CID 1568580: Incorrect expression (EVALUATION_ORDER)
In "table_size = table_size = n_vectors * 16U",
"table_size" is written twice with the same value.
Cc: qemu-trivial@nongnu.org Cc: Peter Maydell <peter.maydell@linaro.org>
Resolves: Coverity CID 1568580 Fixes: 01c1caa9d1 ("hw/riscv/virt.c, riscv-iommu-sys.c: add MSIx support") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Han Han [Thu, 19 Dec 2024 08:51:38 +0000 (16:51 +0800)]
target/i386/cpu: Fix notes for CPU models
Fixes: 644e3c5d812 ("missing vmx features for Skylake-Server and Cascadelake-Server") Signed-off-by: Han Han <hhan@redhat.com> Reviewed-by: Chenyi Qiang <chenyi.qiang@intel.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
docs: Replace 'since' -> 'removed in' in removed-features.rst
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
TCG trace-events were deprecated before the v6.2 release,
and removed for v7.0.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
docs: Correct '-runas' and '-fsdev/-virtfs proxy' indentation
Use the same style for deprecated / removed commands.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
../block/vvfat.c:433:24: runtime error: index 14 out of bounds for type 'uint8_t [11]'
#0 0x56151a66b93a in create_long_filename ../block/vvfat.c:433
#1 0x56151a66f3d7 in create_short_and_long_name ../block/vvfat.c:725
#2 0x56151a670403 in read_directory ../block/vvfat.c:804
#3 0x56151a674432 in init_directories ../block/vvfat.c:964
#4 0x56151a67867b in vvfat_open ../block/vvfat.c:1258
#5 0x56151a3b8e19 in bdrv_open_driver ../block.c:1660
#6 0x56151a3bb666 in bdrv_open_common ../block.c:1985
#7 0x56151a3cadb9 in bdrv_open_inherit ../block.c:4153
#8 0x56151a3c8850 in bdrv_open_child_bs ../block.c:3731
#9 0x56151a3ca832 in bdrv_open_inherit ../block.c:4098
#10 0x56151a3cbe40 in bdrv_open ../block.c:4248
#11 0x56151a46344f in blk_new_open ../block/block-backend.c:457
#12 0x56151a388bd9 in blockdev_init ../blockdev.c:612
#13 0x56151a38ab2d in drive_new ../blockdev.c:1006
#14 0x5615190fca41 in drive_init_func ../system/vl.c:649
#15 0x56151aa796dd in qemu_opts_foreach ../util/qemu-option.c:1135
#16 0x5615190fd2b6 in configure_blockdev ../system/vl.c:708
#17 0x56151910a307 in qemu_create_early_backends ../system/vl.c:2004
#18 0x561519113fcf in qemu_init ../system/vl.c:3685
#19 0x56151a7e438e in main ../system/main.c:47
#20 0x7f72d1a46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#21 0x7f72d1a46304 in __libc_start_main_impl ../csu/libc-start.c:360
#22 0x561517e98510 in _start (/home/user/.work/qemu/build/qemu-system-aarch64+0x3b9b510)
The offset used can easily go beyond entry->name size. It's probably a
bug, but I don't have the time to dive into vfat specifics for now.
This change solves the ubsan issue, and is functionally equivalent, as
anything written past the entry->name array would not be read anyway.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Zhao Liu [Tue, 26 Nov 2024 16:30:46 +0000 (00:30 +0800)]
hw/timer/hpet: Drop the unused macro
HPET_TN_CFG_BITS_READONLY_OR_RESERVED is not used in any place since
HPET_TN_CFG_WRITE_MASK has been already used to check and fix the
writable bits in hpet_ram_write().
Drop this unused macro.
Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
docs/devel: remove dead video link for sourcehut submit process
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Hajnoczi [Thu, 26 Dec 2024 09:38:38 +0000 (04:38 -0500)]
Merge tag 'pull-vfio-20241226' of https://github.com/legoater/qemu into staging
vfio queue:
* Add support for IGD passthrough on all Intel Gen 11 and 12 devices
* Refactor dirty tracking engine to include VFIO state in calc-dirty-rate
* Drop usage migration_is_device() and migration_is_active()
* tag 'pull-vfio-20241226' of https://github.com/legoater/qemu:
migration: Unexport migration_is_active()
migration: Drop migration_is_device()
system/dirtylimit: Don't use migration_is_active()
vfio/migration: Rename vfio_devices_all_dirty_tracking()
vfio/migration: Refactor vfio_devices_all_running_and_mig_active() logic
vfio/migration: Refactor vfio_devices_all_dirty_tracking() logic
vfio/container: Add dirty tracking started flag
vfio/igd: add x-igd-gms option back to set DSM region size for guest
vfio/igd: emulate BDSM in mmio bar0 for gen 6-10 devices
vfio/igd: emulate GGC register in mmio bar0
vfio/igd: add macro for declaring mirrored registers
vfio/igd: add Alder/Raptor/Rocket/Ice/Jasper Lake device ids
vfio/igd: add Gemini Lake and Comet Lake device ids
vfio/igd: canonicalize memory size calculations
vfio/igd: align generation with i915 kernel driver
vfio/igd: remove unsupported device ids
vfio/igd: fix GTT stolen memory size calculation for gen 8+
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Avihai Horon [Wed, 18 Dec 2024 13:40:22 +0000 (15:40 +0200)]
migration: Unexport migration_is_active()
After being removed from VFIO and dirty limit, migration_is_active() no
longer has any users outside the migration subsystem, and in fact, it's
only used in migration.c.
