target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
According to the PushStack() pseudocode in the armv7m RM,
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
an FPU is present. Current implementation is doing it for
armv8, but not for armv7. This patch makes the existing
logic applicable to both code paths.
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 26 Nov 2019 12:36:40 +0000 (12:36 +0000)]
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging
RISC-V Patches for 4.2-rc3
This tag contains two patches that I'd like to target for 4.2-rc3:
* A fix to the DT entry for the SiFive test finisher.
* A fix to the spike board's HTIF interface.
This passes "make check" and boots OE for me.
# gpg: Signature made Mon 25 Nov 2019 20:51:13 GMT
# gpg: using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41
# gpg: issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41
* remotes/palmer/tags/riscv-for-master-4.2-rc3:
hw/riscv: Add optional symbol callback ptr to riscv_load_kernel()
RISC-V: virt: This is a "sifive,test1" test finisher
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/riscv: Add optional symbol callback ptr to riscv_load_kernel()
This patch adds an optional function pointer, "sym_cb", to
riscv_load_kernel() which provides the possibility to access the symbol
table during kernel loading.
The pointer is ignored, if supplied with Image or uImage file.
The Spike board requires the access to locate the HTIF symbols.
Fixes: 0ac24d56c5e7 ("hw/riscv: Split out the boot functions") Buglink: https://bugs.launchpad.net/qemu/+bug/1835827 Signed-off-by: Siwei Zhuang <siwei.zhuang@data61.csiro.au> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Palmer Dabbelt [Thu, 7 Nov 2019 22:25:00 +0000 (14:25 -0800)]
RISC-V: virt: This is a "sifive,test1" test finisher
The test finisher implements the reset command, which means it's a
"sifive,test1" device. This is a backwards compatible change, so it's
also a "sifive,test0" device. I copied the odd idiom for adding a
two-string compatible field from the ARM virt board.
Peter Maydell [Mon, 25 Nov 2019 16:25:47 +0000 (16:25 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 25 Nov 2019 15:30:56 GMT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net/virtio: return error when device_opts arg is NULL
net/virtio: fix re-plugging of primary device
net/virtio: return early when failover primary alread added
net/virtio: fix dev_unplug_pending
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 25 Nov 2019 15:47:44 +0000 (15:47 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pc: fixes
More small bugfixes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 25 Nov 2019 08:43:07 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
intel_iommu: TM field should not be in reserved bits
intel_iommu: refine SL-PEs reserved fields checking
virtio-input: fix memory leak on unrealize
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 9711cd0dfc3f ("net/virtio: add failover support") Signed-off-by: Jens Freimann <jfreimann@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jens Freimann [Wed, 20 Nov 2019 15:49:50 +0000 (16:49 +0100)]
net/virtio: fix re-plugging of primary device
failover_replug_primary was returning true on failure which lead to
re-plug not working when a migration failed. Fix this by returning
success when hotplug worked. This is a bug that was missed in last
round of testing but was tested succesfully with this version. Also
make sure we don't pass NULL to qdev_set_parent_bus().
Fixes: 9711cd0dfc3f ("net/virtio: add failover support") Signed-off-by: Jens Freimann <jfreimann@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jens Freimann [Wed, 20 Nov 2019 15:49:49 +0000 (16:49 +0100)]
net/virtio: return early when failover primary alread added
Bail out when primary device was already added before.
This avoids printing a wrong warning message during reboot.
Fixes: 9711cd0dfc3f ("net/virtio: add failover support") Signed-off-by: Jens Freimann <jfreimann@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jens Freimann [Wed, 20 Nov 2019 15:49:48 +0000 (16:49 +0100)]
net/virtio: fix dev_unplug_pending
.dev_unplug_pending is set up by virtio-net code indepent of failover
support was set for the device or not. This gives a wrong result when
we check for existing primary devices in migration code.
Fix this by actually calling dev_unplug_pending() instead of just
checking if the function pointer was set. When the feature was not
negotiated dev_unplug_pending() will always return false. This prevents
us from going into the wait-unplug state when there's no primary device
present.
Fixes: 9711cd0dfc3f ("net/virtio: add failover support") Signed-off-by: Jens Freimann <jfreimann@redhat.com> Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Qi, Yadong [Mon, 25 Nov 2019 00:33:21 +0000 (08:33 +0800)]
intel_iommu: TM field should not be in reserved bits
When dt is supported, TM field should not be Reserved(0).
Refer to VT-d Spec 9.8
Signed-off-by: Zhang, Qi <qi1.zhang@intel.com> Signed-off-by: Qi, Yadong <yadong.qi@intel.com>
Message-Id: <20191125003321.5669-3-yadong.qi@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
1. split the resevred fields arrays into two ones,
2. large page only effect for L2(2M) and L3(1G), so
remove checking of L1 and L4 for large page.
Signed-off-by: Zhang, Qi <qi1.zhang@intel.com> Signed-off-by: Qi, Yadong <yadong.qi@intel.com>
Message-Id: <20191125003321.5669-2-yadong.qi@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20191121095649.25453-1-marcandre.lureau@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Fangrui Song [Fri, 22 Nov 2019 08:00:39 +0000 (09:00 +0100)]
util/cutils: Fix incorrect integer->float conversion caught by clang
Clang does not like do_strtosz()'s code to guard against overflow:
qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709550592 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
The warning will be enabled by default in clang 10. It is not
available for clang <= 9.
val * mul >= 0xfffffffffffffc00 is indeed wrong. 0xfffffffffffffc00
is not representable exactly as double. It's half-way between the
representable values 0xfffffffffffff800 and 0x10000000000000000.
Which one we get is implementation-defined. Bad.
We want val * mul > (the largest uint64_t exactly representable as
double). That's 0xfffffffffffff800. Write it as nextafter(0x1p64, 0)
with a suitable comment.
Signed-off-by: Fangrui Song <i@maskray.me> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Patch split, commit message improved] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20191122080039.12771-3-armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com>
Dan Schatzberg [Fri, 22 Nov 2019 20:00:34 +0000 (12:00 -0800)]
9pfs: Fix divide by zero bug
Some filesystems may return 0s in statfs (trivially, a FUSE filesystem
can do so). QEMU should handle this gracefully and just behave the
same as if statfs failed.
