Forking is a simple way of ensuring that state doesn't leak between
runs. This patch depends on a modification to libfuzzer:
https://reviews.llvm.org/D65672
Signed-off-by: Alexander Oleinik
---
tests/fuzz/fuzzer_hooks.c | 62 +++
tests/fuzz/fuzzer_hooks.h |
Signed-off-by: Alexander Oleinik
---
tests/libqtest.c | 61 ++--
tests/libqtest.h | 6 +
2 files changed, 65 insertions(+), 2 deletions(-)
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 3c5c3f49d8..a9c1dc4fb6 100644
--- a/tests/libqtest.c
Skip the header when saving device state, as the header isn't handled by
qemu_load_device_state
Signed-off-by: Alexander Oleinik
---
migration/savevm.c | 9 +++--
migration/savevm.h | 2 ++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/migration/savevm.c
Signed-off-by: Alexander Oleinik
---
tests/fuzz/qos_fuzz.c| 58
tests/fuzz/qos_fuzz.h| 23 +
tests/fuzz/qos_helpers.c | 190 +++
tests/fuzz/qos_helpers.h | 17
4 files changed, 288 insertions(+)
create mode 100644
Signed-off-by: Alexander Oleinik
---
util/module.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/util/module.c b/util/module.c
index 142db7e911..3d4380fd47 100644
--- a/util/module.c
+++ b/util/module.c
@@ -30,6 +30,7 @@ typedef struct ModuleEntry
typedef QTAILQ_HEAD(, ModuleEntry)
The code defines the lifecycle of the fuzzer, and provides rebooting,
vmload and device_load as means of resetting state between fuzz runs
Signed-off-by: Alexander Oleinik
---
tests/fuzz/fuzz.c | 245 ++
tests/fuzz/fuzz.h | 70 +
2 files
Signed-off-by: Alexander Oleinik
---
accel/fuzz.c | 48 +++
include/sysemu/fuzz.h | 15 ++
2 files changed, 63 insertions(+)
create mode 100644 accel/fuzz.c
create mode 100644 include/sysemu/fuzz.h
diff --git a/accel/fuzz.c
* Wei Yang (richardw.y...@linux.intel.com) wrote:
> In postcopy-ram.c, we provide three functions to discard certain
> RAMBlock range:
>
> * postcopy_discard_send_init()
> * postcopy_discard_send_range()
> * postcopy_discard_send_finish()
>
> Currently, we allocate/deallocate
These functions are used by both qos-test.c, and the fuzzer.
Signed-off-by: Alexander Oleinik
---
tests/libqos/qos_external.c | 149
tests/libqos/qos_external.h | 8 ++
tests/qos-test.c| 132 +---
3 files changed,
On Mon, 2019-08-05 at 03:24 +, Oleinik, Alexander wrote:
> The number of queues is 2n+1, where n == 1 when multiqueue is
> disabled
>
> Signed-off-by: Alexander Oleinik
> ---
>
> I split this commit out of the fuzz patch-series.
>
> tests/libqos/virtio-net.c | 1 +
>
On Mon, Aug 05, 2019 at 10:52:21AM +0800, piaojun wrote:
> # fio -direct=1 -time_based -iodepth=1 -rw=randwrite -ioengine=libaio -bs=1M
> -size=1G -numjob=1 -runtime=30 -group_reporting -name=file
> -filename=/mnt/9pshare/file
This benchmark configuration (--iodepth=1 --numjobs=1) cannot
Patchew URL: https://patchew.org/QEMU/20190805071038.32146-1-alx...@bu.edu/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
make
On Fri, Aug 2, 2019 at 12:50 AM Aarushi Mehta wrote:
> +rc = io_uring_queue_init(MAX_EVENTS, ring, IORING_SETUP_SQPOLL);
> +if (rc == -EOPNOTSUPP) {
> +rc = io_uring_queue_init(MAX_EVENTS, ring, 0);
> +}
IORING_SETUP_SQPOLL is only allowed when the user has CAP_SYS_ADMIN
Alexey/David,
With the SLOF changes, QEMU cannot resize the RTAS blob. Resizing is
required for FWNMI support which extends the RTAS blob to include an
error log upon a machine check.
The check to valid RTAS buffer fails in the guest because the rtas-size
updated in QEMU is not reflecting in the
Ok, Finally don't have to tangle it ^.^
Thank you very much!
