[PULL 1/3] fuzz: fix sparse memory access in the DMA callback
The code mistakenly relied on address_space_translate to store the length remaining until the next memory-region. We care about this because when there is RAM or sparse-memory neighboring on an MMIO region, we should only write up to the border, to prevent inadvertently invoking MMIO handlers within the DMA callback. However address_space_translate_internal only stores the length until the end of the MemoryRegion if memory_region_is_ram(mr). Otherwise the *len is left unmodified. This caused some false-positive issues, where the fuzzer found a way to perform a nested MMIO write through a DMA callback on an [address, length] that started within sparse memory and spanned some device MMIO regions. To fix this, write to sparse memory in small chunks of memory_access_size (similar to the underlying address_space_write code), which will prevent accidentally hitting MMIO handlers through large writes. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Philippe Mathieu-Daudé --- tests/qtest/fuzz/generic_fuzz.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 6c67522717..0ea47298b7 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -240,10 +240,17 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) addr, , , true, MEMTXATTRS_UNSPECIFIED); -if (!(memory_region_is_ram(mr1) || - memory_region_is_romd(mr1)) && mr1 != sparse_mem_mr) { +/* + * If mr1 isn't RAM, address_space_translate doesn't update l. Use + * memory_access_size to identify the number of bytes that it is safe + * to write without accidentally writing to another MemoryRegion. + */ +if (!memory_region_is_ram(mr1)) { l = memory_access_size(mr1, l, addr1); -} else { +} +if (memory_region_is_ram(mr1) || +memory_region_is_romd(mr1) || +mr1 == sparse_mem_mr) { /* ROM/RAM case */ if (qtest_log_enabled) { /* -- 2.28.0
[PULL 3/3] fuzz: make object-name matching case-insensitive
We have some configs for devices such as the AC97 and ES1370 that were not matching memory-regions correctly, because the configs provided lowercase names. To resolve these problems and prevent them from occurring again in the future, convert both the pattern and names to lower-case, prior to checking for a match. Suggested-by: Darren Kenny Reviewed-by: Darren Kenny Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 24 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 80eb29bd2d..3e8ce29227 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -758,8 +758,13 @@ static int locate_fuzz_memory_regions(Object *child, void *opaque) static int locate_fuzz_objects(Object *child, void *opaque) { +GString *type_name; +GString *path_name; char *pattern = opaque; -if (g_pattern_match_simple(pattern, object_get_typename(child))) { + +type_name = g_string_new(object_get_typename(child)); +g_string_ascii_down(type_name); +if (g_pattern_match_simple(pattern, type_name->str)) { /* Find and save ptrs to any child MemoryRegions */ object_child_foreach_recursive(child, locate_fuzz_memory_regions, NULL); @@ -776,8 +781,9 @@ static int locate_fuzz_objects(Object *child, void *opaque) g_ptr_array_add(fuzzable_pci_devices, PCI_DEVICE(child)); } } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) { -if (g_pattern_match_simple(pattern, -object_get_canonical_path_component(child))) { +path_name = g_string_new(object_get_canonical_path_component(child)); +g_string_ascii_down(path_name); +if (g_pattern_match_simple(pattern, path_name->str)) { MemoryRegion *mr; mr = MEMORY_REGION(child); if ((memory_region_is_ram(mr) || @@ -786,7 +792,9 @@ static int locate_fuzz_objects(Object *child, void *opaque) g_hash_table_insert(fuzzable_memoryregions, mr, (gpointer)true); } } +g_string_free(path_name, true); } +g_string_free(type_name, true); return 0; } @@ -814,6 +822,7 @@ static void generic_pre_fuzz(QTestState *s) MemoryRegion *mr; QPCIBus *pcibus; char **result; +GString *name_pattern; if (!getenv("QEMU_FUZZ_OBJECTS")) { usage(); @@ -843,10 +852,17 @@ static void generic_pre_fuzz(QTestState *s) result = g_strsplit(getenv("QEMU_FUZZ_OBJECTS"), " ", -1); for (int i = 0; result[i] != NULL; i++) { +name_pattern = g_string_new(result[i]); +/* + * Make the pattern lowercase. We do the same for all the MemoryRegion + * and Type names so the configs are case-insensitive. + */ +g_string_ascii_down(name_pattern); printf("Matching objects by name %s\n", result[i]); object_child_foreach_recursive(qdev_get_machine(), locate_fuzz_objects, -result[i]); +name_pattern->str); +g_string_free(name_pattern, true); } g_strfreev(result); printf("This process will try to fuzz the following MemoryRegions:\n"); -- 2.28.0
[PULL 2/3] fuzz: adjust timeout to allow for longer inputs
Using a custom timeout is useful to continue fuzzing complex devices, even after we run into some slow code-path. However, simply adding a fixed timeout to each input effectively caps the maximum input length/number of operations at some artificial value. There are two major problems with this: 1. Some code might only be reachable through long IO sequences. 2. Longer inputs can actually be _better_ for performance. While the raw number of fuzzer executions decreases with larger inputs, the number of MMIO/PIO/DMA operation/second actually increases, since were are speding proportionately less time fork()ing. With this change, we keep the custom-timeout, but we renew it, prior to each MMIO/PIO/DMA operation. Thus, we time-out only when a specific operation takes a long time. Reviewed-by: Darren Kenny Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 0ea47298b7..80eb29bd2d 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -668,15 +668,16 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) uint8_t op; if (fork() == 0) { +struct sigaction sact; +struct itimerval timer; /* * Sometimes the fuzzer will find inputs that take quite a long time to * process. Often times, these inputs do not result in new coverage. * Even if these inputs might be interesting, they can slow down the - * fuzzer, overall. Set a timeout to avoid hurting performance, too much + * fuzzer, overall. Set a timeout for each command to avoid hurting + * performance, too much */ if (timeout) { -struct sigaction sact; -struct itimerval timer; sigemptyset(_mask); sact.sa_flags = SA_NODEFER; @@ -686,13 +687,17 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) memset(, 0, sizeof(timer)); timer.it_value.tv_sec = timeout / USEC_IN_SEC; timer.it_value.tv_usec = timeout % USEC_IN_SEC; -setitimer(ITIMER_VIRTUAL, , NULL); } op_clear_dma_patterns(s, NULL, 0); pci_disabled = false; while (cmd && Size) { +/* Reset the timeout, each time we run a new command */ +if (timeout) { +setitimer(ITIMER_VIRTUAL, , NULL); +} + /* Get the length until the next command or end of input */ nextcmd = memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); cmd_len = nextcmd ? nextcmd - cmd : Size; -- 2.28.0
[PULL 0/3] Fuzzing Patches
Hello Paolo, The following changes since commit 711c0418c8c1ce3a24346f058b001c4c5a2f0f81: Merge remote-tracking branch 'remotes/philmd/tags/mips-20210702' into staging (2021-07-04 14:04:12 +0100) are available in the Git repository at: https://gitlab.com/a1xndr/qemu tags/pull-request-2021-07-12 for you to fetch changes up to 3f4a00e1ec2ee9ab34cfbb8a955c3089256b21c2: fuzz: make object-name matching case-insensitive (2021-07-12 09:56:13 -0400) Fuzzing PR for 6.1: Bug-fixes and refined timeout mechanism Alexander Bulekov (3): fuzz: fix sparse memory access in the DMA callback fuzz: adjust timeout to allow for longer inputs fuzz: make object-name matching case-insensitive tests/qtest/fuzz/generic_fuzz.c | 50 +++--- 1 file changed, 39 insertions(+), 11 deletions(-) -- 2.28.0
[PATCH] hw/nvme: fix mmio read
From: Klaus Jensen The new PMR test unearthed a long-standing issue with MMIO reads on big-endian hosts. Fix by using the ldn_he_p helper instead of memcpy. Cc: Gollu Appalanaidu Reported-by: Peter Maydell Signed-off-by: Klaus Jensen --- hw/nvme/ctrl.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index 2f0524e12a36..dd81c3b19c7e 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -5951,7 +5951,6 @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size) { NvmeCtrl *n = (NvmeCtrl *)opaque; uint8_t *ptr = (uint8_t *)>bar; -uint64_t val = 0; trace_pci_nvme_mmio_read(addr, size); @@ -5977,14 +5976,15 @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size) (NVME_PMRCAP_PMRWBM(n->bar.pmrcap) & 0x02)) { memory_region_msync(>pmr.dev->mr, 0, n->pmr.dev->size); } -memcpy(, ptr + addr, size); -} else { -NVME_GUEST_ERR(pci_nvme_ub_mmiord_invalid_ofs, - "MMIO read beyond last register," - " offset=0x%"PRIx64", returning 0", addr); + +return ldn_he_p(ptr + addr, size); } -return val; +NVME_GUEST_ERR(pci_nvme_ub_mmiord_invalid_ofs, + "MMIO read beyond last register," + " offset=0x%"PRIx64", returning 0", addr); + +return 0; } static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val) -- 2.32.0
Re: [RFC PATCH 1/2] hw/nvme: add mi device
On Mon, Jul 12, 2021 at 12:03:27PM +0100, Stefan Hajnoczi wrote: > Why did you decide to implement -device nvme-mi as a device on > TYPE_NVME_BUS? If the NVMe spec somehow requires this then I'm surprised > that there's no NVMe bus interface (callbacks). It seems like this could > just as easily be a property of an NVMe controller -device > nvme,mi=on|off or -device nvme-subsys,mi=on|off? I'm probably just not > familiar enough with MI and NVMe architecture... I'm too far away from qemu these days to understand what TYPE_NVME_BUS is. Bt NVMe-MI has tree possible transports: 1) out of band through smbus. This seems something that could be trivially modelled in qemu 2) out of band over MCTP / PCIe VDM. 3) in band using NVMe admin commands that pass through MI commands
Re: [PATCH v1 4/5] hw/intc: sifive_plic: Convert the PLIC to use RISC-V CPU GPIO lines
On Fri, Jul 9, 2021 at 9:06 AM Alistair Francis wrote: > > Instead of using riscv_cpu_update_mip() let's instead use the new RISC-V > CPU GPIO lines to set the external MIP bits. > > Signed-off-by: Alistair Francis > --- > include/hw/intc/sifive_plic.h | 4 > hw/intc/sifive_plic.c | 38 --- > hw/riscv/microchip_pfsoc.c| 2 +- > hw/riscv/shakti_c.c | 3 ++- > hw/riscv/sifive_e.c | 2 +- > hw/riscv/sifive_u.c | 2 +- > hw/riscv/virt.c | 3 ++- > 7 files changed, 42 insertions(+), 12 deletions(-) > > diff --git a/include/hw/intc/sifive_plic.h b/include/hw/intc/sifive_plic.h > index 1e451a270c..da1dc64c6d 100644 > --- a/include/hw/intc/sifive_plic.h > +++ b/include/hw/intc/sifive_plic.h > @@ -72,9 +72,13 @@ struct SiFivePLICState { > uint32_t context_base; > uint32_t context_stride; > uint32_t aperture_size; > + > +qemu_irq *s_external_irqs; > +qemu_irq *m_external_irqs; > }; > > DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, > +uint32_t num_harts, > uint32_t hartid_base, uint32_t num_sources, > uint32_t num_priorities, uint32_t priority_base, > uint32_t pending_base, uint32_t enable_base, > diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c > index 78903beb06..dc17b55408 100644 > --- a/hw/intc/sifive_plic.c > +++ b/hw/intc/sifive_plic.c > @@ -29,6 +29,7 @@ > #include "hw/intc/sifive_plic.h" > #include "target/riscv/cpu.h" > #include "migration/vmstate.h" > +#include "hw/irq.h" > > #define RISCV_DEBUG_PLIC 0 > > @@ -139,18 +140,22 @@ static void sifive_plic_update(SiFivePLICState *plic) > for (addrid = 0; addrid < plic->num_addrs; addrid++) { > uint32_t hartid = plic->addr_config[addrid].hartid; > PLICMode mode = plic->addr_config[addrid].mode; > -CPUState *cpu = qemu_get_cpu(hartid); > -CPURISCVState *env = cpu ? cpu->env_ptr : NULL; > -if (!env) { > -continue; > -} > int level = sifive_plic_irqs_pending(plic, addrid); > + > switch (mode) { > case PLICMode_M: > -riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_MEIP, > BOOL_TO_MASK(level)); > +if (level) { > +qemu_irq_raise(plic->m_external_irqs[hartid]); > +} else { > +qemu_irq_lower(plic->m_external_irqs[hartid]); > +} > break; > case PLICMode_S: > -riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_SEIP, > BOOL_TO_MASK(level)); > +if (level) { > +qemu_irq_raise(plic->s_external_irqs[hartid]); > +} else { > +qemu_irq_lower(plic->s_external_irqs[hartid]); > +} > break; > default: > break; > @@ -456,6 +461,12 @@ static void sifive_plic_realize(DeviceState *dev, Error > **errp) > sysbus_init_mmio(SYS_BUS_DEVICE(dev), >mmio); > qdev_init_gpio_in(dev, sifive_plic_irq_request, plic->num_sources); > > +plic->s_external_irqs = g_malloc(sizeof(qemu_irq) * plic->num_harts); > +qdev_init_gpio_out(dev, plic->s_external_irqs, plic->num_harts); > + > +plic->m_external_irqs = g_malloc(sizeof(qemu_irq) * plic->num_harts); > +qdev_init_gpio_out(dev, plic->m_external_irqs, plic->num_harts); > + > /* We can't allow the supervisor to control SEIP as this would allow the > * supervisor to clear a pending external interrupt which will result in > * lost a interrupt in the case a PLIC is attached. The SEIP bit must be > @@ -520,6 +531,7 @@ type_init(sifive_plic_register_types) > * Create PLIC device. > */ > DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, > +uint32_t num_harts, > uint32_t hartid_base, uint32_t num_sources, > uint32_t num_priorities, uint32_t priority_base, > uint32_t pending_base, uint32_t enable_base, > @@ -527,6 +539,8 @@ DeviceState *sifive_plic_create(hwaddr addr, char > *hart_config, > uint32_t context_stride, uint32_t aperture_size) > { > DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC); > +int i; > + > assert(enable_stride == (enable_stride & -enable_stride)); > assert(context_stride == (context_stride & -context_stride)); > qdev_prop_set_string(dev, "hart-config", hart_config); > @@ -542,5 +556,15 @@ DeviceState *sifive_plic_create(hwaddr addr, char > *hart_config, > qdev_prop_set_uint32(dev, "aperture-size", aperture_size); > sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); > sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); > + > +for (i = 0; i < num_harts; i++) { > +CPUState *cpu = qemu_get_cpu(hartid_base + i); > + > +qdev_connect_gpio_out_named(dev, NULL, i, > +qdev_get_gpio_in(DEVICE(cpu), > IRQ_S_EXT)); > +qdev_connect_gpio_out_named(dev, NULL, num_harts + i, > +
Block I/O in the middle of guest code execution
Hello Stefan/all, I was reading your blog post on the QEMU overall architecture (link - " http://blog.vmsplice.net/2011/03/qemu-internals-overall-architecture-and.html;) and I have a few questions with regards to executing I/O operations (block I/O) in the middle of guest code execution. I am running QEMU version 5.0.1 and my target and host architecture is x86-64. I am using the virtio-blk block driver frontend with a qcow2 image file as a backing file storage. I want to do something like below (in TCG) - static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb) { log_cpu_state(cpu, flags); qemu_log_unlock(logfile); } #endif /* DEBUG_DISAS */ if (cond is true) { virtio_blk_data_plane_handle_output(vdev, vq); <- calling block I/O function here } ret = tcg_qemu_tb_exec(env, tb_ptr); cpu->can_do_io = 1; last_tb = (TranslationBlock *)(ret & ~TB_EXIT_MASK); ... } I have a few questions regarding this. - Is it possible to call block I/O functions like this? Or do I have to "call" it from the event loop (main_loop_wait) ? - Making a change like this requires me to actually finish the block operation first before I start executing the next TCG block. I see that "virtio_blk_data_plane_handle_output" makes a lot of aio thread usages and coroutines. How do I make this call synchronous and essentially run it in the same thread? Thank you very much. Best Regards, Arnabjyoti Kalita
Re: [PATCH v1 4/5] hw/intc: sifive_plic: Convert the PLIC to use RISC-V CPU GPIO lines
On Fri, Jul 9, 2021 at 9:06 AM Alistair Francis wrote: > > Instead of using riscv_cpu_update_mip() let's instead use the new RISC-V > CPU GPIO lines to set the external MIP bits. > > Signed-off-by: Alistair Francis > --- > include/hw/intc/sifive_plic.h | 4 > hw/intc/sifive_plic.c | 38 --- > hw/riscv/microchip_pfsoc.c| 2 +- > hw/riscv/shakti_c.c | 3 ++- > hw/riscv/sifive_e.c | 2 +- > hw/riscv/sifive_u.c | 2 +- > hw/riscv/virt.c | 3 ++- > 7 files changed, 42 insertions(+), 12 deletions(-) > > diff --git a/include/hw/intc/sifive_plic.h b/include/hw/intc/sifive_plic.h > index 1e451a270c..da1dc64c6d 100644 > --- a/include/hw/intc/sifive_plic.h > +++ b/include/hw/intc/sifive_plic.h > @@ -72,9 +72,13 @@ struct SiFivePLICState { > uint32_t context_base; > uint32_t context_stride; > uint32_t aperture_size; > + > +qemu_irq *s_external_irqs; > +qemu_irq *m_external_irqs; > }; > > DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, > +uint32_t num_harts, > uint32_t hartid_base, uint32_t num_sources, > uint32_t num_priorities, uint32_t priority_base, > uint32_t pending_base, uint32_t enable_base, > diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c > index 78903beb06..dc17b55408 100644 > --- a/hw/intc/sifive_plic.c > +++ b/hw/intc/sifive_plic.c > @@ -29,6 +29,7 @@ > #include "hw/intc/sifive_plic.h" > #include "target/riscv/cpu.h" > #include "migration/vmstate.h" > +#include "hw/irq.h" > > #define RISCV_DEBUG_PLIC 0 > > @@ -139,18 +140,22 @@ static void sifive_plic_update(SiFivePLICState *plic) > for (addrid = 0; addrid < plic->num_addrs; addrid++) { > uint32_t hartid = plic->addr_config[addrid].hartid; > PLICMode mode = plic->addr_config[addrid].mode; > -CPUState *cpu = qemu_get_cpu(hartid); > -CPURISCVState *env = cpu ? cpu->env_ptr : NULL; > -if (!env) { > -continue; > -} > int level = sifive_plic_irqs_pending(plic, addrid); > + > switch (mode) { > case PLICMode_M: > -riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_MEIP, > BOOL_TO_MASK(level)); > +if (level) { > +qemu_irq_raise(plic->m_external_irqs[hartid]); > +} else { > +qemu_irq_lower(plic->m_external_irqs[hartid]); > +} > break; > case PLICMode_S: > -riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_SEIP, > BOOL_TO_MASK(level)); > +if (level) { > +qemu_irq_raise(plic->s_external_irqs[hartid]); > +} else { > +qemu_irq_lower(plic->s_external_irqs[hartid]); > +} All qemu_irq_xyz() calls are broken for multi-socket, just like CLINT. Please use "hartid - plic->hartid_base" as index. Regards, Anup > break; > default: > break; > @@ -456,6 +461,12 @@ static void sifive_plic_realize(DeviceState *dev, Error > **errp) > sysbus_init_mmio(SYS_BUS_DEVICE(dev), >mmio); > qdev_init_gpio_in(dev, sifive_plic_irq_request, plic->num_sources); > > +plic->s_external_irqs = g_malloc(sizeof(qemu_irq) * plic->num_harts); > +qdev_init_gpio_out(dev, plic->s_external_irqs, plic->num_harts); > + > +plic->m_external_irqs = g_malloc(sizeof(qemu_irq) * plic->num_harts); > +qdev_init_gpio_out(dev, plic->m_external_irqs, plic->num_harts); > + > /* We can't allow the supervisor to control SEIP as this would allow the > * supervisor to clear a pending external interrupt which will result in > * lost a interrupt in the case a PLIC is attached. The SEIP bit must be > @@ -520,6 +531,7 @@ type_init(sifive_plic_register_types) > * Create PLIC device. > */ > DeviceState *sifive_plic_create(hwaddr addr, char *hart_config, > +uint32_t num_harts, > uint32_t hartid_base, uint32_t num_sources, > uint32_t num_priorities, uint32_t priority_base, > uint32_t pending_base, uint32_t enable_base, > @@ -527,6 +539,8 @@ DeviceState *sifive_plic_create(hwaddr addr, char > *hart_config, > uint32_t context_stride, uint32_t aperture_size) > { > DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC); > +int i; > + > assert(enable_stride == (enable_stride & -enable_stride)); > assert(context_stride == (context_stride & -context_stride)); > qdev_prop_set_string(dev, "hart-config", hart_config); > @@ -542,5 +556,15 @@ DeviceState *sifive_plic_create(hwaddr addr, char > *hart_config, > qdev_prop_set_uint32(dev, "aperture-size", aperture_size); > sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal); > sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr); > + > +for (i = 0; i < num_harts; i++) { > +CPUState *cpu = qemu_get_cpu(hartid_base + i); > + > +qdev_connect_gpio_out_named(dev, NULL, i, > +
[Bug 1915327] Re: x86_64 cmpxchg behavior in qemu tcg does not match the real CPU
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915327 Title: x86_64 cmpxchg behavior in qemu tcg does not match the real CPU Status in QEMU: Expired Bug description: QEMU version: 1214d55d1c (HEAD, origin/master, origin/HEAD) Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into staging Consider the following little program: $ cat 1.c #include int main() { int mem = 0x12345678; register long rax asm("rax") = 0x1234567812345678; register int edi asm("edi") = 0x; asm("cmpxchg %[edi],%[mem]" : [ mem ] "+m"(mem), [ rax ] "+r"(rax) : [ edi ] "r"(edi)); long rax2 = rax; printf("rax2 = %lx\n", rax2); } According to the Intel Manual, cmpxchg should not touch the accumulator in case the values are equal, which is indeed the case on the real CPU: $ gcc 1.c $ ./a.out rax2 = 1234567812345678 However, QEMU appears to zero extend EAX to RAX: $ qemu-x86_64 ./a.out rax2 = 12345678 This is also the case for lock cmpxchg. Found in BPF development context: https://lore.kernel.org/bpf/b1792bb3c51eb3e94b9d27e67665d3f2209bba7e.ca...@linux.ibm.com To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915327/+subscriptions
[Bug 1914986] Re: KVM internal error. Suberror: 1 - OVMF / Audio related
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1914986 Title: KVM internal error. Suberror: 1 - OVMF / Audio related Status in QEMU: Expired Bug description: This is latest release QEMU-5.2.0 on Arch Linux running kernel 5.10.13, latest OVMF etc. I'm seeing the following crash when loading an audio driver from the OpenCore[1] project in the UEFI shell: KVM internal error. Suberror: 1 emulation failure RAX= RBX= RCX= RDX= RSI= RDI=7e423628 RBP=7fee6a90 RSP=7fee6a08 R8 = R9 =0080 R10= R11= R12=7eeaf828 R13= R14= R15=7fee6a67 RIP=000b RFL=0246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0030 00c09300 DPL=0 DS [-WA] CS =0038 00a09b00 DPL=0 CS64 [-RA] SS =0030 00c09300 DPL=0 DS [-WA] DS =0030 00c09300 DPL=0 DS [-WA] FS =0030 00c09300 DPL=0 DS [-WA] GS =0030 00c09300 DPL=0 DS [-WA] LDT= 8200 DPL=0 LDT TR = 8b00 DPL=0 TSS64-busy GDT= 7f9ee698 0047 IDT= 7f27a018 0fff CR0=80010033 CR2= CR3=7fc01000 CR4=0668 DR0= DR1= DR2= DR3= DR6=0ff0 DR7=0400 EFER=0d00 Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Here's the QEMU command line I'm using: qemu-system-x86_64 \ -machine q35,accel=kvm \ -cpu host,+topoext,+invtsc \ -smp 4,sockets=1,cores=2 \ -m 4096 \ -drive file=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \ -drive file=OVMF_VARS.fd,if=pflash,format=raw \ -usb -device usb-tablet -device usb-kbd \ -drive file=OpenCore-0.6.6.img,format=raw \ -device ich9-intel-hda,bus=pcie.0,addr=0x1b \ -device hda-micro,audiodev=hda \ -audiodev pa,id=hda,server=/run/user/1000/pulse/native The driver loads fine when using the "no connect" switch. eg: Shell> load -nc fs0:\efi\oc\drivers\audiodxe.efi Shell> Image 'fs0:\EFI\OC\Drivers\AudioDxe.efi' loaded at 7E3C7000 - Success However, the crash occurs when loading normally. Any ideas? Thanks. [1]: https://github.com/acidanthera/OpenCorePkg/releases To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1914986/+subscriptions
[Bug 1915431] Re: QEMU processes started by Acceptance Tests are left running
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915431 Title: QEMU processes started by Acceptance Tests are left running Status in QEMU: Expired Bug description: Every now and then, QEMU processes started by the Acceptance Tests (thus by Avocado) will be left running. From Avocado's perspective, when everything "goes well" and a test reaches completion, there's no attempt to terminate any processes it indirectly started. Some frameworks and tests built on top of Avocado, for instance Avocado-VT, will keep processes running between various tests. When a job (and consequently a test) is manually interrupted, then Avocado tries to terminate the entire process tree. It may be possible to improve the situation in which, at the very least, the user is: * notified of left over processes * have a configuration option that will attempt to kill all processes at the end of the test execution To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915431/+subscriptions
[Bug 1917542] Re: qemu-img crash on M1 Mac