Signed-off-by: Dan Schatzberg <dschatzberg@fb.com> Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Greg Kurz <groug@kaod.org>
Peter Maydell [Thu, 21 Nov 2019 17:18:40 +0000 (17:18 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* x86 updates for Intel errata (myself, Eduardo)
* the big ugly list of x86 VMX features, which was targeted for 5.0 but
caused a Libvirt regression (myself)
* remotes/bonzini/tags/for-upstream:
i386: Add -noTSX aliases for hle=off, rtm=off CPU models
i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
target/i386: add support for MSR_IA32_TSX_CTRL
target/i386: add VMX features to named CPU models
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eduardo Habkost [Wed, 20 Nov 2019 16:49:12 +0000 (13:49 -0300)]
i386: Add -noTSX aliases for hle=off, rtm=off CPU models
We have been trying to avoid adding new aliases for CPU model
versions, but in the case of changes in defaults introduced by
the TAA mitigation patches, the aliases might help avoid user
confusion when applying host software updates.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eduardo Habkost [Wed, 20 Nov 2019 16:49:11 +0000 (13:49 -0300)]
i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
One of the mitigation methods for TAA[1] is to disable TSX
support on the host system. Linux added a mechanism to disable
TSX globally through the kernel command line, and many Linux
distributions now default to tsx=off. This makes existing CPU
models that have HLE and RTM enabled not usable anymore.
Add new versions of all CPU models that have the HLE and RTM
features enabled, that can be used when TSX is disabled in the
host system.
Paolo Bonzini [Wed, 20 Nov 2019 12:19:22 +0000 (13:19 +0100)]
target/i386: add support for MSR_IA32_TSX_CTRL
The MSR_IA32_TSX_CTRL MSR can be used to hide TSX (also known as the
Trusty Side-channel Extension). By virtualizing the MSR, KVM guests
can disable TSX and avoid paying the price of mitigating TSX-based
attacks on microarchitectural side channels.
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 20 Nov 2019 17:37:53 +0000 (18:37 +0100)]
target/i386: add VMX features to named CPU models
This allows using "-cpu Haswell,+vmx", which we did not really want to
support in QEMU but was produced by Libvirt when using the "host-model"
CPU model. Without this patch, no VMX feature is _actually_ supported
(only the basic instruction set extensions are) and KVM fails to load
in the guest.
This was produced from the output of scripts/kvm/vmxcap using the following
very ugly Python script:
out = {}
for l in sys.stdin.readlines():
l = l.rstrip()
if l.endswith('!!'):
l = l[:-2].rstrip()
if l.startswith(' ') and (l.endswith('default') or l.endswith('yes')):
l = l[4:]
for key, value in bits.items():
if l.startswith(key):
ctl, bit = value
if ctl in out:
out[ctl] = out[ctl] + ' | '
else:
out[ctl] = ' [%s] = ' % ctl
out[ctl] = out[ctl] + bit
for x in sorted(out.keys()):
print("\n ".join(textwrap.wrap(out[x] + ",")))
Note that the script has a bug in that some keys apply to both VM entry
and VM exit controls ("load IA32_PERF_GLOBAL_CTRL", "load IA32_EFER",
"load IA32_PAT". Those have to be fixed by hand.
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 21 Nov 2019 11:27:33 +0000 (11:27 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-rc3-testing-and-tcg-201119-1' into staging
A few test and doc fixes:
- tweak DEBUG behaviour for vm-test-build
- rename and update plug docs for versioning
- slim down MAIN_SOFTMMU_TARGETS
# gpg: Signature made Wed 20 Nov 2019 10:56:23 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-rc3-testing-and-tcg-201119-1:
tests/tcg: modify multiarch tests to work with clang
.travis.yml: drop 32 bit systems from MAIN_SOFTMMU_TARGETS
docs/devel: update tcg-plugins.rst with API versioning details
docs/devel: rename plugins.rst to tcg-plugins.rst
tests/vm: make --interactive (and therefore DEBUG=1) unconditional
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 20 Nov 2019 11:01:20 +0000 (11:01 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, acpi: fixes
A couple of bugfixes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed 20 Nov 2019 09:57:44 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
tests: acpi: always retain dumped ACPI tables in case of error
vhost-user-input: use free(elem) instead of g_free(elem)
libvhost-user: Zero memory allocated for VuVirtqInflightDesc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 12 Nov 2019 18:31:19 +0000 (18:31 +0000)]
.travis.yml: drop 32 bit systems from MAIN_SOFTMMU_TARGETS
The older clangs are still struggling to build and run everything
withing the 50 minute timeout so lets lighten the load a bit more. We
still have coverage for GCC and hopefully no obscure 32 bit guest only
breakages slip through the cracks.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Alex Bennée [Tue, 12 Nov 2019 15:08:15 +0000 (15:08 +0000)]
tests/vm: make --interactive (and therefore DEBUG=1) unconditional
While the concept of only dropping to ssh if a test fails is nice it
is more useful for this to be unconditional. You usually just want to
get the build up and running and then noodle around debugging or
attempting to replicate.
Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Igor Mammedov [Wed, 20 Nov 2019 09:02:40 +0000 (10:02 +0100)]
tests: acpi: always retain dumped ACPI tables in case of error
If IASL wasn't able to parse expected file, test will just
print warning
"Warning! iasl couldn't parse the expected aml\n"
and remove temporary table dumped from guest.
Typically expected tables are always valid, with an exception
when patchset introduces new tables.
Make sure dumped tables are retained even if expected files
are not valid, so one could have a chance to manualy check new
tables.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1574240560-12538-1-git-send-email-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stefan Hajnoczi [Tue, 19 Nov 2019 11:16:26 +0000 (11:16 +0000)]
vhost-user-input: use free(elem) instead of g_free(elem)
The virtqueue element returned by vu_queue_pop() is allocated using
malloc(3) by virtqueue_alloc_element(). Use the matching free(3)
function instead of glib's g_free().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20191119111626.112206-1-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Xie Yongji [Tue, 19 Nov 2019 07:57:59 +0000 (15:57 +0800)]
libvhost-user: Zero memory allocated for VuVirtqInflightDesc
Use a zero-initialized VuVirtqInflightDesc struct to avoid
that scan-build reports that vq->resubmit_list[0].counter may
be garbage value in vu_check_queue_inflights().
