Professional' being production ready and thus security relevant. And 'Friendly' being experimental or not suitable for production usage. Maybe like staging drivers in the kernel tree. They are available for use but not considered production ready and thus are not security relevant. To be clear, irrespective of professional or friendly, we strive to fix every single issue that is found and/or reported. Only difference is, professional ones are tracked by a CVE ID and friendly ones are fixed as bug fixes, not tracked by CVE ID. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [RFC v4 57/71] accel/tcg: convert to cpu_interrupt_request
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota > --- > accel/tcg/cpu-exec.c | 15 --- > accel/tcg/tcg-all.c | 12 +--- > accel/tcg/translate-all.c | 2 +- > 3 files changed, 18 insertions(+), 11 deletions(-) Reviewed-by: Richard Henderson r~
[Qemu-devel] [PULL 20/20] ppc: move at24c to its own CONFIG_ symbol
From: Paolo Bonzini AT24c EEPROM is currently gated by CONFIG_I2C, and as such it is being included in all emulators that use I2C, even if they do not really need it. Separate it and, since it was added for the e500 machines, add it to qemu-system-ppc and qemu-system-ppc64. Signed-off-by: Paolo Bonzini Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Message-Id: <20180522191743.12872-1-pbonz...@redhat.com> [lv: rebase] Signed-off-by: Laurent Vivier --- default-configs/ppc-softmmu.mak | 1 + hw/nvram/Makefile.objs | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak index 3181bbf163..23d871fb3e 100644 --- a/default-configs/ppc-softmmu.mak +++ b/default-configs/ppc-softmmu.mak @@ -28,6 +28,7 @@ CONFIG_SM501=y CONFIG_DDC=y CONFIG_IDE_SII3112=y CONFIG_I2C=y +CONFIG_AT24C=y CONFIG_BITBANG_I2C=y CONFIG_M41T80=y CONFIG_VGA_CIRRUS=y diff --git a/hw/nvram/Makefile.objs b/hw/nvram/Makefile.objs index a912d25391..b318e53a43 100644 --- a/hw/nvram/Makefile.objs +++ b/hw/nvram/Makefile.objs @@ -1,6 +1,6 @@ common-obj-$(CONFIG_DS1225Y) += ds1225y.o common-obj-y += eeprom93xx.o -common-obj-$(CONFIG_I2C) += eeprom_at24c.o +common-obj-$(CONFIG_AT24C) += eeprom_at24c.o common-obj-y += fw_cfg.o common-obj-y += chrp_nvram.o common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o -- 2.17.2
[Qemu-devel] [PULL 03/20] memory.h: fix typos in comments
From: Li Qiang Signed-off-by: Li Qiang Reviewed-by: Peter Maydell Message-Id: <1539080467-2976-1-git-send-email-liq...@gmail.com> [lv: s/types/typos/] Signed-off-by: Laurent Vivier --- include/exec/memory.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/exec/memory.h b/include/exec/memory.h index 667466b8f3..d0c7f0d9e9 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -935,7 +935,7 @@ uint64_t memory_region_size(MemoryRegion *mr); /** * memory_region_is_ram: check whether a memory region is random access * - * Returns %true is a memory region is random access. + * Returns %true if a memory region is random access. * * @mr: the memory region being queried */ @@ -947,7 +947,7 @@ static inline bool memory_region_is_ram(MemoryRegion *mr) /** * memory_region_is_ram_device: check whether a memory region is a ram device * - * Returns %true is a memory region is a device backed ram region + * Returns %true if a memory region is a device backed ram region * * @mr: the memory region being queried */ @@ -1161,7 +1161,7 @@ uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr); /** * memory_region_is_rom: check whether a memory region is ROM * - * Returns %true is a memory region is read-only memory. + * Returns %true if a memory region is read-only memory. * * @mr: the memory region being queried */ -- 2.17.2
[Qemu-devel] [PULL 04/20] tests/tcg/README: fix location for lm32 tests
