Eugenio Pérez [Thu, 22 May 2025 14:58:39 +0000 (10:58 -0400)]
vdpa: move memory listener register to vhost_vdpa_init
Current memory operations like pinning may take a lot of time at the
destination. Currently they are done after the source of the migration is
stopped, and before the workload is resumed at the destination. This is a
period where neigher traffic can flow, nor the VM workload can continue
(downtime).
We can do better as we know the memory layout of the guest RAM at the
destination from the moment that all devices are initializaed. So
moving that operation allows QEMU to communicate the kernel the maps
while the workload is still running in the source, so Linux can start
mapping them.
As a small drawback, there is a time in the initialization where QEMU
cannot respond to QMP etc. By some testing, this time is about
0.2seconds. This may be further reduced (or increased) depending on the
vdpa driver and the platform hardware, and it is dominated by the cost
of memory pinning.
This matches the time that we move out of the called downtime window.
The downtime is measured as the elapsed trace time between the last
vhost_vdpa_suspend on the source and the last vhost_vdpa_set_vring_enable_one
on the destination. In other words, from "guest CPUs freeze" to the
instant the final Rx/Tx queue-pair is able to start moving data.
Using ConnectX-6 Dx (MLX5) NICs in vhost-vDPA mode with 8 queue-pairs,
the series reduces guest-visible downtime during back-to-back live
migrations by more than half:
- 39G VM: 4.72s -> 2.09s (-2.63s, ~56% improvement)
- 128G VM: 14.72s -> 5.83s (-8.89s, ~60% improvement)
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-8-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:38 +0000 (10:58 -0400)]
vdpa: move iova_tree allocation to net_vhost_vdpa_init
As we are moving to keep the mapping through all the vdpa device life
instead of resetting it at VirtIO reset, we need to move all its
dependencies to the initialization too. In particular devices with
x-svq=on need a valid iova_tree from the beginning.
Simplify the code also consolidating the two creation points: the first
data vq in case of SVQ active and CVQ start in case only CVQ uses it.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Suggested-by: Si-Wei Liu <si-wei.liu@oracle.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-7-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:37 +0000 (10:58 -0400)]
vdpa: reorder listener assignment
Since commit f6fe3e333f ("vdpa: move memory listener to
vhost_vdpa_shared") this piece of code repeatedly assign
shared->listener members. This was not a problem as it was not used
until device start.
However next patches move the listener registration to this
vhost_vdpa_init function. When the listener is registered it is added
to an embedded linked list, so setting its members again will cause
memory corruption to the linked list node.
Do the right thing and only set it in the first vdpa device.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-6-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:36 +0000 (10:58 -0400)]
vdpa: add listener_registered
Check if the listener has been registered or not, so it needs to be
registered again at start.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-5-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:35 +0000 (10:58 -0400)]
vdpa: set backend capabilities at vhost_vdpa_init
The backend does not reset them until the vdpa file descriptor is closed
so there is no harm in doing it only once.
This allows the destination of a live migration to premap memory in
batches, using VHOST_BACKEND_F_IOTLB_BATCH.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-4-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:34 +0000 (10:58 -0400)]
vdpa: reorder vhost_vdpa_set_backend_cap
It will be used directly by vhost_vdpa_init.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-3-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Thu, 22 May 2025 14:58:33 +0000 (10:58 -0400)]
vdpa: check for iova tree initialized at net_client_start
To map the guest memory while it is migrating we need to create the
iova_tree, as long as the destination uses x-svq=on. Checking to not
override it.
The function vhost_vdpa_net_client_stop clear it if the device is
stopped. If the guest starts the device again, the iova tree is
recreated by vhost_vdpa_net_data_start_first or vhost_vdpa_net_cvq_start
if needed, so old behavior is kept.
Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com>
Message-Id: <20250522145839.59974-2-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Huaitong Han [Thu, 22 May 2025 10:05:48 +0000 (18:05 +0800)]
vhost: Don't set vring call if guest notifier is unused
The vring call fd is set even when the guest does not use MSI-X (e.g., in the
case of virtio PMD), leading to unnecessary CPU overhead for processing
interrupts.
The commit 96a3d98d2c("vhost: don't set vring call if no vector") optimized the
case where MSI-X is enabled but the queue vector is unset. However, there's an
additional case where the guest uses INTx and the INTx_DISABLED bit in the PCI
config is set, meaning that no interrupt notifier will actually be used.
In such cases, the vring call fd should also be cleared to avoid redundant
interrupt handling.
Fixes: 96a3d98d2c("vhost: don't set vring call if no vector") Reported-by: Zhiyuan Yuan <yuanzhiyuan@chinatelecom.cn> Signed-off-by: Jidong Xia <xiajd@chinatelecom.cn> Signed-off-by: Huaitong Han <hanht2@chinatelecom.cn>
Message-Id: <20250522100548.212740-1-hanht2@chinatelecom.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Bibo Mao [Tue, 20 May 2025 13:01:53 +0000 (21:01 +0800)]
tests/qtest/bios-tables-test: Use MiB macro rather hardcode value
Replace 1024 * 1024 with MiB macro.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Message-Id: <20250520130158.767083-4-maobibo@loongson.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Bibo Mao [Tue, 20 May 2025 13:01:52 +0000 (21:01 +0800)]
tests/data/uefi-boot-images: Add ISO image for LoongArch system
To test ACPI tables, edk2 needs to be booted with a disk image having
EFI partition. This image is created using UefiTestToolsPkg.
The image is generated with the following command:
make -f tests/uefi-test-tools/Makefile
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20250520130158.767083-3-maobibo@loongson.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Bibo Mao [Tue, 20 May 2025 13:01:51 +0000 (21:01 +0800)]
uefi-test-tools:: Add LoongArch64 support
Add support to build bios-tables-test iso image for LoongArch system.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20250520130158.767083-2-maobibo@loongson.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A device can send a PRI request to the IOMMU using pci_pri_request_page.
The PRI response is sent back using the notifier managed with
pci_pri_register_notifier and pci_pri_unregister_notifier.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com> Co-authored-by: Ethan Milon <ethan.milon@eviden.com>
Message-Id: <20250520071823.764266-12-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Devices implementing ATS can send translation requests using
pci_ats_request_translation. The invalidation events are sent
back to the device using the iommu notifier managed with
pci_iommu_register_iotlb_notifier / pci_iommu_unregister_iotlb_notifier.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com> Co-authored-by: Ethan Milon <ethan.milon@eviden.com>
Message-Id: <20250520071823.764266-11-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pci: Add a pci-level initialization function for IOMMU notifiers
This is meant to be used by ATS-capable devices.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-10-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
memory: Store user data pointer in the IOMMU notifiers
This will help developers of ATS-capable devices to track a state.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-9-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pci: Add an API to get IOMMU's min page size and virtual address width
This kind of information is needed by devices implementing ATS in order
to initialize their translation cache.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-8-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The cached is_master value is necessary to know if a device is
allowed to issue ATS/PRI requests or not as these operations do not go
through the master_enable memory region.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-7-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pcie: Helper functions to check to check if PRI is enabled
pri_enabled can be used to check whether the capability is present and
enabled on a PCIe device
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-6-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pcie: Add a helper to declare the PRI capability for a pcie device
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-5-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
ats_enabled checks whether the capability is
present or not. If so, we read the configuration space to get
the status of the feature (enabled or not).
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-4-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pcie: Helper functions to check if PASID is enabled
pasid_enabled checks whether the capability is
present or not. If so, we read the configuration space to get
the status of the feature (enabled or not).