Fixes: 5f9ff1eff ("libvhost-user: Support tracking inflight I/O in
shared memory") Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Xie Yongji <xieyongji@baidu.com>
Message-Id: <20191119075759.4334-1-xieyongji@baidu.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Volker Rümelin [Tue, 19 Nov 2019 06:58:49 +0000 (07:58 +0100)]
audio: fix audio recording
With current code audio recording with all audio backends
except PulseAudio and DirectSound is broken. The generic audio
recording buffer management forgot to update the current read
position after a read.
Fixes: ff095e5231 "audio: api for mixeng code free backends" Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Zoltán Kővágó <DirtY.iCE.hu@gmail.com>
Message-id: 2fc947cf-7b42-de68-3f11-cbcf1c096be9@t-online.de Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* remotes/bonzini/tags/for-upstream:
mc146818rtc: fix timer interrupt reinjection again
Revert "mc146818rtc: fix timer interrupt reinjection"
scsi: deprecate scsi-disk
hw/i386: Move save_tsc_khz from PCMachineClass to X86MachineClass
docs/microvm.rst: add instructions for shutting down the guest
docs/microvm.rst: fix alignment in "Limitations"
vfio: vfio-pci requires EDID
hw/i386: Fix compiler warning when CONFIG_IDE_ISA is disabled
target/i386: Export TAA_NO bit to guests
target/i386: add PSCHANGE_NO bit for the ARCH_CAPABILITIES MSR
microvm: fix memory leak in microvm_fix_kernel_cmdline
scripts: Detect git worktrees for get_maintainer.pl --git
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 19 Nov 2019 15:55:33 +0000 (15:55 +0000)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20191119' into staging
The DTrace via SystemTap backend can not support the dynamic '*' width
format. We failed at noticing it for the 4.1 release, and LP#1844817
was opened to track it. Fix this regression for the next release.
# gpg: Signature made Tue 19 Nov 2019 13:56:50 GMT
# gpg: using RSA key 89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (Phil) <philmd@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 89C1 E78F 601E E86C 8674 95CB A2A3 FD6E DEAD C0DE
* remotes/philmd-gitlab/tags/mips-next-20191119:
hw/mips/gt64xxx: Remove dynamic field width from trace events
hw/block/pflash: Remove dynamic field width from trace events
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/mips/gt64xxx: Remove dynamic field width from trace events
Since not all trace backends support dynamic field width in
format (dtrace via stap does not), replace by a static field
width instead.
We previously passed to the trace API 'width << 1' as the number
of hex characters to display (the dynamic field width). We don't
need this anymore. Instead, display the size of bytes accessed.
Fixes: ab6bff424f ("gt64xxx_pci: Convert debug printf to trace events") Reported-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Buglink: https://bugs.launchpad.net/qemu/+bug/1844817 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
hw/block/pflash: Remove dynamic field width from trace events
Since not all trace backends support dynamic field width in
format (dtrace via stap does not), replace by a static field
width instead.
We previously passed to the trace API 'width << 1' as the number
of hex characters to display (the dynamic field width). We don't
need this anymore. Instead, display the size of bytes accessed.
Fixes: e8aa2d95ea ("pflash: Simplify trace_pflash_io_read/write") Fixes: c1474acd5d ("pflash: Simplify trace_pflash_data_read/write") Reported-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Buglink: https://bugs.launchpad.net/qemu/+bug/1844817 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Peter Maydell [Tue, 19 Nov 2019 13:32:07 +0000 (13:32 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20191119' into staging
target-arm queue:
* Support EL0 v7m msr/mrs for CONFIG_USER_ONLY
* Relax r13 restriction for ldrex/strex for v8.0
* Do not reject rt == rt2 for strexd
* net/cadence_gem: Set PHY autonegotiation restart status
* ssi: xilinx_spips: Skip spi bus update for a few register writes
* pl031: Expose RTCICR as proper WC register
* remotes/pmaydell/tags/pull-target-arm-20191119:
target/arm: Support EL0 v7m msr/mrs for CONFIG_USER_ONLY
target/arm: Relax r13 restriction for ldrex/strex for v8.0
target/arm: Do not reject rt == rt2 for strexd
net/cadence_gem: Set PHY autonegotiation restart status
ssi: xilinx_spips: Skip spi bus update for a few register writes
target/arm: Merge arm_cpu_vq_map_next_smaller into sole caller
pl031: Expose RTCICR as proper WC register
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Support EL0 v7m msr/mrs for CONFIG_USER_ONLY
Simply moving the non-stub helper_v7m_mrs/msr outside of
!CONFIG_USER_ONLY is not an option, because of all of the
other system-mode helpers that are called.
But we can split out a few subroutines to handle the few
EL0 accessible registers without duplicating code.
Reported-by: Christophe Lyon <christophe.lyon@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191118194916.3670-1-richard.henderson@linaro.org
[PMM: deleted now-redundant comment; added a default case
to switch in v7m_msr helper] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Relax r13 restriction for ldrex/strex for v8.0
Armv8-A removes UNPREDICTABLE for R13 for these cases.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191117090621.32425-3-richard.henderson@linaro.org
[PMM: changed ENABLE_ARCH_8 checks to check a new bool 'v8a',
since these cases are still UNPREDICTABLE for v8M] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There was too much cut and paste between ldrexd and strexd,
as ldrexd does prohibit two output registers the same.
Fixes: af288228995 Reported-by: Michael Goffioul <michael.goffioul@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20191117090621.32425-2-richard.henderson@linaro.org Reviewed-by: Robert Foley <robert.foley@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Linus Ziegert [Tue, 19 Nov 2019 13:20:27 +0000 (13:20 +0000)]
net/cadence_gem: Set PHY autonegotiation restart status
The Linux kernel PHY driver sets AN_RESTART in the BMCR of the
PHY when autonegotiation is started.
Recently the kernel started to read back the PHY's AN_RESTART
bit and now checks whether the autonegotiation is complete and
the bit was cleared [1]. Otherwise the link status is down.
The emulated PHY needs to clear AN_RESTART immediately to inform
the kernel driver about the completion of autonegotiation phase.
Sai Pavan Boddu [Tue, 19 Nov 2019 13:20:27 +0000 (13:20 +0000)]
ssi: xilinx_spips: Skip spi bus update for a few register writes
A few configuration register writes need not update the spi bus state, so just
return after the register write.