At 2019-08-05 13:54:36, "Li Qiang" wrote:
ddm 于2019年8月5日周一 下午1:20写道:
Hi,
As i know, KVM is based on passthrough host cpu to implement
full-virtualiztion,
if host cpu doesn't support this feature, it's impossible to turn
On Fri, 2 Aug 2019 17:04:21 +0200
Christian Borntraeger wrote:
> On 02.08.19 16:59, Christian Borntraeger wrote:
> >
> >
> > On 02.08.19 16:42, Christian Borntraeger wrote:
> >> On 02.08.19 15:32, Igor Mammedov wrote:
> >>> Changelog:
> >>> since v2:
> >>> - break migration from old
Hi Stefan,
On 2019/8/5 16:01, Stefan Hajnoczi wrote:
> On Mon, Aug 05, 2019 at 10:52:21AM +0800, piaojun wrote:
>> # fio -direct=1 -time_based -iodepth=1 -rw=randwrite -ioengine=libaio -bs=1M
>> -size=1G -numjob=1 -runtime=30 -group_reporting -name=file
>> -filename=/mnt/9pshare/file
>
> This
05.08.2019 12:26, Vladimir Sementsov-Ogievskiy wrote:
> 02.08.2019 22:21, John Snow wrote:
>>
>>
>> On 8/2/19 2:58 PM, Vladimir Sementsov-Ogievskiy wrote:
>>> hbitmap_reset is broken: it rounds up the requested region. It leads to
>>> the following bug, which is shown by fixed test:
>>>
>>> assume
On Wed, Jul 31, 2019 at 7:40 AM Alistair Francis
wrote:
> Update the Hypervisor CSR addresses to match the v0.4 spec.
>
> Signed-off-by: Alistair Francis
> ---
> target/riscv/cpu_bits.h | 35 ++-
> 1 file changed, 18 insertions(+), 17 deletions(-)
>
> diff --git
Signed-off-by: Alexander Oleinik
---
include/qemu/module.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index db3065381d..cb37ef647e 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -46,6 +46,7 @@ typedef
Public bug reported:
Encountered below crashes in qemu 3.10 arm
Also have raised the same in golang groups. But seems like in ARM32 hardware,
the below commands works fine, only in qemu if crashes.
https://groups.google.com/forum/?utm_medium=email_source=footer#!topic/golang-nuts/1txPOGa4aGc
Signed-off-by: Alexander Oleinik
---
tests/fuzz/qtest_fuzz.c | 260
tests/fuzz/qtest_fuzz.h | 37 ++
2 files changed, 297 insertions(+)
create mode 100644 tests/fuzz/qtest_fuzz.c
create mode 100644 tests/fuzz/qtest_fuzz.h
diff --git
Signed-off-by: Alexander Oleinik
---
tests/fuzz/virtio-net-fuzz.c | 254 +++
1 file changed, 254 insertions(+)
create mode 100644 tests/fuzz/virtio-net-fuzz.c
diff --git a/tests/fuzz/virtio-net-fuzz.c b/tests/fuzz/virtio-net-fuzz.c
new file mode 100644
index
On Sat, Aug 3, 2019 at 2:08 PM Bin Meng wrote:
> Currently the make rules are wrongly using qemu/virt opensbi image
> for sifive_u machine. Correct it.
>
> Signed-off-by: Bin Meng
>
> ---
>
> roms/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/roms/Makefile
* Wei Yang (richardw.y...@linux.intel.com) wrote:
> PostcopyState is already set to ADVISE at the beginning of
> loadvm_postcopy_handle_advise().
>
> Remove the redundant set.
>
> Signed-off-by: Wei Yang
Reviewed-by: Dr. David Alan Gilbert
> ---
> migration/savevm.c | 2 --
> 1 file
On Mon, Aug 5, 2019 at 2:14 PM Chih-Min Chao wrote:
>
>
>
> On Sat, Aug 3, 2019 at 8:27 AM Bin Meng wrote:
>>
>> Some of the SoC IP block sizes are wrong. Correct them according
>> to the FE310 manual.
