hv_vcpu_set_sys_reg should only be called from the owning thread of the
vCPU, so to avoid crashes, the call to hvf_update_guest_debug is
dispatched to the individual threads.
Tested-by: Daniel Gomez <da.gomez@samsung.com> Signed-off-by: Mads Ynddal <m.ynddal@samsung.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250402135229.28143-3-mads@ynddal.dk Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tim Lee [Mon, 28 Apr 2025 02:29:34 +0000 (10:29 +0800)]
hw/arm/npcm8xx_boards: Correct valid_cpu_types setting of NPCM8XX SoC
NPCM8XX SoC is the successor of the NPCM7XX. It features quad-core
Cortex-A35 (Armv8, 64-bit) CPUs and some additional peripherals.
Correct the `valid_cpu_types` setting to match the NPCM8XX SoC.
Cc: qemu-stable@nongnu.org Fixes: 7e70eb3cad7c83 ("hw/arm: Add NPCM845 Evaluation board") Signed-off-by: Tim Lee <timlee660101@gmail.com>
Message-id: 20250428022934.3081139-1-timlee660101@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Tyrone Ting <kfting@nuvoton.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Mon, 5 May 2025 15:26:59 +0000 (11:26 -0400)]
Merge tag 'pull-9p-20250505' of https://github.com/cschoenebeck/qemu into staging
9pfs changes:
* Fixes for file descriptor reclaiming algorithm (i.e. when running
towards host's allowed limit of max. open file descriptors).
* Additional fixes on use-after-unlink idiom (i.e. client operations on a
file descriptor after file has been removed).
# -----BEGIN PGP SIGNATURE-----
#
# iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmgYie0XHHFlbXVfb3Nz
# QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5XbDRAAq5SW7Hxifdhf1ZRBtkVOD88q
# Iw/OrMLIke4pCQwRElCDrE0mhycqyUpNX67eIye7qx0dJl2btFQUI9L6YuCDFtcG
# fPORZl51V81BOXqS8MhbK1oDxidl+cnpA8GcA1OyhYjxBifOy/x/0KG0pZVwzi0Y
# jhAIdsfeSenTE0Zzb02oh9mVmlMtKnwrSz7R0IB3Sv575CQiO76OM5B9sps1TUPu
# NrnQYBIB+EwJnI+l9NOKzNa7AUxV/S73OFCyJkQCON2ZHWiVadgXxjlX3kHyh9oL
# 3uiiTdC2694jU0RaVMMSNLfdIG4YK2GkKPHM7qLYF8Kdc5QogEJifS/RoihCnZFR
# X72G7mOVo8/7goRBt3DGQCwz3eUgqTO9iPFn1hJRvx9x/CVlFi2eOP+5nHR5PMEO
# qSY2of6LziCslNXvxjjhf7HmRhlugkHqpr+UGTxwMGazr88bHKNFbsh/3BcTmWwW
# /wGRfEFse3exgFiCtoebavxbJaUeI0Y93S4KidOhhqrQFz24k2AElgFrb1gEpbht
# GWW8YEblL7Lj8mecFATXKiInHCyhVPFmuAO//Wbu9juJVcNPtl67f017bCR+90H3
# GrRJqorHrp6icGQmXSM+Qdrr3B21RZwqb3W4mdMOWN3Zg5bHPHJ6rx8BRe7qDHBH
# mWtvrsUfcL0sRW0nkgc=
# =hfW6
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 05 May 2025 05:50:37 EDT
# gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg: issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4
# Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395
* tag 'pull-9p-20250505' of https://github.com/cschoenebeck/qemu:
9pfs: fix 'total_open_fd' decrementation
tests/9p: Test `Tsetattr` can truncate unlinked file
tests/9p: add 'Tsetattr' request to test client
9pfs: Introduce futimens file op
9pfs: Introduce ftruncate file op
9pfs: Don't use file descriptors in core code
9pfs: local : Introduce local_fid_fd() helper
9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd()
9pfs: fix concurrent v9fs_reclaim_fd() calls
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-aspeed-20250505' of https://github.com/legoater/qemu: (24 commits)
docs: Add support for ast2700fc machine
tests/function/aspeed: Add functional test for ast2700fc
hw/arm: Introduce ASPEED AST2700 A1 full core machine
hw/arm/aspeed_ast27x0-tsp: Introduce AST27x0 A1 TSP SoC
hw/arm/aspeed_ast27x0-ssp: Introduce AST27x0 A1 SSP SoC
hw/intc/aspeed: Add support for AST2700 TSP INTC
hw/intc/aspeed: Add support for AST2700 SSP INTC
aspeed: ast27x0: Correct hex notation for device addresses
aspeed: ast27x0: Map unimplemented devices in SoC memory
docs/system/arm/aspeed: Support vbootrom for AST2700
docs/system/arm/aspeed: move AST2700 content to new section
tests/functional/aspeed: Add to test vbootrom for AST2700
hw/arm/aspeed: Add support for loading vbootrom image via "-bios"
hw/arm/aspeed_ast27x0 Introduce vbootrom memory region
tests/functional/aspeed: extract boot and login sequence into helper function
tests/functional/aspeed: Update test ASPEED SDK v09.06
tests/functional/aspeed: Move I2C test into shared helper for AST2700 reuse
hw/arm/aspeed_ast27x0: Rename variable sram_name to name in ast2700 realize
tests/functional/aspeed: Update test ASPEED SDK v03.00 for AST1030
tests/functional/aspeed: Update test ASPEED SDK v09.06 for AST2600
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
monitor: don't wake up qmp_dispatcher_co coroutine upon cleanup
rust: centralize config in workspace root
hw/char/serial: Remove unused prog_if compat property
target/i386: do not block singlestep for STI
target/i386: do not trigger IRQ shadow for LSS
target/i386/hvf: fix a compilation error
target/i386/emulate: remove rflags leftovers
rust/hpet: Support migration
rust/timer: Define NANOSECONDS_PER_SECOND binding as u64
rust/vmstate_test: Test varray with num field wrapped in BqlCell
rust: assertions: Support index field wrapped in BqlCell
vmstate: support varray for vmstate_clock!