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1917542 Title: qemu-img crash on M1 Mac Status in QEMU: Expired Bug description: 1. Symptom $ qemu-img create -f qcow2 disk.qcow2 10G [1] 72373 killed qemu-img create -f qcow2 disk.qcow2 10G 2. System environment CPU: Apple M1 OS: Big Sur 11.2.2 qemu: stable 5.2.0 (Binary installed by homebrew) 3. Kernel logs $ sudo log show --predicate ‘eventMessage LIKE “qemu”’ --debug ntID Dirty: 1 Event: com.apple.stability.crash {“appVersion”:"???",“exceptionType”:1,“logwritten”:1,“process”:“qemu-img”,“responsibleApp”:“iTerm2”,“timestamp”:1614666875993238} 2021-03-02 15:36:52.728210+0900 0xfb308 Default 0x0 0 0 kernel: CODE SIGNING: cs_invalid_page(0x10293): p=72373[qemu-img] final status 0x23000200, denying page sending SIGKILL 2021-03-02 15:36:52.728222+0900 0xfb308 Default 0x0 0 0 kernel: CODE SIGNING: process 72373[qemu-img]: rejecting invalid page at address 0x10293 from offset 0x0 in file “/opt/homebrew/Cellar/libssh/0.9.5_1/lib/libssh.4.8.6.dylib” (cs_mtime:1614297740.413435328 == mtime:1614297740.413435328) (signed:1 validated:1 tainted:1 nx:0 wpmapped:0 dirty:0 depth:0) 2021-03-02 15:36:52.728477+0900 0xfab09 Default 0x0 919 0 ReportCrash: Parsing corpse data for process qemu-img [pid 72373] 2021-03-02 15:36:52.884736+0900 0xfab09 Default 0x0 919 0 ReportCrash: (CrashReporterSupport) Saved crash report for qemu-img[72373] version 0 to qemu-img_2021-03-02-153652_.crash 4. Crash logs $ sudo cat /Users//Library/Logs/DiagnosticReports/qemu-img_2021-03-02-153652_.crash Process: qemu-img [72373] Path: /opt/homebrew/*/qemu-img Identifier: qemu-img Version: 0 Code Type: ARM-64 (Native) Parent Process: zsh [67484] Responsible: iTerm2 [556] User ID: 501 Date/Time: 2021-03-02 15:36:52.710 +0900 OS Version: macOS 11.2.2 (20D80) Report Version: 12 Anonymous UUID: AF87D5F0-2BED-EB72-1DC8-26F63A24DA7C Sleep/Wake UUID: 3862EA39-132E-42BD-A4BB-5A36F36607F1 Time Awake Since Boot: 89000 seconds Time Since Wake: 520 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXC_BAD_ACCESS (Code Signature Invalid) Exception Codes: 0x0032, 0x00010293 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x2 kernel messages: VM Regions Near 0x10293: __LINKEDIT 102908000-10293 [ 160K] r–/r-- SM=COW /opt/homebrew/* → mapped file 10293-102934000 [ 16K] r–/r-x SM=PRV Object_id=fc8cc3db __TEXT 1029bc000-102a38000 [ 496K] r-x/r-x SM=COW /usr/lib/dyld Application Specific Information: dyld: launch, loading dependent libraries /opt/homebrew/opt/libssh/lib/libssh.4.dylib Thread 0 Crashed: 0 dyld 0x000102a18780 bcmp + 16 1 dyld 0x0001029d9408 ImageLoaderMachO::validateFirstPages(linkedit_data_command const*, int, unsigned char const*, unsigned long, long long, ImageLoader::LinkContext const&) + 136 2 dyld 0x0001029e03b8 ImageLoaderMachOCompressed::instantiateFromFile(char const*, int, unsigned char const*, unsigned long, unsigned long long, unsigned long long, stat const&, unsigned int, unsigned int, linkedit_data_command const*, encryption_info_command const*, ImageLoader::LinkContext const&) + 268 3 dyld 0x0001029d7ffc ImageLoaderMachO::instantiateFromFile(char const*, int, unsigned char const*, unsigned long, unsigned long long, unsigned long long, stat const&, ImageLoader::LinkContext const&) + 172 4 dyld 0x0001029c0290 dyld::loadPhase6(int, stat const&, char const*, dyld::LoadContext const&) + 668 5 dyld 0x0001029c8dd8 dyld::loadPhase5(char const*, char const*, dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 1328 6 dyld 0x0001029c8824 dyld::loadPhase4(char const, char const*, dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 208 7 dyld 0x0001029c8530 dyld::loadPhase3(char const, char const*, dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 1100 8 dyld 0x0001029c7cf0 dyld::loadPhase1(char const, char const*, dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 212 9 dyld 0x0001029bfe0c dyld::loadPhase0(char const, char const*, dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 468 10 dyld 0x0001029bf9b0 dyld::load(char const, dyld::LoadContext const&, unsigned int&) + 196 11 dyld 0x0001029c977c dyld::libraryLocator(char const*, bool, char const*, ImageLoader::RPathChain const*, unsigned int&) + 56 12 dyld 0x0001029d39d4 ImageLoader::recursiveLoadLibraries(ImageLoader::LinkContext const&, bool, ImageLoader::RPathChain const&, char const*) + 344 13 dyld 0x0001029d21ac
[Bug 1916269] Re: TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1916269 Title: TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction Status in QEMU: Expired Bug description: If I run FreeBSD on QEMU 5.2 with TCG acceleration -cpu Nehalem, I get a FPU exception when executing crc32 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253617). This is not a problem with the default CPU (or KVM) since that does not support SSE 4.2. Attaching GDB shows this is triggered in target/i386/tcg/translate.c:3067 /* simple MMX/SSE operation */ if (s->flags & HF_TS_MASK) { gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); return; } However, according to https://software.intel.com/sites/default/files/m/8/b/8/D9156103.pdf, page 61 the CRC32 instruction works no matter what the value of the TS bit. The code sequence in question is: 0x8105a4de <+126>:f2 48 0f 38 f1 de crc32q %rsi,%rbx 0x8105a4e4 <+132>:f2 48 0f 38 f1 ca crc32q %rdx,%rcx. This should work even with the FPU disabled. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1916269/+subscriptions
[Bug 1916344] Re: User mode networking not working properly on QEMU on Mac OS X host
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1916344 Title: User mode networking not working properly on QEMU on Mac OS X host Status in QEMU: Expired Bug description: Steps to reproduce: 1. Install QEMU using homebrew on Mac OS X (I tried on Catalina and Big Sur) 2. Spin up a guest VM (say) Cent OS 8 using user mode networking. 3. Install podman inside the guest 4. Run podman pull alpine The result is: [root@localhost ~]# podman pull alpine Resolved "alpine" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/alpine:latest... Getting image source signatures Copying blob ba3557a56b15 [==] 2.7MiB / 2.7MiB unexpected EOF Error: Error writing blob: error storing blob to file "/var/tmp/storage851171596/1": error happened during read: unexpected EOF This is happening because QEMU is telling the guest that the TCP connection is closed even before reading all the data from the host socket and forwarding it to the guest. This issue doesn't happen on a Linux host. So, that tells me that this has something to do with QEMU installation on Mac OS X. This could be a slirp related issue. So, QEMU/slirp may need to work together on fixing this. Here's the link to the libslirp issue: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/35 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1916344/+subscriptions
[Bug 1917940] Re: -bios edk2-$arch-code doesn't work for x86
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1917940 Title: -bios edk2-$arch-code doesn't work for x86 Status in QEMU: Expired Bug description: Whilst creating a flash device is recommended, -bios is extremely useful in many cases as it automatically searches $PREFIX/share/qemu rather than requiring the caller (be it a human or a script) to work out where that directory is for the QEMU being called and prepend it to the file name. Currently, all the x86 EDK2 FD code files are 3653632 bytes in size, or 0x37c000 bytes. However, for some reason I cannot find the answer to (I traced the code back to 7587cf44019d593bb12703e7046bd7738996c55c), x86's -bios only allows files that are multiples of 64K in size (x86_bios_rom_init), which would require the EDK2 ROMs to be rounded up to 0x38 bytes. If I delete the check, QEMU is able to load the only-16K-multiple-sized EDK2 and boot an OS just fine. If I pad EDK2 with 16K of zeroes at the *start* (since the ROM gets mapped counting backwards), it also works just fine (but padding at the *end* doesn't). Please therefore either relax the check in x86_bios_rom_init or ensure the EDK2 binary is suitably padded. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1917940/+subscriptions
[Bug 1915682] Re: i386-linux-user wine exception regression tests fail
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915682 Title: i386-linux-user wine exception regression tests fail Status in QEMU: Expired Bug description: When trying to run wine (latest devel from git) regression tests for ntdll in a statically linked qemu-i386 (commit 392b9a74b9b621c52d05e37bc6f41f1bbab5c6f8) on arm32 (raspberry pi 4) in a debian buster chroot, the exception tests fail at the first test with an infinite exception loop. WINEDEBUG=+seh wine wine/dlls/ntdll/tests/ntdll_test.exe exception Working x86_64 system running 32-bit code 0024:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c005) raised 0024:trace:seh:dispatch_exception eax= ebx=7ffc2000 ecx=004e0ef4 edx=003c0004 esi=003c edi= 0024:trace:seh:dispatch_exception ebp=0085fa08 esp=0085f9ac cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0024:trace:seh:call_vectored_handlers calling handler at 7B00B460 code=c005 flags=0 0024:trace:seh:call_vectored_handlers handler at 7B00B460 returned 0 0024:trace:seh:call_stack_handlers calling handler at 004178B0 code=c005 flags=0 0024:trace:seh:call_stack_handlers handler at 004178B0 returned 0 0024:trace:seh:dispatch_exception call_stack_handlers continuing 0024:trace:seh:NtGetContextThread 0xfffe: dr0=42424240 dr1= dr2=126bb070 dr3=0badbad0 dr6= dr7=0115 Non-working qemu 0024:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c005) raised 0024:trace:seh:dispatch_exception eax= ebx=3ffe2000 ecx=004e0ef4 edx=003c0004 esi=003c edi= 0024:trace:seh:dispatch_exception ebp=0085fa08 esp=0085f9ac cs=0023 ds=002b es=002b fs=003b gs=0033 flags=0246 0024:trace:seh:call_vectored_handlers calling handler at 7B00B460 code=c005 flags=0 0024:trace:seh:call_vectored_handlers handler at 7B00B460 returned 0 0024:trace:seh:call_stack_handlers calling handler at 004178B0 code=c005 flags=0 0024:trace:seh:call_stack_handlers handler at 004178B0 returned 0 0024:trace:seh:dispatch_exception call_stack_handlers continuing 0024:trace:seh:dispatch_exception call_stack_handlers ret status = 0 0024:trace:seh:dispatch_exception code=0 flags=1 addr=7BC2389C ip=7bc2389c tid=0024 The non-working verion is never managing to set the CPU context using NtContinue/SetContextThread back to the correct running thread stack and IP. It executes as if the context restore just returns to the function that called NtContinue() (dispatch_exception(), not the function that raised the exception or one of its parent exception handlers). It looks like NtSetContextThread(), specifically the asm function set_full_cpu_context() is being handled incorrectly. wine code below. note interesting use of iret with no previous interrupt call. The exception handler is called with a jmp. /*** * set_full_cpu_context * * Set the new CPU context. */ extern void set_full_cpu_context( const CONTEXT *context ); __ASM_GLOBAL_FUNC( set_full_cpu_context, "movl $0,%fs:0x1f8\n\t" /* x86_thread_data()->syscall_frame = NULL */ "movl 4(%esp),%ecx\n\t" "movw 0x8c(%ecx),%gs\n\t" /* SegGs */ "movw 0x90(%ecx),%fs\n\t" /* SegFs */ "movw 0x94(%ecx),%es\n\t" /* SegEs */ "movl 0x9c(%ecx),%edi\n\t" /* Edi */ "movl 0xa0(%ecx),%esi\n\t" /* Esi */ "movl 0xa4(%ecx),%ebx\n\t" /* Ebx */ "movl 0xb4(%ecx),%ebp\n\t" /* Ebp */ "movw %ss,%ax\n\t" "cmpw 0xc8(%ecx),%ax\n\t" /* SegSs */ "jne 1f\n\t" /* As soon as we have switched stacks the context structure could * be invalid (when signal handlers are executed for example). Copy * values on the target stack before changing ESP. */ "movl 0xc4(%ecx),%eax\n\t" /* Esp */ "leal -4*4(%eax),%eax\n\t" "movl 0xc0(%ecx),%edx\n\t" /* EFlags */ ".byte 0x36\n\t" "movl %edx,3*4(%eax)\n\t" "movl 0xbc(%ecx),%edx\n\t" /* SegCs */ ".byte 0x36\n\t" "movl %edx,2*4(%eax)\n\t" "movl 0xb8(%ecx),%edx\n\t" /* Eip */ ".byte 0x36\n\t" "movl %edx,1*4(%eax)\n\t" "movl 0xb0(%ecx),%edx\n\t" /* Eax */ ".byte 0x36\n\t"
[Bug 1908416] Re: qemu-system-aarch64 can't run Windows 10 for ARM version 2004
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1908416 Title: qemu-system-aarch64 can't run Windows 10 for ARM version 2004 Status in QEMU: Expired Bug description: Problem: qemu-system-aarch64 can't run Windows 10 for ARM version 2004 (20H2) or newer Host OS: Windows 10 x64 version 20H2 CPU: Intel Pentium Dual-core T4300 (no vt-x) QEMU : QEMU version 5.1.0 from qemu.org cmdline: qemu-system-aarch64.exe -M virt -cpu cortex-a72 -smp 3 --accel tcg,thread=multi -m 2048 -pflash QEMU_EFI.img -pflash QEMU_VARS.img -device VGA -device nec-usb-xhci -device usb-kbd -device usb-mouse -device usb-storage,drive=cdrom -drive file="isofile.iso",media=cdrom,if=none,id=cdrom Note: QEMU_VARS and QEMU_EFI are taken from edk2 Details: From this post (https://kitsunemimi.pw/notes/posts/running- windows-10-for-arm64-in-a-qemu-virtual-machine.html) and from what I have tried, QEMU can't run Windows ARM newer or equal to the 2004 version. When we boot a 2004 iso (made from uupdump.ml), it stuck as the boot screen with the Windows ARM logo and nothing else. When I check the machine state and registers through the QEMU monitor, it shows that the VM is still running, but the registers are completely frozen! But if I try the older version, like 19H2, it works! Please help! To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1908416/+subscriptions
[Bug 1916506] Re: make check-venv may leave stale and incomplete tests/venv directory directory
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1916506 Title: make check-venv may leave stale and incomplete tests/venv directory directory Status in QEMU: Expired Bug description: As reported by "Philippe Mathieu-Daudé" , a "make check-venv" can be run and fail to properly create a suitable virtual environment, leaving the tests/venv directory which is the target for "make check-venv" itself. This means that on a subsequent run: > $ make check-venv > GIT ui/keycodemapdb tests/fp/berkeley-testfloat-3 > tests/fp/berkeley-softfloat-3 dtc capstone slirp > make: Nothing to be done for 'check-venv'. And the venv will still be incomplete. The causes of such failures to create a suitable virtual environment are too many (in the reported case it was because of missing *required* Python packages). Some more evolved virtual environments + Python packaging systems exist that could probably be used here (Pipenv) but would add further core requirements. The current mitigation is to run "make check-clean" when the venv appears to be incomplete. The goal of this bug is to attempt to make the venv setup atomic and more reliable. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1916506/+subscriptions
[Bug 1917591] Re: qemu-i386 under aarch64: Segfaulting on Steamcmd
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1917591 Title: qemu-i386 under aarch64: Segfaulting on Steamcmd Status in QEMU: Expired Bug description: I am trying to set up a Valheim server on my Raspberry Pi 4 (8GB). I have installed the aarch64 image of Arm Arch Linux. I installed qemu-user-static (version 5.2.0 at this time of writing) from the AUR: https://aur.archlinux.org/packages/qemu-user-static/ I have correctly set up binfmt support: https://aur.archlinux.org/packages/binfmt-qemu-static-all-arch/ This allows me to successfully run i386 and amd64 docker images: [alarm@server ~]$ sudo docker run --rm i386/debian uname -a WARNING: The requested image's platform (linux/386) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested Linux 9fd8d345b0aa 5.11.1-1-ARCH #1 SMP Tue Feb 23 20:00:47 MST 2021 i686 GNU/Linux and [alarm@server ~]$ sudo docker run --rm amd64/debian uname -a WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested Linux 4f50fd228ab6 5.11.1-1-ARCH #1 SMP Tue Feb 23 20:00:47 MST 2021 x86_64 GNU/Linux However, when I try to run the docker image that is going to host the server, the download of Valheim never succeeds because the used steamcmd application segfaults: The following command successfully runs the server: sudo docker run -d --name valheim-server -p 2456-2458:2456-2458/udp -e SERVER_NAME="My Server" -e WORLD_NAME="Neotopia" -e SERVER_PASS="secret" lloesche /valheim-server However, when we look into the container's logs via this command: sudo docker logs valheim-server We see the following entry in the log file: ./steamcmd.sh: line 38: 86 Segmentation fault (core dumped) $DEBUGGER "$STEAMEXE" "$@" This means that the download never completes, and therefor the Valheim server is never actually started. Any help would be much appreciated. If there is anything unclear or if you need more details, please let me know! To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1917591/+subscriptions
[Bug 1917661] Re: qemu gdb wrong registers group for riscv64
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1917661 Title: qemu gdb wrong registers group for riscv64 Status in QEMU: Expired Bug description: Step to reproduce: 1. run qemu-system-riscv64 in gdb mode 2. attach gdb 3. set a breakpoint and run 4. print register-groups using "maintenance print register-groups" command ... sbadaddr 4162 4162 1628 8 longall,general msounteren 4163 4163 1636 8 longall,general mbadaddr 4164 4164 1644 8 longall,general htimedeltah 4165 4165 1652 8 longall,general These registers don't belong to general group, instead they belong to all, system and csr groups. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1917661/+subscriptions
[Bug 1917565] Re: Windows 10 fails with "Boot device inaccessible"
[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1917565 Title: Windows 10 fails with "Boot device inaccessible" Status in QEMU: Expired Bug description: The issue is happening on all versions I tried after the following commit. I can also remove this individual change from master and it starts to work. OVMF_CODE.fd is what comes with Ubuntu 20.04 through package manager. git diff af1b80ae56c9495999e8ccf7b70ef894378de642~ af1b80ae56c9495999e8ccf7b70ef894378de642 diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index b7bc2a..7a5a8b3521 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -1497,7 +1497,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, dev = aml_device("PCI0"); aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03"))); aml_append(dev, aml_name_decl("_ADR", aml_int(0))); -aml_append(dev, aml_name_decl("_UID", aml_int(1))); +aml_append(dev, aml_name_decl("_UID", aml_int(0))); aml_append(sb_scope, dev); aml_append(dsdt, sb_scope); @@ -1512,7 +1512,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08"))); aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03"))); aml_append(dev, aml_name_decl("_ADR", aml_int(0))); -aml_append(dev, aml_name_decl("_UID", aml_int(1))); +aml_append(dev, aml_name_decl("_UID", aml_int(0))); aml_append(dev, build_q35_osc_method()); aml_append(sb_scope, dev); aml_append(dsdt, sb_scope); The virtual machine start command: x86_64-softmmu/qemu-system-x86_64 -name guest=win10-dev,debug-threads=on -blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/win10-dev_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' -machine pc-q35-4.2,accel=kvm,usb=off,vmport=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format -cpu Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff -m 6144 -overcommit mem-lock=off -smp 4,sockets=4,cores=1,threads=1 -uuid 5646e540-5022-4ace-8d6a-d7c4b61a6d3d -no-user-config -nodefaults -rtc base=localtime,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -blockdev '{"driver":"host_device","filename":"/dev/disk/by-id/scsi-1SanDisk_Extreme_SSD_20072F404043","aio":"native","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' -blockdev '{"node-name":"libvirt-2-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-2-storage"}' -device ide-hd,bus=ide.0,drive=libvirt-2-format,id=sata0-0-0,bootindex=1,write-cache=on -device ide-cd,bus=ide.1,id=sata0-0-1 -netdev user,id=hostnet0 -device e1000e,netdev=hostnet0,id=net0,mac=52:54:00:10:5b:55,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -spice port=5900,addr=127.0.0.1,disable-ticketing=on,image-compression=off,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1 -device ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0
Re: [PATCH 07/17] target/riscv: Use gpr_{src, dst} for integer load/store
On Fri, Jul 9, 2021 at 2:32 PM Richard Henderson wrote: > > Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Alistair > --- > target/riscv/insn_trans/trans_rvi.c.inc | 45 +++-- > 1 file changed, 28 insertions(+), 17 deletions(-) > > diff --git a/target/riscv/insn_trans/trans_rvi.c.inc > b/target/riscv/insn_trans/trans_rvi.c.inc > index a603925637..a422dc9ef4 100644 > --- a/target/riscv/insn_trans/trans_rvi.c.inc > +++ b/target/riscv/insn_trans/trans_rvi.c.inc > @@ -138,15 +138,21 @@ static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a) > > static bool gen_load(DisasContext *ctx, arg_lb *a, MemOp memop) > { > -TCGv t0 = tcg_temp_new(); > -TCGv t1 = tcg_temp_new(); > -gen_get_gpr(t0, a->rs1); > -tcg_gen_addi_tl(t0, t0, a->imm); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv addr = gpr_src(ctx, a->rs1); > +TCGv temp = NULL; > > -tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, memop); > -gen_set_gpr(a->rd, t1); > -tcg_temp_free(t0); > -tcg_temp_free(t1); > +if (a->imm) { > +temp = tcg_temp_new(); > +tcg_gen_addi_tl(temp, addr, a->imm); > +addr = temp; > +} > + > +tcg_gen_qemu_ld_tl(dest, addr, ctx->mem_idx, memop); > + > +if (temp) { > +tcg_temp_free(temp); > +} > return true; > } > > @@ -177,19 +183,24 @@ static bool trans_lhu(DisasContext *ctx, arg_lhu *a) > > static bool gen_store(DisasContext *ctx, arg_sb *a, MemOp memop) > { > -TCGv t0 = tcg_temp_new(); > -TCGv dat = tcg_temp_new(); > -gen_get_gpr(t0, a->rs1); > -tcg_gen_addi_tl(t0, t0, a->imm); > -gen_get_gpr(dat, a->rs2); > +TCGv addr = gpr_src(ctx, a->rs1); > +TCGv data = gpr_src(ctx, a->rs2); > +TCGv temp = NULL; > > -tcg_gen_qemu_st_tl(dat, t0, ctx->mem_idx, memop); > -tcg_temp_free(t0); > -tcg_temp_free(dat); > +if (a->imm) { > +temp = tcg_temp_new(); > +tcg_gen_addi_tl(temp, addr, a->imm); > +addr = temp; > +} > + > +tcg_gen_qemu_st_tl(data, addr, ctx->mem_idx, memop); > + > +if (temp) { > +tcg_temp_free(temp); > +} > return true; > } > > - > static bool trans_sb(DisasContext *ctx, arg_sb *a) > { > return gen_store(ctx, a, MO_SB); > -- > 2.25.1 > >
Re: [PATCH 05/17] target/riscv: Use gpr_{src, dst} and tcg_constant_tl in gen_grevi
On Fri, Jul 9, 2021 at 2:47 PM Richard Henderson wrote: > > Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Alistair > --- > target/riscv/translate.c | 17 + > 1 file changed, 5 insertions(+), 12 deletions(-) > > diff --git a/target/riscv/translate.c b/target/riscv/translate.c > index 7dedfd548b..6ad40e43b0 100644 > --- a/target/riscv/translate.c > +++ b/target/riscv/translate.c > @@ -620,23 +620,16 @@ static void gen_sro(TCGv ret, TCGv arg1, TCGv arg2) > > static bool gen_grevi(DisasContext *ctx, arg_grevi *a) > { > -TCGv source1 = tcg_temp_new(); > -TCGv source2; > - > -gen_get_gpr(source1, a->rs1); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > > if (a->shamt == (TARGET_LONG_BITS - 8)) { > /* rev8, byte swaps */ > -tcg_gen_bswap_tl(source1, source1); > +tcg_gen_bswap_tl(dest, src1); > } else { > -source2 = tcg_temp_new(); > -tcg_gen_movi_tl(source2, a->shamt); > -gen_helper_grev(source1, source1, source2); > -tcg_temp_free(source2); > +TCGv src2 = tcg_constant_tl(a->shamt); > +gen_helper_grev(dest, src1, src2); > } > - > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > return true; > } > > -- > 2.25.1 > >
Re: [PATCH v6 5/6] hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35
On Tue, Jul 13, 2021 at 02:42:04AM +0200, Julia Suvorova wrote: > Q35 has three different types of PCI devices hot-plug: PCIe Native, > SHPC Native and ACPI hot-plug. This patch changes the default choice > for cold-plugged bridges from PCIe Native to ACPI Hot-plug with > ability to use SHPC and PCIe Native for hot-plugged bridges. > > This is a list of the PCIe Native hot-plug issues that led to this > change: > * no racy behavior during boot (see 110c477c2ed) > * no delay during deleting - after the actual power off software > must wait at least 1 second before indicating about it. This case > is quite important for users, it even has its own bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1594168 > * no timer-based behavior - in addition to the previous example, > the attention button has a 5-second waiting period, during which > the operation can be canceled with a second press. While this > looks fine for manual button control, automation will result in > the need to queue or drop events, and the software receiving > events in all sort of unspecified combinations of attention/power > indicator states, which is racy and uppredictable. > * fixes: > * https://bugzilla.redhat.com/show_bug.cgi?id=1752465 > * https://bugzilla.redhat.com/show_bug.cgi?id=1690256 > > To return to PCIe Native hot-plug: > -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off > > Signed-off-by: Julia Suvorova > Reviewed-by: Igor Mammedov Reviewed-by: David Gibson > --- > hw/acpi/ich9.c | 2 +- > hw/i386/pc.c | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c > index 2f4eb453ac..778e27b659 100644 > --- a/hw/acpi/ich9.c > +++ b/hw/acpi/ich9.c > @@ -427,7 +427,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs > *pm) > pm->disable_s3 = 0; > pm->disable_s4 = 0; > pm->s4_val = 2; > -pm->use_acpi_hotplug_bridge = false; > +pm->use_acpi_hotplug_bridge = true; > > object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE, > >pm_io_base, OBJ_PROP_FLAG_READ); > diff --git a/hw/i386/pc.c b/hw/i386/pc.c > index 8e1220db72..7e03848792 100644 > --- a/hw/i386/pc.c > +++ b/hw/i386/pc.c > @@ -98,6 +98,7 @@ GlobalProperty pc_compat_6_0[] = { > { "qemu64" "-" TYPE_X86_CPU, "family", "6" }, > { "qemu64" "-" TYPE_X86_CPU, "model", "6" }, > { "qemu64" "-" TYPE_X86_CPU, "stepping", "3" }, > +{ "ICH9-LPC", "acpi-pci-hotplug-with-bridge-support", "off" }, > }; > const size_t pc_compat_6_0_len = G_N_ELEMENTS(pc_compat_6_0); > -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [PATCH RESEND v2 3/3] virtio-pci/hmp: implement device specific hmp interface