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-3-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pcie: Add helper to declare PASID capability for a pcie device
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Message-Id: <20250520071823.764266-2-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Vasant Hegde [Fri, 16 May 2025 10:05:35 +0000 (15:35 +0530)]
hw/i386/amd_iommu: Fix xtsup when vcpus < 255
If vCPUs > 255 then x86 common code (x86_cpus_init()) call kvm_enable_x2apic().
But if vCPUs <= 255 then the common code won't calls kvm_enable_x2apic().
This is because commit 8c6619f3e692 ("hw/i386/amd_iommu: Simplify non-KVM
checks on XTSup feature") removed the call to kvm_enable_x2apic when xtsup
is "on", which break things when guest is booted with x2apic mode and
there are <= 255 vCPUs.
Fix this by adding back kvm_enable_x2apic() call when xtsup=on.
Sairaj Kodilkar [Fri, 16 May 2025 10:05:34 +0000 (15:35 +0530)]
hw/i386/amd_iommu: Fix device setup failure when PT is on.
Commit c1f46999ef506 ("amd_iommu: Add support for pass though mode")
introduces the support for "pt" flag by enabling nodma memory when
"pt=off". This allowed VFIO devices to successfully register notifiers
by using nodma region.
But, This also broke things when guest is booted with the iommu=nopt
because, devices bypass the IOMMU and use untranslated addresses (IOVA) to
perform DMA reads/writes to the nodma memory region, ultimately resulting in
a failure to setup the devices in the guest.
Fix the above issue by always enabling the amdvi_dev_as->iommu memory region.
But this will once again cause VFIO devices to fail while registering the
notifiers with AMD IOMMU memory region.
Fixes: c1f46999ef506 ("amd_iommu: Add support for pass though mode") Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com> Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Message-Id: <20250516100535.4980-2-sarunkod@amd.com> Fixes: c1f46999ef506 ("amd_iommu: Add support for pass though mode") Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com> Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Yuri Benditovich [Thu, 15 May 2025 06:32:37 +0000 (09:32 +0300)]
virtio: check for validity of indirect descriptors
virtio processes indirect descriptors even if the respected
feature VIRTIO_RING_F_INDIRECT_DESC was not negotiated.
If qemu is used with reduced set of features to emulate the
hardware device that does not support indirect descriptors,
the will probably trigger problematic flows on the hardware
setup but do not reveal the mistake on qemu.
Add LOG_GUEST_ERROR for such case. This will issue logs with
'-d guest_errors' in the command line
* tag 'pull-qapi-2025-05-28' of https://repo.or.cz/qemu/armbru:
qapi: use imperative style in documentation
qapi: make all generated files common
qapi: remove qapi_specific_outputs from meson.build
qapi: make s390x specific CPU commands unconditionally available
qapi: make most CPU commands unconditionally available
qapi: Make CpuModelExpansionInfo::deprecated-props optional and generic
qapi: remove the misc-target.json file
qapi: make Xen event commands unconditionally available
qapi: make SGX commands unconditionally available
qapi: expose query-gic-capability command unconditionally
qapi: make SEV commands unconditionally available
qapi: expand docs for SEV commands
qapi: expose rtc-reset-reinjection command unconditionally
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-misc-2025-05-28' of https://repo.or.cz/qemu/armbru:
docs/about/removed-features: Move removal notes to tidy up order
docs/about/deprecated: Move deprecation notes to tidy up order
qapi/migration: Deprecate migrate argument @detach
docs/about: Belatedly document tightening of QMP device_add checking
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 28 May 2025 19:17:25 +0000 (15:17 -0400)]
Merge tag 'pull-tcg-20250528' of https://gitlab.com/rth7680/qemu into staging
accel/tcg: Fix atomic_mmu_lookup vs TLB_FORCE_SLOW
linux-user: implement pgid field of /proc/self/stat
target/sh4: Use MO_ALIGN for system UNALIGN()
target/microblaze: Use TARGET_LONG_BITS == 32 for system mode
accel/tcg: Add TCGCPUOps.pointer_wrap
target/*: Populate TCGCPUOps.pointer_wrap
* tag 'pull-tcg-20250528' of https://gitlab.com/rth7680/qemu: (28 commits)