Signed-off-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1573830705-14579-1-git-send-email-sai.pavan.boddu@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Merge arm_cpu_vq_map_next_smaller into sole caller
Coverity reports, in sve_zcr_get_valid_len,
"Subtract operation overflows on operands
arm_cpu_vq_map_next_smaller(cpu, start_vq + 1U) and 1U"
First, the aarch32 stub version of arm_cpu_vq_map_next_smaller,
returning 0, does exactly what Coverity reports. Remove it.
Second, the aarch64 version of arm_cpu_vq_map_next_smaller has
a set of asserts, but they don't cover the case in question.
Further, there is a fair amount of extra arithmetic needed to
convert from the 0-based zcr register, to the 1-base vq form,
to the 0-based bitmap, and back again. This can be simplified
by leaving the value in the 0-based form.
Finally, use test_bit to simplify the common case, where the
length in the zcr registers is in fact a supported length.
Reported-by: Coverity (CID 1407217) Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 20191118091414.19440-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alexander Graf [Tue, 19 Nov 2019 13:20:27 +0000 (13:20 +0000)]
pl031: Expose RTCICR as proper WC register
The current PL031 RTCICR register implementation always clears the
IRQ pending status on a register write, regardless of the value the
guest writes.
To justify that behavior, it references the ARM926EJ-S Development
Chip Reference Manual (DDI0287B) and indicates that said document
states that any write clears the internal IRQ state. It is indeed
true that in section 11.1 this document says:
"The interrupt is cleared by writing any data value to the
interrupt clear register RTCICR".
However, later in section 11.2.2 it contradicts itself by saying:
"Writing 1 to bit 0 of RTCICR clears the RTCINTR flag."
The latter statement matches the PL031 TRM (DDI0224C), which says:
"Writing 1 to bit position 0 clears the corresponding interrupt.
Writing 0 has no effect."
Let's assume that the self-contradictory DDI0287B is in error, and
follow the reference manual for the device itself, by making the
register write-one-to-clear.
Reported-by: Hendrik Borghorst <hborghor@amazon.de> Signed-off-by: Alexander Graf <graf@amazon.com>
Message-id: 20191104115228.30745-1-graf@amazon.com
[PMM: updated commit message to note that DDI0287B says two
conflicting things] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 19 Nov 2019 09:17:23 +0000 (09:17 +0000)]
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-11-19' into staging
nbd patches for 2019-11-19
- iotests: more tests of NBD reconnect, various test output improvements
- nbd: fix spec compliance issue with long strings
- slience a Coverity warning on coroutines
# gpg: Signature made Tue 19 Nov 2019 03:06:41 GMT
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* remotes/ericb/tags/pull-nbd-2019-11-19:
tests: More iotest 223 improvements
iotests: Include QMP input in .out files
iotests: Switch nbd tests to use Unix rather than TCP
iotests: Fix 173
MAINTAINERS: add more bitmap-related to Dirty Bitmaps section
nbd: Don't send oversize strings
bitmap: Enforce maximum bitmap name length
nbd/server: Prefer heap over stack for parsing client names
qemu-coroutine-sleep: Silence Coverity warning
iotests: Test NBD client reconnection
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Sun, 17 Nov 2019 09:28:14 +0000 (10:28 +0100)]
mc146818rtc: fix timer interrupt reinjection again
Commit 369b41359af46bded5799c9ef8be2b641d92e043 broke timer interrupt
reinjection when there is no period change by the guest. In that
case, old_period is 0, which ends up zeroing irq_coalesced (counter of
reinjected interrupts).
The consequence is Windows 7 is unable to synchronize time via NTP.
Easily reproducible by playing a fullscreen video with cirrus and VNC.
Fix by passing s->period when periodic_timer_update is called due to
expiration of the timer. With this change, old_period == 0 only
means that the periodic timer was off.
The access to the machine class returned by MACHINE_GET_CLASS() in
tsc_khz_needed() is crashing as it is trying to dereference a different
type of machine class object (TYPE_PC_MACHINE) to that of this microVM.
This can be resolved by extending the changes in the following commit f0bb276bf8d5 ("hw/i386: split PCMachineState deriving X86MachineState from it")
and moving the save_tsc_khz field in PCMachineClass to X86MachineClass.
Fixes: f0bb276bf8d5 ("hw/i386: split PCMachineState deriving X86MachineState from it") Signed-off-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <1574075605-25215-1-git-send-email-liam.merwick@oracle.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pawan Gupta [Tue, 19 Nov 2019 07:23:27 +0000 (23:23 -0800)]
target/i386: Export TAA_NO bit to guests
TSX Async Abort (TAA) is a side channel attack on internal buffers in
some Intel processors similar to Microachitectural Data Sampling (MDS).
Some future Intel processors will use the ARCH_CAP_TAA_NO bit in the
IA32_ARCH_CAPABILITIES MSR to report that they are not vulnerable to
TAA. Make this bit available to guests.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Sergio Lopez [Tue, 12 Nov 2019 16:34:23 +0000 (17:34 +0100)]
microvm: fix memory leak in microvm_fix_kernel_cmdline
In microvm_fix_kernel_cmdline(), fw_cfg_modify_string() is duplicating
cmdline instead of taking ownership of it. Free it afterwards to avoid
leaking it.
Reported-by: Coverity (CID 1407218) Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-Id: <20191112163423.91884-1-slp@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scripts: Detect git worktrees for get_maintainer.pl --git
Recent git versions support worktrees where .git is not a directory but
a file with a path to the .git repository; however the get_maintainer.pl
script only recognises the .git directory, let's fix it.
monitor/qmp: resume monitor when clearing its queue
When a monitor's queue is filled up in handle_qmp_command()
it gets suspended. It's the dispatcher bh's job currently to
resume the monitor, which it does after processing an event
from the queue. However, it is possible for a
CHR_EVENT_CLOSED event to be processed before before the bh
is scheduled, which will clear the queue without resuming
the monitor, thereby preventing the dispatcher from reaching
the resume() call.
Any new connections to the qmp socket will be accept()ed and
show the greeting, but will not respond to any messages sent
afterwards (as they will not be read from the
still-suspended socket).