rust/vmstate: Add support for field_exists checks
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 5 May 2025 15:26:40 +0000 (11:26 -0400)]
Merge tag 'migration-20250502-pull-request' of https://gitlab.com/peterx/qemu into staging
Migration pull request
- Prasad's few pre-requisite patches from multifd+postcopy enablement series
- Markus's fix on a latent bug for tls_authz setup
- Zhijian's latest RDMA series (includes the rdma soft-RoCE unit test)
- Jack's RDMA migration patch to re-enable ipv6
- Thomas's vmstate static checker update on rename field in acpi/ghes
- Peter's postcopy preempt optimization for locality hint
* tag 'migration-20250502-pull-request' of https://gitlab.com/peterx/qemu:
scripts/vmstate-static-checker.py: Allow new name for ghes_addr_le field
migration/rdma: Remove qemu_rdma_broken_ipv6_kernel
migration/postcopy: Spatial locality page hint for preempt mode
tests/qtest/migration: consolidate set capabilities
migration/ram: Implement save_postcopy_prepare()
migration: Add save_postcopy_prepare() savevm handler
migration: refactor channel discovery mechanism
migration/multifd: move macros to multifd header
migration: Fix latent bug in migrate_params_test_apply()
migration: Add qtest for migration over RDMA
migration: Unfold control_save_page()
migration/rdma: Remove redundant migration_in_postcopy checks
migration: disable RDMA + postcopy-ram
migration: check RDMA and capabilities are compatible on both sides
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 5 May 2025 15:26:28 +0000 (11:26 -0400)]
Merge tag 'pull-request-2025-04-30' of https://gitlab.com/thuth/qemu into staging
* Extend s390x diagnose call 308 subcode 10 to return more information
* Make valgrind support configurable
* Drop support for Python 3.8
* Some other misc cosmetic changes
* tag 'pull-request-2025-04-30' of https://gitlab.com/thuth/qemu:
docs/devel/build-environment: enhance MSYS2 instructions
hw/rtc/mc146818rtc: Drop pre-v3 migration stream support
meson.build: Put the D-Bus summary into the UI section
tests/functional/test_ppc64_pseries: Skip test_ppc64_linux_smt_boot if necessary
Drop support for Python 3.8
meson/configure: add 'valgrind' option & --{en, dis}able-valgrind flag
target/s390x: Return UVC cmd code, RC and RRC value when DIAG 308 Subcode 10 fails to enter secure mode
target/s390x: Introduce function when exiting PV
target/s390x: Introduce constant when checking if PV header couldn't be decrypted
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
According to 'man 2 close' errors returned by close() should only be used
for either diagnostic purposes or for catching data loss due to a previous
write error, as an error result of close() usually indicates a deferred
error of a previous write operation.
Therefore not decrementing 'total_open_fd' on a close() error is wrong
and would yield in a higher open file descriptor count than actually the
case, leading to 9p server reclaiming open file descriptors too soon.
Based-on: <20250312152933.383967-7-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1tvEyJ-004dMa-So@kylie.crudebyte.com>
Greg Kurz [Wed, 12 Mar 2025 15:29:32 +0000 (16:29 +0100)]
tests/9p: Test `Tsetattr` can truncate unlinked file
Enhance the `use-after-unlink` test with a new check for the
case where the client wants to alter the size of an unlinked
file for which it still has an active fid.
Suggested-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20250312152933.383967-7-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Add and implement functions to 9pfs test client for sending a 9p2000.L
'Tsetattr' request and receiving its 'Rsetattr' response counterpart.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20250312152933.383967-6-groug@kaod.org>
Greg Kurz [Wed, 12 Mar 2025 15:29:30 +0000 (16:29 +0100)]
9pfs: Introduce futimens file op
Add an futimens operation to the fs driver and use if when a fid has
a valid file descriptor. This is required to support more cases where
the client wants to do an action on an unlinked file which it still
has an open file decriptor for.
Only 9P2000.L was considered.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20250312152933.383967-5-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Greg Kurz [Wed, 12 Mar 2025 15:29:29 +0000 (16:29 +0100)]
9pfs: Introduce ftruncate file op
Add an ftruncate operation to the fs driver and use if when a fid has
a valid file descriptor. This is required to support more cases where
the client wants to do an action on an unlinked file which it still
has an open file decriptor for.