accel/tcg: Assert TCGCPUOps.pointer_wrap is set
target/sparc: Fill in TCGCPUOps.pointer_wrap
target/s390x: Fill in TCGCPUOps.pointer_wrap
target/riscv: Fill in TCGCPUOps.pointer_wrap
target/ppc: Fill in TCGCPUOps.pointer_wrap
target/mips: Fill in TCGCPUOps.pointer_wrap
target/loongarch: Fill in TCGCPUOps.pointer_wrap
target/i386: Fill in TCGCPUOps.pointer_wrap
target/arm: Fill in TCGCPUOps.pointer_wrap
target: Use cpu_pointer_wrap_uint32 for 32-bit targets
target: Use cpu_pointer_wrap_notreached for strict align targets
accel/tcg: Add TCGCPUOps.pointer_wrap
target/sh4: Use MO_ALIGN for system UNALIGN()
tcg: Drop TCGContext.page_{mask,bits}
tcg: Drop TCGContext.tlb_dyn_max_bits
target/microblaze: Simplify compute_ldst_addr_type{a,b}
target/microblaze: Drop DisasContext.r0
target/microblaze: Use TARGET_LONG_BITS == 32 for system mode
target/microblaze: Fix printf format in mmu_translate
target/microblaze: Use TCGv_i64 for compute_ldst_addr_ea
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Pierrick Bouvier [Thu, 22 May 2025 19:05:39 +0000 (12:05 -0700)]
qapi: make all generated files common
Monolithic files (qapi_nonmodule_outputs) can now be compiled just
once, so we can remove qapi_util_outputs logic.
This removes the need for any specific_ss file.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-13-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Pierrick Bouvier [Thu, 22 May 2025 19:05:38 +0000 (12:05 -0700)]
qapi: remove qapi_specific_outputs from meson.build
There is no more QAPI files that need to be compiled per target, so we
can remove this. qapi_specific_outputs is now empty, so we can remove
the associated logic in meson.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-12-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
qapi: make s390x specific CPU commands unconditionally available
This removes the TARGET_S390X and CONFIG_KVM conditions from the
CPU commands that are conceptually specific to s390x. Top level
stubs are provided to cope with non-s390x targets, or builds
without KVM.
The removal of CONFIG_KVM is justified by the fact there is no
conceptual difference between running 'qemu-system-s390x -accel tcg'
on a build with and without KVM built-in, so apps only using TCG
can't rely on the CONFIG_KVM in the schema.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-11-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
qapi: make most CPU commands unconditionally available
This removes the TARGET_* conditions from all the CPU commands
that are conceptually target independent. Top level stubs are
provided to cope with targets which do not currently implement
all of the commands. Adjust the doc comments accordingly.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-10-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
qapi: Make CpuModelExpansionInfo::deprecated-props optional and generic
We'd like to have some unified QAPI schema. Having a structure field
conditional to a target being built in is not very practical.
While @deprecated-props is only used by s390x target, it is generic
enough and could be used by other targets (assuming we expand
CpuModelExpansionType enum values).
Let's always include this field, regardless of the target, but make it
optional. This is not a compatibility break only because the field
remains present always on S390x.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-9-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Observe the pre-existing bug with s390-skeys.c and target/i386/monitor.c
both including qapi-commands-misc-target.h despite not requiring it.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-8-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
qapi: make Xen event commands unconditionally available
This removes the TARGET_I386 condition from the Xen event channel
commands, moving them to the recently introduced misc-i386.json
QAPI file, given they are inherantly i386 specific commands.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-7-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
This removes the TARGET_I386 condition from the SGX confidential
virtualization commands, moving them to the recently introduced
misc-i386.json QAPI file, given they are inherantly i386 specific
commands.
