The core of the feature is to ensure that RAM pages are mapped
directly to offsets in the resulting migration file instead of being
streamed at arbitrary points.
The reasons why we'd want such behavior are:
- The resulting file will have a bounded size, since pages which are
dirtied multiple times will always go to a fixed location in the
file, rather than constantly being added to a sequential
stream. This eliminates cases where a VM with, say, 1G of RAM can
result in a migration file that's 10s of GBs, provided that the
workload constantly redirties memory.
- It paves the way to implement O_DIRECT-enabled save/restore of the
migration stream as the pages are ensured to be written at aligned
offsets.
- It allows the usage of multifd so we can write RAM pages to the
migration file in parallel.
For now, enabling the capability has no effect. The next couple of
patches implement the core functionality.
Fabiano Rosas [Thu, 29 Feb 2024 15:29:59 +0000 (12:29 -0300)]
io: fsync before closing a file channel
Make sure the data is flushed to disk before closing file
channels. This is to ensure data is on disk and not lost in the event
of a host crash.
This is currently being implemented to affect the migration code when
migrating to a file, but all QIOChannelFile users should benefit from
the change.
Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com> Acked-by: "Daniel P. Berrangé" <berrange@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de> Link: https://lore.kernel.org/r/20240229153017.2221-6-farosas@suse.de Signed-off-by: Peter Xu <peterx@redhat.com>
Nikolay Borisov [Thu, 29 Feb 2024 15:29:57 +0000 (12:29 -0300)]
io: Add generic pwritev/preadv interface
Introduce basic pwritev/preadv support in the generic channel layer.
Specific implementation will follow for the file channel as this is
required in order to support migration streams with fixed location of
each ram page.
Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de> Link: https://lore.kernel.org/r/20240229153017.2221-4-farosas@suse.de Signed-off-by: Peter Xu <peterx@redhat.com>
Nikolay Borisov [Thu, 29 Feb 2024 15:29:56 +0000 (12:29 -0300)]
io: add and implement QIO_CHANNEL_FEATURE_SEEKABLE for channel file
Add a generic QIOChannel feature SEEKABLE which would be used by the
qemu_file* apis. For the time being this will be only implemented for
file channels.
Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de> Link: https://lore.kernel.org/r/20240229153017.2221-3-farosas@suse.de Signed-off-by: Peter Xu <peterx@redhat.com>
Fabiano Rosas [Thu, 29 Feb 2024 15:29:55 +0000 (12:29 -0300)]
migration/multifd: Cleanup multifd_recv_sync_main
Some minor cleanups and documentation for multifd_recv_sync_main.
Use thread_count as done in other parts of the code. Remove p->id from
the multifd_recv_state sync, since that is global and not tied to a
channel. Add documentation for the sync steps.
Some glue code was missing, so that using `qmp_migrate_set_parameters`
to set `multifd-zstd-level` or `multifd-zlib-level` did not work. This
commit adds the glue code to fix that.
Steve Sistare [Thu, 29 Feb 2024 14:54:22 +0000 (06:54 -0800)]
migration: massage cpr-reboot documentation
Re-wrap the cpr-reboot documentation to 70 columns, use '@' for
cpr-reboot references, capitalize COLO and VFIO, and tweak the
wording.
Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Link: https://lore.kernel.org/r/1709218462-3640-1-git-send-email-steven.sistare@oracle.com
[peterx: s/qemu/QEMU per Markus's suggestion] Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Peter Maydell [Wed, 28 Feb 2024 17:27:10 +0000 (17:27 +0000)]
Merge tag 'migration-next-pull-request' of https://gitlab.com/peterx/qemu into staging
Migration pull request
- Fabiano's fixed-ram patches (1-5 only)
- Peter's cleanups on multifd tls IOC referencing
- Steve's cpr patches for vfio (migration patches only)
- Fabiano's fix on mbps stats racing with COMPLETE state
- Fabiano's fix on return path thread hang
# -----BEGIN PGP SIGNATURE-----
#
# iIcEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZd7AbhIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wbg0gDyA3Vg3pIqCJ+u+hLZ+QKxY/pnu8Y5kF+E
# HK2IdslQUQD+OX4ATUnl+CGMiVX9fjs1fKx0Z0Qetq8gC1YJF13yuA0=
# =P2QF
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 28 Feb 2024 05:11:10 GMT
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [marginal]
# gpg: aka "Peter Xu <peterx@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'migration-next-pull-request' of https://gitlab.com/peterx/qemu: (25 commits)
migration: Use migrate_has_error() in close_return_path_on_source()
migration: Join the return path thread before releasing to_dst_file
migration: Fix qmp_query_migrate mbps value
migration: options incompatible with cpr
migration: update cpr-reboot description
migration: stop vm for cpr
migration: notifier error checking
migration: refactor migrate_fd_connect failures
migration: per-mode notifiers
migration: MigrationNotifyFunc
migration: remove postcopy_after_devices
migration: MigrationEvent for notifiers
migration: convert to NotifierWithReturn
migration: remove error from notifier data
notify: pass error to notifier with return
migration/multifd: Drop unnecessary helper to destroy IOC
migration/multifd: Cleanup outgoing_args in state destroy
migration/multifd: Make multifd_channel_connect() return void
migration/multifd: Drop registered_yank
migration/multifd: Cleanup TLS iochannel referencing
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
ide, vl: turn -win2k-hack into a property on IDE devices
ide: collapse parameters to ide_init_drive
target/i386: leave the A20 bit set in the final NPT walk
target/i386: remove unnecessary/wrong application of the A20 mask
target/i386: Fix physical address truncation
target/i386: use separate MMU indexes for 32-bit accesses
target/i386: introduce function to query MMU indices
target/i386: check validity of VMCB addresses
target/i386: mask high bits of CR3 in 32-bit mode
vl, pc: turn -no-fd-bootchk into a machine property
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 28 Feb 2024 14:23:07 +0000 (14:23 +0000)]
Merge tag 'pull-maintainer-updates-280224-1' of https://gitlab.com/stsquad/qemu into staging
Testing, gdbstub and plugin updates:
- fix some test/tcg license headers to GPLv2+
- bump up check-tcg timeout to 120s
- avoid re-building VM images too often
- update OpenBSD to 7.4
- use GDBFeature to build gdbstub XML
- unify plugin vcpu count under qemu_plugin_num_vcpus
- avoid spurious idle/resume callbacks on new vCPUs
- ensure nios2-linux-user processes async work
- call vcpu_init plugin callback through async work
- define plugin helpers when registers being read
- add plugin API for reading register values
- add support for register tracking to execlog
- update plugin docs with assumptions
- mention plugins can trigger tb_flush in mttcg design doc
* tag 'pull-maintainer-updates-280224-1' of https://gitlab.com/stsquad/qemu: (29 commits)
docs/devel: plugins can trigger a tb flush
docs/devel: document some plugin assumptions
docs/devel: lift example and plugin API sections up
contrib/plugins: extend execlog to track register changes
contrib/plugins: fix imatch
tests/tcg: expand insn test case to exercise register API
plugins: add an API to read registers
plugins: create CPUPluginState and migrate plugin_mask
gdbstub: expose api to find registers
plugins: Use different helpers when reading registers
cpu: call plugin init hook asynchronously
linux-user: ensure nios2 processes queued work
plugins: fix order of init/idle/resume callback
plugins: add qemu_plugin_num_vcpus function
plugins: remove previous n_vcpus functions from API
gdbstub: Add members to identify registers to GDBFeature
hw/core/cpu: Remove gdb_get_dynamic_xml member
gdbstub: Infer number of core registers from XML
gdbstub: Simplify XML lookup
gdbstub: Change gdb_get_reg_cb and gdb_set_reg_cb
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:34 +0000 (14:43 +0000)]
docs/devel: document some plugin assumptions
While we attempt to hide implementation details from the plugin we
shouldn't be totally obtuse. Let the user know what they can and can't
expect with the various instrumentation options.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-29-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:32 +0000 (14:43 +0000)]
contrib/plugins: extend execlog to track register changes
With the new plugin register API we can now track changes to register
values. Currently the implementation is fairly dumb which will slow
down if a large number of register values are being tracked. This
could be improved by only instrumenting instructions which mention
registers we are interested in tracking.