Only 9P2000.L was considered.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20250312152933.383967-4-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Greg Kurz [Wed, 12 Mar 2025 15:29:28 +0000 (16:29 +0100)]
9pfs: Don't use file descriptors in core code
v9fs_getattr() currently peeks into V9fsFidOpenState to know if a fid
has a valid file descriptor or directory stream. Even though the fields
are accessible, this is an implementation detail of the local backend
that should not be manipulated directly by the server code.
Abstract that with a new has_valid_file_handle() backend operation.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20250312152933.383967-3-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Greg Kurz [Wed, 12 Mar 2025 15:29:27 +0000 (16:29 +0100)]
9pfs: local : Introduce local_fid_fd() helper
Factor out duplicated code to a single helper. More users to come.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20250312152933.383967-2-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd()
This patch fixes two different bugs in v9fs_reclaim_fd():
1. Reduce latency:
This function calls v9fs_co_close() and v9fs_co_closedir() in a loop. Each
one of the calls adds two thread hops (between main thread and a fs driver
background thread). Each thread hop adds latency, which sums up in
function's loop to a significant duration.
Reduce overall latency by open coding what v9fs_co_close() and
v9fs_co_closedir() do, executing those and the loop itself altogether in
only one background thread block, hence reducing the total amount of
thread hops to only two.
2. Fix file descriptor leak:
The existing code called v9fs_co_close() and v9fs_co_closedir() to close
file descriptors. Both functions check right at the beginning if the 9p
request was cancelled:
if (v9fs_request_cancelled(pdu)) {
return -EINTR;
}
So if client sent a 'Tflush' message, v9fs_co_close() / v9fs_co_closedir()
returned without having closed the file descriptor and v9fs_reclaim_fd()
subsequently freed the FID without its file descriptor being closed, hence
leaking those file descriptors.
This 2nd bug is fixed by this patch as well by open coding v9fs_co_close()
and v9fs_co_closedir() inside of v9fs_reclaim_fd() and not performing the
v9fs_request_cancelled(pdu) check there.
Even though this function is serialized to be always called from main
thread, v9fs_reclaim_fd() is dispatching the coroutine to a worker thread
in between via its v9fs_co_*() calls, hence leading to the situation where
v9fs_reclaim_fd() is effectively executed multiple times simultaniously,
which renders its LRU algorithm useless and causes high latency.
Fix this by adding a simple boolean variable to ensure this function is
only called once at a time. No synchronization needed for this boolean
variable as this function is only entered and returned on main thread.
Fixes: 7a46274529c ('hw/9pfs: Add file descriptor reclaim support') Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <5c622067efd66dd4ee5eca740dcf263f41db20b2.1741339452.git.qemu_oss@crudebyte.com>
Steven Lee [Fri, 2 May 2025 10:34:45 +0000 (18:34 +0800)]
docs: Add support for ast2700fc machine
- Updated Aspeed family boards list to include `ast2700fc`.
- Added boot instructions for the `ast2700fc` machine.
- Detailed the configuration and loading of firmware for the
Cortex-A35 and Cortex-M4 processors.
Steven Lee [Fri, 2 May 2025 10:34:43 +0000 (18:34 +0800)]
hw/arm: Introduce ASPEED AST2700 A1 full core machine
- Added new machine type `ast2700fc` with full core support.
- Defined `Ast2700FCState` structure for the new machine type.
- Implemented initialization functions for CA35, SSP, and TSP components.
- Updated `ast2700fc_types` to include the new machine type.
- Set machine class properties for `ast2700fc`.
Test Step:
- Download ast2700-default-obmc.tar.gz from AspeedTech-BMC OpenBmc
release page.
- Run the following QEMU command:
AST2700 TSP(Tertiary Service Processor) is a Cortex-M4 coprocessor
The patch adds support for TSP with following update:
- Introduce Aspeed27x0TSPSoCState structure in aspeed_soc.h
- Implement initialization and realization functions
- Add support for UART, INTC, and SCU devices
- Map unimplemented devices for IPC and SCUIO
- Defined memory map and IRQ maps for AST27x0 A1 TSP SoC
The IRQ mapping is similar to AST2700 CA35 SoC, featuring a two-level
interrupt controller.
Difference from AST2700:
- AST2700
- Support GICINT128 to GICINT136 in INTC
- The INTCIO GIC_192_201 has 10 output pins, mapped as follows:
Bit 0 -> GIC 192
Bit 1 -> GIC 193
Bit 2 -> GIC 194
Bit 3 -> GIC 195
Bit 4 -> GIC 196
- AST2700-tsp
- Support TSPINT128 to TSPINT136 in INTC
- The INTCIO TSPINT_160_169 has 10 output pins, mapped as follows:
Bit 0 -> TSPINT 160
Bit 1 -> TSPINT 161
Bit 2 -> TSPINT 162
Bit 3 -> TSPINT 163
Bit 4 -> TSPINT 164
Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Change-Id: I69eec2b68b26ef04187b2922c5f2e584b9076c66 Reviewed-by: Cédric Le Goater <clg@redhat.com> Link: https://lore.kernel.org/qemu-devel/20250502103449.3091642-7-steven_lee@aspeedtech.com
[ clg: removed local 'Error* err' in aspeed_soc_ast27x0tsp_realize() ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
The AST2700 SSP (Secondary Service Processor) is a Cortex-M4 coprocessor.