>>
>> Signed-off-by: Bin Meng
>> ---
>>
>> hw/riscv/sifive_e.c | 6 +++---
>> 1 file
On Wed, Jul 31, 2019 at 7:39 AM Alistair Francis
wrote:
> Let's create a function that tests if floating point support is
> enabled. We can then protect all floating point operations based on if
> they are enabled.
>
> This patch so far doesn't change anything, it's just preparing for the
>
On Sat, Aug 3, 2019 at 8:27 AM Bin Meng wrote:
> Some of the SoC IP block sizes are wrong. Correct them according
> to the FE310 manual.
>
> Signed-off-by: Bin Meng
> ---
>
> hw/riscv/sifive_e.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/riscv/sifive_e.c
On 05/08/19 09:11, Oleinik, Alexander wrote:
> Using this, we avoid needing a special case to break out of main(),
> early, when initializing the fuzzer, as we can just call qemu_init.
> There is still a #define around main(), since it otherwise conflicts
> with the libfuzzer main().
>
>
Add MachineClass::auto_enable_numa field. When it is true, a NUMA node
is expected to be created implicitly.
Acked-by: David Gibson
Suggested-by: Igor Mammedov
Suggested-by: Eduardo Habkost
Signed-off-by: Tao Xu
---
This patch has a dependency on
https://patchwork.kernel.org/cover/11063235/
02.08.2019 22:21, John Snow wrote:
>
>
> On 8/2/19 2:58 PM, Vladimir Sementsov-Ogievskiy wrote:
>> hbitmap_reset is broken: it rounds up the requested region. It leads to
>> the following bug, which is shown by fixed test:
>>
>> assume granularity = 2
>> set(0, 3) # count becomes 4
>> reset(0,
03.08.2019 0:19, Max Reitz wrote:
> On 02.08.19 20:58, Vladimir Sementsov-Ogievskiy wrote:
>> hbitmap_reset is broken: it rounds up the requested region. It leads to
>> the following bug, which is shown by fixed test:
>>
>> assume granularity = 2
>> set(0, 3) # count becomes 4
>> reset(0, 1) #
On Mon, Aug 05, 2019 at 11:37:14AM +0800, Tao Xu wrote:
> On 8/5/2019 10:58 AM, David Gibson wrote:
> > On Mon, Aug 05, 2019 at 08:56:40AM +0800, Tao Xu wrote:
> > > On 8/2/2019 2:55 PM, David Gibson wrote:
> > > > On Thu, Aug 01, 2019 at 03:52:58PM +0800, Tao Xu wrote:
> > > > > Introduce
Hi; we very recently fixed a QEMU bug which causes crashes like this for
Go binaries running under QEMU's linux-user mode. The fix is in the
v4.1.0-rc3 we've just put out and will be in the final 4.1.0 release.
Could you retry with that and see if it fixes your problem, please?
--
You received
Patchew URL:
https://patchew.org/QEMU/20190805053146.32326-1-richardw.y...@linux.intel.com/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
Signed-off-by: Alexander Oleinik
---
migration/qemu-file.c | 84 +++
migration/qemu-file.h | 11 ++
2 files changed, 95 insertions(+)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 0431585502..453e2897d5 100644
---
The direct receive function qtest_server_recv is directly invoked by the
qtest client, when the server and client exist within the same process.
Signed-off-by: Alexander Oleinik
---
include/sysemu/qtest.h | 4
qtest.c| 14 ++
2 files changed, 18 insertions(+)
Temporary solution until there is a better build solution for fuzzers in
tests/Makefile.include
Signed-off-by: Alexander Oleinik
---
target/i386/Makefile.objs | 20
1 file changed, 20 insertions(+)
diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs
index
Using this, we avoid needing a special case to break out of main(),
early, when initializing the fuzzer, as we can just call qemu_init.
There is still a #define around main(), since it otherwise conflicts
with the libfuzzer main().
Signed-off-by: Alexander Oleinik
---
include/sysemu/sysemu.h |
Otherwise, the RAM is unmapped from the child-processes, which breaks
any fuzz tests relying on DMA.