在 2021/7/13 上午7:58, Dongli Zhang 写道: This patch is to implement the device specific interface to dump the mapping between virtio queues and vectors. (qemu) info msix -d /machine/peripheral/vscsi0 Msg L.Addr Msg U.Addr Msg Data Vect Ctrl 0xfee0 0x 0x4041 0x 0xfee0 0x 0x4051 0x 0xfee0 0x 0x4061 0x 0xfee0 0x 0x4071 0x 0xfee01000 0x 0x40b1 0x 0xfee02000 0x 0x40c1 0x 0xfee03000 0x 0x40d1 0x MSI-X PBA 0 0 0 0 0 0 0 virtio pci vector info: config: 0 queue 0: 1 queue 1: 2 queue 2: 3 queue 3: 4 queue 4: 5 queue 5: 6 Cc: Jason Wang Cc: Joe Jin Suggested-by: Jason Wang Signed-off-by: Dongli Zhang Acked-by: Jason Wang --- hw/virtio/virtio-pci.c | 22 ++ hw/virtio/virtio.c | 10 ++ include/hw/virtio/virtio.h | 2 ++ 3 files changed, 34 insertions(+) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 433060ac02..2971e8049c 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -38,6 +38,7 @@ #include "hw/virtio/virtio-bus.h" #include "qapi/visitor.h" #include "sysemu/replay.h" +#include "monitor/monitor.h" #define VIRTIO_PCI_REGION_SIZE(dev) VIRTIO_PCI_CONFIG_OFF(msix_present(dev)) @@ -1587,6 +1588,26 @@ static void virtio_pci_modern_io_region_unmap(VirtIOPCIProxy *proxy, >mr); } +static void virtio_pci_dc_msix_info(Monitor *mon, PCIDevice *dev, +Error **errp) +{ +DeviceState *qdev = DEVICE(dev); +VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(qdev); +VirtIODevice *vdev = virtio_bus_get_device(>bus); +int num = virtio_get_num_queues(vdev); +int i; + +monitor_printf(mon, "virtio pci vector info:\n"); + +monitor_printf(mon, "config: %d\n", virtio_get_config_vector(vdev)); + +for (i = 0; i < num; i++) +monitor_printf(mon, "queue %d: %u\n", + i, virtio_get_vector(vdev, i)); + +monitor_printf(mon, "\n"); +} + static void virtio_pci_pre_plugged(DeviceState *d, Error **errp) { VirtIOPCIProxy *proxy = VIRTIO_PCI(d); @@ -2004,6 +2025,7 @@ static void virtio_pci_class_init(ObjectClass *klass, void *data) k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; k->revision = VIRTIO_PCI_ABI_VERSION; k->class_id = PCI_CLASS_OTHERS; +k->msix_info = virtio_pci_dc_msix_info; device_class_set_parent_realize(dc, virtio_pci_dc_realize, >parent_dc_realize); dc->reset = virtio_pci_reset; diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 874377f37a..ea54939e98 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2581,6 +2581,16 @@ void virtio_notify_config(VirtIODevice *vdev) virtio_notify_vector(vdev, vdev->config_vector); } +uint16_t virtio_get_vector(VirtIODevice *vdev, int n) +{ +return vdev->vq[n].vector; +} + +uint16_t virtio_get_config_vector(VirtIODevice *vdev) +{ +return vdev->config_vector; +} + static bool virtio_device_endian_needed(void *opaque) { VirtIODevice *vdev = opaque; diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index 8bab9cfb75..6746227f73 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -268,6 +268,8 @@ int virtio_set_status(VirtIODevice *vdev, uint8_t val); void virtio_reset(void *opaque); void virtio_update_irq(VirtIODevice *vdev); int virtio_set_features(VirtIODevice *vdev, uint64_t val); +uint16_t virtio_get_vector(VirtIODevice *vdev, int n); +uint16_t virtio_get_config_vector(VirtIODevice *vdev); /* Base devices. */ typedef struct VirtIOBlkConf VirtIOBlkConf;
Re: [PATCH 06/17] target/riscv: Use gpr_src in branches
On Fri, Jul 9, 2021 at 2:39 PM Richard Henderson wrote: > > Narrow the scope of t0 in trans_jalr. > > Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Alistair > --- > target/riscv/insn_trans/trans_rvi.c.inc | 25 ++--- > 1 file changed, 10 insertions(+), 15 deletions(-) > > diff --git a/target/riscv/insn_trans/trans_rvi.c.inc > b/target/riscv/insn_trans/trans_rvi.c.inc > index 6e736c9d0d..a603925637 100644 > --- a/target/riscv/insn_trans/trans_rvi.c.inc > +++ b/target/riscv/insn_trans/trans_rvi.c.inc > @@ -54,24 +54,25 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a) > > static bool trans_jalr(DisasContext *ctx, arg_jalr *a) > { > -/* no chaining with JALR */ > TCGLabel *misaligned = NULL; > -TCGv t0 = tcg_temp_new(); > > - > -gen_get_gpr(cpu_pc, a->rs1); > -tcg_gen_addi_tl(cpu_pc, cpu_pc, a->imm); > +tcg_gen_addi_tl(cpu_pc, gpr_src(ctx, a->rs1), a->imm); > tcg_gen_andi_tl(cpu_pc, cpu_pc, (target_ulong)-2); > > if (!has_ext(ctx, RVC)) { > +TCGv t0 = tcg_temp_new(); > + > misaligned = gen_new_label(); > tcg_gen_andi_tl(t0, cpu_pc, 0x2); > tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned); > +tcg_temp_free(t0); > } > > if (a->rd != 0) { > tcg_gen_movi_tl(cpu_gpr[a->rd], ctx->pc_succ_insn); > } > + > +/* No chaining with JALR. */ > lookup_and_goto_ptr(ctx); > > if (misaligned) { > @@ -80,21 +81,18 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a) > } > ctx->base.is_jmp = DISAS_NORETURN; > > -tcg_temp_free(t0); > return true; > } > > static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond) > { > TCGLabel *l = gen_new_label(); > -TCGv source1, source2; > -source1 = tcg_temp_new(); > -source2 = tcg_temp_new(); > -gen_get_gpr(source1, a->rs1); > -gen_get_gpr(source2, a->rs2); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = gpr_src(ctx, a->rs2); > > -tcg_gen_brcond_tl(cond, source1, source2, l); > +tcg_gen_brcond_tl(cond, src1, src2, l); > gen_goto_tb(ctx, 1, ctx->pc_succ_insn); > + > gen_set_label(l); /* branch taken */ > > if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) { > @@ -105,9 +103,6 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, > TCGCond cond) > } > ctx->base.is_jmp = DISAS_NORETURN; > > -tcg_temp_free(source1); > -tcg_temp_free(source2); > - > return true; > } > > -- > 2.25.1 > >
Re: [PATCH RESEND v2 2/3] msix/hmp: add interface to dump device specific info
在 2021/7/13 上午7:58, Dongli Zhang 写道: While the previous patch is to dump the MSI-X table, sometimes we may need to dump device specific data, e.g., to help match the vector with the specific device queue. This patch is to add the PCI device specific interface to help dump those information. Any PCI device class may implement this PCIDeviceClass->msix_info interface. Cc: Jason Wang Cc: Joe Jin Suggested-by: Jason Wang Signed-off-by: Dongli Zhang Acked-by: Jason Wang --- hmp-commands-info.hx | 7 --- include/hw/pci/pci.h | 3 +++ softmmu/qdev-monitor.c | 11 +++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index ce5c550d44..4e831d7ae4 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -223,9 +223,10 @@ ERST { .name = "msix", -.args_type = "dev:s", -.params = "dev", -.help = "dump MSI-X information", +.args_type = "info:-d,dev:s", +.params = "[-d] dev", +.help = "dump MSI-X information; " + "(-d: show device specific info)", .cmd= hmp_info_msix, }, diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index 6be4e0c460..4620b9e757 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -129,6 +129,8 @@ typedef void PCIMapIORegionFunc(PCIDevice *pci_dev, int region_num, pcibus_t addr, pcibus_t size, int type); typedef void PCIUnregisterFunc(PCIDevice *pci_dev); +typedef void PCIMSIXInfoFunc(Monitor *mon, PCIDevice *dev, Error **errp); + typedef struct PCIIORegion { pcibus_t addr; /* current PCI mapping address. -1 means not mapped */ #define PCI_BAR_UNMAPPED (~(pcibus_t)0) @@ -224,6 +226,7 @@ struct PCIDeviceClass { PCIUnregisterFunc *exit; PCIConfigReadFunc *config_read; PCIConfigWriteFunc *config_write; +PCIMSIXInfoFunc *msix_info; uint16_t vendor_id; uint16_t device_id; diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c index 7837a17d0d..7fd3fe0ada 100644 --- a/softmmu/qdev-monitor.c +++ b/softmmu/qdev-monitor.c @@ -1011,7 +1011,9 @@ void hmp_info_msix(Monitor *mon, const QDict *qdict) { const char *name = qdict_get_str(qdict, "dev"); DeviceState *dev = find_device_state(name, NULL); +bool info = qdict_get_try_bool(qdict, "info", false); PCIDevice *pci_dev; +PCIDeviceClass *pc; Error *err = NULL; if (!dev) { @@ -1027,6 +1029,15 @@ void hmp_info_msix(Monitor *mon, const QDict *qdict) pci_dev = PCI_DEVICE(dev); msix_dump_info(mon, pci_dev, ); +if (info) { +pc = PCI_DEVICE_GET_CLASS(pci_dev); +if (pc->msix_info) { +pc->msix_info(mon, pci_dev, ); +} else { +error_setg(, "Device specific info not supported"); +} +} + exit: hmp_handle_error(mon, err); }
Re: [PATCH v6 2/6] hw/acpi/ich9: Enable ACPI PCI hot-plug
On Tue, Jul 13, 2021 at 02:42:01AM +0200, Julia Suvorova wrote: > Add acpi_pcihp to ich9_pm as part of > 'acpi-pci-hotplug-with-bridge-support' option. Set default to false. > > Signed-off-by: Julia Suvorova > Signed-off-by: Marcel Apfelbaum > Reviewed-by: Igor Mammedov Reviewed-by: David Gibson Since it looks safe, however I think there are a couple of unnecessary changes here: [snip] > @@ -103,6 +105,7 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque) > static void acpi_set_pci_info(void) > { > static bool bsel_is_set; > +Object *host = acpi_get_i386_pci_host(); > PCIBus *bus; > unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT; > > @@ -111,7 +114,11 @@ static void acpi_set_pci_info(void) > } > bsel_is_set = true; > > -bus = find_i440fx(); /* TODO: Q35 support */ > +if (!host) { AFAICT acpi_get_i386_pci_host() still can't return NULL, so I'm not sure this test is necessary. [snip] > -static Object *acpi_get_i386_pci_host(void) > +Object *acpi_get_i386_pci_host(void) > { > PCIHostState *host; > > @@ -320,7 +320,10 @@ static void acpi_get_pci_holes(Range *hole, Range > *hole64) > Object *pci_host; > > pci_host = acpi_get_i386_pci_host(); > -g_assert(pci_host); > + > +if (!pci_host) { > +return; > +} Likewise this change. > > range_set_bounds1(hole, >object_property_get_uint(pci_host, > @@ -1765,6 +1768,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, > PCIBus *bus = NULL; > > pci_host = acpi_get_i386_pci_host(); > + > if (pci_host) { > bus = PCI_HOST_BRIDGE(pci_host)->bus; > } > @@ -2321,7 +2325,9 @@ static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg) > QObject *o; > > pci_host = acpi_get_i386_pci_host(); > -g_assert(pci_host); > +if (!pci_host) { > +return false; > +} And this one. > > o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL); > if (!o) { > @@ -2351,7 +2357,7 @@ void acpi_build(AcpiBuildTables *tables, MachineState > *machine) > AcpiPmInfo pm; > AcpiMiscInfo misc; > AcpiMcfgInfo mcfg; > -Range pci_hole, pci_hole64; > +Range pci_hole = {}, pci_hole64 = {}; > uint8_t *u; > size_t aml_len = 0; > GArray *tables_blob = tables->table_data; -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [PATCH v6 1/6] hw/i386/acpi-build: Add ACPI PCI hot-plug methods to Q35
On Tue, Jul 13, 2021 at 02:42:00AM +0200, Julia Suvorova wrote: > Implement notifications and gpe to support q35 ACPI PCI hot-plug. > Use 0xcc4 - 0xcd7 range for 'acpi-pci-hotplug' io ports. > > Signed-off-by: Julia Suvorova > Reviewed-by: Igor Mammedov > Reviewed-by: Marcel Apfelbaum Reviewed-by: David Gibson I'm not especially familiar with either x86 or ACPI code, so my review's depth is according. > --- > hw/i386/acpi-build.h| 4 > include/hw/acpi/ich9.h | 2 ++ > include/hw/acpi/pcihp.h | 3 ++- > hw/acpi/pcihp.c | 6 +++--- > hw/acpi/piix4.c | 4 +++- > hw/i386/acpi-build.c| 30 +++--- > 6 files changed, 33 insertions(+), 16 deletions(-) > > diff --git a/hw/i386/acpi-build.h b/hw/i386/acpi-build.h > index 74df5fc612..487ec7710f 100644 > --- a/hw/i386/acpi-build.h > +++ b/hw/i386/acpi-build.h > @@ -5,6 +5,10 @@ > > extern const struct AcpiGenericAddress x86_nvdimm_acpi_dsmio; > > +/* PCI Hot-plug registers bases. See docs/spec/acpi_pci_hotplug.txt */ > +#define ACPI_PCIHP_SEJ_BASE 0x8 > +#define ACPI_PCIHP_BNMR_BASE 0x10 > + > void acpi_setup(void); > > #endif > diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h > index df519e40b5..596120d97f 100644 > --- a/include/hw/acpi/ich9.h > +++ b/include/hw/acpi/ich9.h > @@ -28,6 +28,8 @@ > #include "hw/acpi/acpi_dev_interface.h" > #include "hw/acpi/tco.h" > > +#define ACPI_PCIHP_ADDR_ICH9 0x0cc4 > + > typedef struct ICH9LPCPMRegs { > /* > * In ich9 spec says that pm1_cnt register is 32bit width and > diff --git a/include/hw/acpi/pcihp.h b/include/hw/acpi/pcihp.h > index 2dd90aea30..af1a169fc3 100644 > --- a/include/hw/acpi/pcihp.h > +++ b/include/hw/acpi/pcihp.h > @@ -55,7 +55,8 @@ typedef struct AcpiPciHpState { > } AcpiPciHpState; > > void acpi_pcihp_init(Object *owner, AcpiPciHpState *, PCIBus *root, > - MemoryRegion *address_space_io, bool bridges_enabled); > + MemoryRegion *address_space_io, bool bridges_enabled, > + uint16_t io_base); > > void acpi_pcihp_device_pre_plug_cb(HotplugHandler *hotplug_dev, > DeviceState *dev, Error **errp); > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c > index 4999277d57..d98a284b7a 100644 > --- a/hw/acpi/pcihp.c > +++ b/hw/acpi/pcihp.c > @@ -37,7 +37,6 @@ > #include "qom/qom-qobject.h" > #include "trace.h" > > -#define ACPI_PCIHP_ADDR 0xae00 > #define ACPI_PCIHP_SIZE 0x0018 > #define PCI_UP_BASE 0x > #define PCI_DOWN_BASE 0x0004 > @@ -488,10 +487,11 @@ static const MemoryRegionOps acpi_pcihp_io_ops = { > }; > > void acpi_pcihp_init(Object *owner, AcpiPciHpState *s, PCIBus *root_bus, > - MemoryRegion *address_space_io, bool bridges_enabled) > + MemoryRegion *address_space_io, bool bridges_enabled, > + uint16_t io_base) > { > s->io_len = ACPI_PCIHP_SIZE; > -s->io_base = ACPI_PCIHP_ADDR; > +s->io_base = io_base; > > s->root = root_bus; > s->legacy_piix = !bridges_enabled; > diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c > index 0bd23d74e2..48f7a1edbc 100644 > --- a/hw/acpi/piix4.c > +++ b/hw/acpi/piix4.c > @@ -49,6 +49,8 @@ > #define GPE_BASE 0xafe0 > #define GPE_LEN 4 > > +#define ACPI_PCIHP_ADDR_PIIX4 0xae00 > + > struct pci_status { > uint32_t up; /* deprecated, maintained for migration compatibility */ > uint32_t down; > @@ -607,7 +609,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion > *parent, > > if (s->use_acpi_hotplug_bridge || s->use_acpi_root_pci_hotplug) { > acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent, > -s->use_acpi_hotplug_bridge); > +s->use_acpi_hotplug_bridge, ACPI_PCIHP_ADDR_PIIX4); > } > > s->cpu_hotplug_legacy = true; > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c > index 357437ff1d..e1c246d6e8 100644 > --- a/hw/i386/acpi-build.c > +++ b/hw/i386/acpi-build.c > @@ -219,10 +219,6 @@ static void acpi_get_pm_info(MachineState *machine, > AcpiPmInfo *pm) > /* w2k requires FADT(rev1) or it won't boot, keep PC compatible */ > pm->fadt.rev = 1; > pm->cpu_hp_io_base = PIIX4_CPU_HOTPLUG_IO_BASE; > -pm->pcihp_io_base = > -object_property_get_uint(obj, ACPI_PCIHP_IO_BASE_PROP, NULL); > -pm->pcihp_io_len = > -object_property_get_uint(obj, ACPI_PCIHP_IO_LEN_PROP, NULL); > } > if (lpc) { > uint64_t smi_features = object_property_get_uint(lpc, > @@ -238,6 +234,10 @@ static void acpi_get_pm_info(MachineState *machine, > AcpiPmInfo *pm) > pm->smi_on_cpu_unplug = > !!(smi_features & BIT_ULL(ICH9_LPC_SMI_F_CPU_HOT_UNPLUG_BIT)); > } > +pm->pcihp_io_base = > +object_property_get_uint(obj, ACPI_PCIHP_IO_BASE_PROP, NULL); > +pm->pcihp_io_len = > +
Re: [PATCH 04/17] target/riscv: Use gpr_{src, dst} in word division operations
On Fri, Jul 9, 2021 at 2:44 PM Richard Henderson wrote: > > Allocate new temps to hold the source extensions, and > extend directly from the source registers. > > Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Alistair > --- > target/riscv/translate.c | 46 +++- > 1 file changed, 22 insertions(+), 24 deletions(-) > > diff --git a/target/riscv/translate.c b/target/riscv/translate.c > index a60b198623..7dedfd548b 100644 > --- a/target/riscv/translate.c > +++ b/target/riscv/translate.c > @@ -502,42 +502,40 @@ static void gen_mulw(TCGv ret, TCGv arg1, TCGv arg2) > static bool gen_arith_div_w(DisasContext *ctx, arg_r *a, > void(*func)(TCGv, TCGv, TCGv)) > { > -TCGv source1, source2; > -source1 = tcg_temp_new(); > -source2 = tcg_temp_new(); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = gpr_src(ctx, a->rs2); > +TCGv ext1 = tcg_temp_new(); > +TCGv ext2 = tcg_temp_new(); > > -gen_get_gpr(source1, a->rs1); > -gen_get_gpr(source2, a->rs2); > -tcg_gen_ext32s_tl(source1, source1); > -tcg_gen_ext32s_tl(source2, source2); > +tcg_gen_ext32s_tl(ext1, src1); > +tcg_gen_ext32s_tl(ext2, src2); > > -(*func)(source1, source1, source2); > +(*func)(dest, ext1, ext2); > +tcg_temp_free(ext1); > +tcg_temp_free(ext2); > > -tcg_gen_ext32s_tl(source1, source1); > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > +tcg_gen_ext32s_tl(dest, dest); > return true; > } > > static bool gen_arith_div_uw(DisasContext *ctx, arg_r *a, > void(*func)(TCGv, TCGv, TCGv)) > { > -TCGv source1, source2; > -source1 = tcg_temp_new(); > -source2 = tcg_temp_new(); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = gpr_src(ctx, a->rs2); > +TCGv ext1 = tcg_temp_new(); > +TCGv ext2 = tcg_temp_new(); > > -gen_get_gpr(source1, a->rs1); > -gen_get_gpr(source2, a->rs2); > -tcg_gen_ext32u_tl(source1, source1); > -tcg_gen_ext32u_tl(source2, source2); > +tcg_gen_ext32u_tl(ext1, src1); > +tcg_gen_ext32u_tl(ext2, src2); > > -(*func)(source1, source1, source2); > +(*func)(dest, ext1, ext2); > +tcg_temp_free(ext1); > +tcg_temp_free(ext2); > > -tcg_gen_ext32s_tl(source1, source1); > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > +tcg_gen_ext32s_tl(dest, dest); > return true; > } > > -- > 2.25.1 > >
Re: [PATCH 03/17] target/riscv: Use gpr_{src, dst} in shift operations
On Fri, Jul 9, 2021 at 2:43 PM Richard Henderson wrote: > > These operations are slightly more complicated since > we need to crop the shift operand. > > Signed-off-by: Richard Henderson Reviewed-by: Alistair Francis Alistair > --- > target/riscv/translate.c | 68 +++- > 1 file changed, 26 insertions(+), 42 deletions(-) > > diff --git a/target/riscv/translate.c b/target/riscv/translate.c > index 2cfcb849b8..a60b198623 100644 > --- a/target/riscv/translate.c > +++ b/target/riscv/translate.c > @@ -778,18 +778,14 @@ static bool gen_arith(DisasContext *ctx, arg_r *a, > static bool gen_shift(DisasContext *ctx, arg_r *a, > void(*func)(TCGv, TCGv, TCGv)) > { > -TCGv source1 = tcg_temp_new(); > -TCGv source2 = tcg_temp_new(); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = gpr_src(ctx, a->rs2); > +TCGv ext2 = tcg_temp_new(); > > -gen_get_gpr(source1, a->rs1); > -gen_get_gpr(source2, a->rs2); > - > -tcg_gen_andi_tl(source2, source2, TARGET_LONG_BITS - 1); > -(*func)(source1, source1, source2); > - > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > +tcg_gen_andi_tl(ext2, src2, TARGET_LONG_BITS - 1); > +(*func)(dest, src1, ext2); > +tcg_temp_free(ext2); > return true; > } > > @@ -805,58 +801,46 @@ static uint32_t opcode_at(DisasContextBase *dcbase, > target_ulong pc) > static bool gen_shifti(DisasContext *ctx, arg_shift *a, > void(*func)(TCGv, TCGv, TCGv)) > { > +TCGv dest, src1, src2; > + > if (a->shamt >= TARGET_LONG_BITS) { > return false; > } > > -TCGv source1 = tcg_temp_new(); > -TCGv source2 = tcg_temp_new(); > +dest = gpr_dst(ctx, a->rd); > +src1 = gpr_src(ctx, a->rs1); > +src2 = tcg_constant_tl(a->shamt); > > -gen_get_gpr(source1, a->rs1); > - > -tcg_gen_movi_tl(source2, a->shamt); > -(*func)(source1, source1, source2); > - > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > +(*func)(dest, src1, src2); > return true; > } > > static bool gen_shiftw(DisasContext *ctx, arg_r *a, > void(*func)(TCGv, TCGv, TCGv)) > { > -TCGv source1 = tcg_temp_new(); > -TCGv source2 = tcg_temp_new(); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = gpr_src(ctx, a->rs2); > +TCGv ext2 = tcg_temp_new(); > > -gen_get_gpr(source1, a->rs1); > -gen_get_gpr(source2, a->rs2); > +tcg_gen_andi_tl(ext2, src2, 31); > +(*func)(dest, src1, ext2); > +tcg_gen_ext32s_tl(dest, dest); > > -tcg_gen_andi_tl(source2, source2, 31); > -(*func)(source1, source1, source2); > -tcg_gen_ext32s_tl(source1, source1); > - > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > +tcg_temp_free(ext2); > return true; > } > > static bool gen_shiftiw(DisasContext *ctx, arg_shift *a, > void(*func)(TCGv, TCGv, TCGv)) > { > -TCGv source1 = tcg_temp_new(); > -TCGv source2 = tcg_temp_new(); > +TCGv dest = gpr_dst(ctx, a->rd); > +TCGv src1 = gpr_src(ctx, a->rs1); > +TCGv src2 = tcg_constant_tl(a->shamt); > > -gen_get_gpr(source1, a->rs1); > -tcg_gen_movi_tl(source2, a->shamt); > +(*func)(dest, src1, src2); > +tcg_gen_ext32s_tl(dest, dest); > > -(*func)(source1, source1, source2); > -tcg_gen_ext32s_tl(source1, source1); > - > -gen_set_gpr(a->rd, source1); > -tcg_temp_free(source1); > -tcg_temp_free(source2); > return true; > } > > -- > 2.25.1 > >
Re: [PATCH v1 2/5] hw/intc: sifive_clint: Use RISC-V CPU GPIO lines
On Fri, Jul 9, 2021 at 9:01 AM Alistair Francis wrote: > > Instead of using riscv_cpu_update_mip() let's instead use the new RISC-V > CPU GPIO lines to set the timer and soft MIP bits. > > Signed-off-by: Alistair Francis > --- > include/hw/intc/sifive_clint.h | 2 + > hw/intc/sifive_clint.c | 72 -- > 2 files changed, 54 insertions(+), 20 deletions(-) > > diff --git a/include/hw/intc/sifive_clint.h b/include/hw/intc/sifive_clint.h > index a30be0f3d6..921b1561dd 100644 > --- a/include/hw/intc/sifive_clint.h > +++ b/include/hw/intc/sifive_clint.h > @@ -40,6 +40,8 @@ typedef struct SiFiveCLINTState { > uint32_t time_base; > uint32_t aperture_size; > uint32_t timebase_freq; > +qemu_irq *timer_irqs; > +qemu_irq *soft_irqs; > } SiFiveCLINTState; > > DeviceState *sifive_clint_create(hwaddr addr, hwaddr size, > diff --git a/hw/intc/sifive_clint.c b/hw/intc/sifive_clint.c > index 0f41e5ea1c..c635a47507 100644 > --- a/hw/intc/sifive_clint.c > +++ b/hw/intc/sifive_clint.c > @@ -28,6 +28,12 @@ > #include "hw/qdev-properties.h" > #include "hw/intc/sifive_clint.h" > #include "qemu/timer.h" > +#include "hw/irq.h" > + > +typedef struct sifive_clint_callback { > +SiFiveCLINTState *s; > +int num; > +} sifive_clint_callback; > > static uint64_t cpu_riscv_read_rtc(uint32_t timebase_freq) > { > @@ -39,7 +45,9 @@ static uint64_t cpu_riscv_read_rtc(uint32_t timebase_freq) > * Called when timecmp is written to update the QEMU timer or immediately > * trigger timer interrupt if mtimecmp <= current timer value. > */ > -static void sifive_clint_write_timecmp(RISCVCPU *cpu, uint64_t value, > +static void sifive_clint_write_timecmp(SiFiveCLINTState *s, RISCVCPU *cpu, > + int hartid, > + uint64_t value, > uint32_t timebase_freq) > { > uint64_t next; > @@ -51,12 +59,12 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu, > uint64_t value, > if (cpu->env.timecmp <= rtc_r) { > /* if we're setting an MTIMECMP value in the "past", > immediately raise the timer interrupt */ > -riscv_cpu_update_mip(cpu, MIP_MTIP, BOOL_TO_MASK(1)); > +qemu_irq_raise(s->timer_irqs[hartid]); This breaks multi-socket support. Please use "hartid - s->hartid_base" as an index. > return; > } > > /* otherwise, set up the future timer interrupt */ > -riscv_cpu_update_mip(cpu, MIP_MTIP, BOOL_TO_MASK(0)); > +qemu_irq_lower(s->timer_irqs[hartid]); > diff = cpu->env.timecmp - rtc_r; > /* back to ns (note args switched in muldiv64) */ > next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + > @@ -70,8 +78,9 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu, > uint64_t value, > */ > static void sifive_clint_timer_cb(void *opaque) > { > -RISCVCPU *cpu = opaque; > -riscv_cpu_update_mip(cpu, MIP_MTIP, BOOL_TO_MASK(1)); > +sifive_clint_callback *state = opaque; > + > +qemu_irq_raise(state->s->timer_irqs[state->num]); > } > > /* CPU wants to read rtc or timecmp register */ > @@ -137,7 +146,11 @@ static void sifive_clint_write(void *opaque, hwaddr > addr, uint64_t value, > if (!env) { > error_report("clint: invalid timecmp hartid: %zu", hartid); > } else if ((addr & 0x3) == 0) { > -riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_MSIP, > BOOL_TO_MASK(value)); > +if (value) { > +qemu_irq_raise(clint->soft_irqs[hartid]); > +} else { > +qemu_irq_lower(clint->soft_irqs[hartid]); > +} Eventthis is broken for multi-socket. Use "hartid - clint->hartid_base" as index. > } else { > error_report("clint: invalid sip write: %08x", (uint32_t)addr); > } > @@ -153,13 +166,13 @@ static void sifive_clint_write(void *opaque, hwaddr > addr, uint64_t value, > } else if ((addr & 0x7) == 0) { > /* timecmp_lo */ > uint64_t timecmp_hi = env->timecmp >> 32; > -sifive_clint_write_timecmp(RISCV_CPU(cpu), > +sifive_clint_write_timecmp(clint, RISCV_CPU(cpu), hartid, > timecmp_hi << 32 | (value & 0x), > clint->timebase_freq); > return; > } else if ((addr & 0x7) == 4) { > /* timecmp_hi */ > uint64_t timecmp_lo = env->timecmp; > -sifive_clint_write_timecmp(RISCV_CPU(cpu), > +sifive_clint_write_timecmp(clint, RISCV_CPU(cpu), hartid, > value << 32 | (timecmp_lo & 0x), > clint->timebase_freq); > } else { > error_report("clint: invalid timecmp write: %08x", > (uint32_t)addr); > @@ -205,6 +218,12 @@ static void sifive_clint_realize(DeviceState *dev, Error > **errp) > memory_region_init_io(>mmio, OBJECT(dev), _clint_ops, s, >
Re: [PATCH RESEND v2 1/3] msix/hmp: add hmp interface to dump MSI-X info