From: Cleber Rosa Point to the right and obvious location for lm32 tests. Signed-off-by: Cleber Rosa Reviewed-by: Thomas Huth Acked-by: Alex Bennée Message-Id: <20181004161852.11673-3-cr...@redhat.com> Signed-off-by: Laurent Vivier --- tests/tcg/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tcg/README b/tests/tcg/README index a5643d33e7..2a58f9a058 100644 --- a/tests/tcg/README +++ b/tests/tcg/README @@ -10,6 +10,6 @@ with "make test-cris". LM32 -The testsuite for LM32 is in tests/tcg/cris. You can run it +The testsuite for LM32 is in tests/tcg/lm32. You can run it with "make test-lm32". -- 2.17.2
Re: [Qemu-devel] [RFC v4 68/71] cpu: add async_run_on_cpu_no_bql
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Some async jobs do not need the BQL. > > Signed-off-by: Emilio G. Cota > --- > include/qom/cpu.h | 14 ++ > cpus-common.c | 39 ++- > 2 files changed, 48 insertions(+), 5 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH 0/6] target/mips: Add support for prctl() PR_GET_FP_MODE and PR_SET_FP_MODE
> Subject: [PATCH 0/6] target/mips: Add support for prctl() PR_GET_FP_MODE and > PR_SET_FP_MODE > > From: Stefan Markovic > > This series includes support for prctl() PR_GET_FP_MODE and PR_SET_FP_MODE. > This requires extracting MIPS.abiflags section from ELF file and fp_abi value > handling. > > Stefan Markovic (6): > Define MIPS_ABI_FP_UNKNOWN macro > Extend image_info struct with MIPS specific fp_abi and interp_fp_abi fields > Extract MIPS abiflags from ELF file > Read and set FP ABI value from MIPS abiflags > Determine the desired FPU mode > Add prctl() PR_SET_FP_MODE and PR_GET_FP_MODE implementations > > include/elf.h | 2 + > linux-user/elfload.c | 37 +++ > linux-user/mips/cpu_loop.c | 75 > ++ > linux-user/mips/target_syscall.h | 2 + > linux-user/mips64/target_syscall.h | 2 + > linux-user/qemu.h | 4 ++ > linux-user/syscall.c | 62 +-- > 7 files changed, 180 insertions(+), 4 deletions(-) > > -- > 1.9.1 > Hi, Laurent, Here is a mini-series about a MIPS-specific linux-user feature. Its code is almost entirely either in MIPS-specific files or under "#ifdef MIPS" directives. I think it makes sense that I should be able to integrate them via MIPS queue. Please let me know if you object to this. You probably wonder why so much code for such obscure feature. The answer is that the solution needs to follow and mimic corresponding solution in MIPS-specific parts of the kernel, and its complexity is determined by that. Thanks, Aleksandar
[Qemu-devel] [PULL 09/20] qemu-iotests: make 218 executable
From: Cleber Rosa Commit 990dc39c made all tests executable at the time, but 218 came in later, and missing those permissions. Signed-off-by: Cleber Rosa Message-Id: <20181004161852.11673-4-cr...@redhat.com> Signed-off-by: Laurent Vivier --- tests/qemu-iotests/218 | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/qemu-iotests/218 diff --git a/tests/qemu-iotests/218 b/tests/qemu-iotests/218 old mode 100644 new mode 100755 -- 2.17.2
Re: [Qemu-devel] [PATCH 4/6] Read and set FP ABI value from MIPS abiflags
> Subject: [PATCH 4/6] Read and set FP ABI value from MIPS abiflags > > From: Stefan Markovic > > Signed-off-by: Stefan Markovic > --- A short commit message is needed. Other than that: Reviewed-by: Aleksandar Markovic
Re: [Qemu-devel] [PATCH 1/6] Define MIPS_ABI_FP_UNKNOWN macro
> Subject: [PATCH 1/6] Define MIPS_ABI_FP_UNKNOWN macro > > From: Stefan Markovic > > Signed-off-by: Stefan Markovic > --- A brief commit message is needed. From what kernel or glibc header is this constant copied? Other than that: Reviewed-by: Aleksandar Markovic
[Qemu-devel] [PATCH] decodetree: Allow multiple input files
While it would be possible to concatenate input files with make,
passing the original input files to decodetree.py allows us to
generate error messages which allows compilation environments
(read: emacs) to next-error to the correct input file.
Signed-off-by: Richard Henderson
---
Bastian, I think this makes splitting the decode file even nicer.
No temp file in the build tree, and better error messages.