Unexport it and also relocate it so it can be made static.
Signed-off-by: Avihai Horon <avihaih@nvidia.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Acked-by: Peter Xu <peterx@redhat.com> Tested-by: Joao Martins <joao.m.martins@oracle.com> Link: https://lore.kernel.org/r/20241218134022.21264-8-avihaih@nvidia.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Avihai Horon [Wed, 18 Dec 2024 13:40:20 +0000 (15:40 +0200)]
system/dirtylimit: Don't use migration_is_active()
vcpu_dirty_rate_stat_collect() uses migration_is_active() to detect
whether migration is running or not, in order to get the correct dirty
rate period value.
However, recently there has been an effort to simplify the migration
status API and reduce it to a single migration_is_running() function.
To accommodate this, and since the same functionality can be achieved
with migration_is_running(), use it instead of migration_is_active().
vfio_devices_all_dirty_tracking() is used to check if dirty page log
sync is needed. However, besides checking the dirty page tracking
status, it also checks the pre_copy_dirty_page_tracking flag.
Rename it to vfio_devices_log_sync_needed() which reflects its purpose
more accurately and makes the code clearer as there are already several
helpers with similar names.
During DMA unmap with vIOMMU, vfio_devices_all_running_and_mig_active()
is used to check whether a dirty page log sync of the unmapped pages is
required. Such log sync is needed during migration pre-copy phase, and
the current logic detects it by checking if migration is active and if
the VFIO devices are running.
However, recently there has been an effort to simplify the migration
status API and reduce it to a single migration_is_running() function.
To accommodate this, refactor vfio_devices_all_running_and_mig_active()
logic so it won't use migration_is_active(). Do it by simply checking if
dirty tracking has been started using internal VFIO flags.
This should be equivalent to the previous logic as during migration
dirty tracking is active and when the guest is stopped there shouldn't
be DMA unmaps coming from it.
As a side effect, now that migration status is no longer used, DMA unmap
log syncs are untied from migration. This will make calc-dirty-rate more
accurate as now it will also include VFIO dirty pages that were DMA
unmapped.
Also rename the function to properly reflect its new logic and extract
common code from vfio_devices_all_dirty_tracking().
During dirty page log sync, vfio_devices_all_dirty_tracking() is used to
check if dirty tracking has been started in order to avoid errors. The
current logic checks if migration is in ACTIVE or DEVICE states to
ensure dirty tracking has been started.
However, recently there has been an effort to simplify the migration
status API and reduce it to a single migration_is_running() function.
To accommodate this, refactor vfio_devices_all_dirty_tracking() logic so
it won't use migration_is_active() and migration_is_device(). Instead,
use internal VFIO dirty tracking flags.
As a side effect, now that migration status is no longer used to detect
dirty tracking status, VFIO log syncs are untied from migration. This
will make calc-dirty-rate more accurate as now it will also include VFIO
dirty pages.
While at it, as VFIODevice->dirty_tracking is now used to detect dirty
tracking status, add a comment that states how it's protected.
Tomita Moeko [Fri, 6 Dec 2024 12:27:48 +0000 (20:27 +0800)]
vfio/igd: add x-igd-gms option back to set DSM region size for guest
DSM region is likely to store framebuffer in Windows, a small DSM
region may cause display issues (e.g. half of the screen is black).
Since 971ca22f041b ("vfio/igd: don't set stolen memory size to zero"),
the x-igd-gms option was functionally removed, QEMU uses host's
original value, which is determined by DVMT Pre-Allocated option in
Intel FSP of host bios.
However, some vendors do not expose this config item to users. In
such cases, x-igd-gms option can be used to manually set the data
stolen memory size for guest. So this commit brings this option back,
keeping its old behavior. When it is not specified, QEMU uses host's
value.