Signed-off-by: Alexander Oleinik
---
exec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/exec.c b/exec.c
index 3e78de3b8f..b3b56db8f0 100644
--- a/exec.c
+++ b/exec.c
@@ -2317,7 +2317,9
Changes since v1
* Split off changes to qos virtio-net and qtest server to other patches
* Move vl:main initialization into new func: qemu_init
* Moved useful functions from qos-test.c to a separate object
* Use struct of function pointers for add_fuzz_target(), instead of
arguments
* Move
This adds sanitizer/fuzzer related cflags and adds tests/ to the include
path. This include change is needed for qos to build, and is normally
located in tests/Makefile.include, but currently the fuzzer builds from
the i386-softmmu target, not anything in tests.
Signed-off-by: Alexander Oleinik
On 05/08/19 09:11, Oleinik, Alexander wrote:
> This adds sanitizer/fuzzer related cflags and adds tests/ to the include
> path. This include change is needed for qos to build, and is normally
> located in tests/Makefile.include, but currently the fuzzer builds from
> the i386-softmmu target, not
On 05/08/19 09:11, Oleinik, Alexander wrote:
> Signed-off-by: Alexander Oleinik
> ---
> util/module.c | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/util/module.c b/util/module.c
> index 142db7e911..3d4380fd47 100644
> --- a/util/module.c
> +++ b/util/module.c
> @@ -30,6 +30,7
On 05/08/19 09:11, Oleinik, Alexander wrote:
> +#ifdef CONFIG_FUZZ
> +#define INCREMENT 10240
> +static ssize_t ram_writev_buffer(void *opaque, struct iovec *iov, int iovcnt,
> +int64_t pos)
> +{
> +ram_disk *rd = (ram_disk *)opaque;
> +gsize newsize;
> +ssize_t total_size = 0;
On Sat, Aug 03, 2019 at 03:22:04PM +0200, Jan Kiszka wrote:
> From: Jan Kiszka
>
> Allows to shutdown a foreground session via ctrl-c.
>
> Signed-off-by: Jan Kiszka
> ---
>
> Changes in v2:
> - adjust error message
>
> contrib/ivshmem-server/main.c | 5 +++--
> 1 file changed, 3
From: Aleksandar Markovic
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.
Signed-off-by: Aleksandar Markovic
---
hw/mips/cps.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index c84bc64..8fe2f47 100644
---
From: Aleksandar Markovic
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.
Signed-off-by: Aleksandar Markovic
Reviewed-by: Philippe Mathieu-Daudé
---
target/mips/cpu.c | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/target/mips/cpu.c
From: Aleksandar Markovic
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.
Signed-off-by: Aleksandar Markovic
---
hw/mips/mips_fulong2e.c | 96 +
1 file changed, 58 insertions(+), 38 deletions(-)
diff --git
From: Aleksandar Markovic
Fixes mostly errors and warnings reported by 'checkpatch.pl -f'.
Signed-off-by: Aleksandar Markovic
Reviewed-by: Philippe Mathieu-Daudé
---
target/mips/internal.h | 57 +++---
1 file changed, 35 insertions(+), 22
From: Aleksandar Markovic
Clean up handling of CP0 register 24.
Signed-off-by: Aleksandar Markovic
---
target/mips/translate.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 3cf4c53..28ce30d 100644
---
Yes, we're directing single-step exceptions to the wrong EL. (I think
this is probably a hangover from the fact that we implemented singlestep
at about the same time or before we properly implemented EL2 support, so
we haven't shaken out all the "assumes debug EL is EL1" assumptions
still.)
**
On 05.08.19 14:01, Vladimir Sementsov-Ogievskiy wrote:
> Without this, hbitmap_next_zero and hbitmap_next_dirty_area are broken
> after truncate. So, orig_size is broken since it's introduction in
> 76d570dc495c56bb.
>
> Fixes: 76d570dc495c56bb
> Signed-off-by: Vladimir Sementsov-Ogievskiy
> ---
On Fri, Jun 21, 2019 at 12:49:07PM +, Roman Kagan wrote:
> On Thu, Jun 06, 2019 at 01:22:33PM +, Roman Kagan wrote:
> > On Mon, May 27, 2019 at 11:05:38AM +, Roman Kagan wrote:
> > > On Thu, May 23, 2019 at 12:31:16PM +0100, Alex Bennée wrote:
> > > >
> > > > Roman Kagan writes:
> >
I've just submitted this patchset:
https://patchew.org/QEMU/20190805130952.4415-1-peter.mayd...@linaro.org/
which I think should fix this bug. With those changes, the test image
takes a single-step exception to EL2, and then (because there's no code
at the exception entry point) takes a series of
On 05/08/19 14:19, Max Reitz wrote:
> On 05.08.19 14:01, Vladimir Sementsov-Ogievskiy wrote:
>> Without this, hbitmap_next_zero and hbitmap_next_dirty_area are broken
>> after truncate. So, orig_size is broken since it's introduction in
>> 76d570dc495c56bb.