This patch adds support for A1 SSP with the following updates:
- Introduce Aspeed27x0SSPSoCState structure in aspeed_soc.h
- Define memory map and IRQ map for AST27x0 A1 SSP SoC
- Implement initialization and realization functions
- Add support for UART, INTC, and SCU devices
- Map unimplemented devices for IPC and SCUIO
The IRQ mapping is similar to AST2700 CA35 SoC, featuring a two-level
interrupt controller.
Difference from AST2700:
- AST2700
- Support GICINT128 to GICINT136 in INTC
- The INTCIO GIC_192_201 has 10 output pins, mapped as follows:
Bit 0 -> GIC 192
Bit 1 -> GIC 193
Bit 2 -> GIC 194
Bit 3 -> GIC 195
Bit 4 -> GIC 196
- AST2700-ssp
- Support SSPINT128 to SSPINT136 in INTC
- The INTCIO SSPINT_160_169 has 10 output pins, mapped as follows:
Bit 0 -> SSPINT 160
Bit 1 -> SSPINT 161
Bit 2 -> SSPINT 162
Bit 3 -> SSPINT 163
Bit 4 -> SSPINT 164
Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Change-Id: I924bf1a657f1e83f9e16d6673713f4a06ecdb496 Reviewed-by: Cédric Le Goater <clg@redhat.com> Link: https://lore.kernel.org/qemu-devel/20250502103449.3091642-6-steven_lee@aspeedtech.com
[ clg: removed local 'Error* err' in aspeed_soc_ast27x0ssp_realize() ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
Steven Lee [Fri, 2 May 2025 10:34:40 +0000 (18:34 +0800)]
hw/intc/aspeed: Add support for AST2700 TSP INTC
- Define new types for ast2700tsp INTC and INTCIO
- Add register definitions for TSP INTC and INTCIO
- Implement write handlers for TSP INTC and INTCIO
- Register new types in aspeed_intc_register_types
The design of the TSP INTC and INTCIO controllers is similar to
AST2700, with the following differences:
- AST2700
Support GICINT128 to GICINT136 in INTC
The INTCIO GIC_192_201 has 10 output pins, mapped as follows:
Bit 0 -> GIC 192
Bit 1 -> GIC 193
Bit 2 -> GIC 194
Bit 3 -> GIC 195
Bit 4 -> GIC 196
- AST2700-tsp
Support TSPINT128 to TSPINT136 in INTC
The INTCIO TSPINT_160_169 has 10 output pins, mapped as follows:
Bit 0 -> TSPINT 160
Bit 1 -> TSPINT 161
Bit 2 -> TSPINT 162
Bit 3 -> TSPINT 163
Bit 4 -> TSPINT 164
Steven Lee [Fri, 2 May 2025 10:34:39 +0000 (18:34 +0800)]
hw/intc/aspeed: Add support for AST2700 SSP INTC
- Define new types for ast2700ssp INTC and INTCIO
- Add register definitions for SSP INTC and INTCIO
- Implement write handlers for SSP INTC and INTCIO
- Register new types in aspeed_intc_register_types
The design of the SSP INTC and INTCIO controllers is similar to
AST2700, with the following differences:
- AST2700
Support GICINT128 to GICINT136 in INTC
The INTCIO GIC_192_201 has 10 output pins, mapped as follows:
Bit 0 -> GIC 192
Bit 1 -> GIC 193
Bit 2 -> GIC 194
Bit 3 -> GIC 195
Bit 4 -> GIC 196
- AST2700-ssp
Support SSPINT128 to SSPINT136 in INTC
The INTCIO SSPINT_160_169 has 10 output pins, mapped as follows:
Bit 0 -> SSPINT 160
Bit 1 -> SSPINT 161
Bit 2 -> SSPINT 162
Bit 3 -> SSPINT 163
Bit 4 -> SSPINT 164
Steven Lee [Fri, 2 May 2025 10:34:37 +0000 (18:34 +0800)]
aspeed: ast27x0: Map unimplemented devices in SoC memory
Maps following unimplemented devices in SoC memory
- dpmcu
- iomem
- iomem0
- iomem1
- ltpi
Iomem, Iomem0 and Iomem1 include unimplemented controllers in the memory ranges 0x0 - 0x1000000, 0x120000000 - 0x121000000 and
0x14000000 - 0x141000000.
For instance:
- USB hub at 0x12010000
- eSPI at 0x14C5000
- PWM at 0x140C0000
DPMCU stands for Display Port MCU controller. LTPI is used to connect to AST1700.
AST1700 is an I/O expander that supports the DC-SCM 2.1 LTPI protocol.
It provides AST2700 with additional GPIO, UART, I3C, and other interfaces.
Jamin Lin [Thu, 24 Apr 2025 07:51:33 +0000 (15:51 +0800)]
docs/system/arm/aspeed: move AST2700 content to new section
Moved AST2700-related content from the general Aspeed board list into a
dedicated section for Aspeed 2700 family boards. Improves clarity and
readability.
Jamin Lin [Thu, 24 Apr 2025 07:51:32 +0000 (15:51 +0800)]
tests/functional/aspeed: Add to test vbootrom for AST2700
Add the AST2700 functional test to boot using the vbootrom image
instead of manually loading boot components with -device loader.
The boot ROM binary is now passed via the
-bios option, using the image located in pc-bios/ast27x0_bootrom.bin.