Fix this by resuming the monitor when clearing a queue which
was filled up.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20191115085914.21287-1-w.bumiller@proxmox.com>
Eric Blake [Thu, 14 Nov 2019 21:34:14 +0000 (15:34 -0600)]
iotests: Include QMP input in .out files
We generally include relevant HMP input in .out files, by virtue of
the fact that HMP echoes its input. But QMP does not, so we have to
explicitly inject it in the output stream (appropriately filtered to
keep the tests passing), in order to make it easier to read .out files
to see what behavior is being tested (especially true where the output
file is a sequence of {'return': {}}).
Suggested-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114213415.23499-4-eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
Eric Blake [Thu, 14 Nov 2019 21:34:13 +0000 (15:34 -0600)]
iotests: Switch nbd tests to use Unix rather than TCP
Up to now, all it took to cause a lot of iotest failures was to have a
background process such as 'nbdkit -p 10810 null' running, because we
hard-coded the TCP port. Switching to a Unix socket eliminates this
contention. We still have TCP coverage in test 233, and that test is
more careful to not pick a hard-coded port.
Add a comment explaining where the format layer applies when using
NBD as protocol (until NBD gains support for a resize extension, we
only pipe raw bytes over the wire).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114213415.23499-3-eblake@redhat.com>
[eblake: Tweak socket name per Max Reitz' review]
Eric Blake [Thu, 14 Nov 2019 21:34:12 +0000 (15:34 -0600)]
iotests: Fix 173
This test has been broken since 3.0. It used TEST_IMG to influence
the name of a file created during _make_test_img, but commit 655ae6bb
changed things so that the wrong file name is being created, which
then caused _launch_qemu to fail. In the meantime, the set of events
issued for the actions of the test has increased.
Why haven't we noticed the failure? Because the test rarely gets run:
'./check -qcow2 173' is insufficient (that defaults to using file protocol)
'./check -nfs 173' is insufficient (that defaults to using raw format)
so the test is only run with:
./check -qcow2 -nfs 173
Note that we already have a number of other problems with -nfs:
./check -nfs (fails 18/30)
./check -qcow2 -nfs (fails 45/76 after this patch, if exports does
not permit 'insecure')
and it's not on my priority list to fix those. Rather, I found this
because of my next patch's work on tests using _send_qemu_cmd.
Fixes: 655ae6b Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20191114213415.23499-2-eblake@redhat.com>
MAINTAINERS: add more bitmap-related to Dirty Bitmaps section
Let's add bitmaps persistence qcow2 feature and postcopy bitmaps
migration to Dirty Bitmaps section.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20191026165655.14112-1-vsementsov@virtuozzo.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Thu, 14 Nov 2019 02:46:34 +0000 (20:46 -0600)]
nbd: Don't send oversize strings
Qemu as server currently won't accept export names larger than 256
bytes, nor create dirty bitmap names longer than 1023 bytes, so most
uses of qemu as client or server have no reason to get anywhere near
the NBD spec maximum of a 4k limit per string.
However, we weren't actually enforcing things, ignoring when the
remote side violates the protocol on input, and also having several
code paths where we send oversize strings on output (for example,
qemu-nbd --description could easily send more than 4k). Tighten
things up as follows:
client:
- Perform bounds check on export name and dirty bitmap request prior
to handing it to server
- Validate that copied server replies are not too long (ignoring
NBD_INFO_* replies that are not copied is not too bad)
server:
- Perform bounds check on export name and description prior to
advertising it to client
- Reject client name or metadata query that is too long
- Adjust things to allow full 4k name limit rather than previous
256 byte limit
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114024635.11363-4-eblake@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Eric Blake [Thu, 14 Nov 2019 02:46:33 +0000 (20:46 -0600)]
bitmap: Enforce maximum bitmap name length
We document that for qcow2 persistent bitmaps, the name cannot exceed
1023 bytes. It is inconsistent if transient bitmaps do not have to
abide by the same limit, and it is unlikely that any existing client
even cares about using bitmap names this long. It's time to codify
that ALL bitmaps managed by qemu (whether persistent in qcow2 or not)
have a documented maximum length.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114024635.11363-3-eblake@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Eric Blake [Thu, 14 Nov 2019 02:46:32 +0000 (20:46 -0600)]
nbd/server: Prefer heap over stack for parsing client names
As long as we limit NBD names to 256 bytes (the bare minimum permitted
by the standard), stack-allocation works for parsing a name received
from the client. But as mentioned in a comment, we eventually want to
permit up to the 4k maximum of the NBD standard, which is too large
for stack allocation; so switch everything in the server to use heap
allocation. For now, there is no change in actually supported name
length.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191114024635.11363-2-eblake@redhat.com>
[eblake: fix uninit variable compile failure] Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Eric Blake [Mon, 11 Nov 2019 20:35:24 +0000 (14:35 -0600)]
qemu-coroutine-sleep: Silence Coverity warning
Coverity warns that we store the address of a stack variable through a
pointer passed in by the caller, which would let the caller trivially
trigger use-after-free if that stored value is still present when we
finish execution. However, the way coroutines work is that after our
call to qemu_coroutine_yield(), control is temporarily continued in
the caller prior to our function concluding, and in order to resume
our coroutine, the caller must poll until the variable has been set to
NULL. Thus, we can add an assert that we do not leak stack storage to
the caller on function exit.
Fixes: Coverity CID 1406474 CC: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20191111203524.21912-1-eblake@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
The test for an NBD client. The NBD server is disconnected after the
client write request. The NBD client should reconnect and complete
the write operation.
Suggested-by: Denis V. Lunev <den@openvz.org> Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com>
Message-Id: <1573529976-815699-1-git-send-email-andrey.shinkevich@virtuozzo.com>
Paolo Bonzini [Mon, 18 Nov 2019 17:41:49 +0000 (10:41 -0700)]
vfio: vfio-pci requires EDID
hw/vfio/display.c needs the EDID subsystem, select it.
Cc: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Jens Freimann [Mon, 18 Nov 2019 17:41:48 +0000 (10:41 -0700)]
vfio: don't ignore return value of migrate_add_blocker
When an error occurs in migrate_add_blocker() it sets a
negative return value and uses error pointer we pass in.
Instead of just looking at the error pointer check for a negative return
value and avoid a coverity error because the return value is
set but never used. This fixes CID 1407219.