The makefile fragment now becomes e.g.
target/riscv/decode_insn32.inc.c: $(decode32-y) $(DECODETREE)
$(call quiet-command, \
$(PYTHON) $(DECODETREE) -o $@ --decode decode_insn32 $(decode32-y), \
"GEN", $(TARGET_DIR)$@)
Also, I think that the rv64g insns should be in insn32-64.decode,
mirroring insn16-64.decode, and leaving insn64.decode free for an
actual 64-bit instruction word, as aluded to in the "Extending RISC-V"
section of the manual.
I've included this with the other two pending decodetree patches at
https://github.com/rth7680/qemu.git decodetree
r~
---
scripts/decodetree.py | 25 +++--
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/scripts/decodetree.py b/scripts/decodetree.py
index c0bb447095..f60f1b0ab6 100755
--- a/scripts/decodetree.py
+++ b/scripts/decodetree.py
@@ -177,15 +177,15 @@ decode_function = 'decode'
re_ident = '[a-zA-Z][a-zA-Z0-9_]*'
-def error(lineno, *args):
+def error_with_file(file, lineno, *args):
"""Print an error message from file:line and args and exit."""
global output_file
global output_fd
if lineno:
-r = '{0}:{1}: error:'.format(input_file, lineno)
+r = '{0}:{1}: error:'.format(file, lineno)
elif input_file:
-r = '{0}: error:'.format(input_file)
+r = '{0}: error:'.format(file)
else:
r = 'error:'
for a in args:
@@ -197,6 +197,8 @@ def error(lineno, *args):
os.remove(output_file)
exit(1)
+def error(lineno, *args):
+error_with_file(input_file, lineno, args)
def output(*args):
global output_fd
@@ -422,6 +424,7 @@ class General:
"""Common code between instruction formats and instruction patterns"""
def __init__(self, name, lineno, base, fixb, fixm, udfm, fldm, flds):
self.name = name
+self.file = input_file
self.lineno = lineno
self.base = base
self.fixedbits = fixb
@@ -474,7 +477,7 @@ class Pattern(General):
global translate_prefix
ind = str_indent(i)
arg = self.base.base.name
-output(ind, '/* line ', str(self.lineno), ' */\n')
+output(ind, '/* ', self.file, ':', str(self.lineno), ' */\n')
if not extracted:
output(ind, self.base.extract_name(), '(_', arg, ', insn);\n')
for n, f in self.fields.items():
@@ -922,8 +925,9 @@ def build_tree(pats, outerbits, outermask):
if innermask == 0:
pnames = []
for p in pats:
-pnames.append(p.name + ':' + str(p.lineno))
-error(pats[0].lineno, 'overlapping patterns:', pnames)
+pnames.append(p.name + ':' + p.file + ':' + str(p.lineno))
+error_with_file(pats[0].file, pats[0].lineno,
+'overlapping patterns:', pnames)
fullmask = outermask | innermask
@@ -1014,10 +1018,11 @@ def main():
if len(args) < 1:
error(0, 'missing input file')
-input_file = args[0]
-f = open(input_file, 'r')
-parse_file(f)
-f.close()
+for filename in args:
+input_file = filename
+f = open(filename, 'r')
+parse_file(f)
+f.close()
t = build_tree(patterns, 0, 0)
prop_format(t)
--
2.17.2
Re: [Qemu-devel] [PATCH] lsi53c895a: check message length value
+-- On Fri, 26 Oct 2018, Mark Kanda wrote --+ | Deja vu requested that we include the following text in the commit message: | | Discovered by Deja vu Security. Reported by Oracle. | | Would that be acceptable? Generally an email-id is used/preferred in the commit log message. We could use above for acknowledgement and avoid Reported-by in the commit log message if that suits Deja vu team. Please let me know your/their preference. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [PATCH] lsi53c895a: check message length value
+-- On Fri, 26 Oct 2018, Mark Kanda wrote --+ | Yes, please use that acknowledgement text in lieu of a 'Reported-by' line. Okay, thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated.