Jamin Lin [Thu, 24 Apr 2025 07:51:29 +0000 (15:51 +0800)]
hw/arm/aspeed_ast27x0 Introduce vbootrom memory region
Introduce a new vbootrom memory region. The region is mapped at address
"0x00000000" and has a size of 128KB, identical to the SRAM region size.
This memory region is intended for loading a vbootrom image file as part of the
boot process.
The vbootrom registered in the SoC's address space using the ASPEED_DEV_VBOOTROM
index.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Nabih Estefan <nabihestefan@google.com> Tested-by: Nabih Estefan <nabihestefan@google.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Link: https://lore.kernel.org/qemu-devel/20250424075135.3715128-2-jamin_lin@aspeedtech.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Jamin Lin [Wed, 23 Apr 2025 07:23:43 +0000 (15:23 +0800)]
tests/functional/aspeed: Move I2C test into shared helper for AST2700 reuse
Move the I2C test case into a common helper function (do_ast2700_i2c_test) so it
can be reused across multiple AST2700-based test cases. This reduces duplication
and improves maintainability.
Jamin Lin [Wed, 23 Apr 2025 07:23:37 +0000 (15:23 +0800)]
hw/arm/aspeed_ast27x0: Rename variable sram_name to name in ast2700 realize
The variable "sram_name" was only used for naming the SRAM memory region.
Rename it to "name" for consistency with similar code and avoid unnecessary
new local variable declarations.
cde3247651dc998da5dc1005148302a90d72f21f fixed atomicity for LDRD, which
ends up making accesses 64-bits wide. However, the AST2600 bootloader
can sometimes compile with LDRD instructions, which causes the acceses
to fail when accessing the memory-mapped SPI flash.
To fix this, increase the MMIO region valid access size to allow for
64-bit accesses.
Troy Lee [Mon, 17 Mar 2025 06:59:38 +0000 (14:59 +0800)]
hw/arm: ast27x0: Wire up EHCI controllers
AST27x0 has 4 EHCI controllers, where each CPU and I/O die has 2
instances. This patch use existing TYPE_PLATFORM_EHCI. After wiring up
the EHCI controller, the ast2700a1-evb can find up to 4 USB EHCI
interfaces.
ehci-platform 12061000.usb: EHCI Host Controller
ehci-platform 12061000.usb: new USB bus registered, assigned bus number 2
ehci-platform 12063000.usb: EHCI Host Controller
ehci-platform 12063000.usb: new USB bus registered, assigned bus number 3
ehci-platform 12061000.usb: irq 88, io mem 0x12061000
ehci-platform 12063000.usb: irq 90, io mem 0x12063000
ehci-platform 14121000.usb: EHCI Host Controller
ehci-platform 14123000.usb: EHCI Host Controller
ehci-platform 12061000.usb: USB 2.0 started, EHCI 1.00
ehci-platform 14121000.usb: new USB bus registered, assigned bus number 5
ehci-platform 14123000.usb: new USB bus registered, assigned bus number 6
ehci-platform 14121000.usb: irq 91, io mem 0x14121000
ehci-platform 14123000.usb: irq 92, io mem 0x14123000
ehci-platform 12063000.usb: USB 2.0 started, EHCI 1.00
usb usb2: Manufacturer: Linux 6.6.78-dirty-bafd2830c17c-gbafd2830c17c-dirty ehci_hcd
usb usb3: Manufacturer: Linux 6.6.78-dirty-bafd2830c17c-gbafd2830c17c-dirty ehci_hcd
ehci-platform 14121000.usb: USB 2.0 started, EHCI 1.00
usb usb5: Manufacturer: Linux 6.6.78-dirty-bafd2830c17c-gbafd2830c17c-dirty ehci_hcd
ehci-platform 14123000.usb: USB 2.0 started, EHCI 1.00
usb usb6: Manufacturer: Linux 6.6.78-dirty-bafd2830c17c-gbafd2830c17c-dirty ehci_hcd
Note that, AST27x0A0 only has 2 EHCI controllers due to hw issue.
monitor: don't wake up qmp_dispatcher_co coroutine upon cleanup
Since the commit 3e6bed61 ("monitor: cleanup detection of qmp_dispatcher_co
shutting down"), coroutine pointer qmp_dispatcher_co is set to NULL upon
cleanup. If a QMP command is sent after monitor_cleanup() (e.g. after
shutdown), this may lead to SEGFAULT on aio_co_wake(NULL).
As mentioned in the comment inside monitor_cleanup(), the intention is to
allow incoming requests while shutting down, but simply leave them
without any response. Let's do exactly that, and if qmp_dispatcher_co
coroutine pointer has already been set to NULL, let's simply skip the
aio_co_wake() part.
This property was added to preserve previous value when this was fixed
in version 2.1 but the last machine using it was already removed when
adding diva-gsp leaving this property unused and unnecessary.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Helge Deller <deller@gmx.de> Link: https://lore.kernel.org/r/20250502095524.DE1F355D264@zero.eik.bme.hu Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 15 Jul 2024 08:35:06 +0000 (10:35 +0200)]
target/i386: do not block singlestep for STI
STI will trigger a singlestep exception even if it has inhibit-IRQ
behavior. Do not suppress single-step for all IRQ-inhibiting
instructions, instead special case MOV SS and POP SS.