>>
>> Fixes: 76d570dc495c56bb
>>
On 05.08.19 17:09, Vladimir Sementsov-Ogievskiy wrote:
> 05.08.2019 17:55, Max Reitz wrote:
>> In write-blocking mode, all writes to the top node directly go to the
>> target. We must only mirror chunks of data that are aligned to the
>> job's granularity, because that is how the dirty bitmap
Signed-off-by: Max Reitz
---
Based-on: <20190805120120.23585-1-vsement...@virtuozzo.com>
---
tests/qemu-iotests/124 | 38 ++
tests/qemu-iotests/124.out | 4 ++--
2 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/tests/qemu-iotests/124
Let's rewrite the DAT translation in a non-recursive way, similar to
arch/s390/kvm/gaccess.c:guest_translate() in KVM. This makes the
code much easier to read, compare and maintain.
Use better names for the region/section/page table entries and for the
macros to extract relevant parts from
This only adds basic support to the DAT translation, but no EDAT2 support
for TCG. E.g., the gdbstub under kvm uses this function, too, to
translate virtual addresses.
Signed-off-by: David Hildenbrand
---
target/s390x/mmu_helper.c | 8
1 file changed, 8 insertions(+)
diff --git
Currently the PRCI register block size is set to 0x8000, but in fact
0x1000 is enough, which is also what the manual says.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_e_prci.c | 2 +-
include/hw/riscv/sifive_e_prci.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git
This implements a simple model for SiFive FU540 OTP (One-Time
Programmable) Memory interface, primarily for reading out the
stored serial number from the first 1 KiB of the 16 KiB OTP
memory reserved by SiFive for internal use.
Signed-off-by: Bin Meng
---
hw/riscv/Makefile.objs | 1
Current SiFive PRCI model only works with sifive_e machine, as it
only emulates registers or PRCI block in the FE310 SoC.
Rename the file name to make it clear that it is for sifive_e.
Signed-off-by: Bin Meng
---
hw/riscv/Makefile.objs | 2 +-
hw/riscv/sifive_e.c
"linux,phandle" property is optional. Remove all instances in the
sifive_u and virt machine device tree.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_u.c | 3 ---
hw/riscv/virt.c | 3 ---
2 files changed, 6 deletions(-)
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index
It should use SIFIVE_PRCI_HFXOSCCFG_RDY and SIFIVE_PRCI_HFXOSCCFG_EN
for hfxosccfg register programming.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_e_prci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/riscv/sifive_e_prci.c b/hw/riscv/sifive_e_prci.c
index
Hi Fabien,
On Tue, Jul 9, 2019 at 12:31 AM Fabien Chouteau wrote:
>
> Hi Bin,
>
> Thanks for this patch.
>
> I know I am very late to the game but I have a comment here.
>
> On 17/05/2019 17:51, Bin Meng wrote:
> > +/* create PLIC hart topology configuration string */
> > +
From: Vladimir Sementsov-Ogievskiy
Enabled by default copy_range ignores compress option. It's definitely
unexpected for user.
It's broken since introduction of copy_range usage in backup in
9ded4a011496.
Signed-off-by: Vladimir Sementsov-Ogievskiy
Message-id:
In the struct OptsVisitor, the 'repeated_opts' member points to a list
in the 'unprocessed_opts' hash table after the list has been destroyed.
A subsequent call to visit_type_int() references the deleted list.
It results in use-after-free issue reproduced by running the test case
under the
From: Aaron Hill
This commit properly sets the ENET_BD_BDU flag once the emulated FEC controller
has finished processing the last descriptor. This is done for both transmit
and receive descriptors.
This allows the QNX 7.0.0 BSP for the Sabrelite board (which can be
found at
05.08.2019 17:55, Max Reitz wrote:
> In write-blocking mode, all writes to the top node directly go to the
> target. We must only mirror chunks of data that are aligned to the
> job's granularity, because that is how the dirty bitmap works.