+-- On Fri, 26 Oct 2018, Paolo Bonzini wrote --+
| Oh, thanks! I said I was dumb. :) So the fix is just this:
|
| diff --git a/hw/audio/fmopl.h b/hw/audio/fmopl.h
| index e7e578a48e..7199afaa3c 100644
| --- a/hw/audio/fmopl.h
| +++ b/hw/audio/fmopl.h
| @@ -72,8 +72,8 @@ typedef struct fm_opl_f {
| /* Rhythm sention */
| uint8_t rhythm; /* Rhythm mode , key flag */
| /* time tables */
| - int32_t AR_TABLE[75]; /* atttack rate tables */
| - int32_t DR_TABLE[75]; /* decay rate tables */
| + int32_t AR_TABLE[76]; /* atttack rate tables */
| + int32_t DR_TABLE[76]; /* decay rate tables */
| uint32_t FN_TABLE[1024]; /* fnumber -> increment counter */
| /* LFO */
| int32_t *ams_table;
|
| and init_timetables will just fill it with the right value? (I checked
| against another implementation at http://opl3.cozendey.com/).
Gerd has proposed to a patch to deprecate adlib, as it's not used as much. IMO
deprecation is better option. But if that is not happening, above seems good.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] Guest application exit point.
Rafael K. V. Maeda writes: > Hi, > > I am implementing a plugin that allocates several resources. I need to > cleanup some of these resources when QEMU finishes executing the guest > application. Where is the best exit point to place my cleanup > functions? > > I have tried registering a function call "atexit" but it does not seem > to work. Any suggestions? At the moment, I am looking for a solution > for x86_64 (user emulation mode). For linux-user have a look at preexit_cleanup() in linux-user/exit.c > > Kind regards, > Rafael -- Alex Bennée
Re: [Qemu-devel] [PATCH] lsi53c895a: check message length value
On 10/26/2018 4:25 AM, P J P wrote: +-- On Thu, 25 Oct 2018, Ameya More wrote --+ | While Mark and I reported this issue to you, it was actually discovered by | Dejvau Security and they should receive credit for reporting this issue. | http://www.dejavusecurity.com I see; Would it be possible to share email-id of the original reporter to include in the commit log message? Deja vu requested that we include the following text in the commit message: Discovered by Deja vu Security. Reported by Oracle. Would that be acceptable? Thanks, -Mark
Re: [Qemu-devel] [PATCH 3/3] cirrus: mark as deprecated
On Fri, Oct 26, 2018 at 12:03:35PM +0200, Paolo Bonzini wrote: > On 26/10/2018 11:59, Daniel P. Berrangé wrote: > > I should also say that QEMU as an upstream project has multiple goals. > > Running KVM guests with modern PV hardware is only one of them, albeit > > a widely used one. Being able to run old legacy OS with old hardware, > > and running arbitrary embedded boards/devices with emulation are both > > use cases that QEMU project aims to address. To eliminate all the old > > "crufty" device emulation in name of improving security for KVM, would > > be to eliminate core use cases of the project. THis is why we're trying > > to persue the direction of making it easier for vendors to disable > > features and devices they don't wish to support & thus limit their > > downstream CVE exposure. > > Indeed. If we had to deprecate a feature just because it had an > off-by-one bug, no C program would grow beyond 1000 lines of code... One thing we should do, however, is to make it clear which of the device models we consider secure, and which we consider only usable in a friendly guest environment, as we have very different code maintainership & quality standards for different parts of QEMU. Essentially virtio devices, and then only a handful of the emulated devices are things we consider suitable for usage in secure envs. Likewise for machine types probably. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
[Qemu-devel] [PULL 3/9] tests/vm: Do not abuse parallelism when KVM is not available
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20181013004034.6968-3-f4...@amsat.org>
Reviewed-by: Richard Henderson
Signed-off-by: Fam Zheng
---