Observe a pre-existing bug that the "SGXEPCSection" struct lacked
a TARGET_I386 condition, despite its only usage being behind a
TARGET_I386 condition.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-6-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
This removes the TARGET_ARM condition from the query-gic-capability
command. This requires providing a QMP command stub for non-ARM targets.
This in turn requires moving the command out of misc-target.json, since
that will trigger symbol poisoning errors when built from target
independent code.
Following the earlier precedent, this creates a misc-arm.json file to
hold this ARM specific command.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-5-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
This removes the TARGET_I386 condition from the SEV confidential
virtualization commands, moving them to the recently introduced
misc-i386.json QAPI file, given they are inherantly i386 specific
commands.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-4-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
This removes the TARGET_I386 condition from the rtc-reset-reinjection
command. This requires providing a QMP command stub for non-i386 target.
This in turn requires moving the command out of misc-target.json, since
that will trigger symbol poisoning errors when built from target
independent code.
Rather than putting the command into misc.json, it is proposed to create
misc-$TARGET.json files to hold commands whose impl is conceptually
only applicable to a single target. This gives an obvious docs hint to
consumers that the command is only useful in relation a specific target,
while misc.json is for commands applicable to 2 or more targets.
The current impl of qmp_rtc_reset_reinject() is a no-op if the i386
RTC is disabled in Kconfig, or if the running machine type lack any
RTC device.
The stub impl for non-i386 targets retains this no-op behaviour.
However, it is now reporting an Error mentioning this command is not
available for current target.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250522190542.588267-2-pierrick.bouvier@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cc: qemu-riscv@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target: Use cpu_pointer_wrap_uint32 for 32-bit targets
M68K, MicroBlaze, OpenRISC, RX, TriCore and Xtensa are
all 32-bit targets. AVR is more complicated, but using
a 32-bit wrap preserves current behaviour.
Cc: Michael Rolnik <mrolnik@gmail.com> Cc: Laurent Vivier <laurent@vivier.eu> Cc: Stafford Horne <shorne@gmail.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Cc: Max Filippov <jcmvbkbc@gmail.com>
Tested-by Bastian Koppelmann <kbastian@mail.uni-paderborn.de> (tricore) Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This was an extremely minor optimization for aarch64
and x86_64, to use a 32-bit AND instruction when the
guest softmmu tlb maximum was sufficiently small.
Both hosts can simply use a 64-bit AND insn instead.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Require TCGv_i32 and TCGv be identical, so drop
the extensions. Return constants when possible
instead of a mov into a temporary. Return register
inputs unchanged when possible.
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/microblaze: Implement extended address load/store out of line
Use helpers and address_space_ld/st instead of inline
loads and stores. This allows us to perform operations
on physical addresses wider than virtual addresses.
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Andreas Schwab [Tue, 20 May 2025 14:07:37 +0000 (16:07 +0200)]
linux-user: implement pgid field of /proc/self/stat
Signed-off-by: Andreas Schwab <schwab@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <mvmfrgzcr4m.fsf@suse.de>
docs/about/removed-features: Move removal notes to tidy up order
The removal notes within a section are mostly in version order. Move
the few that aren't so they are.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250521063711.29840-5-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/about/deprecated: Move deprecation notes to tidy up order
The deprecation notes within a section are mostly in version order.
Move the few that aren't so they are.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250521063711.29840-4-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/about: Belatedly document tightening of QMP device_add checking
Commit 4d8b0f0a9536 (v6.2.0) deprecated incorrectly typed device_add
arguments. Commit be93fd53723c (qdev-monitor: avoid QemuOpts in QMP
device_add) fixed them for v9.2.0, but neglected to update
documentation. Do that now.
Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250521063711.29840-2-armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[Commit message typo corrected]
target/sparc: don't set FSR_NVA when comparing unordered floats
FSR_NVA should be set when one of the operands is a signaling NaN or
when using FCMPEx instructions. But those cases are already handled
within check_ieee_exception or floatxx_compare functions.