will display in the execlog any changes to the stack pointer (sp) and
the SVE Z registers.
As testing registers every instruction will be quite a heavy operation
there is an additional flag which attempts to optimise the register
tracking by only instrumenting instructions which are likely to change
its value. This relies on the QEMU disassembler showing up the register
names in disassembly so is an explicit opt-in.
Alex Bennée [Tue, 27 Feb 2024 14:43:31 +0000 (14:43 +0000)]
contrib/plugins: fix imatch
We can't directly save the ephemeral imatch from argv as that memory
will get recycled.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-26-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:29 +0000 (14:43 +0000)]
plugins: add an API to read registers
We can only request a list of registers once the vCPU has been
initialised so the user needs to use either call the get function on
vCPU initialisation or during the translation phase.
We don't expose the reg number to the plugin instead hiding it behind
an opaque handle. For now this is just the gdb_regnum encapsulated in
an anonymous GPOINTER but in future as we add more state for plugins
to track we can expand it.
Alex Bennée [Tue, 27 Feb 2024 14:43:28 +0000 (14:43 +0000)]
plugins: create CPUPluginState and migrate plugin_mask
As we expand the per-vCPU data for plugins we don't want to pollute
CPUState. For now this just moves the plugin_mask (renamed to
event_mask) as the memory callbacks are accessed directly by TCG
generated code.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-23-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:24 +0000 (14:43 +0000)]
linux-user: ensure nios2 processes queued work
While async processes are rare for linux-user we do use them from time
to time. The most obvious one is tb_flush when we run out of
translation space. We will also need this when we move plugin
vcpu_init to an async task.
Fix nios2 to follow its older, wiser and more stable siblings.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-19-alex.bennee@linaro.org>
Pierrick Bouvier [Tue, 27 Feb 2024 14:43:23 +0000 (14:43 +0000)]
plugins: fix order of init/idle/resume callback
We found that vcpu_init_hook was called *after* idle callback.
vcpu_init is called from cpu_realize_fn, while idle/resume cb are called
from qemu_wait_io_event (in vcpu thread).
This change ensures we only call idle and resume cb only once a plugin
was init for a given vcpu.
Next change in the series will run vcpu_init asynchronously, which will
make it run *after* resume callback as well. So we fix this now.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20240213094009.150349-4-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-18-alex.bennee@linaro.org>
Pierrick Bouvier [Tue, 27 Feb 2024 14:43:22 +0000 (14:43 +0000)]
plugins: add qemu_plugin_num_vcpus function
We now keep track of how many vcpus were started. This way, a plugin can
easily query number of any vcpus at any point of execution, which
unifies user and system mode workflows.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240213094009.150349-3-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-17-alex.bennee@linaro.org>
Akihiko Odaki [Tue, 27 Feb 2024 14:43:20 +0000 (14:43 +0000)]
gdbstub: Add members to identify registers to GDBFeature
These members will be used to help plugins to identify registers.
The added members in instances of GDBFeature dynamically generated by
CPUs will be filled in later changes.