tests/vm/basevm.py | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 834bc90cc1..2bd32dc6ce 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -196,6 +196,13 @@ class BaseVM(object):
return self._guest.qmp(*args, **kwargs)
def parse_args(vm_name):
+
+def get_default_jobs():
+if kvm_available():
+return multiprocessing.cpu_count() / 2
+else:
+return 1
+
parser = optparse.OptionParser(
description="VM test utility. Exit codes: "
"0 = success, "
@@ -208,7 +215,7 @@ def parse_args(vm_name):
help="image file name")
parser.add_option("--force", "-f", action="store_true",
help="force build image even if image exists")
-parser.add_option("--jobs", type=int, default=multiprocessing.cpu_count()
/ 2,
+parser.add_option("--jobs", type=int, default=get_default_jobs(),
help="number of virtual CPUs")
parser.add_option("--verbose", "-V", action="store_true",
help="Pass V=1 to builds within the guest")
--
2.17.1
[Qemu-devel] [PULL 1/9] tests: docker: update test-mingw for GTK+ 2.0 removal
From: Paolo Bonzini --with-gtkabi does not exist anymore; remove it from the configure invocation. Fixes: 89d85cde75143325205e332dd97bf1bb8402d7c1 Signed-off-by: Paolo Bonzini Message-Id: <1539886203-33670-1-git-send-email-pbonz...@redhat.com> Tested-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Fam Zheng --- tests/docker/test-mingw | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/docker/test-mingw b/tests/docker/test-mingw index 7cca7e16a6..b078f22879 100755 --- a/tests/docker/test-mingw +++ b/tests/docker/test-mingw @@ -28,8 +28,7 @@ for prefix in x86_64-w64-mingw32- i686-w64-mingw32-; do --enable-vnc \ --enable-bzip2 \ --enable-guest-agent \ ---with-sdlabi=2.0 \ ---with-gtkabi=3.0 +--with-sdlabi=2.0 install_qemu make clean -- 2.17.1
[Qemu-devel] [PATCH 3/6] Extract MIPS abiflags from ELF file
From: Stefan Markovic
Signed-off-by: Stefan Markovic
---
linux-user/elfload.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 055f6a9..5881233 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1517,11 +1517,25 @@ static void bswap_sym(struct elf_sym *sym)
bswaptls(>st_size);
bswap16s(>st_shndx);
}
+
+#ifdef TARGET_MIPS
+static void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags)
+{
+bswap16s(>version);
+bswap32s(>ases);
+bswap32s(>isa_ext);
+bswap32s(>flags1);
+bswap32s(>flags2);
+}
+#endif
#else
static inline void bswap_ehdr(struct elfhdr *ehdr) { }
static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
static inline void bswap_sym(struct elf_sym *sym) { }
+#ifdef TARGET_MIPS
+static inline void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) { }
+#endif
#endif
#ifdef USE_ELF_CORE_DUMP
@@ -2364,6 +2378,25 @@ static void load_elf_image(const char *image_name, int
image_fd,
goto exit_errmsg;
}
*pinterp_name = interp_name;
+#ifdef TARGET_MIPS
+} else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
+Mips_elf_abiflags_v0 abiflags;
+if (eppnt->p_filesz < sizeof(Mips_elf_abiflags_v0)) {
+errmsg = "Invalid PT_MIPS_ABIFLAGS entry";
+goto exit_errmsg;
+}
+if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
+memcpy(, bprm_buf + eppnt->p_offset,
+ sizeof(Mips_elf_abiflags_v0));
+} else {
+retval = pread(image_fd, ,
sizeof(Mips_elf_abiflags_v0),
+ eppnt->p_offset);
+if (retval != sizeof(Mips_elf_abiflags_v0)) {
+goto exit_perror;
+}
+}
+bswap_mips_abiflags();
+#endif
}
}
--
1.9.1
Re: [Qemu-devel] [PATCH v2 02/29] targer/riscv: Activate decodetree and implemnt LUI & AUIPC
On 10/26/18 3:58 PM, Richard Henderson wrote: On 10/26/18 11:49 AM, Bastian Koppelmann wrote: I think you can pick up everything up to the RVC conversion which still needs the work suggested by Richard. Thanks, for picking it up :) Even then I thought we were talking about splitting the RV64 insns into a separate file, reducing the ifdefs, and renaming the arg-sets to match the instruction formats described in the riscv spec. Yes, you are right I forgot that. Cheers, Bastian
[Qemu-devel] [PULL 14/20] qobject: Catch another straggler for use of qdict_put_str()
From: Philippe Mathieu-Daudé
Patch created mechanically by rerunning:
$ spatch --sp-file scripts/coccinelle/qobject.cocci \
--macro-file scripts/cocci-macro-file.h \
--dir . --in-place
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Markus Armbruster
Acked-by: Michael S. Tsirkin
Message-Id: <20180705155811.20366-2-f4...@amsat.org>
Signed-off-by: Laurent Vivier
---
qobject/block-qdict.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qobject/block-qdict.c b/qobject/block-qdict.c
index 42054cc274..1487cc5dd8 100644
--- a/qobject/block-qdict.c
+++ b/qobject/block-qdict.c
@@ -577,7 +577,7 @@ static QObject *qdict_crumple_for_keyval_qiv(QDict *src,
Error **errp)
if (!tmp) {
tmp = qdict_clone_shallow(src);
}
-qdict_put(tmp, ent->key, qstring_from_str(s));
+qdict_put_str(tmp, ent->key, s);
g_free(buf);
}
--
2.17.2
[Qemu-devel] [PULL 08/20] scripts/qemu.py: remove trailing quotes on docstring
From: Cleber Rosa Signed-off-by: Cleber Rosa Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20181004161852.11673-11-cr...@redhat.com> Signed-off-by: Laurent Vivier --- scripts/qemu.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemu.py b/scripts/qemu.py index f099ce7278..b0b2f12ce6 100644 --- a/scripts/qemu.py +++ b/scripts/qemu.py @@ -87,7 +87,7 @@ class QEMUMachine(object): @param name: prefix for socket and log file names (default: qemu-PID) @param test_dir: where to create socket and log file @param monitor_address: address for QMP monitor -@param socket_scm_helper: helper program, required for send_fd_scm()" +@param socket_scm_helper: helper program, required for send_fd_scm() @note: Qemu process is not started until launch() is used. ''' if args is None: -- 2.17.2
[Qemu-devel] [PULL 06/20] docs/devel/testing.rst: add missing newlines after code block
From: Cleber Rosa The line immediate following a ".. code::" block is considered to contains arguments to the "code directive". The lack of a new line gives me during at parse time: testing.rst:63: (ERROR/3) Error in "code" directive: maximum 1 argument(s) allowed, 3 supplied. .. code:: make check-unit V=1 testing.rst:120: (ERROR/3) Error in "code" directive: maximum 1 argument(s) allowed, 3 supplied. .. code:: make check-qtest V=1 Let's add the missing newlines, both for consistency and to avoid the parsing errors. Signed-off-by: Cleber Rosa Reviewed-by: John Snow Message-Id: <20181004161852.11673-6-cr...@redhat.com> Signed-off-by: Laurent Vivier --- docs/devel/testing.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst index fcfad87614..a227754f86 100644 --- a/docs/devel/testing.rst +++ b/docs/devel/testing.rst @@ -59,6 +59,7 @@ variable (which affects memory reclamation and catches invalid pointers better) and gtester options. If necessary, you can run .. code:: + make check-unit V=1 and copy the actual command line which executes the unit test, then run @@ -116,6 +117,7 @@ and using gdb on the test is still simple to do: find out the actual command from the output of .. code:: + make check-qtest V=1 which you can run manually. -- 2.17.2
[Qemu-devel] [PULL 19/20] milkymist-minimac2: Use qemu_log_mask(GUEST_ERROR) instead of error_report
From: Philippe Mathieu-Daudé
qemu_log_mask(GUEST_ERROR) is more appropriate:
$ qemu -d help
Log items (comma separated):
guest_errorslog when the guest OS does something invalid (eg accessing a
non-existent register)
Signed-off-by: Philippe Mathieu-Daudé
Acked-by: Michael Walle
Message-Id: <20180702014022.12395-1-f4...@amsat.org>
Signed-off-by: Laurent Vivier
---
hw/net/milkymist-minimac2.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/hw/net/milkymist-minimac2.c b/hw/net/milkymist-minimac2.c
index 3eaa19dfde..322fb77e46 100644
--- a/hw/net/milkymist-minimac2.c
+++ b/hw/net/milkymist-minimac2.c
@@ -30,6 +30,7 @@
#include "hw/sysbus.h"
#include "trace.h"
#include "net/net.h"
+#include "qemu/log.h"
#include "qemu/error-report.h"
#include
@@ -214,7 +215,8 @@ static size_t assemble_frame(uint8_t *buf, size_t size,
uint32_t crc;
if (size < payload_size + 12) {
-error_report("milkymist_minimac2: received too big ethernet frame");