Otherwise, it should be left untouched.
FTR, this was detected by inf-compare-[5678] tests within gcc
testsuites.
Signed-off-by: Clément Chigot <chigot@adacore.com>
Message-Id: <20250425093513.863289-1-chigot@adacore.com> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Stefan Hajnoczi [Mon, 26 May 2025 14:16:59 +0000 (10:16 -0400)]
Merge tag 'pull-aspeed-20250526' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fixed memory leaks in qtest tests
* Reworked and fixed HACE (crypto) model for AST2700 SoC
* Extended HACE qtest tests
* Fixed RAM size detection on BE hosts
* Added network backends to ast2700fc machine
* Mapped main SoC memory into system memory on multi SoC machines
* tag 'pull-aspeed-20250526' of https://github.com/legoater/qemu: (39 commits)
docs: Remove ast2700fc from Aspeed family boards
hw/arm/fby35: Map BMC memory into system memory
hw/arm/aspeed_ast27x0-fc: Map ca35 memory into system memory
hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom
hw/arm/aspeed_ast2700-fc: Reduce ca35 ram size to align with ast2700a1
hw/arm/aspeed_ast2700-fc: Add network support
hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts
hw/intc/aspeed Fix coding style
hw/intc/aspeed: Set impl.min_access_size to 4
test/qtest/hace: Add tests for AST2700
test/qtest/hace: Support to validate 64-bit hmac key buffer addresses
test/qtest/hace: Support to test upper 32 bits of digest and source addresses
test/qtest/hace: Support 64-bit source and digest addresses for AST2700
test/qtest/hace: Update source data and digest data type to 64-bit
test/qtest/hace: Add tests for AST1030
test/qtest/hace: Add SHA-384 tests for AST2600
test/qtest/hace: Add SHA-384 test cases for ASPEED HACE model
test/qtest/hace: Adjust test address range for AST1030 due to SRAM limitations
test/qtest/hace: Specify explicit array sizes for test vectors and hash results
test/qtest: Introduce a new aspeed-hace-utils.c to place common testcases
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Steven Lee [Fri, 23 May 2025 09:31:41 +0000 (17:31 +0800)]
hw/arm/aspeed_ast27x0-fc: Map ca35 memory into system memory
Map the CA35 memory region as a subregion of system_memory to ensure
a valid FlatView. This prevents failures in APIs that rely on the
global memory view, such as rom_check_and_register_reset().
Steven Lee [Fri, 23 May 2025 09:31:40 +0000 (17:31 +0800)]
hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom
The unimplemented memory region overlaps with the VBootROM address
range, causing incorrect memory layout.
This patch adjusts the size and start address of the unimplemented
region to avoid collision. The IO memory region (ASPEED_DEV_IOMEM) is
now moved to 0x20000 to reserve space for VBootROM at 0x0.
Although the memory range 0x20000 - 0x10000000 is undefined in the
datasheet and should not be required, further testing shows OP-TEE
or U-Boot may access 0x400000 during early boot.
Removing the unimplemented region causes firmware hangs.
To prevent unexpected accesses, retain the region as a safeguard.
Jamin Lin [Thu, 22 May 2025 02:33:04 +0000 (10:33 +0800)]
hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts
On big-endian hosts, the aspeed_ram_capacity_write() function previously passed
the address of a 64-bit "data" variable directly to address_space_write(),
assuming host and guest endianness matched.
However, the data is expected to be written in little-endian format to DRAM.
On big-endian hosts, this led to incorrect data being written into DRAM,
which caused the guest firmware to misdetect the DRAM size.
As a result, U-Boot fails to boot and hangs.
- Replaces the "address_space_write()" call with "address_space_stl_le()",
which performs an explicit 32-bit little-endian write.