Akihiko Odaki [Tue, 27 Feb 2024 14:43:17 +0000 (14:43 +0000)]
gdbstub: Simplify XML lookup
Now we know all instances of GDBFeature that is used in CPU so we can
traverse them to find XML. This removes the need for a CPU-specific
lookup function for dynamic XMLs.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231213-gdb-v17-7-777047380591@daynix.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-12-alex.bennee@linaro.org>
Akihiko Odaki [Tue, 27 Feb 2024 14:43:16 +0000 (14:43 +0000)]
gdbstub: Change gdb_get_reg_cb and gdb_set_reg_cb
Align the parameters of gdb_get_reg_cb and gdb_set_reg_cb with the
gdb_read_register and gdb_write_register members of CPUClass to allow
to unify the logic to access registers of the core and coprocessors
in the future.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231213-gdb-v17-6-777047380591@daynix.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-11-alex.bennee@linaro.org>
Akihiko Odaki [Tue, 27 Feb 2024 14:43:14 +0000 (14:43 +0000)]
gdbstub: Use GDBFeature for gdb_register_coprocessor
This is a tree-wide change to introduce GDBFeature parameter to
gdb_register_coprocessor(). The new parameter just replaces num_regs
and xml parameters for now. GDBFeature will be utilized to simplify XML
lookup in a following change.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231213-gdb-v17-4-777047380591@daynix.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-9-alex.bennee@linaro.org>
Akihiko Odaki [Tue, 27 Feb 2024 14:43:13 +0000 (14:43 +0000)]
target/riscv: Use GDBFeature for dynamic XML
In preparation for a change to use GDBFeature as a parameter of
gdb_register_coprocessor(), convert the internal representation of
dynamic feature from plain XML to GDBFeature.
Akihiko Odaki [Tue, 27 Feb 2024 14:43:12 +0000 (14:43 +0000)]
target/ppc: Use GDBFeature for dynamic XML
In preparation for a change to use GDBFeature as a parameter of
gdb_register_coprocessor(), convert the internal representation of
dynamic feature from plain XML to GDBFeature.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20231213-gdb-v17-2-777047380591@daynix.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-7-alex.bennee@linaro.org>
Akihiko Odaki [Tue, 27 Feb 2024 14:43:11 +0000 (14:43 +0000)]
target/arm: Use GDBFeature for dynamic XML
In preparation for a change to use GDBFeature as a parameter of
gdb_register_coprocessor(), convert the internal representation of
dynamic feature from plain XML to GDBFeature.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20231213-gdb-v17-1-777047380591@daynix.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-6-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:09 +0000 (14:43 +0000)]
tests/vm: avoid re-building the VM images all the time
The main problem is that "check-venv" is a .PHONY target will always
evaluate and trigger a full re-build of the VM images. While its
tempting to drop it from the dependencies that does introduce a
breakage on freshly configured builds.
Fortunately we do have the otherwise redundant --force flag for the
script which up until now was always on. If we make the usage of
--force conditional on dependencies other than check-venv triggering
the update we can avoid the costly rebuild and still run cleanly on a
fresh checkout.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2118 Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-4-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:08 +0000 (14:43 +0000)]
tests/tcg: bump TCG test timeout to 120s
This is less than ideal but easier than making sure we get all the
iterations of the memory test. Update the comment accordingly.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-3-alex.bennee@linaro.org>
Alex Bennée [Tue, 27 Feb 2024 14:43:07 +0000 (14:43 +0000)]
tests/tcg: update licenses to GPLv2 as intended
My default header template is GPLv3 but for QEMU code we really should
stick to GPLv2-or-later (allowing others to up-license it if they
wish). While this is test code we should still be consistent on the
source distribution.
I wrote all of this code so its not a problem. However there remains
one GPLv3 file left which is the crt0-tc2x.S for TriCore.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-2-alex.bennee@linaro.org>
Cédric Le Goater [Mon, 26 Feb 2024 20:31:22 +0000 (17:31 -0300)]
migration: Use migrate_has_error() in close_return_path_on_source()
close_return_path_on_source() retrieves the migration error from the
the QEMUFile '->to_dst_file' to know if a shutdown is required. This
shutdown is required to exit the return-path thread.
Avoid relying on '->to_dst_file' and use migrate_has_error() instead.