+qemu_log_mask(LOG_GUEST_ERROR, "milkymist_minimac2: frame too big "
+ "(%zd bytes)\n", payload_size);
return 0;
}
@@ -347,8 +349,9 @@ minimac2_read(void *opaque, hwaddr addr, unsigned size)
break;
default:
-error_report("milkymist_minimac2: read access to unknown register 0x"
-TARGET_FMT_plx, addr << 2);
+qemu_log_mask(LOG_GUEST_ERROR,
+ "milkymist_minimac2_rd%d: 0x%" HWADDR_PRIx "\n",
+ size, addr << 2);
break;
}
@@ -413,8 +416,9 @@ minimac2_write(void *opaque, hwaddr addr, uint64_t value,
break;
default:
-error_report("milkymist_minimac2: write access to unknown register 0x"
-TARGET_FMT_plx, addr << 2);
+qemu_log_mask(LOG_GUEST_ERROR,
+ "milkymist_minimac2_wr%d: 0x%" HWADDR_PRIx " = 0x%lx\n",
+ size, addr << 2, value);
break;
}
}
--
2.17.2
Re: [Qemu-devel] [RFC v4 64/71] sparc: convert to cpu_has_work_with_iothread_lock
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Soon we will call cpu_has_work without the BQL. > > Cc: Mark Cave-Ayland > Cc: Artyom Tarasenko > Signed-off-by: Emilio G. Cota > --- > target/sparc/cpu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
[Qemu-devel] [PULL 11/20] cpu.h: fix a typo in comment
From: Li Qiang Found by reading the code. Signed-off-by: Li Qiang Message-Id: <1536150548-2797-1-git-send-email-liq...@gmail.com> Signed-off-by: Laurent Vivier --- include/qom/cpu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index 4e238b0d9f..def0c64308 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -852,7 +852,7 @@ extern CPUInterruptHandler cpu_interrupt_handler; /** * cpu_interrupt: * @cpu: The CPU to set an interrupt on. - * @mask: The interupts to set. + * @mask: The interrupts to set. * * Invokes the interrupt handler. */ -- 2.17.2
Re: [Qemu-devel] [RFC v4 63/71] riscv: convert to cpu_has_work_with_iothread_lock
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Soon we will call cpu_has_work without the BQL. > > Cc: Michael Clark > Cc: Palmer Dabbelt > Cc: Sagar Karandikar > Cc: Bastian Koppelmann > Reviewed-by: Palmer Dabbelt > Signed-off-by: Emilio G. Cota > --- > target/riscv/cpu.c | 5 - > 1 file changed, 4 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [RFC v4 65/71] xtensa: convert to cpu_has_work_with_iothread_lock
On 10/25/18 3:46 PM, Emilio G. Cota wrote: > Soon we will call cpu_has_work without the BQL. > > Cc: Max Filippov > Signed-off-by: Emilio G. Cota > --- > target/xtensa/cpu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v2] ppc/pnv: check size before data buffer access
On 10/26/18 2:33 PM, P J P wrote:
> From: Prasad J Pandit
>
> While performing PowerNV memory r/w operations, the access length
> 'sz' could exceed the data[4] buffer size. Add check to avoid OOB
> access.
>
> Reported-by: Moguofang
> Signed-off-by: Prasad J Pandit
Reviewed-by: Cédric Le Goater
Thanks,
C.
> ---
> hw/ppc/pnv_lpc.c | 8 +++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> Update v2: add error log message
> -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg05750.html
>
> diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
> index d7721320a2..172a915cfc 100644
> --- a/hw/ppc/pnv_lpc.c
> +++ b/hw/ppc/pnv_lpc.c
> @@ -155,9 +155,15 @@ static void pnv_lpc_do_eccb(PnvLpcController *lpc,
> uint64_t cmd)
> /* XXX Check for magic bits at the top, addr size etc... */
> unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH;
> uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK;
> -uint8_t data[4];
> +uint8_t data[8];
> bool success;
>
> +if (sz > sizeof(data)) {
> +qemu_log_mask(LOG_GUEST_ERROR,
> +"ECCB: invalid operation at @0x%08x size %d\n", opb_addr, sz);
> +return;
> +}
> +
> if (cmd & ECCB_CTL_READ) {
> success = opb_read(lpc, opb_addr, data, sz);
> if (success) {
>
Re: [Qemu-devel] [PATCH] target/riscv/pmp.c: pmpcfg_csr_read returns bogus value on RV64
Hi,
I submitted the patch, but just found this has been already fixed by
Michael Clark
and pushed to riscv/riscv-qemu https://github.com/riscv/riscv-qemu/pull/166
but not in the upstream.