- Updating the MemoryRegionOps to restrict access to exactly 4 bytes
using .valid.{min,max}_access_size = 4 and .impl.min_access_size = 4.
Jamin Lin [Thu, 22 May 2025 02:33:02 +0000 (10:33 +0800)]
hw/intc/aspeed: Set impl.min_access_size to 4
This patch explicitly sets ".impl.min_access_size = 4" to match the
declared ".valid.min_access_size = 4", enforcing stricter access size
checking and preventing inconsistent partial accesses to the interrupt
controller registers.
Jamin Lin [Thu, 15 May 2025 08:10:00 +0000 (16:10 +0800)]
test/qtest/hace: Add tests for AST2700
The HACE models in AST2600 and AST2700 are nearly identical. Based on the
AST2600 test cases, new tests have been added for AST2700.
Implemented test functions for SHA-256, SHA-384, SHA-512, and MD5.
Added scatter-gather and accumulation test variants.
For AST2700, the HACE controller base address starts at "0x12070000", and
the DRAM start address is "0x4_00000000".
Jamin Lin [Thu, 15 May 2025 08:09:59 +0000 (16:09 +0800)]
test/qtest/hace: Support to validate 64-bit hmac key buffer addresses
Added "key" and "key_hi" fields to "AspeedMasks" for 64-bit addresses test.
Updated "aspeed_test_addresses" to validate "HACE_HASH_KEY_BUFF" and
"HACE_HASH_KEY_BUFF_HI".
Ensured correct masking of 64-bit addresses by checking both lower and upper
32-bit registers.
Jamin Lin [Thu, 15 May 2025 08:09:58 +0000 (16:09 +0800)]
test/qtest/hace: Support to test upper 32 bits of digest and source addresses
Added "src_hi" and "dest_hi" fields to "AspeedMasks" for 64-bit addresses test.
Updated "aspeed_test_addresses" to validate "HACE_HASH_SRC_HI" and
"HACE_HASH_DIGEST_HI".
Ensured correct masking of 64-bit addresses by checking both lower and upper
32-bit registers.
Jamin Lin [Thu, 15 May 2025 08:09:57 +0000 (16:09 +0800)]
test/qtest/hace: Support 64-bit source and digest addresses for AST2700
Added "HACE_HASH_SRC_HI" and "HACE_HASH_DIGEST_HI", "HACE_HASH_KEY_BUFF_HI"
registers to store upper 32 bits.
Updated "write_regs" to handle 64-bit source and digest addresses.
Jamin Lin [Thu, 15 May 2025 08:09:56 +0000 (16:09 +0800)]
test/qtest/hace: Update source data and digest data type to 64-bit
Currently, the hash data source and digest result buffer addresses are set to
32-bit. However, the AST2700 CPU is a 64-bit Cortex-A35 architecture, and its
DRAM base address is also 64-bit.
To support AST2700, update the hash data source address and digest result buffer
address to use 64-bit addressing.
Jamin Lin [Thu, 15 May 2025 08:09:55 +0000 (16:09 +0800)]
test/qtest/hace: Add tests for AST1030
The HACE model in AST2600 and AST1030 is identical. Referencing the AST2600
test cases, new tests have been created for AST1030.
Implemented test functions for SHA-256, SHA-384, SHA-512, and MD5.
Added scatter-gather and accumulation test variants.
For AST1030, the HACE controller base address starts at "0x7e6d0000", and the
SDRAM start address is "0x0".
Jamin Lin [Thu, 15 May 2025 08:09:54 +0000 (16:09 +0800)]
test/qtest/hace: Add SHA-384 tests for AST2600
Introduced "test_sha384_ast2600" to validate SHA-384 hashing.
Added "test_sha384_sg_ast2600" for scatter-gather SHA-384 verification.
Implemented "test_sha384_accum_ast2600" to test SHA-384 accumulation.
Registered new test cases in "main" to ensure execution.