在 2021/7/13 上午7:58, Dongli Zhang 写道: This patch is to add the HMP interface to dump MSI-X table and PBA, in order to help diagnose the loss of IRQ issue in VM (e.g., if an MSI-X vector is erroneously masked permanently). Here is the example with vhost-scsi: (qemu) info msix /machine/peripheral/vscsi0 Msg L.Addr Msg U.Addr Msg Data Vect Ctrl 0xfee0 0x 0x4041 0x 0xfee0 0x 0x4051 0x 0xfee0 0x 0x4061 0x 0xfee0 0x 0x4071 0x 0xfee01000 0x 0x40b1 0x 0xfee02000 0x 0x40c1 0x 0xfee03000 0x 0x40d1 0x MSI-X PBA 0 0 0 0 0 0 0 Since the number of MSI-X entries is not determined and might be very large, it is sometimes inappropriate to dump via QMP. Therefore, this patch dumps MSI-X information only via HMP, which is similar to the implementation of hmp_info_mem(). Cc: Jason Wang Cc: Joe Jin Signed-off-by: Dongli Zhang Acked-by: Dr. David Alan Gilbert Acked-by: Jason Wang --- hmp-commands-info.hx | 13 + hw/pci/msix.c | 63 ++ include/hw/pci/msix.h | 2 ++ include/monitor/hmp.h | 1 + softmmu/qdev-monitor.c | 25 + 5 files changed, 104 insertions(+) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index 27206ac049..ce5c550d44 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -221,6 +221,19 @@ SRST Show PCI information. ERST +{ +.name = "msix", +.args_type = "dev:s", +.params = "dev", +.help = "dump MSI-X information", +.cmd= hmp_info_msix, +}, + +SRST + ``info msix`` *dev* +Dump MSI-X information for device *dev*. +ERST + #if defined(TARGET_I386) || defined(TARGET_SH4) || defined(TARGET_SPARC) || \ defined(TARGET_PPC) || defined(TARGET_XTENSA) || defined(TARGET_M68K) { diff --git a/hw/pci/msix.c b/hw/pci/msix.c index ae9331cd0b..4b4ec87eee 100644 --- a/hw/pci/msix.c +++ b/hw/pci/msix.c @@ -22,6 +22,7 @@ #include "sysemu/xen.h" #include "migration/qemu-file-types.h" #include "migration/vmstate.h" +#include "monitor/monitor.h" #include "qemu/range.h" #include "qapi/error.h" #include "trace.h" @@ -669,3 +670,65 @@ const VMStateDescription vmstate_msix = { VMSTATE_END_OF_LIST() } }; + +static void msix_dump_table(Monitor *mon, PCIDevice *dev) +{ +int vector; +uint32_t val; +uint8_t *table_entry; + +monitor_printf(mon, "Msg L.Addr "); +monitor_printf(mon, "Msg U.Addr "); +monitor_printf(mon, "Msg Data "); +monitor_printf(mon, "Vect Ctrl\n"); + +for (vector = 0; vector < dev->msix_entries_nr; vector++) { +table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE; + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_UPPER_ADDR); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_DATA); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_VECTOR_CTRL); +monitor_printf(mon, "0x%08x\n", val); +} + +monitor_printf(mon, "\n"); +} + +static void msix_dump_pba(Monitor *mon, PCIDevice *dev) +{ +int vector; + +monitor_printf(mon, "MSI-X PBA\n"); + +for (vector = 0; vector < dev->msix_entries_nr; vector++) { +monitor_printf(mon, "%d ", !!msix_is_pending(dev, vector)); + +if (vector % 16 == 15) { +monitor_printf(mon, "\n"); +} +} + +if (vector % 16 != 15) { +monitor_printf(mon, "\n"); +} + +monitor_printf(mon, "\n"); +} + +void msix_dump_info(Monitor *mon, PCIDevice *dev, Error **errp) +{ +if (!msix_present(dev)) { +error_setg(errp, "MSI-X not available"); +return; +} + +msix_dump_table(mon, dev); +msix_dump_pba(mon, dev); +} diff --git a/include/hw/pci/msix.h b/include/hw/pci/msix.h index 4c4a60c739..10a4500295 100644 --- a/include/hw/pci/msix.h +++ b/include/hw/pci/msix.h @@ -47,6 +47,8 @@ int msix_set_vector_notifiers(PCIDevice *dev, MSIVectorPollNotifier poll_notifier); void msix_unset_vector_notifiers(PCIDevice *dev); +void msix_dump_info(Monitor *mon, PCIDevice *dev, Error **errp); + extern const VMStateDescription vmstate_msix; #define VMSTATE_MSIX_TEST(_field, _state, _test) { \ diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h index 3baa1058e2..97c040a3c8 100644 --- a/include/monitor/hmp.h +++ b/include/monitor/hmp.h @@ -36,6 +36,7 @@ void hmp_info_irq(Monitor *mon, const QDict *qdict); void hmp_info_pic(Monitor *mon, const QDict *qdict); void hmp_info_rdma(Monitor *mon, const QDict *qdict); void hmp_info_pci(Monitor *mon, const QDict *qdict); +void
Re: [PATCH] hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
On Tue, Jul 13, 2021 at 1:15 PM Qiang Liu wrote: > > xlnx_dp_read allows an out-of-bounds read at its default branch because > of an improper index. > > According to > https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html > (DP Module), registers 0x3A4/0x3A4/0x3AC are allowed. > > DP_INT_MASK 0x03A4 32 mixed 0xF03F Interrupt > Mask Register for intrN. > DP_INT_EN 0x03A8 32 mixed 0x Interrupt > Enable Register. > DP_INT_DS 0x03AC 32 mixed 0x Interrupt > Disable Register. > > In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device > will write s->core_registers[0x3A4 > >> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4 > >> 2) + 1). However, the current size of s->core_registers is (0x3AF >> > >> 2), that is ((0x3A4 >> 2) + 2), which is out of the range. > In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to > the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read) > rather than 0x3A4. > > This patch adjusts the size of s->core_registers and enforces the read > access to offset 0x3A* and 0x3AC to 0x3A4. BTW, because the size of this > MMIO region is 0x3AF, this patch also removes the assertion in > xlnx_dp_write. > > Fixes: 58ac482a66de ("introduce xlnx-dp") > Signed-off-by: Qiang Liu Reviewed-by: Alistair Francis Alistair > --- > hw/display/xlnx_dp.c | 7 --- > include/hw/display/xlnx_dp.h | 2 +- > 2 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c > index 7bcbb13..8903181 100644 > --- a/hw/display/xlnx_dp.c > +++ b/hw/display/xlnx_dp.c > @@ -713,8 +713,10 @@ static uint64_t xlnx_dp_read(void *opaque, hwaddr > offset, unsigned size) > ret = 0; > break; > default: > -assert(offset <= (0x3AC >> 2)); > -ret = s->core_registers[offset]; > +if (offset == (0x3A8 >> 2) || offset == (0x3AC >> 2)) > +ret = s->core_registers[DP_INT_MASK]; > +else > +ret = s->core_registers[offset]; > break; > } > > @@ -876,7 +878,6 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, > uint64_t value, > xlnx_dp_update_irq(s); > break; > default: > -assert(offset <= (0x504C >> 2)); > s->core_registers[offset] = value; > break; > } > diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h > index e85e428..99a6d47 100644 > --- a/include/hw/display/xlnx_dp.h > +++ b/include/hw/display/xlnx_dp.h > @@ -39,7 +39,7 @@ > #define AUD_CHBUF_MAX_DEPTH (32 * KiB) > #define MAX_QEMU_BUFFER_SIZE(4 * KiB) > > -#define DP_CORE_REG_ARRAY_SIZE (0x3AF >> 2) > +#define DP_CORE_REG_ARRAY_SIZE (0x3A8 >> 2) > #define DP_AVBUF_REG_ARRAY_SIZE (0x238 >> 2) > #define DP_VBLEND_REG_ARRAY_SIZE(0x1DF >> 2) > #define DP_AUDIO_REG_ARRAY_SIZE (0x50 >> 2) > -- > 2.7.4 > >
Re: [PATCH] gitignore: Update with some filetypes
On 26-05-21, 13:13, Alex Bennée wrote: > > Viresh Kumar writes: > > > Update .gitignore to ignore .swp and .patch files. > > > > Signed-off-by: Viresh Kumar > > Reviewed-by: Alex Bennée No one picked it up yet, do I need to do something here ? -- viresh
[PATCH] hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
xlnx_dp_read allows an out-of-bounds read at its default branch because of an improper index. According to https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html (DP Module), registers 0x3A4/0x3A4/0x3AC are allowed. DP_INT_MASK 0x03A4 32 mixed 0xF03F Interrupt Mask Register for intrN. DP_INT_EN 0x03A8 32 mixed 0x Interrupt Enable Register. DP_INT_DS 0x03AC 32 mixed 0x Interrupt Disable Register. In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device will write s->core_registers[0x3A4 >> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4 >> 2) + 1). However, the current size of s->core_registers is (0x3AF >> >> 2), that is ((0x3A4 >> 2) + 2), which is out of the range. In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read) rather than 0x3A4. This patch adjusts the size of s->core_registers and enforces the read access to offset 0x3A* and 0x3AC to 0x3A4. BTW, because the size of this MMIO region is 0x3AF, this patch also removes the assertion in xlnx_dp_write. Fixes: 58ac482a66de ("introduce xlnx-dp") Signed-off-by: Qiang Liu --- hw/display/xlnx_dp.c | 7 --- include/hw/display/xlnx_dp.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c index 7bcbb13..8903181 100644 --- a/hw/display/xlnx_dp.c +++ b/hw/display/xlnx_dp.c @@ -713,8 +713,10 @@ static uint64_t xlnx_dp_read(void *opaque, hwaddr offset, unsigned size) ret = 0; break; default: -assert(offset <= (0x3AC >> 2)); -ret = s->core_registers[offset]; +if (offset == (0x3A8 >> 2) || offset == (0x3AC >> 2)) +ret = s->core_registers[DP_INT_MASK]; +else +ret = s->core_registers[offset]; break; } @@ -876,7 +878,6 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, uint64_t value, xlnx_dp_update_irq(s); break; default: -assert(offset <= (0x504C >> 2)); s->core_registers[offset] = value; break; } diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h index e85e428..99a6d47 100644 --- a/include/hw/display/xlnx_dp.h +++ b/include/hw/display/xlnx_dp.h @@ -39,7 +39,7 @@ #define AUD_CHBUF_MAX_DEPTH (32 * KiB) #define MAX_QEMU_BUFFER_SIZE(4 * KiB) -#define DP_CORE_REG_ARRAY_SIZE (0x3AF >> 2) +#define DP_CORE_REG_ARRAY_SIZE (0x3A8 >> 2) #define DP_AVBUF_REG_ARRAY_SIZE (0x238 >> 2) #define DP_VBLEND_REG_ARRAY_SIZE(0x1DF >> 2) #define DP_AUDIO_REG_ARRAY_SIZE (0x50 >> 2) -- 2.7.4
Re: [PATCH 2/2] watchdog: aspeed: Fix sequential control writes
On Fri, 9 Jul 2021, at 16:59, Philippe Mathieu-Daudé wrote: > On 7/9/21 7:31 AM, Andrew Jeffery wrote: > > The logic in the handling for the control register required toggling the > > enable state for writes to stick. Rework the condition chain to allow > > sequential writes that do not update the enable state. > > > > Fixes: 854123bf8d4b ("wdt: Add Aspeed watchdog device model") > > Signed-off-by: Andrew Jeffery > > --- > > hw/watchdog/wdt_aspeed.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c > > index faa3d35fdf21..69c37af9a6e9 100644 > > --- a/hw/watchdog/wdt_aspeed.c > > +++ b/hw/watchdog/wdt_aspeed.c > > @@ -166,6 +166,8 @@ static void aspeed_wdt_write(void *opaque, hwaddr > > offset, uint64_t data, > > } else if (!enable && aspeed_wdt_is_enabled(s)) { > > s->regs[WDT_CTRL] = data; > > timer_del(s->timer); > > +} else { > > +s->regs[WDT_CTRL] = data; > > What about simplifying by moving here: > >if (!enable && aspeed_wdt_is_enabled(s)) { >timer_del(s->timer); >} > I don't think that works, as aspeed_wdt_is_enabled() tests the value of s->regs[WDT_CTRL]. If you set it before you test then you end up in the wrong state. Andrew
[PATCH] vl: Parse legacy default_machine_opts
qemu can't start a xen vm after commit d8fb7d0969d5 "vl: switch -M parsing to keyval" with: $ ./qemu-system-i386 -M xenfv Unexpected error in object_property_find_err() at ../qom/object.c:1298: qemu-system-i386: Property 'xenfv-3.1-machine.accel' not found Aborted (core dumped) The default_machine_opts handling doesn't process the legacy machine options like "accel". Call qemu_apply_legacy_machine_options to provide the legacy handling. Signed-off-by: Jason Andryuk --- softmmu/vl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/softmmu/vl.c b/softmmu/vl.c index 4df1496101..f4d8630fc6 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -2126,6 +2126,7 @@ static void qemu_create_machine(QDict *qdict) QDict *default_opts = keyval_parse(machine_class->default_machine_opts, NULL, NULL, _abort); +qemu_apply_legacy_machine_options(default_opts); object_set_properties_from_keyval(OBJECT(current_machine), default_opts, false, _abort); qobject_unref(default_opts); -- 2.30.2
[PULL 1/3] ppc/pegasos2: Allow setprop in VOF
From: BALATON Zoltan Linux needs setprop to fix up the device tree, otherwise it's not finding devices and cannot boot. Since recent VOF change now we need to add a callback to allow this which is what this patch does. Signed-off-by: BALATON Zoltan Message-Id: <20210709132920.6544e745...@zero.eik.bme.hu> Signed-off-by: David Gibson --- hw/ppc/pegasos2.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/ppc/pegasos2.c b/hw/ppc/pegasos2.c index 9a6ae867e4..9fad1854b1 100644 --- a/hw/ppc/pegasos2.c +++ b/hw/ppc/pegasos2.c @@ -443,10 +443,17 @@ static target_ulong vhyp_encode_hpt_for_kvm_pr(PPCVirtualHypervisor *vhyp) return POWERPC_CPU(current_cpu)->env.spr[SPR_SDR1]; } +static bool pegasos2_setprop(MachineState *ms, const char *path, + const char *propname, void *val, int vallen) +{ +return true; +} + static void pegasos2_machine_class_init(ObjectClass *oc, void *data) { MachineClass *mc = MACHINE_CLASS(oc); PPCVirtualHypervisorClass *vhc = PPC_VIRTUAL_HYPERVISOR_CLASS(oc); +VofMachineIfClass *vmc = VOF_MACHINE_CLASS(oc); mc->desc = "Genesi/bPlan Pegasos II"; mc->init = pegasos2_init; @@ -462,6 +469,8 @@ static void pegasos2_machine_class_init(ObjectClass *oc, void *data) vhc->cpu_exec_enter = vhyp_nop; vhc->cpu_exec_exit = vhyp_nop; vhc->encode_hpt_for_kvm_pr = vhyp_encode_hpt_for_kvm_pr; + +vmc->setprop = pegasos2_setprop; } static const TypeInfo pegasos2_machine_info = { @@ -471,6 +480,7 @@ static const TypeInfo pegasos2_machine_info = { .instance_size = sizeof(Pegasos2MachineState), .interfaces = (InterfaceInfo[]) { { TYPE_PPC_VIRTUAL_HYPERVISOR }, +{ TYPE_VOF_MACHINE_IF }, { } }, }; -- 2.31.1
[PULL 0/3] ppc-for-6.1 queue 20210713
The following changes since commit 57e28d34c0cb04abf7683ac6a12c87ede447c320: Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' into staging (2021-07-12 19:15:11 +0100) are available in the Git repository at: https://gitlab.com/dgibson/qemu.git tags/ppc-for-6.1-20210713 for you to fetch changes up to c785a40179b10ce2d7a4afdb04f63c98d53a1756: mv64361: Remove extra break from a switch case (2021-07-13 10:12:17 +1000) ppc patch queue 2021-07-13 I thought I'd sent the last PR before the 6.1 soft freeze, but unfortunately I need one more. This last minute one puts in a SLOF update, along with a couple of bugfixes. Alexey Kardashevskiy (1): pseries: Update SLOF firmware image BALATON Zoltan (2): ppc/pegasos2: Allow setprop in VOF mv64361: Remove extra break from a switch case hw/pci-host/mv64361.c | 1 - hw/ppc/pegasos2.c | 10 ++ pc-bios/README| 2 +- pc-bios/slof.bin | Bin 96 -> 991744 bytes roms/SLOF | 2 +- 5 files changed, 12 insertions(+), 3 deletions(-)
[PULL 3/3] mv64361: Remove extra break from a switch case
From: BALATON Zoltan The switch case of writing PCI 1 IO base address had an extra break statement that made part of the code unreachable. This did not cause a problem as guests ususally leave this register at its default value. Fixes: dcdf98a9015 ("Add emulation of Marvell MV64361 PPC system controller") Reported-by: Coverity (CID 1458135) Signed-off-by: BALATON Zoltan Message-Id: <20210712131259.b705b745...@zero.eik.bme.hu> Signed-off-by: David Gibson --- hw/pci-host/mv64361.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/pci-host/mv64361.c b/hw/pci-host/mv64361.c index 20510d8680..92b0f5d047 100644 --- a/hw/pci-host/mv64361.c +++ b/hw/pci-host/mv64361.c @@ -687,7 +687,6 @@ static void mv64361_write(void *opaque, hwaddr addr, uint64_t val, case MV64340_PCI_1_IO_BASE_ADDR: s->pci[1].io_base = val & 0x30fULL; warn_swap_bit(val); -break; if (!(s->cpu_conf & BIT(27))) { s->pci[1].remap[4] = (val & 0xULL) << 16; } -- 2.31.1
Re: [PATCH] mv64361: Remove extra break from a switch case
On Mon, Jul 12, 2021 at 03:11:01PM +0200, BALATON Zoltan wrote: > The switch case of writing PCI 1 IO base address had an extra break > statement that made part of the code unreachable. This did not cause a > problem as guests ususally leave this register at its default value. > > Reported-by: Coverity (CID 1458135) > Signed-off-by: BALATON Zoltan Applied to ppc-for-6.1, thanks. > --- > hw/pci-host/mv64361.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/hw/pci-host/mv64361.c b/hw/pci-host/mv64361.c > index 20510d8680..92b0f5d047 100644 > --- a/hw/pci-host/mv64361.c > +++ b/hw/pci-host/mv64361.c > @@ -687,7 +687,6 @@ static void mv64361_write(void *opaque, hwaddr addr, > uint64_t val, > case MV64340_PCI_1_IO_BASE_ADDR: > s->pci[1].io_base = val & 0x30fULL; > warn_swap_bit(val); > -break; > if (!(s->cpu_conf & BIT(27))) { > s->pci[1].remap[4] = (val & 0xULL) << 16; > } -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [PATCH 06/11] hw/ppc/spapr_events: Remove unused variable from check_exception
On Mon, Jul 12, 2021 at 02:55:30PM -0700, Richard Henderson wrote: > >From clang-13: > hw/ppc/spapr_events.c:937:14: error: variable 'xinfo' set but not used \ > [-Werror,-Wunused-but-set-variable] > > Cc: qemu-...@nongnu.org > Cc: Greg Kurz > Cc: David Gibson > Signed-off-by: Richard Henderson Acked-by: David Gibson > --- > hw/ppc/spapr_events.c | 5 - > 1 file changed, 5 deletions(-) > > diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c > index 0cfc19be19..23e2e2fff1 100644 > --- a/hw/ppc/spapr_events.c > +++ b/hw/ppc/spapr_events.c > @@ -934,7 +934,6 @@ static void check_exception(PowerPCCPU *cpu, > SpaprMachineState *spapr, > uint32_t nret, target_ulong rets) > { > uint32_t mask, buf, len, event_len; > -uint64_t xinfo; > SpaprEventLogEntry *event; > struct rtas_error_log header; > int i; > @@ -944,13 +943,9 @@ static void check_exception(PowerPCCPU *cpu, > SpaprMachineState *spapr, > return; > } > > -xinfo = rtas_ld(args, 1); > mask = rtas_ld(args, 2); > buf = rtas_ld(args, 4); > len = rtas_ld(args, 5); > -if (nargs == 7) { > -xinfo |= (uint64_t)rtas_ld(args, 6) << 32; > -} > > event = rtas_event_log_dequeue(spapr, mask); > if (!event) { -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [PATCH 07/11] hw/pci-hist/pnv_phb4: Fix typo in pnv_phb4_ioda_write
On Mon, Jul 12, 2021 at 02:55:31PM -0700, Richard Henderson wrote: > >From clang-13: > hw/pci-host/pnv_phb4.c:375:18: error: variable 'v' set but not used \ > [-Werror,-Wunused-but-set-variable] > > It's pretty clear that we meant to write back 'v' after > all that computation and not 'val'. > > Cc: qemu-...@nongnu.org > Cc: Greg Kurz > Cc: David Gibson > Signed-off-by: Richard Henderson Acked-by: David Gibson > --- > hw/pci-host/pnv_phb4.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c > index 54f57c660a..5c375a9f28 100644 > --- a/hw/pci-host/pnv_phb4.c > +++ b/hw/pci-host/pnv_phb4.c > @@ -392,7 +392,7 @@ static void pnv_phb4_ioda_write(PnvPHB4 *phb, uint64_t > val) > v &= 0xull; > v |= 0xcfffull & val; > } > -*tptr = val; > +*tptr = v; > break; > } > case IODA3_TBL_MBT: -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
[PATCH] vfio/pci: Change to use "vfio_pci_is"
Since we don't have an encoding like the previous quirk, we can use vfio_pci_is(). Signed-off-by: Cai Huoqing --- hw/vfio/pci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index ab4077aad2..971273fd45 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -3058,14 +3058,14 @@ static void vfio_realize(PCIDevice *pdev, Error **errp) } } -if (vdev->vendor_id == PCI_VENDOR_ID_NVIDIA) { +if (vfio_pci_is(vdev, PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID)) { ret = vfio_pci_nvidia_v100_ram_init(vdev, errp); if (ret && ret != -ENODEV) { error_report("Failed to setup NVIDIA V100 GPU RAM"); } } -if (vdev->vendor_id == PCI_VENDOR_ID_IBM) { +if (vfio_pci_is(vdev, PCI_VENDOR_ID_IBM, PCI_ANY_ID)) { ret = vfio_pci_nvlink2_init(vdev, errp); if (ret && ret != -ENODEV) { error_report("Failed to setup NVlink2 bridge"); -- 2.25.1
[PATCH] tests/acceptance: Add tests for the Pegasos2 machine
From: Philippe Mathieu-Daudé Add a pair of tests for the Pegasos2 machine following the steps from: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg01553.html $ AVOCADO_ALLOW_UNTRUSTED_CODE=1 avocado --show=app,console,tesseract \ run -t machine:pegasos2 tests/acceptance/ (1/2) tests/acceptance/machine_ppc_pegasos.py:PPCPegasos2.test_rom_serial_console: console: PegasosII Boot Strap (c) 2002-2003 bplan GmbH console: Running on CPU PVR:000C0209 console: Enable L1 ICache... Done. console: Reading W83194 : FAILED. console: Setting Front Side Bus to 133MHz... FAILED. console: Configuring DDR... Done. console: Configuring PCI0... Done. console: Configuring PCI1... Done. console: Configuring ETH... Done. console: Releasing IDE reset ... Done. console: Configuring Legacy Devices console: Initializing KBD... Done. console: Testing 1000 Bytes, Pass: Failed: console: RAM TEST (fill linear)... Done. console: console: SmartFirmware: console: cpu0: PowerPC,G4 CPUClock 599 Mhz BUSClock 133 Mhz (Version 0x000C,0x0209) console: no/bad nvramrc - performing default startup script console: channel 1 unit 0 : atapi | QEMU DVD-ROM | 2.5+ console: ATA device not present or not responding console: Welcome to SmartFirmware(tm) for bplan Pegasos2 version 1.1 (20040405172512) PASS (5.23 s) (2/2) tests/acceptance/machine_ppc_pegasos.py:PPCPegasos2.test_morphos_cdrom_vga: ... console: Welcome to SmartFirmware(tm) for bplan Pegasos2 version 1.1 (20040405172512) console: SmartFirmware(tm) Copyright 1996-2001 by CodeGen, Inc. console: All Rights Reserved. console: Pegasos BIOS Extensions Copyright 2001-2003 by bplan GmbH. console: All Rights Reserved. console: entering main read/eval loop... console: ok boot cd boot.img console: ISO-9660 filesystem: System-ID: "MORPHOS" Volume-ID: "MorphOSBoot" console: " flags=0x2 extent=0x20 size=0x1800 console: Memory used before SYS_Init: 9MB console: PCI ATA/ATAPI Driver@2: PIO Mode 4 console: PCI ATA/ATAPI Driver@2: UDMA Mode 5 console: ide.device@2: QEMU QEMU DVD-ROM console: ide.device@2: CDRom , found, bootable tesseract: Ambient Screen 4: Saturday, 15 May 2021, 13:36:06 & tesseract: keymap tesseract: Albanian keyboard with 101/104 keys tesseract: ‘American keyboard with Greek input extension, 105 keys tesseract: Belarusian keyboard with 105 keys tesseract: Belgian keyboard with 105 keys J tesseract: British Apple keyboard tesseract: British keyboard with 105 keys tesseract: Bulgarian keyboard with 104 keys tesseract: Canadian keyboard with 105 keys tesseract: Colemak layout for keyboards with 101/104 keys tesseract: Croatian keyboard with 101/108 keys tesseract: Czech keyboard (QWERTY) with 101/104 keys tesseract: Czech keyboard (QWERTZ) with 101/104 keys tesseract: Danish keyboard with 105 keys PASS (28.56 s) RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 JOB TIME : 34.42 s Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Cleber Rosa --- tests/acceptance/machine_ppc_pegasos.py | 103 1 file changed, 103 insertions(+) create mode 100644 tests/acceptance/machine_ppc_pegasos.py diff --git a/tests/acceptance/machine_ppc_pegasos.py b/tests/acceptance/machine_ppc_pegasos.py new file mode 100644 index 00..e890a3a539 --- /dev/null +++ b/tests/acceptance/machine_ppc_pegasos.py @@ -0,0 +1,103 @@ +# Functional tests for the Pegasos2 machine. +# +# Copyright (c) 2021 Philippe Mathieu-Daudé +# +# This work is licensed under the terms of the GNU GPL, version 2 or later. +# See the COPYING file in the top-level directory. +# +# SPDX-License-Identifier: GPL-2.0-or-later + +import os +import time + +from avocado import skipUnless +from avocado_qemu import Test +from avocado_qemu import exec_command_and_wait_for_pattern +from avocado_qemu import wait_for_console_pattern +from tesseract_utils import tesseract_available, tesseract_ocr + +PIL_AVAILABLE = True +try: +from PIL import Image +except ImportError: +PIL_AVAILABLE = False + + +@skipUnless(os.getenv('AVOCADO_ALLOW_UNTRUSTED_CODE'), 'untrusted code') +class PPCPegasos2(Test): +"""These tests require a Pegasos2 ROM. You need to perform a one +time manual set up of the ROM, registering it with the Avocado +assets system. Please follow the steps bellow
RE: [PATCH] vfio/pci: Add pba_offset PCI quirk for BAIDU KUNLUN AI processor
Sure I will check these issue in our hardware Then ,send patch-v2 -Original Message- From: Alex Williamson Sent: 2021年7月13日 3:49 To: Cai,Huoqing Cc: m...@redhat.com; marcel.apfelb...@gmail.com; qemu-devel@nongnu.org Subject: Re: [PATCH] vfio/pci: Add pba_offset PCI quirk for BAIDU KUNLUN AI processor On Mon, 12 Jul 2021 11:36:55 +0800 Cai Huoqing wrote: > Fix pba_offset initialization value for BAIDU KUNLUN Virtual Function > device. The KUNLUN hardware returns an incorrect value for the VF PBA > offset, and add a quirk to instead return a hardcoded value of 0xb400. > > Signed-off-by: Cai Huoqing > --- > hw/vfio/pci.c| 8 > include/hw/pci/pci_ids.h | 4 > 2 files changed, 12 insertions(+) > > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index > ab4077aad2..72b7abf623 100644 > --- a/hw/vfio/pci.c > +++ b/hw/vfio/pci.c > @@ -1499,6 +1499,14 @@ static void vfio_msix_early_setup(VFIOPCIDevice *vdev, > Error **errp) > if (vdev->vendor_id == PCI_VENDOR_ID_CHELSIO && > (vdev->device_id & 0xff00) == 0x5800) { > msix->pba_offset = 0x1000; > +/* > + * BAIDU KUNLUN Virtual Function devices are encoded as 0x3685 for > + * KUNLUN AI processor. The KUNLUN hardware returns an incorrect > + * value for the VF PBA offset. The correct value is 0xb400. > + */ What is the incorrect value and what is the BAR size? This information in the comment could help debugging later. > +} else if (vdev->vendor_id == PCI_VENDOR_ID_BAIDU && > + vdev->device_id == PCI_DEVICE_ID_KUNLUN_VF) { Since we don't have an "encoding" like the previous quirk, we can use vfio_pci_is() here: } else if (vfio_pci_is(vdev, PCI_VENDOR_ID_BAIDU, PCI_DEVICE_ID_KUNLUN_VF)) { > +msix->pba_offset = 0xb400; > } else if (vdev->msix_relo == OFF_AUTOPCIBAR_OFF) { > error_setg(errp, "hardware reports invalid configuration, " > "MSIX PBA outside of specified BAR"); diff > --git a/include/hw/pci/pci_ids.h b/include/hw/pci/pci_ids.h index > 5c14681b82..bc73c50277 100644 > --- a/include/hw/pci/pci_ids.h > +++ b/include/hw/pci/pci_ids.h > @@ -227,6 +227,10 @@ > #define PCI_VENDOR_ID_FREESCALE 0x1957 > #define PCI_DEVICE_ID_MPC8533E 0x0030 > > +#define PCI_VENDOR_ID_BAIDU 0x1d22 > +#define PCI_DEVICE_ID_KUNLUN 0x3684 Let's not add a device ID that we don't use elsewhere in the code, we only use the vendor ID and the VF ID below. Thanks, Alex > +#define PCI_DEVICE_ID_KUNLUN_VF 0x3685 > + > #define PCI_VENDOR_ID_INTEL 0x8086 > #define PCI_DEVICE_ID_INTEL_823780x0484 > #define PCI_DEVICE_ID_INTEL_824410x1237
[PATCH RESEND 1/1] multi-process: fix usage information
>From source code, the 'devid' of x-remote-object should be one of devices in remote QEMU process. Signed-off-by: Dongli Zhang Reviewed-by: Jagannathan Raman --- Resend to be applied as trivial patch. I have verified by reading the code and playing with below orchestrator. https://github.com/finallyjustice/sample/blob/master/kvm/multiprocess/orchestrator.py docs/system/multi-process.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/multi-process.rst b/docs/system/multi-process.rst index 46bb0cafc2..210531ee17 100644 --- a/docs/system/multi-process.rst +++ b/docs/system/multi-process.rst @@ -45,7 +45,7 @@ Following is a description of command-line used to launch mpqemu. -device lsi53c895a,id=lsi0 \ -drive id=drive_image2,file=/build/ol7-nvme-test-1.qcow2 \ -device scsi-hd,id=drive2,drive=drive_image2,bus=lsi0.0,scsi-id=0 \ - -object x-remote-object,id=robj1,devid=lsi1,fd=4, + -object x-remote-object,id=robj1,devid=lsi0,fd=4, * QEMU: -- 2.17.1