> Therefore, the request alignment for writes must be
On 02/08/2019 14:34, Markus Armbruster wrote:
> Andrey Shinkevich writes:
>
>> In struct OptsVisitor, repeated_opts member points to a list in the
>> unprocessed_opts hash table after the list has been destroyed. A
>> subsequent call to visit_type_int() references the deleted list. It
>>
* Stefan Hajnoczi (stefa...@redhat.com) wrote:
> Now that lo_destroy() is serialized we can call unref_inode() so that
> all inode resources are freed.
>
> Signed-off-by: Stefan Hajnoczi
Reviewed-by: Dr. David Alan Gilbert
> ---
> contrib/virtiofsd/passthrough_ll.c | 43
On 05.08.19 17:14, Max Reitz wrote:
> On 05.08.19 17:09, Vladimir Sementsov-Ogievskiy wrote:
>> 05.08.2019 17:55, Max Reitz wrote:
>>> In write-blocking mode, all writes to the top node directly go to the
>>> target. We must only mirror chunks of data that are aligned to the
>>> job's
Instructions are always fetched from primary address space, except when
in home address mode. Perform the selection directly in cpu_mmu_index().
get_mem_index() is only used to perform data access, instructions are
fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
We
We always have to indicate whether it is a fetch or a store for all access
exceptions. This is only missing for LAP exceptions.
Signed-off-by: David Hildenbrand
---
target/s390x/mmu_helper.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/target/s390x/mmu_helper.c
We already implement ESOP-1. For ESOP-2, we only have to indicate all
protection exceptions properly. Due to EDAT-1, we already indicate DAT
exceptions properly. We don't trigger KCP/ALCP/IEP exceptions yet.
So all we have to do is set the TEID (TEC) to the right values
(bit 56, 60, 61) in case
In write-blocking mode, all writes to the top node directly go to the
target. We must only mirror chunks of data that are aligned to the
job's granularity, because that is how the dirty bitmap works.
Therefore, the request alignment for writes must be the job's
granularity (in write-blocking
On Fri, 26 Jul 2019 at 18:50, Richard Henderson
wrote:
>
> This unifies the implementation of the actual instructions
> for a32, t32, and t16. In order to make this happen, we
> need several preliminary cleanups. Most importantly to how
> we handle the architectural representation of PC.
I'd
On Mon, 5 Aug 2019 at 16:47, Igor Mammedov wrote:
> On Mon, 5 Aug 2019 14:42:38 +0100
> Peter Maydell wrote:
> > This is definitely a bad idea -- devices should not add their
> > own memory regions to the system memory MR. They should
> > expose their MRs (by being a sysbus-device) and let the
Currently riscv_harts_realize() creates all harts based on the
same cpu type given in the hart array property. With current
implementation it can only create symmetric harts. Exact the
hart realize to a separate routine in preparation for supporting
heterogeneous hart arrays.
Signed-off-by: Bin
It is not useful if we only have one management CPU.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_u.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 08d406f..206eccc 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -428,6
This updates the UART base address to match the hardware.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_u.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index b235f29..9f05e09 100644
--- a/hw/riscv/sifive_u.c
+++
OpenSBI for fu540 does DT fix up (see fu540_modify_dt()) by updating
chosen "stdout-path" to point to "/soc/serial@...", and U-Boot will
use this information to locate the serial node and probe its driver.
However currently we generate the UART node name as "/soc/uart@...",
causing U-Boot fail to
This removes "reg-names" and "riscv,max-priority" properties of the
PLIC node from device tree, and updates its compatible string, to
keep in sync with the Linux kernel device tree.
Signed-off-by: Bin Meng
---
hw/riscv/sifive_u.c | 4 +---
hw/riscv/virt.c | 4 +---
2 files changed, 2
There is no need to return fdt at the end of create_fdt() because
it's already saved in s->fdt. Other machines (sifive_u, spike)
don't do it neither.
Signed-off-by: Bin Meng
---
hw/riscv/virt.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/hw/riscv/virt.c
The backup job must only copy areas that the copy_bitmap reports as
dirty. This is always the case when using traditional non-offloading
backup, because it copies each cluster separately. When offloading the
copy operation, we sometimes copy more than one cluster at a time, but
we only check
In write-blocking mode, all writes to the top node directly go to the
target. We must only mirror chunks of data that are aligned to the
job's granularity, because that is how the dirty bitmap works.