Jamin Lin [Thu, 15 May 2025 08:09:53 +0000 (16:09 +0800)]
test/qtest/hace: Add SHA-384 test cases for ASPEED HACE model
Introduced SHA-384 test functions to verify hashing operations.
Extended support for scatter-gather ("_sg") and accumulation ("_accum") tests.
Updated test result vectors for SHA-384 validation.
Jamin Lin [Thu, 15 May 2025 08:09:52 +0000 (16:09 +0800)]
test/qtest/hace: Adjust test address range for AST1030 due to SRAM limitations
The digest_addr is set to "src_addr + 0x1000000", where src_addr is the DRAM
base address. However, the value 0x1000000 (16MB) is too large because the
AST1030 does not support DRAM, and its SRAM size is only 768KB.
A range size of 0x10000 (64KB) is sufficient for HACE test cases, as the test
vector size does not exceed 64KB.
Updates:
1. Direct Access Mode
Update digest_addr to "src_addr + 0x10000" in the following functions:
aspeed_test_md5
aspeed_test_sha256
aspeed_test_sha512
2. Scatter-Gather (SG) Mode
Update source address for different SG buffer addresses in the following
functions:
src_addr1 = src_addr + 0x10000
src_addr2 = src_addr + 0x20000
src_addr3 = src_addr + 0x30000
digest_addr = src_addr + 0x40000
aspeed_test_sha256_sg
aspeed_test_sha512_sg
3. ACC Mode Update
Update the SG List start address: src_addr + 0x10000
Update the SG List buffer size to 0x30000 (192KB).
Jamin Lin [Thu, 15 May 2025 08:09:51 +0000 (16:09 +0800)]
test/qtest/hace: Specify explicit array sizes for test vectors and hash results
To enhance code readability and prevent potential buffer overflows or unintended
size assumptions, this commit updates all fixed-size array declarations to use
explicit array sizes.
Jamin Lin [Thu, 15 May 2025 08:09:50 +0000 (16:09 +0800)]
test/qtest: Introduce a new aspeed-hace-utils.c to place common testcases
The test cases for the ASPEED HACE model were originally placed in
aspeed_hace-test.c. However, this test file only supports ARM32. To enable
compatibility with all ASPEED SoCs, including the AST2700, which uses the
AArch64 architecture, this update introduces a new source file,
aspeed-hace-utils.c.
All common APIs and test cases have been moved from aspeed_hace-test.c to
aspeed-hace-utils.c to facilitate reuse across different ASPEED SoCs.
As a result, these test cases can now be reused for AST2700 and future ASPEED
SoC testing.
Jamin Lin [Thu, 15 May 2025 08:09:48 +0000 (16:09 +0800)]
hw/misc/aspeed_hace: Support to dump plaintext and digest for better debugging
1. Added "hace_hexdump()" to dump a contiguous buffer using qemu_hexdump.
2. Added "hace_iov_hexdump()" to flatten and dump scatter-gather source vectors.
3. Introduced a new trace event: "aspeed_hace_hexdump".
Jamin Lin [Thu, 15 May 2025 08:09:46 +0000 (16:09 +0800)]
hw/misc/aspeed_hace: Support DMA 64 bits dram address
According to the AST2700 design, the data source address is 64-bit, with
R_HASH_SRC_HI storing bits [63:32] and R_HASH_SRC storing bits [31:0].
Similarly, the digest address is 64-bit, with R_HASH_DEST_HI storing bits
[63:32] and R_HASH_DEST storing bits [31:0].
To maintain compatibility with older SoCs such as the AST2600, the AST2700 HW
automatically set bit 34 of the 64-bit sg_addr. As a result, the firmware
only needs to provide a 32-bit sg_addr containing bits [31:0]. This is
sufficient for the AST2700, as it uses a DRAM offset rather than a DRAM
address.
Introduce a has_dma64 class attribute and set it to true for the AST2700.
projects / thirdparty / qemu.git / log