Cc: qemu-stable@nongnu.org Fixes: f0f0136abba ("target/i386: no single-step exception after MOV or POP SS", 2024-05-25) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Magnus Kulke [Tue, 29 Apr 2025 09:33:19 +0000 (11:33 +0200)]
target/i386/emulate: remove rflags leftovers
Fixes: c901905ea670 ("target/i386/emulate: remove flags_mask")
In c901905ea670 rflags have been removed from `x86_decode`, but there
were some leftovers.
Zhao Liu [Mon, 14 Apr 2025 14:49:42 +0000 (22:49 +0800)]
rust/hpet: Support migration
Based on commit 1433e38cc8 ("hpet: do not overwrite properties on
post_load"), add the basic migration support to Rust HPET.
The current migration implementation introduces multiple unsafe
callbacks. Before the vmstate builder, one possible cleanup approach is
to wrap callbacks in the vmstate binding using a method similar to the
vmstate_exist_fn macro.
However, this approach would also create a lot of repetitive code (since
vmstate has so many callbacks: pre_load, post_load, pre_save, post_save,
needed and dev_unplug_pending). Although it would be cleaner, it would
somewhat deviate from the path of the vmstate builder.
Therefore, firstly focus on completing the functionality of HPET, and
those current unsafe callbacks can at least clearly indicate the needed
functionality of vmstate. The next step is to consider refactoring
vmstate to move towards the vmstate builder direction.
Additionally, update rust.rst about Rust HPET can support migration.
Paolo Bonzini [Fri, 2 May 2025 08:56:06 +0000 (10:56 +0200)]
rust: assertions: Support index field wrapped in BqlCell
Currently, if the `num` field of a varray is not a numeric type, such as
being placed in a wrapper, the array variant of assert_field_type will
fail the check.
HPET currently wraps num_timers in BqlCell<>. Although BqlCell<> is not
necessary from strictly speaking, it makes sense for vmstate to respect
BqlCell.
The failure of assert_field_type is because it cannot convert BqlCell<T>
into usize for use as the index. Use a constant 0 instead for the index,
by avoiding $(...)? and extracting the common parts of
assert_field_type! into an internal case.
Commit message based on a patch by Zhao Liu <zhao1.liu@intel.com>.
Zhao Liu [Mon, 14 Apr 2025 14:49:35 +0000 (22:49 +0800)]
rust/vmstate: Add support for field_exists checks
Unfortunately, at present it's not possible to have a const
"with_exist_check" method to append test_fn after vmstate_struct (due
to error on "constant functions cannot evaluate destructors" for `F`).
Before the vmstate builder, the only way to support "test_fn" is to
extend vmstate_struct macro to add the such new optional member (and
fortunately, Rust can still parse the current expansion!).
Abstract the previous callback implementation of vmstate_validate into
a separate macro, and moves it before vmstate_struct for vmstate_struct
to call.
Note that there's no need to add any extra flag for a new test_fn added
in the VMStateField.
Thomas Huth [Tue, 29 Apr 2025 15:21:39 +0000 (17:21 +0200)]
scripts/vmstate-static-checker.py: Allow new name for ghes_addr_le field
ghes_addr_le has been renamed to hw_error_le in commit 652f6d86cbb
("acpi/ghes: better name the offset of the hardware error firmware").
Adjust the checker script to allow that changed field name.
I hit following error which testing migration in pure RoCE env:
"-incoming rdma:[::]:8089: RDMA ERROR: You only have RoCE / iWARP devices in your
systems and your management software has specified '[::]', but IPv6 over RoCE /
iWARP is not supported in Linux.#012'."
In our setup, we use rdma bind on ipv6 on target host, while connect from source
with ipv4, remove the qemu_rdma_broken_ipv6_kernel, migration just work
fine.
Checking the git history, the function was added since introducing of
rdma migration, which is more than 10 years ago. linux-rdma has
improved support on RoCE/iWARP for ipv6 over past years. There are a few fixes
back in 2016 seems related to the issue, eg: aeb76df46d11 ("IB/core: Set routable RoCE gid type for ipv4/ipv6 networks")
other fixes back in 2018, eg: 052eac6eeb56 RDMA/cma: Update RoCE multicast routines to use net namespace 8d20a1f0ecd5 RDMA/cma: Fix rdma_cm raw IB path setting for RoCE 9327c7afdce3 RDMA/cma: Provide a function to set RoCE path record L2 parameters 5c181bda77f4 RDMA/cma: Set default GID type as RoCE when resolving RoCE route 3c7f67d1880d IB/cma: Fix default RoCE type setting be1d325a3358 IB/core: Set RoCEv2 MGID according to spec 63a5f483af0e IB/cma: Set default gid type to RoCEv2
So remove the outdated function and it's usage.