[PATCH v6 5/6] hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35
Q35 has three different types of PCI devices hot-plug: PCIe Native, SHPC Native and ACPI hot-plug. This patch changes the default choice for cold-plugged bridges from PCIe Native to ACPI Hot-plug with ability to use SHPC and PCIe Native for hot-plugged bridges. This is a list of the PCIe Native hot-plug issues that led to this change: * no racy behavior during boot (see 110c477c2ed) * no delay during deleting - after the actual power off software must wait at least 1 second before indicating about it. This case is quite important for users, it even has its own bug: https://bugzilla.redhat.com/show_bug.cgi?id=1594168 * no timer-based behavior - in addition to the previous example, the attention button has a 5-second waiting period, during which the operation can be canceled with a second press. While this looks fine for manual button control, automation will result in the need to queue or drop events, and the software receiving events in all sort of unspecified combinations of attention/power indicator states, which is racy and uppredictable. * fixes: * https://bugzilla.redhat.com/show_bug.cgi?id=1752465 * https://bugzilla.redhat.com/show_bug.cgi?id=1690256 To return to PCIe Native hot-plug: -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off Signed-off-by: Julia Suvorova Reviewed-by: Igor Mammedov --- hw/acpi/ich9.c | 2 +- hw/i386/pc.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c index 2f4eb453ac..778e27b659 100644 --- a/hw/acpi/ich9.c +++ b/hw/acpi/ich9.c @@ -427,7 +427,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm) pm->disable_s3 = 0; pm->disable_s4 = 0; pm->s4_val = 2; -pm->use_acpi_hotplug_bridge = false; +pm->use_acpi_hotplug_bridge = true; object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE, >pm_io_base, OBJ_PROP_FLAG_READ); diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 8e1220db72..7e03848792 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -98,6 +98,7 @@ GlobalProperty pc_compat_6_0[] = { { "qemu64" "-" TYPE_X86_CPU, "family", "6" }, { "qemu64" "-" TYPE_X86_CPU, "model", "6" }, { "qemu64" "-" TYPE_X86_CPU, "stepping", "3" }, +{ "ICH9-LPC", "acpi-pci-hotplug-with-bridge-support", "off" }, }; const size_t pc_compat_6_0_len = G_N_ELEMENTS(pc_compat_6_0); -- 2.30.2
[PATCH v6 6/6] bios-tables-test: Update golden binaries
Add ACPI hot-plug registers to DSDT Q35 tables. Changes in the tables: +Scope (_SB.PCI0) +{ +OperationRegion (PCST, SystemIO, 0x0CC4, 0x08) +Field (PCST, DWordAcc, NoLock, WriteAsZeros) +{ +PCIU, 32, +PCID, 32 +} + +OperationRegion (SEJ, SystemIO, 0x0CCC, 0x04) +Field (SEJ, DWordAcc, NoLock, WriteAsZeros) +{ +B0EJ, 32 +} + +OperationRegion (BNMR, SystemIO, 0x0CD4, 0x08) +Field (BNMR, DWordAcc, NoLock, WriteAsZeros) +{ +BNUM, 32, +PIDX, 32 +} + +Mutex (BLCK, 0x00) +Method (PCEJ, 2, NotSerialized) +{ +Acquire (BLCK, 0x) +BNUM = Arg0 +B0EJ = (One << Arg1) +Release (BLCK) +Return (Zero) +} + +Method (AIDX, 2, NotSerialized) +{ +Acquire (BLCK, 0x) +BNUM = Arg0 +PIDX = (One << Arg1) +Local0 = PIDX /* \_SB_.PCI0.PIDX */ +Release (BLCK) +Return (Local0) +} + +Method (PDSM, 6, Serialized) +{ +If ((Arg0 == ToUUID ("e5c937d0-3553-4d7a-9117-ea4d19c3434d") /* Device Labeling Interface */)) +{ +Local0 = AIDX (Arg4, Arg5) +If ((Arg2 == Zero)) +{ +If ((Arg1 == 0x02)) +{ +If (!((Local0 == Zero) | (Local0 == 0x))) +{ +Return (Buffer (One) +{ + 0x81 // . +}) +} +} + +Return (Buffer (One) +{ + 0x00 // . +}) +} +ElseIf ((Arg2 == 0x07)) +{ +Local1 = Package (0x02) +{ +Zero, +"" +} +Local1 [Zero] = Local0 +Return (Local1) +} +} +} +} + ... Scope (_GPE) { Name (_HID, "ACPI0006" /* GPE Block Device */) // _HID: Hardware ID +Method (_E01, 0, NotSerialized) // _Exx: Edge-Triggered GPE, xx=0x00-0xFF +{ +Acquire (\_SB.PCI0.BLCK, 0x) +\_SB.PCI0.PCNT () +Release (\_SB.PCI0.BLCK) +} ... + +Device (PHPR) +{ +Name (_HID, "PNP0A06" /* Generic Container Device */) // _HID: Hardware ID +Name (_UID, "PCI Hotplug resources") // _UID: Unique ID +Name (_STA, 0x0B) // _STA: Status +Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings +{ +IO (Decode16, +0x0CC4, // Range Minimum +0x0CC4, // Range Maximum +0x01, // Alignment +0x18, // Length +) +}) +} } ... And if there is a port in configuration: Device (S10) { Name (_ADR, 0x0002) // _ADR: Address +Name (BSEL, Zero) +Device (S00) +{ +Name (_SUN, Zero) // _SUN: Slot User Number +Name (_ADR, Zero) // _ADR: Address +Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9 +{ +PCEJ (BSEL, _SUN) +} + +Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method +{ +Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN)) +} +} + ... +Method (DVNT, 2, NotSerialized) +{ +If ((Arg0 & One)) +{ +Notify (S00, Arg1) +} ... Signed-off-by: Julia Suvorova --- tests/qtest/bios-tables-test-allowed-diff.h | 11 --- tests/data/acpi/q35/DSDT| Bin 7859 -> 8289 bytes tests/data/acpi/q35/DSDT.acpihmat | Bin 9184 -> 9614 bytes tests/data/acpi/q35/DSDT.bridge | Bin 7877 -> 11003 bytes tests/data/acpi/q35/DSDT.cphp | Bin 8323 -> 8753 bytes tests/data/acpi/q35/DSDT.dimmpxm| Bin 9513 -> 9943 bytes tests/data/acpi/q35/DSDT.ipmibt | Bin 7934 -> 8364 bytes tests/data/acpi/q35/DSDT.memhp | Bin 9218 -> 9648 bytes tests/data/acpi/q35/DSDT.mmio64 | Bin 8990 -> 9419 bytes
[PATCH v6 1/6] hw/i386/acpi-build: Add ACPI PCI hot-plug methods to Q35
Implement notifications and gpe to support q35 ACPI PCI hot-plug. Use 0xcc4 - 0xcd7 range for 'acpi-pci-hotplug' io ports. Signed-off-by: Julia Suvorova Reviewed-by: Igor Mammedov Reviewed-by: Marcel Apfelbaum --- hw/i386/acpi-build.h| 4 include/hw/acpi/ich9.h | 2 ++ include/hw/acpi/pcihp.h | 3 ++- hw/acpi/pcihp.c | 6 +++--- hw/acpi/piix4.c | 4 +++- hw/i386/acpi-build.c| 30 +++--- 6 files changed, 33 insertions(+), 16 deletions(-) diff --git a/hw/i386/acpi-build.h b/hw/i386/acpi-build.h index 74df5fc612..487ec7710f 100644 --- a/hw/i386/acpi-build.h +++ b/hw/i386/acpi-build.h @@ -5,6 +5,10 @@ extern const struct AcpiGenericAddress x86_nvdimm_acpi_dsmio; +/* PCI Hot-plug registers bases. See docs/spec/acpi_pci_hotplug.txt */ +#define ACPI_PCIHP_SEJ_BASE 0x8 +#define ACPI_PCIHP_BNMR_BASE 0x10 + void acpi_setup(void); #endif diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h index df519e40b5..596120d97f 100644 --- a/include/hw/acpi/ich9.h +++ b/include/hw/acpi/ich9.h @@ -28,6 +28,8 @@ #include "hw/acpi/acpi_dev_interface.h" #include "hw/acpi/tco.h" +#define ACPI_PCIHP_ADDR_ICH9 0x0cc4 + typedef struct ICH9LPCPMRegs { /* * In ich9 spec says that pm1_cnt register is 32bit width and diff --git a/include/hw/acpi/pcihp.h b/include/hw/acpi/pcihp.h index 2dd90aea30..af1a169fc3 100644 --- a/include/hw/acpi/pcihp.h +++ b/include/hw/acpi/pcihp.h @@ -55,7 +55,8 @@ typedef struct AcpiPciHpState { } AcpiPciHpState; void acpi_pcihp_init(Object *owner, AcpiPciHpState *, PCIBus *root, - MemoryRegion *address_space_io, bool bridges_enabled); + MemoryRegion *address_space_io, bool bridges_enabled, + uint16_t io_base); void acpi_pcihp_device_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp); diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c index 4999277d57..d98a284b7a 100644 --- a/hw/acpi/pcihp.c +++ b/hw/acpi/pcihp.c @@ -37,7 +37,6 @@ #include "qom/qom-qobject.h" #include "trace.h" -#define ACPI_PCIHP_ADDR 0xae00 #define ACPI_PCIHP_SIZE 0x0018 #define PCI_UP_BASE 0x #define PCI_DOWN_BASE 0x0004 @@ -488,10 +487,11 @@ static const MemoryRegionOps acpi_pcihp_io_ops = { }; void acpi_pcihp_init(Object *owner, AcpiPciHpState *s, PCIBus *root_bus, - MemoryRegion *address_space_io, bool bridges_enabled) + MemoryRegion *address_space_io, bool bridges_enabled, + uint16_t io_base) { s->io_len = ACPI_PCIHP_SIZE; -s->io_base = ACPI_PCIHP_ADDR; +s->io_base = io_base; s->root = root_bus; s->legacy_piix = !bridges_enabled; diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c index 0bd23d74e2..48f7a1edbc 100644 --- a/hw/acpi/piix4.c +++ b/hw/acpi/piix4.c @@ -49,6 +49,8 @@ #define GPE_BASE 0xafe0 #define GPE_LEN 4 +#define ACPI_PCIHP_ADDR_PIIX4 0xae00 + struct pci_status { uint32_t up; /* deprecated, maintained for migration compatibility */ uint32_t down; @@ -607,7 +609,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion *parent, if (s->use_acpi_hotplug_bridge || s->use_acpi_root_pci_hotplug) { acpi_pcihp_init(OBJECT(s), >acpi_pci_hotplug, bus, parent, -s->use_acpi_hotplug_bridge); +s->use_acpi_hotplug_bridge, ACPI_PCIHP_ADDR_PIIX4); } s->cpu_hotplug_legacy = true; diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index 357437ff1d..e1c246d6e8 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -219,10 +219,6 @@ static void acpi_get_pm_info(MachineState *machine, AcpiPmInfo *pm) /* w2k requires FADT(rev1) or it won't boot, keep PC compatible */ pm->fadt.rev = 1; pm->cpu_hp_io_base = PIIX4_CPU_HOTPLUG_IO_BASE; -pm->pcihp_io_base = -object_property_get_uint(obj, ACPI_PCIHP_IO_BASE_PROP, NULL); -pm->pcihp_io_len = -object_property_get_uint(obj, ACPI_PCIHP_IO_LEN_PROP, NULL); } if (lpc) { uint64_t smi_features = object_property_get_uint(lpc, @@ -238,6 +234,10 @@ static void acpi_get_pm_info(MachineState *machine, AcpiPmInfo *pm) pm->smi_on_cpu_unplug = !!(smi_features & BIT_ULL(ICH9_LPC_SMI_F_CPU_HOT_UNPLUG_BIT)); } +pm->pcihp_io_base = +object_property_get_uint(obj, ACPI_PCIHP_IO_BASE_PROP, NULL); +pm->pcihp_io_len = +object_property_get_uint(obj, ACPI_PCIHP_IO_LEN_PROP, NULL); /* The above need not be conditional on machine type because the reset port * happens to be the same on PIIX (pc) and ICH9 (q35). */ @@ -392,6 +392,9 @@ static void build_append_pci_bus_devices(Aml *parent_scope, PCIBus *bus, if (!pdev) { if (bsel) { /* add hotplug slots for non present devices */ +if (pci_bus_is_express(bus) && slot > 0) { +
[PATCH v6 3/6] hw/pci/pcie: Do not set HPC flag if acpihp is used
Instead of changing the hot-plug type in _OSC register, do not set the 'Hot-Plug Capable' flag. This way guest will choose ACPI hot-plug if it is preferred and leave the option to use SHPC with pcie-pci-bridge. The ability to control hot-plug for each downstream port is retained, while 'hotplug=off' on the port means all hot-plug types are disabled. Signed-off-by: Julia Suvorova Reviewed-by: Igor Mammedov Reviewed-by: Marcel Apfelbaum Reviewed-by: David Gibson --- include/hw/pci/pcie_port.h | 5 - hw/acpi/pcihp.c| 8 hw/core/machine.c | 1 - hw/i386/pc_q35.c | 11 +++ hw/pci/pcie.c | 8 +++- hw/pci/pcie_port.c | 1 + 6 files changed, 31 insertions(+), 3 deletions(-) diff --git a/include/hw/pci/pcie_port.h b/include/hw/pci/pcie_port.h index bea8ecad0f..e25b289ce8 100644 --- a/include/hw/pci/pcie_port.h +++ b/include/hw/pci/pcie_port.h @@ -57,8 +57,11 @@ struct PCIESlot { /* Disable ACS (really for a pcie_root_port) */ booldisable_acs; -/* Indicates whether hot-plug is enabled on the slot */ +/* Indicates whether any type of hot-plug is allowed on the slot */ boolhotplug; + +boolnative_hotplug; + QLIST_ENTRY(PCIESlot) next; }; diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c index 9fdc6342b0..f4d706e47d 100644 --- a/hw/acpi/pcihp.c +++ b/hw/acpi/pcihp.c @@ -31,6 +31,7 @@ #include "hw/pci/pci.h" #include "hw/pci/pci_bridge.h" #include "hw/pci/pci_host.h" +#include "hw/pci/pcie_port.h" #include "hw/i386/acpi-build.h" #include "hw/acpi/acpi.h" #include "hw/pci/pci_bus.h" @@ -336,6 +337,13 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s, object_dynamic_cast(OBJECT(dev), TYPE_PCI_BRIDGE)) { PCIBus *sec = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev)); +/* Remove all hot-plug handlers if hot-plug is disabled on slot */ +if (object_dynamic_cast(OBJECT(dev), TYPE_PCIE_SLOT) && +!PCIE_SLOT(pdev)->hotplug) { +qbus_set_hotplug_handler(BUS(sec), NULL); +return; +} + qbus_set_hotplug_handler(BUS(sec), OBJECT(hotplug_dev)); /* We don't have to overwrite any other hotplug handler yet */ assert(QLIST_EMPTY(>child)); diff --git a/hw/core/machine.c b/hw/core/machine.c index ca69f0343a..339031219d 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -583,7 +583,6 @@ static void machine_set_memdev(Object *obj, const char *value, Error **errp) ms->ram_memdev_id = g_strdup(value); } - static void machine_init_notify(Notifier *notifier, void *data) { MachineState *machine = MACHINE(qdev_get_machine()); diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 46a0f196f4..04b4a4788d 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -37,6 +37,7 @@ #include "sysemu/kvm.h" #include "hw/kvm/clock.h" #include "hw/pci-host/q35.h" +#include "hw/pci/pcie_port.h" #include "hw/qdev-properties.h" #include "hw/i386/x86.h" #include "hw/i386/pc.h" @@ -136,6 +137,7 @@ static void pc_q35_init(MachineState *machine) ram_addr_t lowmem; DriveInfo *hd[MAX_SATA_PORTS]; MachineClass *mc = MACHINE_GET_CLASS(machine); +bool acpi_pcihp; /* Check whether RAM fits below 4G (leaving 1/2 GByte for IO memory * and 256 Mbytes for PCI Express Enhanced Configuration Access Mapping @@ -236,6 +238,15 @@ static void pc_q35_init(MachineState *machine) object_property_set_link(OBJECT(machine), PC_MACHINE_ACPI_DEVICE_PROP, OBJECT(lpc), _abort); +acpi_pcihp = object_property_get_bool(OBJECT(lpc), + "acpi-pci-hotplug-with-bridge-support", + NULL); + +if (acpi_pcihp) { +object_register_sugar_prop(TYPE_PCIE_SLOT, "native-hotplug", + "false", true); +} + /* irq lines */ gsi_state = pc_gsi_create(>gsi, pcmc->pci_enabled); diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c index fd0fa157e8..6e95d82903 100644 --- a/hw/pci/pcie.c +++ b/hw/pci/pcie.c @@ -529,7 +529,13 @@ void pcie_cap_slot_init(PCIDevice *dev, PCIESlot *s) PCI_EXP_SLTCAP_PIP | PCI_EXP_SLTCAP_AIP | PCI_EXP_SLTCAP_ABP); -if (s->hotplug) { + +/* + * Enable native hot-plug on all hot-plugged bridges unless + * hot-plug is disabled on the slot. + */ +if (s->hotplug && +(s->native_hotplug || DEVICE(dev)->hotplugged)) { pci_long_test_and_set_mask(dev->config + pos + PCI_EXP_SLTCAP, PCI_EXP_SLTCAP_HPS | PCI_EXP_SLTCAP_HPC); diff --git a/hw/pci/pcie_port.c b/hw/pci/pcie_port.c index eb563ad435..da850e8dde 100644 --- a/hw/pci/pcie_port.c +++
[PATCH v6 4/6] bios-tables-test: Allow changes in DSDT ACPI tables
All DSDT Q35 tables will be modified because ACPI hot-plug is enabled by default. Signed-off-by: Julia Suvorova Reviewed-by: Igor Mammedov Reviewed-by: Marcel Apfelbaum --- tests/qtest/bios-tables-test-allowed-diff.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..c5167f48af 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,12 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/q35/DSDT", +"tests/data/acpi/q35/DSDT.tis", +"tests/data/acpi/q35/DSDT.bridge", +"tests/data/acpi/q35/DSDT.mmio64", +"tests/data/acpi/q35/DSDT.ipmibt", +"tests/data/acpi/q35/DSDT.cphp", +"tests/data/acpi/q35/DSDT.memhp", +"tests/data/acpi/q35/DSDT.acpihmat", +"tests/data/acpi/q35/DSDT.numamem", +"tests/data/acpi/q35/DSDT.dimmpxm", +"tests/data/acpi/q35/DSDT.nohpet", -- 2.30.2
[PATCH v6 2/6] hw/acpi/ich9: Enable ACPI PCI hot-plug
Add acpi_pcihp to ich9_pm as part of 'acpi-pci-hotplug-with-bridge-support' option. Set default to false. Signed-off-by: Julia Suvorova Signed-off-by: Marcel Apfelbaum Reviewed-by: Igor Mammedov --- hw/i386/acpi-build.h| 1 + include/hw/acpi/ich9.h | 3 ++ hw/acpi/acpi-x86-stub.c | 6 hw/acpi/ich9.c | 70 + hw/acpi/pcihp.c | 12 +-- hw/i386/acpi-build.c| 14 ++--- 6 files changed, 100 insertions(+), 6 deletions(-) diff --git a/hw/i386/acpi-build.h b/hw/i386/acpi-build.h index 487ec7710f..0dce155c8c 100644 --- a/hw/i386/acpi-build.h +++ b/hw/i386/acpi-build.h @@ -10,5 +10,6 @@ extern const struct AcpiGenericAddress x86_nvdimm_acpi_dsmio; #define ACPI_PCIHP_BNMR_BASE 0x10 void acpi_setup(void); +Object *acpi_get_i386_pci_host(void); #endif diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h index 596120d97f..a329ce43ab 100644 --- a/include/hw/acpi/ich9.h +++ b/include/hw/acpi/ich9.h @@ -24,6 +24,7 @@ #include "hw/acpi/acpi.h" #include "hw/acpi/cpu_hotplug.h" #include "hw/acpi/cpu.h" +#include "hw/acpi/pcihp.h" #include "hw/acpi/memory_hotplug.h" #include "hw/acpi/acpi_dev_interface.h" #include "hw/acpi/tco.h" @@ -55,6 +56,8 @@ typedef struct ICH9LPCPMRegs { AcpiCpuHotplug gpe_cpu; CPUHotplugState cpuhp_state; +bool use_acpi_hotplug_bridge; +AcpiPciHpState acpi_pci_hotplug; MemHotplugState acpi_memory_hotplug; uint8_t disable_s3; diff --git a/hw/acpi/acpi-x86-stub.c b/hw/acpi/acpi-x86-stub.c index f88d6a090b..e9e46c5c5f 100644 --- a/hw/acpi/acpi-x86-stub.c +++ b/hw/acpi/acpi-x86-stub.c @@ -1,7 +1,13 @@ #include "qemu/osdep.h" #include "hw/i386/pc.h" +#include "hw/i386/acpi-build.h" void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid, const CPUArchIdList *apic_ids, GArray *entry) { } + +Object *acpi_get_i386_pci_host(void) +{ + return NULL; +} diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c index 4daa79ec8d..2f4eb453ac 100644 --- a/hw/acpi/ich9.c +++ b/hw/acpi/ich9.c @@ -217,6 +217,26 @@ static const VMStateDescription vmstate_cpuhp_state = { } }; +static bool vmstate_test_use_pcihp(void *opaque) +{ +ICH9LPCPMRegs *s = opaque; + +return s->use_acpi_hotplug_bridge; +} + +static const VMStateDescription vmstate_pcihp_state = { +.name = "ich9_pm/pcihp", +.version_id = 1, +.minimum_version_id = 1, +.needed = vmstate_test_use_pcihp, +.fields = (VMStateField[]) { +VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, +ICH9LPCPMRegs, +NULL, NULL), +VMSTATE_END_OF_LIST() +} +}; + const VMStateDescription vmstate_ich9_pm = { .name = "ich9_pm", .version_id = 1, @@ -238,6 +258,7 @@ const VMStateDescription vmstate_ich9_pm = { _memhp_state, _tco_io_state, _cpuhp_state, +_pcihp_state, NULL } }; @@ -259,6 +280,10 @@ static void pm_reset(void *opaque) } pm->smi_en_wmask = ~0; +if (pm->use_acpi_hotplug_bridge) { +acpi_pcihp_reset(>acpi_pci_hotplug, true); +} + acpi_update_sci(>acpi_regs, pm->irq); } @@ -297,6 +322,18 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm, pm->enable_tco = true; acpi_pm_tco_init(>tco_regs, >io); +if (pm->use_acpi_hotplug_bridge) { +acpi_pcihp_init(OBJECT(lpc_pci), +>acpi_pci_hotplug, +pci_get_bus(lpc_pci), +pci_address_space_io(lpc_pci), +true, +ACPI_PCIHP_ADDR_ICH9); + +qbus_set_hotplug_handler(BUS(pci_get_bus(lpc_pci)), + OBJECT(lpc_pci)); +} + pm->irq = sci_irq; qemu_register_reset(pm_reset, pm); pm->powerdown_notifier.notify = pm_powerdown_req; @@ -368,6 +405,20 @@ static void ich9_pm_set_enable_tco(Object *obj, bool value, Error **errp) s->pm.enable_tco = value; } +static bool ich9_pm_get_acpi_pci_hotplug(Object *obj, Error **errp) +{ +ICH9LPCState *s = ICH9_LPC_DEVICE(obj); + +return s->pm.use_acpi_hotplug_bridge; +} + +static void ich9_pm_set_acpi_pci_hotplug(Object *obj, bool value, Error **errp) +{ +ICH9LPCState *s = ICH9_LPC_DEVICE(obj); + +s->pm.use_acpi_hotplug_bridge = value; +} + void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm) { static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN; @@ -376,6 +427,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm) pm->disable_s3 = 0; pm->disable_s4 = 0; pm->s4_val = 2; +pm->use_acpi_hotplug_bridge = false; object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE, >pm_io_base, OBJ_PROP_FLAG_READ); @@ -399,6 +451,9 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm) object_property_add_bool(obj, ACPI_PM_PROP_TCO_ENABLED,
[PATCH v6 0/6] Use ACPI PCI hot-plug for Q35
The patch set consists of two parts: patches 1-3: introduce new feature 'acpi-pci-hotplug-with-bridge-support' on Q35 patches 4-6: make the feature default along with changes in ACPI tables With the feature disabled Q35 falls back to the native hot-plug. Pros * no racy behavior during boot (see 110c477c2ed) * eject is possible - according to PCIe spec, attention button press should lead to power off, and then the adapter should be removed manually. As there is no power down state exists in QEMU, we cannot distinguish between an eject and a power down request. * no delay during deleting - after the actual power off software must wait at least 1 second before indicating about it. This case is quite important for users, it even has its own bug: https://bugzilla.redhat.com/show_bug.cgi?id=1594168 * no timer-based behavior - in addition to the previous example, the attention button has a 5-second waiting period, during which the operation can be canceled with a second press. While this looks fine for manual button control, automation will result in the need to queue or drop events, and the software receiving events in all sort of unspecified combinations of attention/power indicator states, which is racy and uppredictable. * fixes or reduces the likelihood of the bugs: * https://bugzilla.redhat.com/show_bug.cgi?id=1833187 * https://bugzilla.redhat.com/show_bug.cgi?id=1657077 * https://bugzilla.redhat.com/show_bug.cgi?id=1669931 * https://bugzilla.redhat.com/show_bug.cgi?id=1678290 Cons: * no access to possible features presented in slot capabilities (this is only surprise removal AFAIK) v6: * move acpi_pcihp_disable_root_bus() changes into "Enable ACPI PCI hot-plug" patch * fix mips compilation [Michael, Marcel] * additional check in pm_reset() [David] * rename property to "native-hotplug" [Igor] v5: * make sugar property on TYPE_PCIE_SLOT instead of old TYPE_MACHINE property [Igor] * minor style changes v4: * regain per-port control over hot-plug * rebased over acpi-index changes * set property on machine type to make pci code more generic [Igor, Michael] v3: * drop change of _OSC to allow SHPC on hotplugged bridges * use 'acpi-root-pci-hotplug' * add migration states [Igor] * minor style changes v2: * new ioport range for acpiphp [Gerd] * drop find_pci_host() [Igor] * explain magic numbers in _OSC [Igor] * drop build_q35_pci_hotplug() wrapper [Igor] Julia Suvorova (6): hw/i386/acpi-build: Add ACPI PCI hot-plug methods to Q35 hw/acpi/ich9: Enable ACPI PCI hot-plug hw/pci/pcie: Do not set HPC flag if acpihp is used bios-tables-test: Allow changes in DSDT ACPI tables hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35 bios-tables-test: Update golden binaries hw/i386/acpi-build.h | 5 +++ include/hw/acpi/ich9.h| 5 +++ include/hw/acpi/pcihp.h | 3 +- include/hw/pci/pcie_port.h| 5 ++- hw/acpi/acpi-x86-stub.c | 6 +++ hw/acpi/ich9.c| 70 ++ hw/acpi/pcihp.c | 26 --- hw/acpi/piix4.c | 4 +- hw/core/machine.c | 1 - hw/i386/acpi-build.c | 44 --- hw/i386/pc.c | 1 + hw/i386/pc_q35.c | 11 + hw/pci/pcie.c | 8 +++- hw/pci/pcie_port.c| 1 + tests/data/acpi/q35/DSDT | Bin 7859 -> 8289 bytes tests/data/acpi/q35/DSDT.acpihmat | Bin 9184 -> 9614 bytes tests/data/acpi/q35/DSDT.bridge | Bin 7877 -> 11003 bytes tests/data/acpi/q35/DSDT.cphp | Bin 8323 -> 8753 bytes tests/data/acpi/q35/DSDT.dimmpxm | Bin 9513 -> 9943 bytes tests/data/acpi/q35/DSDT.ipmibt | Bin 7934 -> 8364 bytes tests/data/acpi/q35/DSDT.memhp| Bin 9218 -> 9648 bytes tests/data/acpi/q35/DSDT.mmio64 | Bin 8990 -> 9419 bytes tests/data/acpi/q35/DSDT.nohpet | Bin 7717 -> 8147 bytes tests/data/acpi/q35/DSDT.numamem | Bin 7865 -> 8295 bytes tests/data/acpi/q35/DSDT.tis | Bin 8465 -> 8894 bytes 25 files changed, 165 insertions(+), 25 deletions(-) -- 2.30.2
Re: [PATCH 0/3] Atomic cleanup + clang-12 build fix
On 7/12/21 2:30 PM, Cole Robinson wrote: On 7/12/21 11:59 AM, Richard Henderson wrote: The first two patches are not strictly required, but they were useful in tracking down the root problem here. I understand the logic behind the clang-12 warning, but I think it's a clear mistake that it should be enabled by default for a target where alignment is not enforced by default. I found over a dozen places where we would have to manually add QEMU_ALIGNED(8) to uint64_t declarations in order to suppress all of the instances. IMO there's no point fighting this. I tested your patches, they seem to get rid of the warnings. The errors persist. FWIW here's my reproduce starting from fedora 34 x86_64 host: $ sudo mock --root fedora-35-i386 --install dnf --install dnf-utils --install fedora-packager --install clang $ sudo mock --root fedora-35-i386 --shell --enable-network # dnf builddep -y qemu # git clone https://github.com/qemu/qemu # cd qemu # CC=clang CXX=clang++ ./configure --disable-werror # make V=1 Ho hum. So, the warnings are where clang has decided to insert calls to libatomic. So we either have to (1) work around all of the places, which, unless we set up an i386 clang-12 builder will quickly bitrot, or (2) write our own routines, compatible with libatomic, using cmpxchg8b directly. which requires no (extra) locking, and so is compatible with the tcg jit output, or (3) file a bug with clang, and document "use clang-11 and not clang-12". Thoughts? r~
[PATCH RESEND v2 3/3] virtio-pci/hmp: implement device specific hmp interface