Reported-by: Coverity (CID 1407219) Fixes: f045a0104c8c ("vfio: unplug failover primary device before migration") Signed-off-by: Jens Freimann <jfreimann@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Michal Privoznik [Mon, 18 Nov 2019 17:41:47 +0000 (10:41 -0700)]
hw/vfio/pci: Fix double free of migration_blocker
When user tries to hotplug a VFIO device, but the operation fails
somewhere in the middle (in my testing it failed because of
RLIMIT_MEMLOCK forbidding more memory allocation), then a double
free occurs. In vfio_realize() the vdev->migration_blocker is
allocated, then something goes wrong which causes control to jump
onto 'error' label where the error is freed. But the pointer is
left pointing to invalid memory. Later, when
vfio_instance_finalize() is called, the memory is freed again.
In my testing the second hunk was sufficient to fix the bug, but
I figured the first hunk doesn't hurt either.
==169952== Invalid read of size 8
==169952== at 0xA47DCD: error_free (error.c:266)
==169952== by 0x4E0A18: vfio_instance_finalize (pci.c:3040)
==169952== by 0x8DF74C: object_deinit (object.c:606)
==169952== by 0x8DF7BE: object_finalize (object.c:620)
==169952== by 0x8E0757: object_unref (object.c:1074)
==169952== by 0x45079C: memory_region_unref (memory.c:1779)
==169952== by 0x45376B: do_address_space_destroy (memory.c:2793)
==169952== by 0xA5C600: call_rcu_thread (rcu.c:283)
==169952== by 0xA427CB: qemu_thread_start (qemu-thread-posix.c:519)
==169952== by 0x80A8457: start_thread (in /lib64/libpthread-2.29.so)
==169952== by 0x81C96EE: clone (in /lib64/libc-2.29.so)
==169952== Address 0x143137e0 is 0 bytes inside a block of size 48 free'd
==169952== at 0x4A342BB: free (vg_replace_malloc.c:530)
==169952== by 0xA47E05: error_free (error.c:270)
==169952== by 0x4E0945: vfio_realize (pci.c:3025)
==169952== by 0x76A4FF: pci_qdev_realize (pci.c:2099)
==169952== by 0x689B9A: device_set_realized (qdev.c:876)
==169952== by 0x8E2C80: property_set_bool (object.c:2080)
==169952== by 0x8E0EF6: object_property_set (object.c:1272)
==169952== by 0x8E3FC8: object_property_set_qobject (qom-qobject.c:26)
==169952== by 0x8E11DB: object_property_set_bool (object.c:1338)
==169952== by 0x5E7BDD: qdev_device_add (qdev-monitor.c:673)
==169952== by 0x5E81E5: qmp_device_add (qdev-monitor.c:798)
==169952== by 0x9E18A8: do_qmp_dispatch (qmp-dispatch.c:132)
==169952== Block was alloc'd at
==169952== at 0x4A35476: calloc (vg_replace_malloc.c:752)
==169952== by 0x51B1158: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.6)
==169952== by 0xA47357: error_setv (error.c:61)
==169952== by 0xA475D9: error_setg_internal (error.c:97)
==169952== by 0x4DF8C2: vfio_realize (pci.c:2737)
==169952== by 0x76A4FF: pci_qdev_realize (pci.c:2099)
==169952== by 0x689B9A: device_set_realized (qdev.c:876)
==169952== by 0x8E2C80: property_set_bool (object.c:2080)
==169952== by 0x8E0EF6: object_property_set (object.c:1272)
==169952== by 0x8E3FC8: object_property_set_qobject (qom-qobject.c:26)
==169952== by 0x8E11DB: object_property_set_bool (object.c:1338)
==169952== by 0x5E7BDD: qdev_device_add (qdev-monitor.c:673)
Fixes: f045a0104c8c ("vfio: unplug failover primary device before migration") Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Kevin Wolf [Fri, 8 Nov 2019 08:36:35 +0000 (09:36 +0100)]
block: Remove 'backing': null from bs->{explicit_,}options
bs->options and bs->explicit_options shouldn't contain any options for
child nodes. bdrv_open_inherited() takes care to remove any options that
match a child name after opening the image and the same is done when
reopening.
However, we miss the case of 'backing': null, which is a child option,
but results in no child being created. This means that a 'backing': null
remains in bs->options and bs->explicit_options.
A typical use for 'backing': null is in live snapshots: blockdev-add for
the qcow2 overlay makes sure not to open the backing file (because it is
already opened and blockdev-snapshot will attach it). After doing a
blockdev-snapshot, bs->options and bs->explicit_options become
inconsistent with the actual state (bs has a backing file now, but the
options still say null). On the next occasion that the image is
reopened, e.g. switching it from read-write to read-only when another
snapshot is taken, the option will take effect again and the node
incorrectly loses its backing file.
Fix bdrv_open_inherited() to remove the 'backing' option from
bs->options and bs->explicit_options even for the case where it
specifies that no backing file is wanted.
Reported-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Tested-by: Peter Krempa <pkrempa@redhat.com>
Kevin Wolf [Fri, 8 Nov 2019 08:03:59 +0000 (09:03 +0100)]
iotests: Fix "no qualified output" error path
The variable for error messages to be displayed is $results, not
$reason. Fix 'check' to print the "no qualified output" error message
again instead of having a failure without any message telling the user
why it failed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
From the two values compared, make it obvious which is found at path, and
which is expected.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Gerd Hoffmann [Mon, 18 Nov 2019 14:04:15 +0000 (15:04 +0100)]
seabios: update to pre-1.13 snapshot again
Due to lchs support merge in upstream seabios gone wrong (applied v3
instead of v4) here is another seabios snapshot update with the
mis-merge fixed up, so lchs support should actually work in -rc2.