When DVMT Pre-Allocated option is available in host BIOS, user should
set DSM region size there instead of using x-igd-gms option.
Tomita Moeko [Fri, 6 Dec 2024 12:27:47 +0000 (20:27 +0800)]
vfio/igd: emulate BDSM in mmio bar0 for gen 6-10 devices
A recent commit in i915 driver [1] claims the BDSM register at 0x1080c0
of mmio bar0 has been there since gen 6. Mirror this register to the 32
bit BDSM register at 0x5c in pci config space for gen6-10 devices.
Tomita Moeko [Fri, 6 Dec 2024 12:27:46 +0000 (20:27 +0800)]
vfio/igd: emulate GGC register in mmio bar0
The GGC register at 0x50 of pci config space is a mirror of the same
register at 0x108040 of mmio bar0 [1]. i915 driver also reads that
register from mmio bar0 instead of config space. As GGC is programmed
and emulated by qemu, the mmio address should also be emulated, in the
same way of BDSM register.
Tomita Moeko [Fri, 6 Dec 2024 12:27:45 +0000 (20:27 +0800)]
vfio/igd: add macro for declaring mirrored registers
igd devices have multipe registers mirroring mmio address and pci
config space, more than a single BDSM register. To support this,
the read/write functions are made common and a macro is defined to
simplify the declaration of MemoryRegionOps.
Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Link: https://lore.kernel.org/r/20241206122749.9893-8-tomitamoeko@gmail.com
[ clg : Fixed conversion specifier on 32-bit platform ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
Tomita Moeko [Fri, 6 Dec 2024 12:27:44 +0000 (20:27 +0800)]
vfio/igd: add Alder/Raptor/Rocket/Ice/Jasper Lake device ids
All gen 11 and 12 igd devices have 64 bit BDSM register at 0xC0 in its
config space, add them to the list to support igd passthrough on Alder/
Raptor/Rocket/Ice/Jasper Lake platforms.
Tested legacy mode of igd passthrough works properly on both linux and
windows guests with AlderLake-S GT1 (8086:4680).
Reviewed-by: Corvin Köhne <c.koehne@beckhoff.com> Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Link: https://lore.kernel.org/r/20241206122749.9893-7-tomitamoeko@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Tomita Moeko [Fri, 6 Dec 2024 12:27:43 +0000 (20:27 +0800)]
vfio/igd: add Gemini Lake and Comet Lake device ids
Both Gemini Lake and Comet Lake are gen 9 devices. Many user reports
on internet shows legacy mode of igd passthrough works as qemu treats
them as gen 8 devices by default before e433f208973f ("vfio/igd:
return an invalid generation for unknown devices").
Reviewed-by: Corvin Köhne <c.koehne@beckhoff.com> Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Link: https://lore.kernel.org/r/20241206122749.9893-6-tomitamoeko@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Tomita Moeko [Fri, 6 Dec 2024 12:27:42 +0000 (20:27 +0800)]
vfio/igd: canonicalize memory size calculations
Add helper functions igd_gtt_memory_size() and igd_stolen_size() for
calculating GTT stolen memory and Data stolen memory size in bytes,
and use macros to replace the hardware-related magic numbers for
better readability.
Tomita Moeko [Fri, 6 Dec 2024 12:27:41 +0000 (20:27 +0800)]
vfio/igd: align generation with i915 kernel driver
Define the igd device generations according to i915 kernel driver to
avoid confusion, and adjust comment placement to clearly reflect the
relationship between ids and devices.
The condition of how GTT stolen memory size is calculated is changed
accordingly as GGMS is in multiple of 2 starting from gen 8.
Reviewed-by: Corvin Köhne <c.koehne@beckhoff.com> Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Link: https://lore.kernel.org/r/20241206122749.9893-4-tomitamoeko@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Tomita Moeko [Fri, 6 Dec 2024 12:27:40 +0000 (20:27 +0800)]
vfio/igd: remove unsupported device ids
Since e433f208973f ("vfio/igd: return an invalid generation for unknown
devices"), the default return of igd_gen() was changed to unsupported.
There is no need to filter out those unsupported devices.
Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Corvin Köhne <c.koehne@beckhoff.com> Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com> Link: https://lore.kernel.org/r/20241206122749.9893-3-tomitamoeko@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
* tag 'pull-tcg-20241224' of https://gitlab.com/rth7680/qemu: (72 commits)
accel/tcg: Move gen_intermediate_code to TCGCPUOps.translate_core
target/hexagon: Simplify internal_mpyhh setup
target/hexagon: Use mulu64 for int128_mul_6464
target/hexagon: Remove Double
target/hexagon: Remove Float
target/hexagon: Expand GEN_XF_ROUND
target/hexagon: Remove internal_fmafx
target/hexagon: Use float32_muladd for helper_sffm[as]_lib
target/hexagon: Use float32_muladd_scalbn for helper_sffma_sc
target/hexagon: Use float32_muladd for helper_sffms
target/hexagon: Use float32_muladd for helper_sffma
target/hexagon: Use float32_mul in helper_sfmpy
softfloat: Add float_muladd_suppress_add_product_zero
softfloat: Add float_round_nearest_even_max
softfloat: Remove float_muladd_halve_result
target/sparc: Use float*_muladd_scalbn
target/arm: Use float*_muladd_scalbn
softfloat: Add float{16,32,64}_muladd_scalbn
tcg/optimize: Move fold_cmp_vec, fold_cmpsel_vec into alphabetic sort
tcg/optimize: Move fold_bitsel_vec into alphabetic sort
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
accel/tcg: Move gen_intermediate_code to TCGCPUOps.translate_core
Convert all targets simultaneously, as the gen_intermediate_code
function disappears from the target. While there are possible
workarounds, they're larger than simply performing the conversion.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/hexagon: Use float32_muladd for helper_sffm[as]_lib
There are multiple special cases for this instruction.
(1) The saturate to normal maximum instead of overflow to infinity is
handled by the new float_round_nearest_even_max rounding mode.
(2) The 0 * n + c special case is handled by the new
float_muladd_suppress_add_product_zero flag.
(3) The Inf - Inf -> 0 special case can be detected after the fact
by examining float_flag_invalid_isi.
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/hexagon: Use float32_muladd_scalbn for helper_sffma_sc
This instruction has a special case that 0 * x + c returns c
without the normal sign folding that comes with 0 + -0.
Use the new float_muladd_suppress_add_product_zero to
describe this.
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/hexagon: Use float32_muladd for helper_sffms
There are no special cases for this instruction. Since hexagon
always uses default-nan mode, explicitly negating the first
input is unnecessary. Use float_muladd_negate_product instead.
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Be careful not to call fold_masks_zs when the memory operation
is wide enough to require multiple outputs, so split into two
functions: fold_qemu_ld_1reg and fold_qemu_ld_2reg.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg/optimize: Use fold_masks_zs in fold_count_zeros
Avoid the use of the OptContext slots. Find TempOptInfo once.
Compute s_mask from the union of the maximum count and the
op2 fallback for op1 being zero.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Avoid the use of the OptContext slots. Find TempOptInfo once.
Always set s_mask along the BSWAP_OS path, since the result is
being explicitly sign-extended.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Change the representation from sign bit repetitions to all bits equal
to the sign bit, including the sign bit itself.
The previous format has a problem in that it is difficult to recreate
a valid sign mask after a shift operation: the "repetitions" part of
the previous format meant that applying the same shift as for the value
lead to an off-by-one value.
The new format, including the sign bit itself, means that the sign mask
can be manipulated in exactly the same way as the value, canonicalization
is easier.
Canonicalize the s_mask in fold_masks_zs, rather than requiring callers
to do so. Treat 0 as a non-canonical but typeless input for no sign
information, which will be reset as appropriate for the data type.
We can easily fold in the data from z_mask while canonicalizing.
Temporarily disable optimizations using s_mask while each operation is
converted to use fold_masks_zs and to the new form.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg/optimize: Augment s_mask from z_mask in fold_masks_zs
Consider the passed s_mask to be a minimum deduced from
either existing s_mask or from a sign-extension operation.
We may be able to deduce more from the set of known zeros.
Remove identical logic from several opcode folders.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use of fold_masks should be restricted to those opcodes that
can reliably make use of it -- those with a single output,
and from higher-level folders that set up the masks.
Prepare for conversion of each folder in turn.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
There are only a few logical operations which can compute
an "affected" mask. Split out handling of this optimization
to a separate function, only to be called when applicable.
Remove the a_mask field from OptContext, as the mask is
no longer stored anywhere.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Call them directly from the opcode switch statement in tcg_optimize,
rather than in finish_folding based on opcode flags. Adjust folding
of conditional branches to match.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pierrick Bouvier [Thu, 28 Nov 2024 21:38:43 +0000 (13:38 -0800)]
plugins: optimize cpu_index code generation
When running with a single vcpu, we can return a constant instead of a
load when accessing cpu_index.
A side effect is that all tcg operations using it are optimized, most
notably scoreboard access.
When running a simple loop in user-mode, the speedup is around 20%.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241128213843.1023080-1-pierrick.bouvier@linaro.org>
projects / thirdparty / qemu.git / log