This patch is to implement the device specific interface to dump the mapping between virtio queues and vectors. (qemu) info msix -d /machine/peripheral/vscsi0 Msg L.Addr Msg U.Addr Msg Data Vect Ctrl 0xfee0 0x 0x4041 0x 0xfee0 0x 0x4051 0x 0xfee0 0x 0x4061 0x 0xfee0 0x 0x4071 0x 0xfee01000 0x 0x40b1 0x 0xfee02000 0x 0x40c1 0x 0xfee03000 0x 0x40d1 0x MSI-X PBA 0 0 0 0 0 0 0 virtio pci vector info: config: 0 queue 0: 1 queue 1: 2 queue 2: 3 queue 3: 4 queue 4: 5 queue 5: 6 Cc: Jason Wang Cc: Joe Jin Suggested-by: Jason Wang Signed-off-by: Dongli Zhang --- hw/virtio/virtio-pci.c | 22 ++ hw/virtio/virtio.c | 10 ++ include/hw/virtio/virtio.h | 2 ++ 3 files changed, 34 insertions(+) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 433060ac02..2971e8049c 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -38,6 +38,7 @@ #include "hw/virtio/virtio-bus.h" #include "qapi/visitor.h" #include "sysemu/replay.h" +#include "monitor/monitor.h" #define VIRTIO_PCI_REGION_SIZE(dev) VIRTIO_PCI_CONFIG_OFF(msix_present(dev)) @@ -1587,6 +1588,26 @@ static void virtio_pci_modern_io_region_unmap(VirtIOPCIProxy *proxy, >mr); } +static void virtio_pci_dc_msix_info(Monitor *mon, PCIDevice *dev, +Error **errp) +{ +DeviceState *qdev = DEVICE(dev); +VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(qdev); +VirtIODevice *vdev = virtio_bus_get_device(>bus); +int num = virtio_get_num_queues(vdev); +int i; + +monitor_printf(mon, "virtio pci vector info:\n"); + +monitor_printf(mon, "config: %d\n", virtio_get_config_vector(vdev)); + +for (i = 0; i < num; i++) +monitor_printf(mon, "queue %d: %u\n", + i, virtio_get_vector(vdev, i)); + +monitor_printf(mon, "\n"); +} + static void virtio_pci_pre_plugged(DeviceState *d, Error **errp) { VirtIOPCIProxy *proxy = VIRTIO_PCI(d); @@ -2004,6 +2025,7 @@ static void virtio_pci_class_init(ObjectClass *klass, void *data) k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; k->revision = VIRTIO_PCI_ABI_VERSION; k->class_id = PCI_CLASS_OTHERS; +k->msix_info = virtio_pci_dc_msix_info; device_class_set_parent_realize(dc, virtio_pci_dc_realize, >parent_dc_realize); dc->reset = virtio_pci_reset; diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 874377f37a..ea54939e98 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2581,6 +2581,16 @@ void virtio_notify_config(VirtIODevice *vdev) virtio_notify_vector(vdev, vdev->config_vector); } +uint16_t virtio_get_vector(VirtIODevice *vdev, int n) +{ +return vdev->vq[n].vector; +} + +uint16_t virtio_get_config_vector(VirtIODevice *vdev) +{ +return vdev->config_vector; +} + static bool virtio_device_endian_needed(void *opaque) { VirtIODevice *vdev = opaque; diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index 8bab9cfb75..6746227f73 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -268,6 +268,8 @@ int virtio_set_status(VirtIODevice *vdev, uint8_t val); void virtio_reset(void *opaque); void virtio_update_irq(VirtIODevice *vdev); int virtio_set_features(VirtIODevice *vdev, uint64_t val); +uint16_t virtio_get_vector(VirtIODevice *vdev, int n); +uint16_t virtio_get_config_vector(VirtIODevice *vdev); /* Base devices. */ typedef struct VirtIOBlkConf VirtIOBlkConf; -- 2.17.1
[PATCH RESEND v2 1/3] msix/hmp: add hmp interface to dump MSI-X info
This patch is to add the HMP interface to dump MSI-X table and PBA, in order to help diagnose the loss of IRQ issue in VM (e.g., if an MSI-X vector is erroneously masked permanently). Here is the example with vhost-scsi: (qemu) info msix /machine/peripheral/vscsi0 Msg L.Addr Msg U.Addr Msg Data Vect Ctrl 0xfee0 0x 0x4041 0x 0xfee0 0x 0x4051 0x 0xfee0 0x 0x4061 0x 0xfee0 0x 0x4071 0x 0xfee01000 0x 0x40b1 0x 0xfee02000 0x 0x40c1 0x 0xfee03000 0x 0x40d1 0x MSI-X PBA 0 0 0 0 0 0 0 Since the number of MSI-X entries is not determined and might be very large, it is sometimes inappropriate to dump via QMP. Therefore, this patch dumps MSI-X information only via HMP, which is similar to the implementation of hmp_info_mem(). Cc: Jason Wang Cc: Joe Jin Signed-off-by: Dongli Zhang Acked-by: Dr. David Alan Gilbert --- hmp-commands-info.hx | 13 + hw/pci/msix.c | 63 ++ include/hw/pci/msix.h | 2 ++ include/monitor/hmp.h | 1 + softmmu/qdev-monitor.c | 25 + 5 files changed, 104 insertions(+) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index 27206ac049..ce5c550d44 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -221,6 +221,19 @@ SRST Show PCI information. ERST +{ +.name = "msix", +.args_type = "dev:s", +.params = "dev", +.help = "dump MSI-X information", +.cmd= hmp_info_msix, +}, + +SRST + ``info msix`` *dev* +Dump MSI-X information for device *dev*. +ERST + #if defined(TARGET_I386) || defined(TARGET_SH4) || defined(TARGET_SPARC) || \ defined(TARGET_PPC) || defined(TARGET_XTENSA) || defined(TARGET_M68K) { diff --git a/hw/pci/msix.c b/hw/pci/msix.c index ae9331cd0b..4b4ec87eee 100644 --- a/hw/pci/msix.c +++ b/hw/pci/msix.c @@ -22,6 +22,7 @@ #include "sysemu/xen.h" #include "migration/qemu-file-types.h" #include "migration/vmstate.h" +#include "monitor/monitor.h" #include "qemu/range.h" #include "qapi/error.h" #include "trace.h" @@ -669,3 +670,65 @@ const VMStateDescription vmstate_msix = { VMSTATE_END_OF_LIST() } }; + +static void msix_dump_table(Monitor *mon, PCIDevice *dev) +{ +int vector; +uint32_t val; +uint8_t *table_entry; + +monitor_printf(mon, "Msg L.Addr "); +monitor_printf(mon, "Msg U.Addr "); +monitor_printf(mon, "Msg Data "); +monitor_printf(mon, "Vect Ctrl\n"); + +for (vector = 0; vector < dev->msix_entries_nr; vector++) { +table_entry = dev->msix_table + vector * PCI_MSIX_ENTRY_SIZE; + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_LOWER_ADDR); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_UPPER_ADDR); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_DATA); +monitor_printf(mon, "0x%08x ", val); + +val = pci_get_long(table_entry + PCI_MSIX_ENTRY_VECTOR_CTRL); +monitor_printf(mon, "0x%08x\n", val); +} + +monitor_printf(mon, "\n"); +} + +static void msix_dump_pba(Monitor *mon, PCIDevice *dev) +{ +int vector; + +monitor_printf(mon, "MSI-X PBA\n"); + +for (vector = 0; vector < dev->msix_entries_nr; vector++) { +monitor_printf(mon, "%d ", !!msix_is_pending(dev, vector)); + +if (vector % 16 == 15) { +monitor_printf(mon, "\n"); +} +} + +if (vector % 16 != 15) { +monitor_printf(mon, "\n"); +} + +monitor_printf(mon, "\n"); +} + +void msix_dump_info(Monitor *mon, PCIDevice *dev, Error **errp) +{ +if (!msix_present(dev)) { +error_setg(errp, "MSI-X not available"); +return; +} + +msix_dump_table(mon, dev); +msix_dump_pba(mon, dev); +} diff --git a/include/hw/pci/msix.h b/include/hw/pci/msix.h index 4c4a60c739..10a4500295 100644 --- a/include/hw/pci/msix.h +++ b/include/hw/pci/msix.h @@ -47,6 +47,8 @@ int msix_set_vector_notifiers(PCIDevice *dev, MSIVectorPollNotifier poll_notifier); void msix_unset_vector_notifiers(PCIDevice *dev); +void msix_dump_info(Monitor *mon, PCIDevice *dev, Error **errp); + extern const VMStateDescription vmstate_msix; #define VMSTATE_MSIX_TEST(_field, _state, _test) { \ diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h index 3baa1058e2..97c040a3c8 100644 --- a/include/monitor/hmp.h +++ b/include/monitor/hmp.h @@ -36,6 +36,7 @@ void hmp_info_irq(Monitor *mon, const QDict *qdict); void hmp_info_pic(Monitor *mon, const QDict *qdict); void hmp_info_rdma(Monitor *mon, const QDict *qdict); void hmp_info_pci(Monitor *mon, const QDict *qdict); +void hmp_info_msix(Monitor *mon, const QDict *qdict); void hmp_info_tpm(Monitor *mon, const QDict *qdict);
[PATCH RESEND v2 0/3] To add HMP interface to dump PCI MSI-X table/PBA
I have just rebased the v2 patchset on top of most recent qemu to resend. This patch is to introduce the new HMP command to dump the MSI-X table/PBA. Here is the RFC v1: https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg04673.html The idea was inspired by below discussion: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg09020.html (qemu) info msix -d /machine/peripheral/vscsi0 Msg L.Addr Msg U.Addr Msg Data Vect Ctrl 0xfee0 0x 0x4041 0x 0xfee0 0x 0x4051 0x 0xfee0 0x 0x4061 0x 0xfee0 0x 0x4071 0x 0xfee01000 0x 0x40b1 0x 0xfee02000 0x 0x40c1 0x 0xfee03000 0x 0x40d1 0x MSI-X PBA 0 0 0 0 0 0 0 virtio pci vector info: config: 0 queue 0: 1 queue 1: 2 queue 2: 3 queue 3: 4 queue 4: 5 queue 5: 6 Changed since RFC v1: - Add heading to MSI-X table (suggested by David Alan Gilbert) - Add device specific interface, e.g., to dump virtio-pci queue-to-vector mapping (Suggested By Jason) hmp-commands-info.hx | 14 + hw/pci/msix.c | 63 + hw/virtio/virtio-pci.c | 22 ++ hw/virtio/virtio.c | 10 +++ include/hw/pci/msix.h | 2 ++ include/hw/pci/pci.h | 3 ++ include/hw/virtio/virtio.h | 2 ++ include/monitor/hmp.h | 1 + softmmu/qdev-monitor.c | 36 +++ 9 files changed, 153 insertions(+) Thank you very much! Dongli Zhang
[PATCH RESEND v2 2/3] msix/hmp: add interface to dump device specific info
While the previous patch is to dump the MSI-X table, sometimes we may need to dump device specific data, e.g., to help match the vector with the specific device queue. This patch is to add the PCI device specific interface to help dump those information. Any PCI device class may implement this PCIDeviceClass->msix_info interface. Cc: Jason Wang Cc: Joe Jin Suggested-by: Jason Wang Signed-off-by: Dongli Zhang --- hmp-commands-info.hx | 7 --- include/hw/pci/pci.h | 3 +++ softmmu/qdev-monitor.c | 11 +++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx index ce5c550d44..4e831d7ae4 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx @@ -223,9 +223,10 @@ ERST { .name = "msix", -.args_type = "dev:s", -.params = "dev", -.help = "dump MSI-X information", +.args_type = "info:-d,dev:s", +.params = "[-d] dev", +.help = "dump MSI-X information; " + "(-d: show device specific info)", .cmd= hmp_info_msix, }, diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index 6be4e0c460..4620b9e757 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -129,6 +129,8 @@ typedef void PCIMapIORegionFunc(PCIDevice *pci_dev, int region_num, pcibus_t addr, pcibus_t size, int type); typedef void PCIUnregisterFunc(PCIDevice *pci_dev); +typedef void PCIMSIXInfoFunc(Monitor *mon, PCIDevice *dev, Error **errp); + typedef struct PCIIORegion { pcibus_t addr; /* current PCI mapping address. -1 means not mapped */ #define PCI_BAR_UNMAPPED (~(pcibus_t)0) @@ -224,6 +226,7 @@ struct PCIDeviceClass { PCIUnregisterFunc *exit; PCIConfigReadFunc *config_read; PCIConfigWriteFunc *config_write; +PCIMSIXInfoFunc *msix_info; uint16_t vendor_id; uint16_t device_id; diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c index 7837a17d0d..7fd3fe0ada 100644 --- a/softmmu/qdev-monitor.c +++ b/softmmu/qdev-monitor.c @@ -1011,7 +1011,9 @@ void hmp_info_msix(Monitor *mon, const QDict *qdict) { const char *name = qdict_get_str(qdict, "dev"); DeviceState *dev = find_device_state(name, NULL); +bool info = qdict_get_try_bool(qdict, "info", false); PCIDevice *pci_dev; +PCIDeviceClass *pc; Error *err = NULL; if (!dev) { @@ -1027,6 +1029,15 @@ void hmp_info_msix(Monitor *mon, const QDict *qdict) pci_dev = PCI_DEVICE(dev); msix_dump_info(mon, pci_dev, ); +if (info) { +pc = PCI_DEVICE_GET_CLASS(pci_dev); +if (pc->msix_info) { +pc->msix_info(mon, pci_dev, ); +} else { +error_setg(, "Device specific info not supported"); +} +} + exit: hmp_handle_error(mon, err); } -- 2.17.1
Re: [PATCH 07/10] iotests/297: return error code from run_linters()
On Tue, Jul 6, 2021 at 5:49 AM Vladimir Sementsov-Ogievskiy < vsement...@virtuozzo.com> wrote: > 25.06.2021 21:20, John Snow wrote: > > This turns run_linters() into a bit of a hybrid test; returning non-zero > > on failed execution while also printing diffable information. This is > > done for the benefit of the avocado simple test runner, which will soon > > be attempting to execute this test from a different environment. > > > > (Note: universal_newlines is added to the pylint invocation for type > > consistency with the mypy run -- it's not strictly necessary, but it > > avoids some typing errors caused by our re-use of the 'p' variable.) > > > > Signed-off-by: John Snow > > --- > > tests/qemu-iotests/297 | 10 -- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/tests/qemu-iotests/297 b/tests/qemu-iotests/297 > > index 1e8334d1d4..7db1f9ed45 100755 > > --- a/tests/qemu-iotests/297 > > +++ b/tests/qemu-iotests/297 > > @@ -68,19 +68,22 @@ def run_linters( > > files: List[str], > > directory: str = '.', > > env: Optional[Mapping[str, str]] = None, > > -) -> None: > > +) -> int: > > +ret = 0 > > > > print('=== pylint ===') > > sys.stdout.flush() > > > > # Todo notes are fine, but fixme's or xxx's should probably just be > > # fixed (in tests, at least) > > -subprocess.run( > > +p = subprocess.run( > > ('python3', '-m', 'pylint', '--score=n', '--notes=FIXME,XXX', > *files), > > cwd=directory, > > env=env, > > check=False, > > +universal_newlines=True, > > ) > > +ret += p.returncode > > > > print('=== mypy ===') > > sys.stdout.flush() > > @@ -113,9 +116,12 @@ def run_linters( > > universal_newlines=True > > ) > > > > +ret += p.returncode > > if p.returncode != 0: > > print(p.stdout) > > > > +return ret > > + > > > > def main() -> None: > > for linter in ('pylint-3', 'mypy'): > > > > Hmm.. > > 1. Rather unusual for a function in python to return int error-code, more > usual is raising exceptions.. > > It is strange, but I felt that if these tests were going to run in "two contexts" that I would avoid raising Exceptions and trying to understand how it would affect either call stack. > 2. making a sum of return codes looks odd to me > > Just a cheap way to state that a 0 return is good, and a non-zero return code is failure. > 3. Do we really want to run mypy if pylint failed? Maybe better not doing > it, and just switch s/check=False/check=True/ ? This way: > > I suppose we could. For the sake of CI, I like seeing more output instead of less so that you can save yourself the trouble and fix everything before re-submitting the CI job. What do you think? > 3.1 the function becomes native wrapper for subprocess.run, and raise same > exceptions > 3.2 we don't waste CI time by running mypy when pylint failed anyway > > > -- > Best regards, > Vladimir > >
RE: [PATCH v2 19/36] linux-user/hexagon: Implement setup_sigtramp
> -Original Message- > From: Richard Henderson > Sent: Tuesday, July 6, 2021 5:49 PM > To: qemu-devel@nongnu.org > Cc: laur...@vivier.eu; alex.ben...@linaro.org; Taylor Simpson > ; Philippe Mathieu-Daudé > Subject: [PATCH v2 19/36] linux-user/hexagon: Implement setup_sigtramp > > Continue to initialize the words on the stack, as documented. > However, use the off-stack trampoline. > > Cc: Taylor Simpson > Reviewed-by: Philippe Mathieu-Daudé > Signed-off-by: Richard Henderson > --- > linux-user/hexagon/target_signal.h | 2 ++ > linux-user/hexagon/signal.c| 19 +-- > 2 files changed, 19 insertions(+), 2 deletions(-) Reviewed-by: Taylor Simpson Tested-by: Taylor Simpson
Re: [PATCH v2 1/3] hw/net: e1000: Correct the initial value of VET register
On Mon, Jul 5, 2021 at 1:57 PM Bin Meng wrote: > > On Mon, Jul 5, 2021 at 12:21 PM Jason Wang wrote: > > > > > > 在 2021/7/2 下午5:24, Bin Meng 写道: > > > From: Christina Wang > > > > > > The initial value of VLAN Ether Type (VET) register is 0x8100, as per > > > the manual and real hardware. > > > > > > While Linux e1000 driver always writes VET register to 0x8100, it is > > > not always the case for everyone. Drivers relying on the reset value > > > of VET won't be able to transmit and receive VLAN frames in QEMU. > > > > > > Reported-by: Markus Carlstedt > > > Signed-off-by: Christina Wang > > > Signed-off-by: Bin Meng > > > --- > > > > > > (no changes since v1) > > > > > > hw/net/e1000.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/hw/net/e1000.c b/hw/net/e1000.c > > > index 4f75b44cfc..20cbba6411 100644 > > > --- a/hw/net/e1000.c > > > +++ b/hw/net/e1000.c > > > @@ -29,6 +29,7 @@ > > > #include "hw/pci/pci.h" > > > #include "hw/qdev-properties.h" > > > #include "migration/vmstate.h" > > > +#include "net/eth.h" > > > #include "net/net.h" > > > #include "net/checksum.h" > > > #include "sysemu/sysemu.h" > > > @@ -254,6 +255,7 @@ static const uint32_t mac_reg_init[] = { > > > [MANC]= E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN | > > > E1000_MANC_ARP_EN | E1000_MANC_0298_EN | > > > E1000_MANC_RMCP_EN, > > > +[VET] = ETH_P_VLAN, > > > > > > I wonder if we need a compat flag for this, since we change the behavior. > > > > (See e1000_properties[]) > > > > No we don't need to since it does not break migration. Ping?
Re: [PATCH v1 3/3] hw/riscv: virt: Add optional ACLINT support to virt machine
On Mon, Jul 12, 2021 at 11:03 PM Anup Patel wrote: > > On Mon, Jul 12, 2021 at 6:41 PM Bin Meng wrote: > > > > On Mon, Jul 12, 2021 at 6:54 PM Anup Patel wrote: > > > > > > On Mon, Jul 12, 2021 at 11:45 AM Bin Meng wrote: > > > > > > > > On Mon, Jul 12, 2021 at 1:39 PM Anup Patel wrote: > > > > > > > > > > On Mon, Jun 14, 2021 at 5:52 PM Bin Meng wrote: > > > > > > > > > > > > On Sun, Jun 13, 2021 at 12:14 AM Anup Patel > > > > > > wrote: > > > > > > > > > > > > > > We extend virt machine to emulate ACLINT devices only when > > > > > > > "aclint=on" > > > > > > > parameter is passed along with machine name in QEMU command-line. > > > > > > > > > > > > > > Signed-off-by: Anup Patel > > > > > > > --- > > > > > > > hw/riscv/virt.c | 110 > > > > > > > +++- > > > > > > > include/hw/riscv/virt.h | 2 + > > > > > > > 2 files changed, 111 insertions(+), 1 deletion(-) > > > > > > > > > > > > > > diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c > > > > > > > index 977d699753..a35f66af13 100644 > > > > > > > --- a/hw/riscv/virt.c > > > > > > > +++ b/hw/riscv/virt.c > > > > > > > @@ -50,6 +50,7 @@ static const MemMapEntry virt_memmap[] = { > > > > > > > [VIRT_TEST] ={ 0x10,0x1000 }, > > > > > > > [VIRT_RTC] = { 0x101000,0x1000 }, > > > > > > > [VIRT_CLINT] = { 0x200, 0x1 }, > > > > > > > +[VIRT_ACLINT_SSWI] = { 0x2F0,0x4000 }, > > > > > > > > > > > > How about we reuse the same register space to support both CLINT and > > > > > > ACLINT? This saves some register space for future extension. > > > > > > > > > > The intention of placing ACLINT SSWI separate from ACLINT MTIMER and > > > > > MSWI is to minimize PMP region usage. > > > > > > > > Okay, so this leaves spaces for 240 ACLINT MTIMER and MSWI devices in > > > > total, if we put ACLINT SSWI at 0x2F0, and we still have spaces > > > > for 64 ACLINT SSWI devices. Is this enough? > > > > > > We just need one instance of MTIMER, MSWI, and SSWI per-socket. > > > Current limit of max sockets in RISC-V virt machine is 8. We will be > > > reducing this to 4 due space required by IMSICs. This means no matter > > > what 8 instances of each MTIMER, MSWI, and SSWI is the max we > > > can go for RISC-V virt machine. This limits are due to the fact that > > > we want to fit devices in first 2GB space. > > > > > > > Can you list the maximum ACLINT devices and their memory map we intend > > to support and with that we can see how many PMP is used? > > For 4 sockets, we will have following layout: > 0x200-0x200 (Socket0 MTIMER and MSWI) > 0x201-0x201 (Socket1 MTIMER and MSWI) > 0x202-0x202 (Socket2 MTIMER and MSWI) > 0x203-0x203 (Socket3 MTIMER and MSWI) > 0x2F0-0x2F03FFF (Socket0 SSWI) > 0x2F04000-0x2F07FFF (Socket1 SSWI) > 0x2F08000-0x2F0bFFF (Socket2 SSWI) > 0x2F0C000-0x2F0 (Socket3 SSWI) > > OpenSBI will create one PMP region to protect all > MTIMERs and MSWIs which is: > 0x200-0x203 Thanks! This makes sense. Regards, Bin
[PULL 10/11] hw/riscv: opentitan: Add the unimplement rv_core_ibex_peri
Signed-off-by: Alistair Francis Reviewed-by: Bin Meng Message-id: ed707782e84118e1b06a32fd79b70fecfb54ff82.1625801868.git.alistair.fran...@wdc.com --- include/hw/riscv/opentitan.h | 1 + hw/riscv/opentitan.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h index 86cceef698..a488f5e8ec 100644 --- a/include/hw/riscv/opentitan.h +++ b/include/hw/riscv/opentitan.h @@ -81,6 +81,7 @@ enum { IBEX_DEV_ALERT_HANDLER, IBEX_DEV_NMI_GEN, IBEX_DEV_OTBN, +IBEX_DEV_PERI, }; enum { diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index c5a7e3bacb..933c211b11 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -58,6 +58,7 @@ static const MemMapEntry ibex_memmap[] = { [IBEX_DEV_ALERT_HANDLER] = { 0x411b, 0x1000 }, [IBEX_DEV_NMI_GEN] ={ 0x411c, 0x1000 }, [IBEX_DEV_OTBN] = { 0x411d, 0x1 }, +[IBEX_DEV_PERI] = { 0x411f, 0x1 }, }; static void opentitan_board_init(MachineState *machine) @@ -217,6 +218,8 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) memmap[IBEX_DEV_NMI_GEN].base, memmap[IBEX_DEV_NMI_GEN].size); create_unimplemented_device("riscv.lowrisc.ibex.otbn", memmap[IBEX_DEV_OTBN].base, memmap[IBEX_DEV_OTBN].size); +create_unimplemented_device("riscv.lowrisc.ibex.peri", +memmap[IBEX_DEV_PERI].base, memmap[IBEX_DEV_PERI].size); } static void lowrisc_ibex_soc_class_init(ObjectClass *oc, void *data) -- 2.31.1
[PULL 05/11] target/riscv: hardwire bits in hideleg and hedeleg
From: Jose Martins The specification mandates for certain bits to be hardwired in the hypervisor delegation registers. This was not being enforced. Signed-off-by: Jose Martins Reviewed-by: LIU Zhiwei Reviewed-by: Alistair Francis Message-id: 20210522155902.374439-1-josemartin...@gmail.com [ Changes by AF: - Improve indentation ] Signed-off-by: Alistair Francis --- target/riscv/csr.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 62b968326c..b904d2bcb0 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -411,6 +411,7 @@ static RISCVException read_timeh(CPURISCVState *env, int csrno, static const target_ulong delegable_ints = S_MODE_INTERRUPTS | VS_MODE_INTERRUPTS; +static const target_ulong vs_delegable_ints = VS_MODE_INTERRUPTS; static const target_ulong all_ints = M_MODE_INTERRUPTS | S_MODE_INTERRUPTS | VS_MODE_INTERRUPTS; static const target_ulong delegable_excps = @@ -433,6 +434,14 @@ static const target_ulong delegable_excps = (1ULL << (RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT)) | (1ULL << (RISCV_EXCP_VIRT_INSTRUCTION_FAULT)) | (1ULL << (RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT)); +static const target_ulong vs_delegable_excps = delegable_excps & +~((1ULL << (RISCV_EXCP_S_ECALL)) | + (1ULL << (RISCV_EXCP_VS_ECALL)) | + (1ULL << (RISCV_EXCP_M_ECALL)) | + (1ULL << (RISCV_EXCP_INST_GUEST_PAGE_FAULT)) | + (1ULL << (RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT)) | + (1ULL << (RISCV_EXCP_VIRT_INSTRUCTION_FAULT)) | + (1ULL << (RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT))); static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE | SSTATUS_SPIE | SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS | SSTATUS_SUM | SSTATUS_MXR; @@ -1039,7 +1048,7 @@ static RISCVException read_hedeleg(CPURISCVState *env, int csrno, static RISCVException write_hedeleg(CPURISCVState *env, int csrno, target_ulong val) { -env->hedeleg = val; +env->hedeleg = val & vs_delegable_excps; return RISCV_EXCP_NONE; } @@ -1053,7 +1062,7 @@ static RISCVException read_hideleg(CPURISCVState *env, int csrno, static RISCVException write_hideleg(CPURISCVState *env, int csrno, target_ulong val) { -env->hideleg = val; +env->hideleg = val & vs_delegable_ints; return RISCV_EXCP_NONE; } -- 2.31.1
[PULL 04/11] docs/system: riscv: Add documentation for virt machine
From: Bin Meng This adds detailed documentation for RISC-V `virt` machine, including the following information: - Supported devices - Hardware configuration information - Boot options - Running Linux kernel - Running U-Boot Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210627142816.19789-2-bmeng...@gmail.com Signed-off-by: Alistair Francis --- docs/system/riscv/virt.rst | 138 +++ docs/system/target-riscv.rst | 1 + 2 files changed, 139 insertions(+) create mode 100644 docs/system/riscv/virt.rst diff --git a/docs/system/riscv/virt.rst b/docs/system/riscv/virt.rst new file mode 100644 index 00..3709f05797 --- /dev/null +++ b/docs/system/riscv/virt.rst @@ -0,0 +1,138 @@ +'virt' Generic Virtual Platform (``virt``) +== + +The `virt` board is a platform which does not correspond to any real hardware; +it is designed for use in virtual machines. It is the recommended board type +if you simply want to run a guest such as Linux and do not care about +reproducing the idiosyncrasies and limitations of a particular bit of +real-world hardware. + +Supported devices +- + +The ``virt`` machine supports the following devices: + +* Up to 8 generic RV32GC/RV64GC cores, with optional extensions +* Core Local Interruptor (CLINT) +* Platform-Level Interrupt Controller (PLIC) +* CFI parallel NOR flash memory +* 1 NS16550 compatible UART +* 1 Google Goldfish RTC +* 1 SiFive Test device +* 8 virtio-mmio transport devices +* 1 generic PCIe host bridge +* The fw_cfg device that allows a guest to obtain data from QEMU + +Note that the default CPU is a generic RV32GC/RV64GC. Optional extensions +can be enabled via command line parameters, e.g.: ``-cpu rv64,x-h=true`` +enables the hypervisor extension for RV64. + +Hardware configuration information +-- + +The ``virt`` machine automatically generates a device tree blob ("dtb") +which it passes to the guest, if there is no ``-dtb`` option. This provides +information about the addresses, interrupt lines and other configuration of +the various devices in the system. Guest software should discover the devices +that are present in the generated DTB. + +If users want to provide their own DTB, they can use the ``-dtb`` option. +These DTBs should have the following requirements: + +* The number of subnodes of the /cpus node should match QEMU's ``-smp`` option +* The /memory reg size should match QEMU’s selected ram_size via ``-m`` +* Should contain a node for the CLINT device with a compatible string + "riscv,clint0" if using with OpenSBI BIOS images + +Boot options + + +The ``virt`` machine can start using the standard -kernel functionality +for loading a Linux kernel, a VxWorks kernel, an S-mode U-Boot bootloader +with the default OpenSBI firmware image as the -bios. It also supports +the recommended RISC-V bootflow: U-Boot SPL (M-mode) loads OpenSBI fw_dynamic +firmware and U-Boot proper (S-mode), using the standard -bios functionality. + +Running Linux kernel + + +Linux mainline v5.12 release is tested at the time of writing. To build a +Linux mainline kernel that can be booted by the ``virt`` machine in +64-bit mode, simply configure the kernel using the defconfig configuration: + +.. code-block:: bash + + $ export ARCH=riscv + $ export CROSS_COMPILE=riscv64-linux- + $ make defconfig + $ make + +To boot the newly built Linux kernel in QEMU with the ``virt`` machine: + +.. code-block:: bash + + $ qemu-system-riscv64 -M virt -smp 4 -m 2G \ + -display none -serial stdio \ + -kernel arch/riscv/boot/Image \ + -initrd /path/to/rootfs.cpio \ + -append "root=/dev/ram" + +To build a Linux mainline kernel that can be booted by the ``virt`` machine +in 32-bit mode, use the rv32_defconfig configuration. A patch is required to +fix the 32-bit boot issue for Linux kernel v5.12. + +.. code-block:: bash + + $ export ARCH=riscv + $ export CROSS_COMPILE=riscv64-linux- + $ curl https://patchwork.kernel.org/project/linux-riscv/patch/20210627135117.28641-1-bmeng...@gmail.com/mbox/ > riscv.patch + $ git am riscv.patch + $ make rv32_defconfig + $ make + +Replace ``qemu-system-riscv64`` with ``qemu-system-riscv32`` in the command +line above to boot the 32-bit Linux kernel. A rootfs image containing 32-bit +applications shall be used in order for kernel to boot to user space. + +Running U-Boot +-- + +U-Boot mainline v2021.04 release is tested at the time of writing. To build an +S-mode U-Boot bootloader that can be booted by the ``virt`` machine, use +the qemu-riscv64_smode_defconfig with similar commands as described above for Linux: + +.. code-block:: bash + + $ export CROSS_COMPILE=riscv64-linux- + $ make qemu-riscv64_smode_defconfig + +Boot the 64-bit U-Boot S-mode image directly: + +.. code-block:: bash + + $ qemu-system-riscv64 -M virt -smp 4 -m 2G \ +