Also picked up two tpm bugfixes.
git shortlog from previous snapshot
===================================
Gerd Hoffmann (4):
Revert "geometry: Apply LCHS values for boot devices"
Revert "config: Add toggle for bootdevice information"
Revert "geometry: Add boot_lchs_find_*() utility functions"
Revert "geometry: Read LCHS from fw_cfg"
Sam Eiderman (4):
geometry: Read LCHS from fw_cfg
boot: Build ata and scsi paths in function
geometry: Add boot_lchs_find_*() utility functions
geometry: Apply LCHS values for boot devices
Stefan Berger (2):
tpm: Require a response to have minimum size of a valid response header
tcgbios: Check for enough bytes returned from TPM2_GetCapability
* remotes/vivier2/tags/ppc-for-4.2-pull-request:
mos6522: fix T1 and T2 timers
spapr/kvm: Set default cpu model for all machine classes
spapr: Add /chosen to FDT only at reset time to preserve kernel and initramdisk
ppc: Skip partially initialized vCPUs in 'info pic'
xive, xics: Fix reference counting on CPU objects
ppc: Add intc_destroy() handlers to SpaprInterruptController/PnvChip
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laurent Vivier [Sat, 2 Nov 2019 15:49:19 +0000 (16:49 +0100)]
mos6522: fix T1 and T2 timers
With the Quadra 800 emulation, mos6522 timers processing can consume
until 70% of the host CPU time with an idle guest (I guess the problem
should also happen with PowerMac emulation).
On a recent system, it can be painless (except if you look at top), but
on an old host like a PowerMac G5 the guest kernel can be terribly slow
during the boot sequence (for instance, unpacking initramfs can take 15
seconds rather than only 3 seconds).
We can avoid this CPU overload by enabling QEMU internal timers only if
the mos6522 counter interrupts are enabled. Sometime the guest kernel
wants to read the counters values, but we don't need the timers to
update the counters.
With this patch applied, an idle Q800 consumes only 3% of host CPU time
(and the guest can boot in a decent time).
David Gibson [Wed, 30 Oct 2019 16:20:35 +0000 (17:20 +0100)]
spapr/kvm: Set default cpu model for all machine classes
We have to set the default model of all machine classes, not just for
the active one. Otherwise, "query-machines" will indicate the wrong
CPU model (e.g. "power9_v2.0-powerpc64-cpu" instead of
"host-powerpc64-cpu") as "default-cpu-type".
s390x already fixed this in de60a92e "s390x/kvm: Set default cpu model for
all machine classes". This patch applies a similar fix for the pseries-*
machine types on ppc64.
spapr: Add /chosen to FDT only at reset time to preserve kernel and initramdisk
Since "spapr: Render full FDT on ibm,client-architecture-support" we build
the entire flatten device tree (FDT) twice - at the reset time and
when "ibm,client-architecture-support" (CAS) is called. The full FDT from
CAS is then applied on top of the SLOF internal device tree.
This is mostly ok, however there is a case when the QEMU is started with
-initrd and for some reason the guest decided to move/unpack the init RAM
disk image - the guest correctly notifies SLOF about the change but
at CAS it is overridden with the QEMU initial location addresses and
the guest may fail to boot if the original initrd memory was changed.
This fixes the problem by only adding the /chosen node at the reset time
to prevent the original QEMU's linux,initrd-start/linux,initrd-end to
override the updated addresses.
This only treats /chosen differently as we know there is a special case
already and it is unlikely anything else will need to change /chosen at CAS
we are better off not touching /chosen after we handed it over to SLOF.
Greg Kurz [Thu, 24 Oct 2019 14:27:27 +0000 (16:27 +0200)]
xive, xics: Fix reference counting on CPU objects
When a VCPU gets connected to the XIVE interrupt controller, we add a
const link targetting the CPU object to the TCTX object. Similar links
are added to the ICP object when using the XICS interrupt controller.
As explained in <qom/object.h>:
* The caller must ensure that @target stays alive as long as
* this property exists. In the case @target is a child of @obj,
* this will be the case. Otherwise, the caller is responsible for
* taking a reference.
We're in the latter case for both XICS and XIVE. Add the missing
calls to object_ref() and object_unref().
This doesn't fix any known issue because the life cycle of the TCTX or
ICP happens to be shorter than the one of the CPU or XICS fabric, but
better safe than sorry.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <157192724770.3146912.15400869269097231255.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Greg Kurz [Thu, 24 Oct 2019 14:27:22 +0000 (16:27 +0200)]
ppc: Add intc_destroy() handlers to SpaprInterruptController/PnvChip
SpaprInterruptControllerClass and PnvChipClass have an intc_create() method
that calls the appropriate routine, ie. icp_create() or xive_tctx_create(),
to establish the link between the VCPU and the presenter component of the
interrupt controller during realize.
There aren't any symmetrical call to be called when the VCPU gets unrealized
though. It is assumed that object_unparent() is the only thing to do.
This is questionable because the parenting logic around the CPU and
presenter objects is really an implementation detail of the interrupt
controller. It shouldn't be open-coded in the machine code.
Fix this by adding an intc_destroy() method that undoes what was done in
intc_create(). Also NULLify the presenter pointers to avoid having
stale pointers around. This will allow to reliably check if a vCPU has
a valid presenter.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <157192724208.3146912.7254684777515287626.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Peter Maydell [Fri, 15 Nov 2019 11:22:33 +0000 (11:22 +0000)]
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc2' into staging
RISC-V Fixes for 4.2-rc2
This contains a handful of patches that I'd like to target for 4.2:
* OpenSBI upgrade to 0.5
* Increase in the flash size of the virt board.
* A non-functional cleanup.
* A cleanup to our MIP handling that avoids atomics.
This passes "make check" and boots OpenEmbedded for me.
# gpg: Signature made Thu 14 Nov 2019 18:39:27 GMT
# gpg: using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41
# gpg: issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41
* remotes/palmer/tags/riscv-for-master-4.2-rc2:
riscv/virt: Increase flash size
opensbi: Upgrade from v0.4 to v0.5
target/riscv: Remove atomic accesses to MIP CSR
remove unnecessary ifdef TARGET_RISCV64
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coreboot developers have requested that they have at least 32MB of flash
to load binaries. We currently have 32MB of flash, but it is split in
two to allow loading two flash binaries. Let's increase the flash size
from 32MB to 64MB to ensure we have a single region that is 32MB.