(using to_dst_file is a heuristic to infer whether
rp_state.from_dst_file might be stuck on a recvmsg(). Using a generic
method for detecting errors is more reliable. We also want to reduce
dependency on QEMUFile::last_error)
Suggested-by: Peter Xu <peterx@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
[added some words about the motivation for this patch] Signed-off-by: Fabiano Rosas <farosas@suse.de> Link: https://lore.kernel.org/r/20240226203122.22894-3-farosas@suse.de Signed-off-by: Peter Xu <peterx@redhat.com>
Fabiano Rosas [Mon, 26 Feb 2024 20:31:21 +0000 (17:31 -0300)]
migration: Join the return path thread before releasing to_dst_file
The return path thread might hang at a blocking system call. Before
joining the thread we might need to issue a shutdown() on the socket
file descriptor to release it. To determine whether the shutdown() is
necessary we look at the QEMUFile error.
Make sure we only clean up the QEMUFile after the return path has been
waited for.
This fixes a hang when qemu_savevm_state_setup() produced an error
that was detected by migration_detect_error(). That skips
migration_completion() so close_return_path_on_source() would get
stuck waiting for the RP thread to terminate.
Fabiano Rosas [Mon, 26 Feb 2024 14:33:35 +0000 (11:33 -0300)]
migration: Fix qmp_query_migrate mbps value
The QMP command query_migrate might see incorrect throughput numbers
if it runs after we've set the migration completion status but before
migration_calculate_complete() has updated s->total_time and s->mbps.
The migration status would show COMPLETED, but the throughput value
would be the one from the last iteration and not the one from the
whole migration. This will usually be a larger value due to the time
period being smaller (one iteration).
Move migration_calculate_complete() earlier so that the status
MIGRATION_STATUS_COMPLETED is only emitted after the final counters
update. Keep everything under the BQL so the QMP thread sees the
updates as atomic.
Rename migration_calculate_complete to migration_completion_end to
reflect its new purpose of also updating s->state.
Steve Sistare [Thu, 22 Feb 2024 17:28:36 +0000 (09:28 -0800)]
migration: stop vm for cpr
When migration for cpr is initiated, stop the vm and set state
RUN_STATE_FINISH_MIGRATE before ram is saved. This eliminates the
possibility of ram and device state being out of sync, and guarantees
that a guest in the suspended state remains suspended, because qmp_cont
rejects a cont command in the RUN_STATE_FINISH_MIGRATE state.
Steve Sistare [Thu, 22 Feb 2024 17:28:35 +0000 (09:28 -0800)]
migration: notifier error checking
Check the status returned by migration notifiers for event type
MIG_EVENT_PRECOPY_SETUP, and report errors. None of the notifiers
return an error status at this time.
Steve Sistare [Thu, 22 Feb 2024 17:28:30 +0000 (09:28 -0800)]
migration: MigrationEvent for notifiers
Passing MigrationState to notifiers is unsound because they could access
unstable migration state internals or even modify the state. Instead, pass
the minimal info needed in a new MigrationEvent struct, which could be
extended in the future if needed.
Steve Sistare [Thu, 22 Feb 2024 17:28:29 +0000 (09:28 -0800)]
migration: convert to NotifierWithReturn
Change all migration notifiers to type NotifierWithReturn, so notifiers
can return an error status in a future patch. For now, pass NULL for the
notifier error parameter, and do not check the return value.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Link: https://lore.kernel.org/r/1708622920-68779-4-git-send-email-steven.sistare@oracle.com
[peterx: dropped unexpected update to roms/seabios-hppa] Signed-off-by: Peter Xu <peterx@redhat.com>
Steve Sistare [Thu, 22 Feb 2024 17:28:27 +0000 (09:28 -0800)]
notify: pass error to notifier with return
Pass an error object as the third parameter to "notifier with return"
notifiers, so clients no longer need to bundle an error object in the
opaque data. The new parameter is used in a later patch.