[PULL 06/11] docs/system: riscv: Update Microchip Icicle Kit for direct kernel boot
From: Bin Meng This adds a new section in the documentation to demonstrate how to use the new direct kernel boot feature for Microchip Icicle Kit, other than the HSS bootflow, using an upstream U-Boot v2021.07 image as an example. It also updates the truth table to have a new '-dtb' column which is required by direct kernel boot. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210706095045.1917913-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- docs/system/riscv/microchip-icicle-kit.rst | 54 +++--- 1 file changed, 47 insertions(+), 7 deletions(-) diff --git a/docs/system/riscv/microchip-icicle-kit.rst b/docs/system/riscv/microchip-icicle-kit.rst index 54ced661e3..817d2aec9c 100644 --- a/docs/system/riscv/microchip-icicle-kit.rst +++ b/docs/system/riscv/microchip-icicle-kit.rst @@ -47,13 +47,13 @@ The user provided DTB should have the following requirements: QEMU follows below truth table to select which payload to execute: -= == === --bios -kernel payload -= == === -N N HSS -Y don't care HSS -N Y kernel -= == === += == == === +-bios-kernel -dtb payload += == == === +N N don't care HSS +Y don't care don't care HSS +N Y Y kernel += == == === The memory is set to 1537 MiB by default which is the minimum required high memory size by HSS. A sanity check on ram size is performed in the machine @@ -106,4 +106,44 @@ HSS output is on the first serial port (stdio) and U-Boot outputs on the second serial port. U-Boot will automatically load the Linux kernel from the SD card image. +Direct Kernel Boot +-- + +Sometimes we just want to test booting a new kernel, and transforming the +kernel image to the format required by the HSS bootflow is tedious. We can +use '-kernel' for direct kernel booting just like other RISC-V machines do. + +In this mode, the OpenSBI fw_dynamic BIOS image for 'generic' platform is +used to boot an S-mode payload like U-Boot or OS kernel directly. + +For example, the following commands show building a U-Boot image from U-Boot +mainline v2021.07 for the Microchip Icicle Kit board: + +.. code-block:: bash + + $ export CROSS_COMPILE=riscv64-linux- + $ make microchip_mpfs_icicle_defconfig + +Then we can boot the machine by: + +.. code-block:: bash + + $ qemu-system-riscv64 -M microchip-icicle-kit -smp 5 -m 2G \ + -sd path/to/sdcard.img \ + -nic user,model=cadence_gem \ + -nic tap,ifname=tap,model=cadence_gem,script=no \ + -display none -serial stdio \ + -kernel path/to/u-boot/build/dir/u-boot.bin \ + -dtb path/to/u-boot/build/dir/u-boot.dtb + +CAVEATS: + +* Check the "stdout-path" property in the /chosen node in the DTB to determine + which serial port is used for the serial console, e.g.: if the console is set + to the second serial port, change to use "-serial null -serial stdio". +* The default U-Boot configuration uses CONFIG_OF_SEPARATE hence the ELF image + ``u-boot`` cannot be passed to "-kernel" as it does not contain the DTB hence + ``u-boot.bin`` has to be used which does contain one. To use the ELF image, + we need to change to CONFIG_OF_EMBED or CONFIG_OF_PRIOR_STAGE. + .. _HSS: https://github.com/polarfire-soc/hart-software-services -- 2.31.1
[PULL 11/11] hw/riscv: opentitan: Add the flash alias
OpenTitan has an alias of flash avaliable which is called virtual flash. Add support for that in the QEMU model. Signed-off-by: Alistair Francis Reviewed-by: Bin Meng Message-id: c9cfbd2dd840fd0076877b8ea4d6dcfce60db5e9.1625801868.git.alistair.fran...@wdc.com --- include/hw/riscv/opentitan.h | 2 ++ hw/riscv/opentitan.c | 6 ++ 2 files changed, 8 insertions(+) diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h index a488f5e8ec..9f93bebdac 100644 --- a/include/hw/riscv/opentitan.h +++ b/include/hw/riscv/opentitan.h @@ -40,6 +40,7 @@ struct LowRISCIbexSoCState { MemoryRegion flash_mem; MemoryRegion rom; +MemoryRegion flash_alias; }; typedef struct OpenTitanState { @@ -54,6 +55,7 @@ enum { IBEX_DEV_ROM, IBEX_DEV_RAM, IBEX_DEV_FLASH, +IBEX_DEV_FLASH_VIRTUAL, IBEX_DEV_UART, IBEX_DEV_GPIO, IBEX_DEV_SPI, diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index 933c211b11..36a41c8b5b 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -59,6 +59,7 @@ static const MemMapEntry ibex_memmap[] = { [IBEX_DEV_NMI_GEN] ={ 0x411c, 0x1000 }, [IBEX_DEV_OTBN] = { 0x411d, 0x1 }, [IBEX_DEV_PERI] = { 0x411f, 0x1 }, +[IBEX_DEV_FLASH_VIRTUAL] = { 0x8000, 0x8 }, }; static void opentitan_board_init(MachineState *machine) @@ -134,8 +135,13 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) /* Flash memory */ memory_region_init_rom(>flash_mem, OBJECT(dev_soc), "riscv.lowrisc.ibex.flash", memmap[IBEX_DEV_FLASH].size, _fatal); +memory_region_init_alias(>flash_alias, OBJECT(dev_soc), + "riscv.lowrisc.ibex.flash_virtual", >flash_mem, 0, + memmap[IBEX_DEV_FLASH_VIRTUAL].size); memory_region_add_subregion(sys_mem, memmap[IBEX_DEV_FLASH].base, >flash_mem); +memory_region_add_subregion(sys_mem, memmap[IBEX_DEV_FLASH_VIRTUAL].base, +>flash_alias); /* PLIC */ if (!sysbus_realize(SYS_BUS_DEVICE(>plic), errp)) { -- 2.31.1
[PULL 09/11] char: ibex_uart: Update the register layout
Update the register layout to match the latest OpenTitan bitstream. Signed-off-by: Alistair Francis Reviewed-by: Bin Meng Message-id: 25c8377d32f3e0f0a1a862c8a5092f8a9e3f9928.1625801868.git.alistair.fran...@wdc.com --- hw/char/ibex_uart.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hw/char/ibex_uart.c b/hw/char/ibex_uart.c index fe4b6c3c9e..6b0c9330bf 100644 --- a/hw/char/ibex_uart.c +++ b/hw/char/ibex_uart.c @@ -42,7 +42,8 @@ REG32(INTR_STATE, 0x00) FIELD(INTR_STATE, RX_OVERFLOW, 3, 1) REG32(INTR_ENABLE, 0x04) REG32(INTR_TEST, 0x08) -REG32(CTRL, 0x0C) +REG32(ALERT_TEST, 0x0C) +REG32(CTRL, 0x10) FIELD(CTRL, TX_ENABLE, 0, 1) FIELD(CTRL, RX_ENABLE, 1, 1) FIELD(CTRL, NF, 2, 1) @@ -52,25 +53,25 @@ REG32(CTRL, 0x0C) FIELD(CTRL, PARITY_ODD, 7, 1) FIELD(CTRL, RXBLVL, 8, 2) FIELD(CTRL, NCO, 16, 16) -REG32(STATUS, 0x10) +REG32(STATUS, 0x14) FIELD(STATUS, TXFULL, 0, 1) FIELD(STATUS, RXFULL, 1, 1) FIELD(STATUS, TXEMPTY, 2, 1) FIELD(STATUS, RXIDLE, 4, 1) FIELD(STATUS, RXEMPTY, 5, 1) -REG32(RDATA, 0x14) -REG32(WDATA, 0x18) -REG32(FIFO_CTRL, 0x1c) +REG32(RDATA, 0x18) +REG32(WDATA, 0x1C) +REG32(FIFO_CTRL, 0x20) FIELD(FIFO_CTRL, RXRST, 0, 1) FIELD(FIFO_CTRL, TXRST, 1, 1) FIELD(FIFO_CTRL, RXILVL, 2, 3) FIELD(FIFO_CTRL, TXILVL, 5, 2) -REG32(FIFO_STATUS, 0x20) +REG32(FIFO_STATUS, 0x24) FIELD(FIFO_STATUS, TXLVL, 0, 5) FIELD(FIFO_STATUS, RXLVL, 16, 5) -REG32(OVRD, 0x24) -REG32(VAL, 0x28) -REG32(TIMEOUT_CTRL, 0x2c) +REG32(OVRD, 0x28) +REG32(VAL, 0x2C) +REG32(TIMEOUT_CTRL, 0x30) static void ibex_uart_update_irqs(IbexUartState *s) { -- 2.31.1
[PULL 03/11] docs/system: riscv: Fix CLINT name in the sifive_u doc
From: Bin Meng It's Core *Local* Interruptor, not 'Level'. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210627142816.19789-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- docs/system/riscv/sifive_u.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/riscv/sifive_u.rst b/docs/system/riscv/sifive_u.rst index 32d0a1b85d..01108b5ecc 100644 --- a/docs/system/riscv/sifive_u.rst +++ b/docs/system/riscv/sifive_u.rst @@ -11,7 +11,7 @@ The ``sifive_u`` machine supports the following devices: * 1 E51 / E31 core * Up to 4 U54 / U34 cores -* Core Level Interruptor (CLINT) +* Core Local Interruptor (CLINT) * Platform-Level Interrupt Controller (PLIC) * Power, Reset, Clock, Interrupt (PRCI) * L2 Loosely Integrated Memory (L2-LIM) -- 2.31.1
[PULL 08/11] hw/riscv: sifive_u: Make sure firmware info is 8-byte aligned
From: Bin Meng Currently the firmware dynamic info (fw_dyn) is put right after the reset vector, which is not 8-byte aligned on RV64. OpenSBI fw_dynamic uses ld to read contents from 'struct fw_dynamic_info', which expects fw_dyn to be on the 8-byte boundary, otherwise the misaligned load exception may happen. Fortunately this does not cause any issue on QEMU, as QEMU does support misaligned load. RV32 does not have any issue as it is 4-byte aligned already. Change to make sure it is 8-byte aligned which works for both RV32 and RV64. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210708143319.10441-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- hw/riscv/sifive_u.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index e75ca38783..87bbd10b21 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -602,10 +602,10 @@ static void sifive_u_machine_init(MachineState *machine) } /* reset vector */ -uint32_t reset_vec[11] = { +uint32_t reset_vec[12] = { s->msel, /* MSEL pin state */ 0x0297,/* 1: auipc t0, %pcrel_hi(fw_dyn) */ -0x02828613,/* addi a2, t0, %pcrel_lo(1b) */ +0x02c28613,/* addi a2, t0, %pcrel_lo(1b) */ 0xf1402573,/* csrr a0, mhartid */ 0, 0, @@ -613,6 +613,7 @@ static void sifive_u_machine_init(MachineState *machine) start_addr,/* start: .dword */ start_addr_hi32, fdt_load_addr, /* fdt_laddr: .dword */ +0x, 0x, /* fw_dyn: */ }; -- 2.31.1
[PULL 00/11] riscv-to-apply queue
The following changes since commit 57e28d34c0cb04abf7683ac6a12c87ede447c320: Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' into staging (2021-07-12 19:15:11 +0100) are available in the Git repository at: g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20210712 for you to fetch changes up to d6b87906f09f72a837dc68c33bfc3d913ef74b7d: hw/riscv: opentitan: Add the flash alias (2021-07-13 08:47:52 +1000) Fourth RISC-V PR for 6.1 release - Code cleanups - Documentation improvements - Hypervisor extension improvements with hideleg and hedeleg - sifive_u fixes - OpenTitan register layout updates Alistair Francis (3): char: ibex_uart: Update the register layout hw/riscv: opentitan: Add the unimplement rv_core_ibex_peri hw/riscv: opentitan: Add the flash alias Bin Meng (7): target/riscv: pmp: Fix some typos target/riscv: csr: Remove redundant check in fp csr read/write routines docs/system: riscv: Fix CLINT name in the sifive_u doc docs/system: riscv: Add documentation for virt machine docs/system: riscv: Update Microchip Icicle Kit for direct kernel boot hw/riscv: sifive_u: Correct the CLINT timebase frequency hw/riscv: sifive_u: Make sure firmware info is 8-byte aligned Jose Martins (1): target/riscv: hardwire bits in hideleg and hedeleg docs/system/riscv/microchip-icicle-kit.rst | 54 +-- docs/system/riscv/sifive_u.rst | 2 +- docs/system/riscv/virt.rst | 138 + docs/system/target-riscv.rst | 1 + include/hw/riscv/opentitan.h | 3 + hw/char/ibex_uart.c| 19 ++-- hw/riscv/opentitan.c | 9 ++ hw/riscv/sifive_u.c| 12 ++- target/riscv/csr.c | 37 +++- target/riscv/pmp.c | 10 +-- 10 files changed, 233 insertions(+), 52 deletions(-) create mode 100644 docs/system/riscv/virt.rst
[PULL 02/11] target/riscv: csr: Remove redundant check in fp csr read/write routines
From: Bin Meng The following check: if (!env->debugger && !riscv_cpu_fp_enabled(env)) { return -RISCV_EXCP_ILLEGAL_INST; } is redundant in fflags/frm/fcsr read/write routines, as the check was already done in fs(). Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210627120604.6-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- target/riscv/csr.c | 24 1 file changed, 24 deletions(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index fe5628fea6..62b968326c 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -215,11 +215,6 @@ static RISCVException epmp(CPURISCVState *env, int csrno) static RISCVException read_fflags(CPURISCVState *env, int csrno, target_ulong *val) { -#if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} -#endif *val = riscv_cpu_get_fflags(env); return RISCV_EXCP_NONE; } @@ -228,9 +223,6 @@ static RISCVException write_fflags(CPURISCVState *env, int csrno, target_ulong val) { #if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} env->mstatus |= MSTATUS_FS; #endif riscv_cpu_set_fflags(env, val & (FSR_AEXC >> FSR_AEXC_SHIFT)); @@ -240,11 +232,6 @@ static RISCVException write_fflags(CPURISCVState *env, int csrno, static RISCVException read_frm(CPURISCVState *env, int csrno, target_ulong *val) { -#if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} -#endif *val = env->frm; return RISCV_EXCP_NONE; } @@ -253,9 +240,6 @@ static RISCVException write_frm(CPURISCVState *env, int csrno, target_ulong val) { #if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} env->mstatus |= MSTATUS_FS; #endif env->frm = val & (FSR_RD >> FSR_RD_SHIFT); @@ -265,11 +249,6 @@ static RISCVException write_frm(CPURISCVState *env, int csrno, static RISCVException read_fcsr(CPURISCVState *env, int csrno, target_ulong *val) { -#if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} -#endif *val = (riscv_cpu_get_fflags(env) << FSR_AEXC_SHIFT) | (env->frm << FSR_RD_SHIFT); if (vs(env, csrno) >= 0) { @@ -283,9 +262,6 @@ static RISCVException write_fcsr(CPURISCVState *env, int csrno, target_ulong val) { #if !defined(CONFIG_USER_ONLY) -if (!env->debugger && !riscv_cpu_fp_enabled(env)) { -return RISCV_EXCP_ILLEGAL_INST; -} env->mstatus |= MSTATUS_FS; #endif env->frm = (val & FSR_RD) >> FSR_RD_SHIFT; -- 2.31.1
[PULL 01/11] target/riscv: pmp: Fix some typos
From: Bin Meng %s/CSP/CSR %s/thie/the Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20210627115716.3552-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- target/riscv/pmp.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 82ed020b10..54abf42583 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -456,7 +456,7 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr, } /* - * Handle a write to a pmpcfg CSP + * Handle a write to a pmpcfg CSR */ void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, target_ulong val) @@ -483,7 +483,7 @@ void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index, /* - * Handle a read from a pmpcfg CSP + * Handle a read from a pmpcfg CSR */ target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index) { @@ -502,7 +502,7 @@ target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t reg_index) /* - * Handle a write to a pmpaddr CSP + * Handle a write to a pmpaddr CSR */ void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, target_ulong val) @@ -540,7 +540,7 @@ void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index, /* - * Handle a read from a pmpaddr CSP + * Handle a read from a pmpaddr CSR */ target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index) { @@ -593,7 +593,7 @@ target_ulong mseccfg_csr_read(CPURISCVState *env) /* * Calculate the TLB size if the start address or the end address of - * PMP entry is presented in thie TLB page. + * PMP entry is presented in the TLB page. */ static target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index, target_ulong tlb_sa, target_ulong tlb_ea) -- 2.31.1
[PULL 07/11] hw/riscv: sifive_u: Correct the CLINT timebase frequency
From: Bin Meng At present the CLINT timebase frequency is set to 10MHz on sifive_u, but on the real hardware the timebase frequency is 1Mhz. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-id: 20210706102616.1922469-1-bmeng...@gmail.com Signed-off-by: Alistair Francis --- hw/riscv/sifive_u.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index 273c86418c..e75ca38783 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -62,6 +62,9 @@ #include +/* CLINT timebase frequency */ +#define CLINT_TIMEBASE_FREQ 100 + static const MemMapEntry sifive_u_memmap[] = { [SIFIVE_U_DEV_DEBUG] ={0x0, 0x100 }, [SIFIVE_U_DEV_MROM] = { 0x1000, 0xf000 }, @@ -165,7 +168,7 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry *memmap, qemu_fdt_add_subnode(fdt, "/cpus"); qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency", -SIFIVE_CLINT_TIMEBASE_FREQ); +CLINT_TIMEBASE_FREQ); qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0); qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1); @@ -847,7 +850,7 @@ static void sifive_u_soc_realize(DeviceState *dev, Error **errp) sifive_clint_create(memmap[SIFIVE_U_DEV_CLINT].base, memmap[SIFIVE_U_DEV_CLINT].size, 0, ms->smp.cpus, SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE, -SIFIVE_CLINT_TIMEBASE_FREQ, false); +CLINT_TIMEBASE_FREQ, false); if (!sysbus_realize(SYS_BUS_DEVICE(>prci), errp)) { return; -- 2.31.1
Re: [PULL for 6.1 00/40] testing and plugin updates
Alex Bennée writes: > Alex Bennée writes: > >> The following changes since commit 86108e23d798bcd3fce35ad271b198f8a8611746: >> >> Merge remote-tracking branch >> 'remotes/vivier2/tags/trivial-branch-for-6.1-pull-request' into staging >> (2021-07-11 18:49:25 +0100) >> >> are available in the Git repository at: >> >> https://github.com/stsquad/qemu.git tags/pull-testing-and-plugins-120721-1 >> >> for you to fetch changes up to 88e5a469c820b6242e280d0a7e8128371f535bcc: >> >> MAINTAINERS: Added myself as a reviewer for TCG Plugins (2021-07-12 >> 11:10:14 +0100) > > I'm sending a v2 (pull-testing-and-plugins-120721-2) of the PR which is > re-based and applies to fixes from Paolo. Just running it through CI now > but if you want to take the v2 tag now you can. OK 4th time is the charm: Subject: [PULL v4 00/42] testing, build and plugin updates Date: Mon, 12 Jul 2021 22:05:54 +0100 Message-Id: <20210712210554.1951-1-alex.ben...@linaro.org> or the tag: pull-testing-and-plugins-120721-4 -- Alex Bennée
Re: [PATCH 2/2] tests/acceptance: Add tests for the Pegasos2 machine
Wainer dos Santos Moschetta writes: > Hi, > > On 5/15/21 10:45 AM, Philippe Mathieu-Daudé wrote: >> Add a pair of tests for the Pegasos2 machine following the steps from: >> https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg01553.html >> >>$ PEGASOS2_ROM_PATH=/tmp/pegasos2.rom AVOCADO_ALLOW_UNTRUSTED_CODE=1 \ >> avocado --show=app,console,tesseract \ >>run -t machine:pegasos2 tests/acceptance/ >> (1/2) >> tests/acceptance/machine_ppc_pegasos.py:PPCPegasos2.test_rom_serial_console: >>console: PegasosII Boot Strap (c) 2002-2003 bplan GmbH >>console: Running on CPU PVR:000C0209 >>console: Enable L1 ICache... >> Done. >>console: Reading W83194 : >> FAILED. >>console: Setting Front Side Bus to 133MHz... >> FAILED. >>console: Configuring DDR... >> Done. >>console: Configuring PCI0... >> Done. >>console: Configuring PCI1... >> Done. >>console: Configuring ETH... >> Done. >>console: Releasing IDE reset ... >> Done. >>console: Configuring Legacy Devices >>console: Initializing KBD... >> Done. >>console: Testing 1000 Bytes, Pass: Failed: >>console: RAM TEST (fill linear)... >> Done. >>console: >>console: SmartFirmware: >>console: cpu0: PowerPC,G4 CPUClock 599 Mhz BUSClock 133 Mhz (Version >> 0x000C,0x0209) >>console: no/bad nvramrc - performing default startup script >>console: channel 1 unit 0 : atapi | QEMU DVD-ROM >>| 2.5+ >>console: ATA device not present or not responding >>console: Welcome to SmartFirmware(tm) for bplan Pegasos2 version 1.1 >> (20040405172512) >>PASS (5.23 s) >> (2/2) >> tests/acceptance/machine_ppc_pegasos.py:PPCPegasos2.test_morphos_cdrom_vga: >>... >>console: Welcome to SmartFirmware(tm) for bplan Pegasos2 version 1.1 >> (20040405172512) >>console: SmartFirmware(tm) Copyright 1996-2001 by CodeGen, Inc. >>console: All Rights Reserved. >>console: Pegasos BIOS Extensions Copyright 2001-2003 by bplan GmbH. >>console: All Rights Reserved. >>console: entering main read/eval loop... >>console: ok boot cd boot.img >>console: ISO-9660 filesystem: System-ID: "MORPHOS" Volume-ID: >> "MorphOSBoot" >>console: " flags=0x2 extent=0x20 size=0x1800 >>console: Memory used before SYS_Init: 9MB >>console: PCI ATA/ATAPI Driver@2: PIO Mode 4 >>console: PCI ATA/ATAPI Driver@2: UDMA Mode 5 >>console: ide.device@2: QEMU QEMU DVD-ROM >>console: ide.device@2: CDRom , found, bootable >>tesseract: Ambient Screen 4: Saturday, 15 May 2021, 13:36:06 & >>tesseract: keymap >>tesseract: Albanian keyboard with 101/104 keys >>tesseract: ‘American keyboard with Greek input extension, 105 keys >>tesseract: Belarusian keyboard with 105 keys >>tesseract: Belgian keyboard with 105 keys J >>tesseract: British Apple keyboard >>tesseract: British keyboard with 105 keys >>tesseract: Bulgarian keyboard with 104 keys >>tesseract: Canadian keyboard with 105 keys >>tesseract: Colemak layout for keyboards with 101/104 keys >>tesseract: Croatian keyboard with 101/108 keys >>tesseract: Czech keyboard (QWERTY) with 101/104 keys >>tesseract: Czech keyboard (QWERTZ) with 101/104 keys >>tesseract: Danish keyboard with 105 keys >>PASS (28.56 s) >>RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | >> CANCEL 0 >>JOB TIME : 34.42 s >> >> Signed-off-by: Philippe Mathieu-Daudé >> --- >> tests/acceptance/machine_ppc_pegasos.py | 98 + >> 1 file changed, 98 insertions(+) >> create mode 100644 tests/acceptance/machine_ppc_pegasos.py >> >> diff --git a/tests/acceptance/machine_ppc_pegasos.py >> b/tests/acceptance/machine_ppc_pegasos.py >> new file mode 100644 >> index 000..d36e920ebde >> --- /dev/null >> +++ b/tests/acceptance/machine_ppc_pegasos.py >> @@ -0,0 +1,98 @@ >> +# Functional tests for the Pegasos2 machine. >> +# >> +# Copyright (c) 2021 Philippe Mathieu-Daudé >> +# >> +# This work is licensed under the terms of the GNU GPL, version 2 or later. >> +# See the COPYING file in the top-level directory. >> +# >> +# SPDX-License-Identifier: GPL-2.0-or-later >> + >> +import os >> +import time >> + >> +from avocado import skipUnless >> +from avocado_qemu import Test >> +from avocado_qemu import exec_command_and_wait_for_pattern >> +from avocado_qemu import
[PATCH 11/11] tcg/ppc: Ensure _CALL_SYSV is set for 32-bit ELF
Clang only sets _CALL_ELF for ppc64, and nothing at all to specify the ABI for ppc32. Make a good guess based on other symbols. Reported-by: Brad Smith Signed-off-by: Richard Henderson --- tcg/ppc/tcg-target.c.inc | 21 ++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc index 2202ce017e..5e1fac914a 100644 --- a/tcg/ppc/tcg-target.c.inc +++ b/tcg/ppc/tcg-target.c.inc @@ -25,9 +25,24 @@ #include "elf.h" #include "../tcg-pool.c.inc" -#if !defined _CALL_DARWIN && defined __APPLE__ -#define _CALL_DARWIN 1 -#endif +/* + * Standardize on the _CALL_FOO symbols used by GCC: + * Apple XCode does not define _CALL_DARWIN. + * Clang defines _CALL_ELF (64-bit) but not _CALL_SYSV (32-bit). + */ +#if !defined(_CALL_SYSV) && \ +!defined(_CALL_DARWIN) && \ +!defined(_CALL_AIX) && \ +!defined(_CALL_ELF) +# if defined(__APPLE__) +# define _CALL_DARWIN +# elif defined(__ELF__) && TCG_TARGET_REG_BITS == 32 +# define _CALL_SYSV +# else +# error "Unknown ABI" +# endif +#endif + #ifdef _CALL_SYSV # define TCG_TARGET_CALL_ALIGN_ARGS 1 #endif -- 2.25.1
[PATCH 06/11] hw/ppc/spapr_events: Remove unused variable from check_exception
>From clang-13: hw/ppc/spapr_events.c:937:14: error: variable 'xinfo' set but not used \ [-Werror,-Wunused-but-set-variable] Cc: qemu-...@nongnu.org Cc: Greg Kurz Cc: David Gibson Signed-off-by: Richard Henderson --- hw/ppc/spapr_events.c | 5 - 1 file changed, 5 deletions(-) diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c index 0cfc19be19..23e2e2fff1 100644 --- a/hw/ppc/spapr_events.c +++ b/hw/ppc/spapr_events.c @@ -934,7 +934,6 @@ static void check_exception(PowerPCCPU *cpu, SpaprMachineState *spapr, uint32_t nret, target_ulong rets) { uint32_t mask, buf, len, event_len; -uint64_t xinfo; SpaprEventLogEntry *event; struct rtas_error_log header; int i; @@ -944,13 +943,9 @@ static void check_exception(PowerPCCPU *cpu, SpaprMachineState *spapr, return; } -xinfo = rtas_ld(args, 1); mask = rtas_ld(args, 2); buf = rtas_ld(args, 4); len = rtas_ld(args, 5); -if (nargs == 7) { -xinfo |= (uint64_t)rtas_ld(args, 6) << 32; -} event = rtas_event_log_dequeue(spapr, mask); if (!event) { -- 2.25.1
[PATCH 10/11] tcg/ppc: Replace TCG_TARGET_CALL_DARWIN with _CALL_DARWIN
If __APPLE__, ensure that _CALL_DARWIN is set, then remove our local TCG_TARGET_CALL_DARWIN. Signed-off-by: Richard Henderson --- tcg/ppc/tcg-target.c.inc | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc index e0f4665213..2202ce017e 100644 --- a/tcg/ppc/tcg-target.c.inc +++ b/tcg/ppc/tcg-target.c.inc @@ -25,8 +25,8 @@ #include "elf.h" #include "../tcg-pool.c.inc" -#if defined _CALL_DARWIN || defined __APPLE__ -#define TCG_TARGET_CALL_DARWIN +#if !defined _CALL_DARWIN && defined __APPLE__ +#define _CALL_DARWIN 1 #endif #ifdef _CALL_SYSV # define TCG_TARGET_CALL_ALIGN_ARGS 1 @@ -169,7 +169,7 @@ static const int tcg_target_call_oarg_regs[] = { }; static const int tcg_target_callee_save_regs[] = { -#ifdef TCG_TARGET_CALL_DARWIN +#ifdef _CALL_DARWIN TCG_REG_R11, #endif TCG_REG_R14, @@ -2372,7 +2372,7 @@ static void tcg_out_nop_fill(tcg_insn_unit *p, int count) # define LINK_AREA_SIZE(6 * SZR) # define LR_OFFSET (1 * SZR) # define TCG_TARGET_CALL_STACK_OFFSET (LINK_AREA_SIZE + 8 * SZR) -#elif defined(TCG_TARGET_CALL_DARWIN) +#elif defined(_CALL_DARWIN) # define LINK_AREA_SIZE(6 * SZR) # define LR_OFFSET (2 * SZR) #elif TCG_TARGET_REG_BITS == 64 -- 2.25.1