No QEMU release has include flash in the RISC-V virt machine, so this
isn't a breaking change.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
Alistair Francis [Fri, 25 Oct 2019 23:15:45 +0000 (16:15 -0700)]
opensbi: Upgrade from v0.4 to v0.5
This release has:
Lot of critical fixes
Hypervisor extension support
SBI v0.2 base extension support
Debug prints support
Handle traps when doing unpriv load/store
Allow compiling without FP support
Use git describe to generate boot-time banner
Andes AE350 platform support
ShortLog:
Anup Patel (14):
platform: sifive/fu540: Move FDT further up
lib: Allow compiling without FP support
lib: Introduce sbi_dprintf() API
lib: Use sbi_dprintf() for invalid CSRs
lib: Handle traps when doing unpriv load/store in get_insn()
lib: Delegate supervisor ecall to HS-mode when H extension available
lib: Extend sbi_hart_switch_mode() to support hypervisor extension
lib: Extend sbi_trap_redirect() for hypervisor extension
lib: Redirect WFI trapped from VS/VU mode to HS-mode
include: Extend get_insn() to read instruction from VS/VU mode
lib: Emulate HTIMEDELTA CSR for platforms not having TIME CSR
Makefile: Minor fix in OPENSBI_VERSION_GIT
lib: Fix coldboot race condition observed on emulators/simulators
include: Bump-up version to 0.5
Atish Patra (16):
lib: Provide an atomic exchange function unsigned long
lib: Fix race conditions in tlb fifo access.
platform: Remove the ipi_sync method from all platforms.
lib: Fix timer for 32 bit
lib: Support atomic swap instructions
lib: Upgrade to full flush if size is at least threshold
docs: Update the fu540 platform guide as per U-Boot documents.
lib: Change tlb range flush threshold to 4k page instead of 1G
lib: provide a platform specific tlb range flush threshold
lib: Fix tlb flush range limit value
Test: Move test payload related code out of interface header
lib: Align error codes as per SBI specification.
lib: Rename existing SBI implementation as 0.1.
lib: Remove redundant variable assignment
lib: Implement SBI v0.2
lib: Provide a platform hook to implement vendor specific SBI extensions.
Bin Meng (6):
platform: sifive: fu540: Use standard value string for cpu node status
README: Document 32-bit / 64-bit images build
treewide: Use conventional names for 32-bit and 64-bit
platform: sifive: fu540: Expand FDT size before any patching
firmware: Use macro instead of magic number for boot status
docs: platform: Update descriptions for qemu/sifive_u support
Damien Le Moal (4):
kendryte/k210: Use sifive UART driver
kendryte/k210: remove sysctl code
README: Update license information
kendryte/k210: remove unused file
Georg Kotheimer (1):
utils: Use cpu_to_fdt32() when writing to fdt
Jacob Garber (4):
lib: Use bitwise & instead of boolean &&
lib: Use correct type for return value
lib: Prevent unintended sign extensions
lib: Correct null pointer check
Lukas Auer (1):
firmware: do not use relocated _boot_status before it is valid
Nylon Chen (3):
firmware: Fix the loop condition of _wait_relocate_copy_done section
platform: Add Andes AE350 initial support
scripts: Add AE350 to platform list in the binary archive script
Palmer Dabbelt (1):
Include `git describe` in OpenSBI
Zong Li (1):
Write MSIP by using memory-mapped control register
Instead of relying on atomics to access the MIP register let's update
our helper function to instead just lock the IO mutex thread before
writing. This follows the same concept as used in PPC for handling
interrupts
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Palmer Dabbelt <palmer@dabbelt.com> Signed-off-by: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
Gerd Hoffmann [Wed, 6 Nov 2019 12:13:48 +0000 (13:13 +0100)]
seabios: update to pre-1.13 snapshot
seabios 1.13 will be released later this month. This patch updates the
seabios submodule and binaries in qemu to a snapshot of git master.
That will increase the test coverage of the upcoming seabios release and
will also make the number of changes smaller when we update to the final
1.13 release during qemu code freeze for 4.2.
v3: add ahci bugfix
v2: build binaries with gcc 4.8.5 instead of gcc 8.3.1 (rhel7).
David Woodhouse (2):
csm: Sanitise alignment constraint in Legacy16GetTableAddress
csm: Fix boot priority translation
Denis Plotnikov (1):
virtio: extend virtio queue size to 256
Gerd Hoffmann (21):
vga: move modelist from bochsvga.c to new svgamodes.c
vga: make memcpy_high() public
vga: add atiext driver
vga: add ati bios tables
vbe: add edid support.
ati: add edid support.
bochsvga: add edid support.
bochsdisplay: add edid support.
bochsdisplay: parse resolution from edid.
add get_keystroke_full() helper
bootmenu: add support for more than 9 entries
optionrom: disallow int19 redirect for pnp roms.
ati-vga: make less verbose
ati-vga: fix ati_read()
ati-vga: make i2c register and bits configurable
ati-vga: try vga ddc first
ati-vga: add rage128 edid support
bochsdisplay: add copyright and license to bochsdisplay.c
ramfb: add copyright and license to ramfb.c
cp437: add license to cp437.c
ahci: zero-initialize port struct
Joseph Pacheco-Corwin (1):
bootsplash: Added support for 16/24/32bpp in one function
Kevin O'Connor (10):
output: Avoid thunking to 16bit mode in printf() if no vgabios
docs: Update mailing list archive links
docs: Fix cut-and-paste error in Mailinglist.md archive link
usb-ehci: Clear pipe token on pipe reallocate
pciinit: Use %pP shorthand for printing device ids in intel_igd_setup()
virtio-pci: Use %pP format in dprintf() calls
Makefile: Build with -Wno-address-of-packed-member
svgamodes: Add copyright notice to vgasrc/svgamodes.c
docs: Add developer-certificate-of-origin
docs: Note release date for v1.12.1
Liran Alon (1):
pvscsi: ring_desc do not have to be page aligned
Sam Eiderman (6):
smbios: Add missing zero byte to Type 0
geometry: Read LCHS from fw_cfg
boot: Reorder functions in boot.c
geometry: Add boot_lchs_find_*() utility functions
config: Add toggle for bootdevice information
geometry: Apply LCHS values for boot devices
Stefan Berger (2):
tcgbios: Use table to convert hash to buffer size
tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks
Stefano Garzarella (1):
qemu: avoid debug prints if debugcon is not enabled
Stephen Douthit (1):
tpm: Check for TPM related ACPI tables before attempting hw probe
Uwe Kleine-König (3):
cbvga: reuse svga modes definitions from svgamodes.c
Add additional resolutions for 16:9 displays: 1600x900 and 2560x1440
Remove dos line endings introduced in the last two commits
projects / thirdparty / qemu.git / log