Therefore, the request alignment for writes must be the job's
granularity (in write-blocking
Signed-off-by: Max Reitz
Message-id: 20190805152840.32190-1-mre...@redhat.com
Signed-off-by: Max Reitz
---
tests/qemu-iotests/124 | 38 ++
tests/qemu-iotests/124.out | 4 ++--
2 files changed, 36 insertions(+), 6 deletions(-)
diff --git
Test that hbitmap_next_zero and hbitmap_next_dirty_area can find things
after old bitmap end.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
It's a follow-up for
[PATCH for-4.1] util/hbitmap: update orig_size on truncate
tests/test-hbitmap.c | 22 ++
1 file changed,
On Thu, 11 Jul 2019 at 07:19, Eric Auger wrote:
>
> An IOVA/ASID invalidation is notified to all IOMMU Memory Regions
> through smmuv3_inv_notifiers_iova/smmuv3_notify_iova.
>
> When the notification occurs it is possible that some of the
> PCIe devices associated to the notified regions do not
On Thu, 11 Jul 2019 at 07:19, Eric Auger wrote:
>
> We introduce a new IOMMU Memory Region attribute,
> IOMMU_ATTR_VFIO_NESTED that tells whether the virtual IOMMU
> requires HW nested paging for VFIO integration.
>
> Current Intel virtual IOMMU device supports "Caching
> Mode" and does not
IEP support in the mmu is fairly easy. Set the right permissions for TLB
entries and properly report an exception.
Make sure to handle EDAT-2 by setting bit 56/60/61 of the TEID (TEC) to
the right values.
Signed-off-by: David Hildenbrand
---
target/s390x/cpu.h| 1 +
Setup the 4.1 compatibility model so we can add new features to the
LATEST model.
Signed-off-by: David Hildenbrand
---
hw/s390x/s390-virtio-ccw.c | 2 ++
target/s390x/gen-features.c | 6 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/s390-virtio-ccw.c
Let's select the ASC before calling the function and use MMU_DATA_LOAD.
This is a preparation to:
- Remove the ASC magic depending on the access mode from mmu_translate
- Implement IEP support, where we could run into access exceptions
trying to fetch instructions
Signed-off-by: David
ping...
2019年7月20日(土) 15:04 :
> From: Hikaru Nishida
>
> This commit adds No Op Command (23) to xHC for verifying the operation
> of the Command Ring mechanisms.
> No Op Command is defined in XHCI spec (4.6.2) and just reports Command
> Completion Event with Completion Code == Success.
> Before
On 05.08.19 14:01, Vladimir Sementsov-Ogievskiy wrote:
> Without this, hbitmap_next_zero and hbitmap_next_dirty_area are broken
> after truncate. So, orig_size is broken since it's introduction in
> 76d570dc495c56bb.
>
> Fixes: 76d570dc495c56bb
> Signed-off-by: Vladimir Sementsov-Ogievskiy
When CADENCE_GEM_ERR_DEBUG is turned on, there are several
compilation errors in DB_PRINT(). Fix them.
Signed-off-by: Bin Meng
---
hw/net/cadence_gem.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index d412085..7516e8f
05.08.2019 18:33, Max Reitz wrote:
> In write-blocking mode, all writes to the top node directly go to the
> target. We must only mirror chunks of data that are aligned to the
> job's granularity, because that is how the dirty bitmap works.
> Therefore, the request alignment for writes must be
On 05.08.19 13:35, Max Reitz wrote:
> Signed-off-by: Max Reitz
> ---
> Hi, this is a test for the mirror bug Vladimir found. Naturally, it
> depends on some patch to fix it.
>
> Based-on: <20190802185830.74648-1-vsement...@virtuozzo.com>
> ---
> tests/qemu-iotests/151 | 25
As of today, the QEMU 'sifive_u' machine is a special target that does
not boot the upstream OpenSBI/U-Boot firmware images built for the real
SiFive HiFive Unleashed board. Hence OpenSBI supports a special platform
"qemu/sifive_u". For U-Boot, the sifive_fu540_defconfig is referenced
in the
1 - 100 of 273 matches
Mail list logo