[PATCH 08/11] linux-user/syscall: Remove unused variable from execve
>From clang-13: linux-user/syscall.c:8503:17: error: variable 'total_size' set but not used \ [-Werror,-Wunused-but-set-variable] Cc: Laurent Vivier Signed-off-by: Richard Henderson --- linux-user/syscall.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 2e826206d2..c27debba8c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8500,7 +8500,6 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, abi_ulong guest_envp; abi_ulong addr; char **q; -int total_size = 0; argc = 0; guest_argp = arg2; @@ -8532,7 +8531,6 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, break; if (!(*q = lock_user_string(addr))) goto execve_efault; -total_size += strlen(*q) + 1; } *q = NULL; @@ -8544,7 +8542,6 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, break; if (!(*q = lock_user_string(addr))) goto execve_efault; -total_size += strlen(*q) + 1; } *q = NULL; -- 2.25.1
[PATCH 03/11] util/selfmap: Discard mapping on error
>From clang-13: util/selfmap.c:26:21: error: variable 'errors' set but not used \ [-Werror,-Wunused-but-set-variable] Quite right of course, but there's no reason not to check errors. First, incrementing errors is incorrect, because qemu_strtoul returns an errno not a count -- just or them together so that we have a non-zero value at the end. Second, if we have an error, do not add the struct to the list, but free it instead. Cc: Alex Bennée Signed-off-by: Richard Henderson --- util/selfmap.c | 28 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/util/selfmap.c b/util/selfmap.c index 2ec99dfdda..0178c2ff8b 100644 --- a/util/selfmap.c +++ b/util/selfmap.c @@ -23,29 +23,33 @@ GSList *read_self_maps(void) gchar **fields = g_strsplit(lines[i], " ", 6); if (g_strv_length(fields) > 4) { MapInfo *e = g_new0(MapInfo, 1); -int errors; +int errors = 0; const char *end; -errors = qemu_strtoul(fields[0], , 16, >start); -errors += qemu_strtoul(end + 1, NULL, 16, >end); +errors |= qemu_strtoul(fields[0], , 16, >start); +errors |= qemu_strtoul(end + 1, NULL, 16, >end); e->is_read = fields[1][0] == 'r'; e->is_write = fields[1][1] == 'w'; e->is_exec = fields[1][2] == 'x'; e->is_priv = fields[1][3] == 'p'; -errors += qemu_strtoul(fields[2], NULL, 16, >offset); +errors |= qemu_strtoul(fields[2], NULL, 16, >offset); e->dev = g_strdup(fields[3]); -errors += qemu_strtou64(fields[4], NULL, 10, >inode); +errors |= qemu_strtou64(fields[4], NULL, 10, >inode); -/* - * The last field may have leading spaces which we - * need to strip. - */ -if (g_strv_length(fields) == 6) { -e->path = g_strdup(g_strchug(fields[5])); +if (!errors) { +/* + * The last field may have leading spaces which we + * need to strip. + */ +if (g_strv_length(fields) == 6) { +e->path = g_strdup(g_strchug(fields[5])); +} +map_info = g_slist_prepend(map_info, e); +} else { +g_free(e); } -map_info = g_slist_prepend(map_info, e); } g_strfreev(fields); -- 2.25.1
[PATCH 09/11] tests/unit: Remove unused variable from test_io
>From clang-13: tests/unit/test-iov.c:161:26: error: variable 't' set but not used \ [-Werror,-Wunused-but-set-variable] Signed-off-by: Richard Henderson --- tests/unit/test-iov.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/unit/test-iov.c b/tests/unit/test-iov.c index 9c415e2f1f..5371066fb6 100644 --- a/tests/unit/test-iov.c +++ b/tests/unit/test-iov.c @@ -158,7 +158,7 @@ static void test_io(void) int sv[2]; int r; -unsigned i, j, k, s, t; +unsigned i, j, k, s; fd_set fds; unsigned niov; struct iovec *iov, *siov; @@ -182,7 +182,6 @@ static void test_io(void) FD_ZERO(); -t = 0; if (fork() == 0) { /* writer */ @@ -201,7 +200,6 @@ static void test_io(void) g_assert(memcmp(iov, siov, sizeof(*iov)*niov) == 0); if (r >= 0) { k += r; - t += r; usleep(g_test_rand_int_range(0, 30)); } else if (errno == EAGAIN) { select(sv[1]+1, NULL, , NULL, NULL); @@ -238,7 +236,6 @@ static void test_io(void) g_assert(memcmp(iov, siov, sizeof(*iov)*niov) == 0); if (r > 0) { k += r; - t += r; } else if (!r) { if (s) { break; -- 2.25.1
[PATCH 01/11] nbd/server: Remove unused variable
>From clang-13: nbd/server.c:976:22: error: variable 'bitmaps' set but not used \ [-Werror,-Wunused-but-set-variable] Cc: qemu-bl...@nongnu.org Cc: Eric Blake Cc: Vladimir Sementsov-Ogievskiy Signed-off-by: Richard Henderson --- nbd/server.c | 4 1 file changed, 4 deletions(-) diff --git a/nbd/server.c b/nbd/server.c index b60ebc3ab6..721349ec00 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -973,7 +973,6 @@ static int nbd_negotiate_meta_queries(NBDClient *client, { int ret; g_autofree char *export_name = NULL; -g_autofree bool *bitmaps = NULL; NBDExportMetaContexts local_meta = {0}; uint32_t nb_queries; size_t i; @@ -1007,9 +1006,6 @@ static int nbd_negotiate_meta_queries(NBDClient *client, "export '%s' not present", sane_name); } meta->bitmaps = g_new0(bool, meta->exp->nr_export_bitmaps); -if (client->opt == NBD_OPT_LIST_META_CONTEXT) { -bitmaps = meta->bitmaps; -} ret = nbd_opt_read(client, _queries, sizeof(nb_queries), false, errp); if (ret <= 0) { -- 2.25.1
[PATCH 07/11] hw/pci-hist/pnv_phb4: Fix typo in pnv_phb4_ioda_write
>From clang-13: hw/pci-host/pnv_phb4.c:375:18: error: variable 'v' set but not used \ [-Werror,-Wunused-but-set-variable] It's pretty clear that we meant to write back 'v' after all that computation and not 'val'. Cc: qemu-...@nongnu.org Cc: Greg Kurz Cc: David Gibson Signed-off-by: Richard Henderson --- hw/pci-host/pnv_phb4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c index 54f57c660a..5c375a9f28 100644 --- a/hw/pci-host/pnv_phb4.c +++ b/hw/pci-host/pnv_phb4.c @@ -392,7 +392,7 @@ static void pnv_phb4_ioda_write(PnvPHB4 *phb, uint64_t val) v &= 0xull; v |= 0xcfffull & val; } -*tptr = val; +*tptr = v; break; } case IODA3_TBL_MBT: -- 2.25.1
[PATCH 04/11] net/checksum: Remove unused variable in net_checksum_add_iov
>From clang-13: ../qemu/net/checksum.c:189:23: error: variable 'buf_off' set but not used \ [-Werror,-Wunused-but-set-variable] Cc: Jason Wang Signed-off-by: Richard Henderson --- net/checksum.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/checksum.c b/net/checksum.c index 70f4eaeb3a..68245fd748 100644 --- a/net/checksum.c +++ b/net/checksum.c @@ -186,12 +186,11 @@ uint32_t net_checksum_add_iov(const struct iovec *iov, const unsigned int iov_cnt, uint32_t iov_off, uint32_t size, uint32_t csum_offset) { -size_t iovec_off, buf_off; +size_t iovec_off; unsigned int i; uint32_t res = 0; iovec_off = 0; -buf_off = 0; for (i = 0; i < iov_cnt && size; i++) { if (iov_off < (iovec_off + iov[i].iov_len)) { size_t len = MIN((iovec_off + iov[i].iov_len) - iov_off , size); @@ -200,7 +199,6 @@ net_checksum_add_iov(const struct iovec *iov, const unsigned int iov_cnt, res += net_checksum_add_cont(len, chunk_buf, csum_offset); csum_offset += len; -buf_off += len; iov_off += len; size -= len; } -- 2.25.1
[PATCH 02/11] accel/tcg: Remove unused variable in cpu_exec
>From clang-13: accel/tcg/cpu-exec.c:783:15: error: variable 'cc' set but not used \ [-Werror,-Wunused-but-set-variable] Signed-off-by: Richard Henderson --- accel/tcg/cpu-exec.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index e22bcb99f7..a8d8cea586 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -780,7 +780,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb, int cpu_exec(CPUState *cpu) { -CPUClass *cc = CPU_GET_CLASS(cpu); int ret; SyncClocks sc = { 0 }; @@ -819,14 +818,12 @@ int cpu_exec(CPUState *cpu) * so we only perform the workaround for clang. */ cpu = current_cpu; -cc = CPU_GET_CLASS(cpu); #else /* * Non-buggy compilers preserve these locals; assert that * they have the correct value. */ g_assert(cpu == current_cpu); -g_assert(cc == CPU_GET_CLASS(cpu)); #endif #ifndef CONFIG_SOFTMMU -- 2.25.1
[PATCH 00/11] Fixes for clang-13 plus tcg/ppc
The goal here was to address Brad's report for clang vs ppc32. Somewhere in between here and there I forgot about the ppc32 part, needed a newer clang for gcc135, accidentally built master instead of the clang-12 release branch, fixed a bunch of buggy looking things, and only then remembered I was building ppc64 and wasn't going to test what I thought I would. So: Brad, could you double-check this fixes your problem? Others: Only patch 7 obviously should have been using the variable indicated as unused. But please double-check. r~ Cc: Alex Bennée Cc: Brad Smith Cc: David Gibson Cc: Eric Blake Cc: Gerd Hoffmann Cc: Greg Kurz Cc: Jason Wang Cc: Laurent Vivier Cc: qemu-bl...@nongnu.org Cc: qemu-...@nongnu.org Cc: Vladimir Sementsov-Ogievskiy Richard Henderson (11): nbd/server: Remove unused variable accel/tcg: Remove unused variable in cpu_exec util/selfmap: Discard mapping on error net/checksum: Remove unused variable in net_checksum_add_iov hw/audio/adlib: Remove unused variable in adlib_callback hw/ppc/spapr_events: Remove unused variable from check_exception hw/pci-hist/pnv_phb4: Fix typo in pnv_phb4_ioda_write linux-user/syscall: Remove unused variable from execve tests/unit: Remove unused variable from test_io tcg/ppc: Replace TCG_TARGET_CALL_DARWIN with _CALL_DARWIN tcg/ppc: Ensure _CALL_SYSV is set for 32-bit ELF accel/tcg/cpu-exec.c | 3 --- hw/audio/adlib.c | 3 +-- hw/pci-host/pnv_phb4.c | 2 +- hw/ppc/spapr_events.c| 5 - linux-user/syscall.c | 3 --- nbd/server.c | 4 net/checksum.c | 4 +--- tests/unit/test-iov.c| 5 + util/selfmap.c | 28 tcg/ppc/tcg-target.c.inc | 25 - 10 files changed, 40 insertions(+), 42 deletions(-) -- 2.25.1
[PATCH 05/11] hw/audio/adlib: Remove unused variable in adlib_callback
>From clang-13: hw/audio/adlib.c:189:18: error: variable 'net' set but not used \ [-Werror,-Wunused-but-set-variable] Cc: Gerd Hoffmann Signed-off-by: Richard Henderson --- hw/audio/adlib.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c index 42d50d2fdc..5f979b1487 100644 --- a/hw/audio/adlib.c +++ b/hw/audio/adlib.c @@ -186,7 +186,7 @@ static int write_audio (AdlibState *s, int samples) static void adlib_callback (void *opaque, int free) { AdlibState *s = opaque; -int samples, net = 0, to_play, written; +int samples, to_play, written; samples = free >> SHIFT; if (!(s->active && s->enabled) || !samples) { @@ -219,7 +219,6 @@ static void adlib_callback (void *opaque, int free) written = write_audio (s, samples); if (written) { -net += written; samples -= written; s->pos = (s->pos + written) % s->samples; } -- 2.25.1
Re: [PATCH 0/3] Atomic cleanup + clang-12 build fix
On 7/12/21 11:59 AM, Richard Henderson wrote: > The first two patches are not strictly required, but they > were useful in tracking down the root problem here. > > I understand the logic behind the clang-12 warning, but I think > it's a clear mistake that it should be enabled by default for a > target where alignment is not enforced by default. > > I found over a dozen places where we would have to manually add > QEMU_ALIGNED(8) to uint64_t declarations in order to suppress > all of the instances. IMO there's no point fighting this. > I tested your patches, they seem to get rid of the warnings. The errors persist. FWIW here's my reproduce starting from fedora 34 x86_64 host: $ sudo mock --root fedora-35-i386 --install dnf --install dnf-utils --install fedora-packager --install clang $ sudo mock --root fedora-35-i386 --shell --enable-network # dnf builddep -y qemu # git clone https://github.com/qemu/qemu # cd qemu # CC=clang CXX=clang++ ./configure --disable-werror # make V=1 Thanks, Cole
Re: [PATCH v3 0/2] linux-user/s390x: signal with SIGFPE on compare-and-trap
On 2021-07-12 4:02 pm, Laurent Vivier wrote: Le 09/07/2021 à 18:04, Jonathan Albrecht a écrit : qemu-s390x signals with SIGILL on compare-and-trap instructions. This breaks OpenJDK which expects SIGFPE in its implementation of implicit exceptions. This patch depends on [PATCH v6 0/2] target/s390x: Fix SIGILL and SIGFPE psw.addr reporting https://lore.kernel.org/qemu-devel/20210705210434.45824-1-...@linux.ibm.com/ Based-on: 20210705210434.45824-1-...@linux.ibm.com Series applied to my linux-user-for-6.1 branch. Thanks Laurent, I see this series has been applied to https://github.com/vivier/qemu/commits/linux-user-for-6.1 but the following series that this is based on also needs to be applied: https://lore.kernel.org/qemu-devel/20210705210434.45824-1-...@linux.ibm.com/ Did some local testing and looks like missing that series caused https://app.travis-ci.com/github/vivier/qemu/jobs/523853464 to fail. Oh, just saw Ilya's email that the test patch has not been reviewed. Hopefully that can happen so they can both make it in. Thanks, Jon
Re: [PATCH v5 0/2] target/s390x: Fix SIGILL/SIGFPE/SIGTRAP psw.addr reporting
On Mon, 2021-07-12 at 10:59 -0400, jonathan.albrecht wrote: > On 2021-07-02 8:01 am, Laurent Vivier wrote: > > Le 02/07/2021 à 12:34, Cornelia Huck a écrit : > > > On Wed, Jun 23 2021, Ilya Leoshkevich wrote: > > > > > > > > > What's the status of this and > > > <20210621141452.2045-1-jonathan.albre...@linux.vnet.ibm.com>? > > > linux-user > > > is not really my turf, but it would be sad if this fell through the > > > cracks. > > > > > > > If from the S390x point of view they are correct, I can collect them > > via linux-user. > > > > IIUC, the latest versions of these two series should be ready now: > > https://lore.kernel.org/qemu-devel/20210705210434.45824-1-...@linux.ibm.com/ > https://lore.kernel.org/qemu-devel/20210709160459.4962-1-jonathan.albre...@linux.vnet.ibm.com/ > > Can they still get into 6.1? > > Thanks, > > Jon The test patch from my v6 series hasn't been reviewed yet: https://lore.kernel.org/qemu-devel/20210705210434.45824-3-...@linux.ibm.com/ Could anyone have a look, please? Best regards, Ilya
[PULL v4 00/42] testing, build and plugin updates
The following changes since commit bd38ae26cea0d1d6a97f930248df149204c210a2: Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210710' into staging (2021-07-12 11:02:39 +0100) are available in the Git repository at: https://github.com/stsquad/qemu.git tags/pull-testing-and-plugins-120721-4 for you to fetch changes up to 312ad3f702789db630c8e43aaad718a1459b2018: MAINTAINERS: Added myself as a reviewer for TCG Plugins (2021-07-12 20:13:24 +0100) Testing and plugin updates: - custom runner playbooks for configuring GitLab runners - integrate Cirrus jobs into GitLab via cirrus-run - clean-up docker package lists - bump NetBSD to 9.2 - bump OpenBSD to 6.9 - make test-mmap more hexagon friendly - fixup handling of hostaddr for plugins - disallow some incompatible plugin configurations - enable plugins by default for most TCG builds - honour main build -Wall settings for plugins - new execlog plugin - new cache modelling plugin - fix io_uring build regression - disable modular TCG on Darwin Alex Bennée (9): tests/tcg: also disable the signals test for plugins tests/tcg: make test-mmap a little less aggressive plugins: fix-up handling of internal hostaddr for 32 bit meson.build: move TCG plugin summary output configure: don't allow plugins to be enabled for a non-TCG build configure: add an explicit static and plugins check configure: stop user enabling plugins on Windows for now tcg/plugins: enable by default for most TCG builds contrib/plugins: enable -Wall for building plugins Alexandre Iooss (2): contrib/plugins: add execlog to log instruction execution and memory access docs/devel: tcg-plugins: add execlog plugin description Brad Smith (2): tests/vm: update NetBSD to 9.2 tests/vm: update openbsd to release 6.9 Cleber Rosa (4): Jobs based on custom runners: documentation and configuration placeholder Jobs based on custom runners: build environment docs and playbook Jobs based on custom runners: docs and gitlab-runner setup playbook Jobs based on custom runners: add job definitions for QEMU's machines Daniel P. Berrangé (18): build: validate that system capstone works before using it gitlab: support for FreeBSD 12, 13 and macOS 11 via cirrus-run cirrus: delete FreeBSD and macOS jobs hw/usb/ccid: remove references to NSS tests/docker: don't use BUILDKIT in GitLab either tests/docker: use project specific container registries tests/docker: use explicit docker.io registry tests/docker: remove FEATURES env var from templates tests/docker: fix sorting in package lists tests/docker: fix mistakes in centos package lists tests/docker: fix mistakes in fedora package list tests/docker: fix mistakes in ubuntu package lists tests/docker: remove mingw packages from Fedora tests/docker: expand centos8 package list tests/docker: expand fedora package list tests/docker: expand ubuntu1804 package list tests/docker: expand ubuntu2004 package list tests/docker: expand opensuse-leap package list Mahmoud Mandour (5): plugins: Added a new cache modelling plugin plugins/cache: Enable cache parameterization plugins/cache: Added FIFO and LRU eviction policies docs/devel: Added cache plugin to the plugins docs MAINTAINERS: Added myself as a reviewer for TCG Plugins Paolo Bonzini (2): meson: fix condition for io_uring stubs disable modular TCG on Darwin docs/ccid.txt | 15 +- docs/devel/ci.rst | 127 docs/devel/index.rst | 1 + docs/devel/tcg-plugins.rst | 86 ++- .gitlab-ci.d/cirrus/README.rst | 54 ++ configure | 142 +++-- meson.build| 21 +- include/qemu/plugin-memory.h | 2 +- accel/tcg/cputlb.c | 2 +- contrib/plugins/cache.c| 641 + contrib/plugins/execlog.c | 153 + plugins/api.c | 4 +- tests/tcg/multiarch/test-mmap.c| 208 +++ .cirrus.yml| 55 -- .gitlab-ci.d/buildtest.yml | 23 - .gitlab-ci.d/cirrus.yml| 102 .gitlab-ci.d/cirrus/build.yml | 35 ++ .gitlab-ci.d/cirrus/freebsd-12.vars| 13 + .gitlab-ci.d/cirrus/freebsd-13.vars| 13 + .gitlab-ci.d/cirrus/macos-11.vars | 15 +
[PATCH v4 09/10] tests: acpi: tpm1.2: Add expected TPM 1.2 ACPI blobs
The TCPA.tis.tpm12 file contains the following: [000h 4]Signature : "TCPA"[Trusted Computing Platform Alliance table] [004h 0004 4] Table Length : 0032 [008h 0008 1] Revision : 02 [009h 0009 1] Checksum : 32 [00Ah 0010 6] Oem ID : "BOCHS " [010h 0016 8] Oem Table ID : "BXPC" [018h 0024 4] Oem Revision : 0001 [01Ch 0028 4] Asl Compiler ID : "BXPC" [020h 0032 4]Asl Compiler Revision : 0001 [024h 0036 2] Platform Class : [026h 0038 4] Min Event Log Length : 0001 [02Ah 0042 8]Event Log Address : 07FF Cc: Michael S. Tsirkin Cc: Igor Mammedov Signed-off-by: Stefan Berger Acked-by: Igor Mammedov --- tests/data/acpi/q35/DSDT.tis.tpm12 | Bin 0 -> 8465 bytes tests/data/acpi/q35/TCPA.tis.tpm12 | Bin 0 -> 50 bytes tests/qtest/bios-tables-test-allowed-diff.h | 2 -- 3 files changed, 2 deletions(-) diff --git a/tests/data/acpi/q35/DSDT.tis.tpm12 b/tests/data/acpi/q35/DSDT.tis.tpm12 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4178162b0b20b2a4a391daa73264963c28a99a3a 100644 GIT binary patch literal 8465
[PATCH v4 03/10] tests: acpi: Prepare for renaming of TPM2 related ACPI files
Cc: Michael S. Tsirkin Cc: Igor Mammedov Signed-off-by: Stefan Berger Reviewed-by: Igor Mammedov --- tests/data/acpi/q35/DSDT.tis.tpm2 | 0 tests/data/acpi/q35/TPM2.tis.tpm2 | 0 tests/qtest/bios-tables-test-allowed-diff.h | 2 ++ 3 files changed, 2 insertions(+) create mode 100644 tests/data/acpi/q35/DSDT.tis.tpm2 create mode 100644 tests/data/acpi/q35/TPM2.tis.tpm2 diff --git a/tests/data/acpi/q35/DSDT.tis.tpm2 b/tests/data/acpi/q35/DSDT.tis.tpm2 new file mode 100644 index 00..e69de29bb2 diff --git a/tests/data/acpi/q35/TPM2.tis.tpm2 b/tests/data/acpi/q35/TPM2.tis.tpm2 new file mode 100644 index 00..e69de29bb2 diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..b301b8fa06 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,3 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/q35/DSDT.tis.tpm2", +"tests/data/acpi/q35/TPM2.tis.tpm2", -- 2.31.1
[PATCH v4 08/10] tests: acpi: Add test cases for TPM 1.2 with TCPA table
Cc: Michael S. Tsirkin Cc: Igor Mammedov Signed-off-by: Stefan Berger Reviewed-by: Igor Mammedov --- tests/qtest/bios-tables-test.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index 4ccbe56158..ddfd2d2b2a 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -1145,11 +1145,16 @@ static void test_acpi_tcg_tpm(const char *machine, const char *tpm_if, #endif } -static void test_acpi_q35_tcg_tpm_tis(void) +static void test_acpi_q35_tcg_tpm2_tis(void) { test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_2_0); } +static void test_acpi_q35_tcg_tpm12_tis(void) +{ +test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_1_2); +} + static void test_acpi_tcg_dimm_pxm(const char *machine) { test_data data; @@ -1518,7 +1523,8 @@ int main(int argc, char *argv[]) return ret; } qtest_add_func("acpi/q35/oem-fields", test_acpi_oem_fields_q35); -qtest_add_func("acpi/q35/tpm-tis", test_acpi_q35_tcg_tpm_tis); +qtest_add_func("acpi/q35/tpm2-tis", test_acpi_q35_tcg_tpm2_tis); +qtest_add_func("acpi/q35/tpm12-tis", test_acpi_q35_tcg_tpm12_tis); qtest_add_func("acpi/piix4", test_acpi_piix4_tcg); qtest_add_func("acpi/oem-fields", test_acpi_oem_fields_pc); qtest_add_func("acpi/piix4/bridge", test_acpi_piix4_tcg_bridge); -- 2.31.1
[PATCH v4 07/10] tests: acpi: prepare for new TPM 1.2 related tables
Cc: Michael S. Tsirkin Cc: Igor Mammedov Signed-off-by: Stefan Berger Acked-by: Igor Mammedov --- tests/data/acpi/q35/DSDT.tis.tpm12 | 0 tests/data/acpi/q35/TCPA.tis.tpm12 | 0 tests/qtest/bios-tables-test-allowed-diff.h | 2 ++ 3 files changed, 2 insertions(+) create mode 100644 tests/data/acpi/q35/DSDT.tis.tpm12 create mode 100644 tests/data/acpi/q35/TCPA.tis.tpm12 diff --git a/tests/data/acpi/q35/DSDT.tis.tpm12 b/tests/data/acpi/q35/DSDT.tis.tpm12 new file mode 100644 index 00..e69de29bb2 diff --git a/tests/data/acpi/q35/TCPA.tis.tpm12 b/tests/data/acpi/q35/TCPA.tis.tpm12 new file mode 100644 index 00..e69de29bb2 diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..fb093b32b9 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,3 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/q35/DSDT.tis.tpm12", +"tests/data/acpi/q35/TCPA.tis.tpm12", -- 2.31.1
[PATCH v4 10/10] tests: Use QMP to check whether a TPM device model is available
Use QMP to check whether a given TPM device model is available and if it is not the case then skip a test that requires it. Signed-off-by: Stefan Berger --- tests/qtest/bios-tables-test.c | 14 +++-- tests/qtest/tpm-emu.c | 37 ++ tests/qtest/tpm-emu.h | 2 ++ 3 files changed, 47 insertions(+), 6 deletions(-) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index ddfd2d2b2a..64add7da72 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -1094,7 +1094,6 @@ uint64_t tpm_tis_base_addr; static void test_acpi_tcg_tpm(const char *machine, const char *tpm_if, uint64_t base, enum TPMVersion tpm_version) { -#ifdef CONFIG_TPM gchar *tmp_dir_name = g_strdup_printf("qemu-test_acpi_%s_tcg_%s.XX", machine, tpm_if); char *tmp_path = g_dir_make_tmp(tmp_dir_name, NULL); @@ -1140,19 +1139,22 @@ static void test_acpi_tcg_tpm(const char *machine, const char *tpm_if, g_free(tmp_dir_name); g_free(args); free_test_data(); -#else -g_test_skip("TPM disabled"); -#endif } static void test_acpi_q35_tcg_tpm2_tis(void) { -test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_2_0); +if (!tpm_model_is_available("-machine q35", "tpm-tis")) +g_test_skip("TPM disabled"); +else +test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_2_0); } static void test_acpi_q35_tcg_tpm12_tis(void) { -test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_1_2); +if (!tpm_model_is_available("-machine q35", "tpm-tis")) +g_test_skip("TPM disabled"); +else +test_acpi_tcg_tpm("q35", "tis", 0xFED4, TPM_VERSION_1_2); } static void test_acpi_tcg_dimm_pxm(const char *machine) diff --git a/tests/qtest/tpm-emu.c b/tests/qtest/tpm-emu.c index 32c704194b..553f1ad4ee 100644 --- a/tests/qtest/tpm-emu.c +++ b/tests/qtest/tpm-emu.c @@ -16,6 +16,8 @@ #include "backends/tpm/tpm_ioctl.h" #include "io/channel-socket.h" #include "qapi/error.h" +#include "qapi/qmp/qlist.h" +#include "qapi/qmp/qstring.h" #include "tpm-emu.h" void tpm_emu_test_wait_cond(TPMTestState *s) @@ -192,3 +194,38 @@ void *tpm_emu_ctrl_thread(void *data) object_unref(OBJECT(lioc)); return NULL; } + +bool tpm_model_is_available(const char *args, const char *tpm_if) +{ +QTestState *qts; +QDict *rsp_tpm; +bool ret = false; + +qts = qtest_init(args); +if (!qts) +return false; + +rsp_tpm = qtest_qmp(qts, "{ 'execute': 'query-tpm'}"); +if (!qdict_haskey(rsp_tpm, "error")) { +QDict *rsp_models = qtest_qmp(qts, + "{ 'execute': 'query-tpm-models'}"); +if (qdict_haskey(rsp_models, "return")) { +QList *models = qdict_get_qlist(rsp_models, "return"); +QListEntry *e; + +QLIST_FOREACH_ENTRY(models, e) { +QString *s = qobject_to(QString, qlist_entry_obj(e)); +const char *ename = qstring_get_str(s); +if (!strcmp(ename, tpm_if)) { +ret = true; +} +} +qobject_unref(models); +} +qobject_unref(rsp_models); +} +qobject_unref(rsp_tpm); +qtest_quit(qts); + +return ret; +} diff --git a/tests/qtest/tpm-emu.h b/tests/qtest/tpm-emu.h index fcb5d7a1d6..c33d99af37 100644 --- a/tests/qtest/tpm-emu.h +++ b/tests/qtest/tpm-emu.h @@ -22,6 +22,7 @@ #include "qemu/sockets.h" #include "io/channel.h" #include "sysemu/tpm.h" +#include "libqos/libqtest.h" struct tpm_hdr { uint16_t tag; @@ -50,5 +51,6 @@ typedef struct TPMTestState { void tpm_emu_test_wait_cond(TPMTestState *s); void *tpm_emu_ctrl_thread(void *data); +bool tpm_model_is_available(const char *args, const char *tpm_if); #endif /* TESTS_TPM_EMU_H */ -- 2.31.1