Cc: Peter Xu <peterx@redhat.com> Cc: Li Zhijian <lizhijian@fujitsu.com> Cc: Yu Zhang <yu.zhang@ionos.com> Cc: Fabiano Rosas <farosas@suse.de> Cc: qemu-devel@nongnu.org Cc: linux-rdma@vger.kernel.org Cc: michael@flatgalaxy.com Signed-off-by: Jack Wang <jinpu.wang@ionos.com> Tested-by: Li zhijian <lizhijian@fujitsu.com> Reviewed-by: Michael Galaxy <mrgalaxy@nvidia.com> Link: https://lore.kernel.org/r/20250402051306.6509-1-jinpu.wang@ionos.com
[peterx: some cosmetic changes] Signed-off-by: Peter Xu <peterx@redhat.com>
Peter Xu [Thu, 24 Apr 2025 22:07:05 +0000 (18:07 -0400)]
migration/postcopy: Spatial locality page hint for preempt mode
The preempt mode postcopy has been introduced for a while. From latency
POV, it should always win the vanilla postcopy.
However there's one thing missing when preempt mode is enabled right now,
which is the spatial locality hint when there're page requests from the
destination side.
In vanilla postcopy, as long as a page request was unqueued, it will update
the PSS of the precopy background stream, so that after a page request the
background thread will move the pages after whatever was requested. It's
pretty much a natural behavior when there's only one channel anyway, and
one scanner to send the pages.
Preempt mode didn't follow that, because preempt mode has its own channel
and its own PSS (which doesn't linearly scan the guest memory, but
dedicated to resolve page requested from destination). So the page request
process and the background migration process are completely separate.
This patch adds the hint explicitly for preempt mode. With that, whenever
the preempt mode receives a page request on the source, it will service the
remote page fault in the return path, then it'll provide a hint to the
background thread so that we'll start sending the pages right after the
requested ones in the background, assuming the follow up pages have a
higher chance to be accessed later.
NOTE: since the background migration thread and return path thread run
completely concurrently, it doesn't always mean the hint will be applied
every single time. For example, it's possible that the return path thread
receives multiple page requests in a row without the background thread
getting the chance to consume one. In such case, the preempt thread only
provide the hint if the previous hint has been consumed. After all,
there's no point queuing hints when we only have one linear scanner.
This could measureably improve the simple sequential memory access pattern
during postcopy (when preempt is on). For random accesses, I can measure a
slight increase of remote page fault latency from ~500us -> ~600us, that
could be a trade-off to have such hint mechanism, and after all that's
still greatly improved comparing to vanilla postcopy on random (~10ms).
The patch is verified by our QE team in a video streaming test case, to
reduce the pause of the video from ~1min to a few seconds when switching
over to postcopy with preempt mode.
tests/qtest/migration: consolidate set capabilities
Migration capabilities are set in multiple '.start_hook'
functions for various tests. Instead, consolidate setting
capabilities in 'migrate_start_set_capabilities()' function
which is called from the 'migrate_start()' function.
While simplifying the capabilities setting, it helps
to declutter the qtest sources.
Add a savevm handler for a module to opt-in sending extra sections right
before postcopy starts, and before VM is stopped.
RAM will start to use this new savevm handler in the next patch to do flush
and sync for multifd pages.
Note that we choose to do it before VM stopped because the current only
potential user is not sensitive to VM status, so doing it before VM is
stopped is preferred to enlarge any postcopy downtime.
It is still a bit unfortunate that we need to introduce such a new savevm
handler just for the only use case, however it's so far the cleanest.
The various logical migration channels don't have a
standardized way of advertising themselves and their
connections may be seen out of order by the migration
destination. When a new connection arrives, the incoming
migration currently make use of heuristics to determine
which channel it belongs to.
The next few patches will need to change how the multifd
and postcopy capabilities interact and that affects the
channel discovery heuristic.
Refactor the channel discovery heuristic to make it less
opaque and simplify the subsequent patches.
Li Zhijian [Tue, 11 Mar 2025 02:42:21 +0000 (10:42 +0800)]
migration: Add qtest for migration over RDMA
This qtest requires there is a RDMA(RoCE) link in the host.
In order to make the test work smoothly, introduce a
scripts/rdma-migration-helper.sh to detect existing RoCE link before
running the test.
Test will be skipped if there is no available RoCE link.
# Start of rdma tests
# Running /x86_64/migration/precopy/rdma/plain
ok 1 /x86_64/migration/precopy/rdma/plain # SKIP No rdma link available
# To enable the test:
# Run 'scripts/rdma-migration-helper.sh setup' with root to setup a new rdma/rxe link and rerun the test
# Optional: run 'scripts/rdma-migration-helper.sh clean' to revert the 'setup'
# End of rdma tests
Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: Stefan Hajnoczi <stefanha@gmail.com> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Message-ID: <20250311024221.363421-1-lizhijian@fujitsu.com>
[add 'head -1' to script, reformat test message] Signed-off-by: Fabiano Rosas <farosas@suse.de>
Li Zhijian [Wed, 5 Mar 2025 06:28:24 +0000 (14:28 +0800)]
migration: Unfold control_save_page()
control_save_page() is for RDMA only, unfold it to make the code more
clear.
In addition:
- Similar to other branches style in ram_save_target_page(), involve RDMA
only if the condition 'migrate_rdma()' is true.
- Further simplify the code by removing the RAM_SAVE_CONTROL_NOT_SUPP.
Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Message-ID: <20250305062825.772629-6-lizhijian@fujitsu.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Li Zhijian [Wed, 5 Mar 2025 06:28:21 +0000 (14:28 +0800)]
migration: check RDMA and capabilities are compatible on both sides
Depending on the order of starting RDMA and setting capability,
they can be categorized into the following scenarios:
Source:
S1: [set capabilities] -> [Start RDMA outgoing]
Destination:
D1: [set capabilities] -> [Start RDMA incoming]
D2: [Start RDMA incoming] -> [set capabilities]
Previously, compatibility between RDMA and capabilities was verified only
in scenario D1, potentially causing migration failures in other situations.