Do we still need this patch?
Thanks,
Dayeol
On Fri, Oct 26, 2018 at 11:04 AM Dayeol Lee wrote:
> pmp_read_cfg() returns 8-bit value, which is combined together to form a
> single pmpcfg CSR.
> The default promotion rules will result in an integer here ("i*8" is
> integer, which
> flows through) resulting in a 32-bit signed value on most hosts.
> That's bogus on RV64I, with the high bits of the CSR being wrong.
>
> Signed-off-by: Dayeol Lee
> Reviewed-by: Palmer Dabbelt
> ---
> target/riscv/pmp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index c828950..3d3906a 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -330,7 +330,7 @@ target_ulong pmpcfg_csr_read(CPURISCVState *env,
> uint32_t reg_index)
> {
> int i;
> target_ulong cfg_val = 0;
> -uint8_t val = 0;
> +target_ulong val = 0;
>
> if(sizeof(target_ulong) == 8)
> reg_index /= 2;
> --
> 2.7.4
>
>
Re: [Qemu-devel] [PATCH 5/6] Determine the desired FPU mode
On 26 October 2018 at 15:21, Stefan Markovic wrote:
> From: Stefan Markovic
>
> Floating-point mode is calculated from MIPS.abiflags FP ABI value
> (based on kernel implementation). Illegal combinations are rejected.
>
> Signed-off-by: Stefan Markovic
> ---
> linux-user/mips/cpu_loop.c | 75
> ++
> 1 file changed, 75 insertions(+)
> + if ((info->fp_abi > MAX_FP_ABI && info->fp_abi != MIPS_ABI_FP_UNKNOWN)
> +|| (info->interp_fp_abi > MAX_FP_ABI &&
> +info->interp_fp_abi != MIPS_ABI_FP_UNKNOWN)) {
> +fprintf(stderr, "qemu: Program and interpreter have "
> +"unexpected FPU modes\n");
> +exit(137);
Why are we exit()ing with a funny exit status code here?
If this is a "can't happen" case, then we should assert(). If
it is a "can happen if fed an odd binary" case, then we should just
exit(1) as we do already in this function for an unsupported NaN mode.
> +}
> +
> +prog_req = (info->fp_abi == MIPS_ABI_FP_UNKNOWN) ? none_req
> +: fpu_reqs[info->fp_abi];
> +interp_req = (info->interp_fp_abi == MIPS_ABI_FP_UNKNOWN) ? none_req
> +: fpu_reqs[info->interp_fp_abi];
> +
> +prog_req.single &= interp_req.single;
> +prog_req.soft &= interp_req.soft;
> +prog_req.fr1 &= interp_req.fr1;
> +prog_req.frdefault &= interp_req.frdefault;
> +prog_req.fre &= interp_req.fre;
> +
> +bool cpu_has_mips_r2_r6 = env->insn_flags & ISA_MIPS32R2 ||
> + env->insn_flags & ISA_MIPS64R2 ||
> + env->insn_flags & ISA_MIPS32R6 ||
> + env->insn_flags & ISA_MIPS64R6;
> +
> +if (prog_req.fre && !prog_req.frdefault && !prog_req.fr1) {
> +env->CP0_Config5 |= (1 << CP0C5_FRE);
> +if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
> +env->hflags |= MIPS_HFLAG_FRE;
> +}
> +} else if ((prog_req.fr1 && prog_req.frdefault) ||
> + (prog_req.single && !prog_req.frdefault)) {
> +if ((env->active_fpu.fcr0 & (1 << FCR0_F64)
> +&& cpu_has_mips_r2_r6) || prog_req.fr1) {
> +env->CP0_Status |= (1 << CP0St_FR);
> +env->hflags |= MIPS_HFLAG_F64;
> +}
> +} else if (!prog_req.fre && !prog_req.frdefault &&
> + !prog_req.fr1 && !prog_req.single && !prog_req.soft) {
> +exit(137);
> +}
Ditto here (and we haven't printed any error message here...)
thanks
-- PMM