For scenarios S1 and D1, we can seamlessly incorporate
migration_transport_compatible() to address compatibility between
channels and capabilities vs transport.
For scenario D2, ensure compatibility within migrate_caps_check().
Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Message-ID: <20250305062825.772629-3-lizhijian@fujitsu.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Jamin Lin [Tue, 29 Apr 2025 06:28:20 +0000 (14:28 +0800)]
pc-bios: Add AST27x0 vBootrom
The boot ROM is a minimal implementation designed to load an AST27x0 boot image.
Its source code is available at:
https://github.com/google/vbootrom
Commit id: d6e3386709b3e49322a94ffadc2aaab9944ab77b
Build Information:
```
Build Date : Apr 29 2025 01:23:18
FW Version : git-d6e3386
```
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Nabih Estefan <nabihestefan@google.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Tested-by: Nabih Estefan <nabihestefan@google.com> Link: https://lore.kernel.org/qemu-devel/20250429062822.1184920-2-jamin_lin@aspeedtech.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
hw/rtc/mc146818rtc: Drop pre-v3 migration stream support
mc146818rtc's migration stream is at version 3 since commit 56038ef6234 ("RTC: Update the RTC clock only when reading it")
from 12 years ago, released in QEMU v1.3.0!
No versioned machines are that old, we can safely remove
support for older streams and the qdev_set_legacy_instance_id()
call.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20250115210048.25396-1-philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 24 Apr 2025 08:54:26 +0000 (10:54 +0200)]
tests/functional/test_ppc64_pseries: Skip test_ppc64_linux_smt_boot if necessary
The test_ppc64_linux_smt_boot function lacks the set_machine('pseries'),
so this test is currently failing in case the 'pseries' machine has not
been compiled into the binary. Add the check now to fix it.
Message-ID: <20250424085426.663377-1-thuth@redhat.com> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 25 Apr 2025 12:07:10 +0000 (14:07 +0200)]
Drop support for Python 3.8
Python 3.8 went "end of life" in October 2024 and Fedora 42 dropped
this version already, so the "python" CI job is currently failing.
Thus it's time to drop support for this Python version in QEMU, too.
While we're at it, also look for "python3.13" in the configure script.
Message-ID: <20250425120710.879518-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
meson/configure: add 'valgrind' option & --{en, dis}able-valgrind flag
Currently valgrind debugging support for coroutine stacks is enabled
unconditionally when valgrind/valgrind.h is found. There is no way
to disable valgrind support if valgrind.h is present in the build env.
This is bad for distros, as an dependency far down the chain may cause
valgrind.h to become installed, inadvertently enabling QEMU's valgrind
debugging support. It also means if a distro wants valgrind support
there is no way to mandate this.
The solution is to add a 'valgrind' build feature to meson and thus
configure script.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250425121713.1913424-1-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Kevin Wolf [Tue, 29 Apr 2025 15:56:54 +0000 (17:56 +0200)]
file-posix: Fix crash on discard_granularity == 0
Block devices that don't support discard have a discard_granularity of
0. Currently, this results in a division by zero when we try to make
sure that it's a multiple of request_alignment. Only try to update
bs->bl.pdiscard_alignment when we got a non-zero discard_granularity
from sysfs.
Fixes: f605796aae4 ('file-posix: probe discard alignment on Linux block devices') Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20250429155654.102735-1-kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Gautam Gala [Wed, 23 Apr 2025 08:09:15 +0000 (10:09 +0200)]
target/s390x: Return UVC cmd code, RC and RRC value when DIAG 308 Subcode 10 fails to enter secure mode
Extend DIAG308 subcode 10 to return the UVC RC, RRC and command code
in bit positions 32-47, 16-31, and 0-15 of register R1 + 1 if the
function does not complete successfully (in addition to the
previously returned diag response code in bit position 47-63).
Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Gautam Gala <ggala@linux.ibm.com> Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
Message-ID: <20250423080915.1048123-4-ggala@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Gautam Gala [Wed, 23 Apr 2025 08:09:14 +0000 (10:09 +0200)]
target/s390x: Introduce function when exiting PV
Replace an existing macro (s390_pv_cmd_exit) that looks like
a function with an actual function. The function will be used
when exiting PV instead of the macro.
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Gautam Gala <ggala@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250423080915.1048123-3-ggala@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Gautam Gala [Wed, 23 Apr 2025 08:09:13 +0000 (10:09 +0200)]
target/s390x: Introduce constant when checking if PV header couldn't be decrypted
Introduce a named constant when checking the Set Secure Configuration parameters
UV call return code for the case where no valid host key was found and therefore
the PV header couldn't be decrypted (0x108).
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Gautam Gala <ggala@linux.ibm.com>
Message-ID: <20250423080915.1048123-2-ggala@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Merge into INDEX_op_{ld,st,ld2,st2}, where "2" indicates that two
inputs or outputs are required. This simplifies the processing of
i64/i128 depending on host word size.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / thirdparty / qemu.git / log