Peter Xu [Thu, 22 Feb 2024 09:53:01 +0000 (17:53 +0800)]
migration/multifd: Drop unnecessary helper to destroy IOC
Both socket_send_channel_destroy() and multifd_send_channel_destroy() are
unnecessary wrappers to destroy an IOC, as the only thing to do is to
release the final IOC reference. We have plenty of code that destroys an
IOC using direct unref() already; keep that style.
Peter Xu [Thu, 22 Feb 2024 09:53:00 +0000 (17:53 +0800)]
migration/multifd: Cleanup outgoing_args in state destroy
outgoing_args is a global cache of socket address to be reused in multifd.
Freeing the cache in per-channel destructor is more or less a hack. Move
it to multifd_send_cleanup_state() so it only get checked once. Use a
small helper to do so because it's internal of socket.c.
Peter Xu [Thu, 22 Feb 2024 09:52:58 +0000 (17:52 +0800)]
migration/multifd: Drop registered_yank
With a clear definition of p->c protocol, where we only set it up if the
channel is fully established (TLS or non-TLS), registered_yank boolean will
have equal meaning of "p->c != NULL".
Commit a1af605bd5 ("migration/multifd: fix hangup with TLS-Multifd due to
blocking handshake") introduced a thread for TLS channels, which will
resolve the issue on blocking the main thread. However in the same commit
p->c is slightly abused just to be able to pass over the pointer "p" into
the thread.
That's the major reason we'll need to conditionally free the io channel in
the fault paths.
To clean it up, using a separate structure to pass over both "p" and "tioc"
in the tls handshake thread. Then we can make it a rule that p->c will
never be set until the channel is completely setup. With that, we can drop
the tricky conditional unref of the io channel in the error path.
Fabiano Rosas [Tue, 20 Feb 2024 22:41:07 +0000 (19:41 -0300)]
tests/qtest/migration: Add a fd + file test
The fd URI supports an fd that is backed by a file. The code should
select between QIOChannelFile and QIOChannelSocket, depending on the
type of the fd. Add a test for that.
Paolo Bonzini [Fri, 22 Dec 2023 08:52:27 +0000 (09:52 +0100)]
target/i386: remove unnecessary/wrong application of the A20 mask
If ptw_translate() does a MMU_PHYS_IDX access, the A20 mask is already
applied in get_physical_address(), which is called via probe_access_full()
and x86_cpu_tlb_fill().
If ptw_translate() on the other hand does a MMU_NESTED_IDX access,
the A20 mask must not be applied to the address that is looked up in
the nested page tables; it must be applied only to the addresses that
hold the NPT entries (which is achieved via MMU_PHYS_IDX, per the
previous paragraph).
Therefore, we can remove A20 masking from the computation of the page
table entry's address, and let get_physical_address() or mmu_translate()
apply it when they know they are returning a host-physical address.
Cc: qemu-stable@nongnu.org Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 22 Dec 2023 17:01:52 +0000 (18:01 +0100)]
target/i386: Fix physical address truncation
The address translation logic in get_physical_address() will currently
truncate physical addresses to 32 bits unless long mode is enabled.
This is incorrect when using physical address extensions (PAE) outside
of long mode, with the result that a 32-bit operating system using PAE
to access memory above 4G will experience undefined behaviour.
The truncation code was originally introduced in commit 33dfdb5 ("x86:
only allow real mode to access 32bit without LMA"), where it applied
only to translations performed while paging is disabled (and so cannot
affect guests using PAE).
Commit 9828198 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX")
rearranged the code such that the truncation also applied to the use
of MMU_PHYS_IDX and MMU_NESTED_IDX. Commit 4a1e9d4 ("target/i386: Use
atomic operations for pte updates") brought this truncation into scope
for page table entry accesses, and is the first commit for which a
Windows 10 32-bit guest will reliably fail to boot if memory above 4G
is present.
The truncation code however is not completely redundant. Even though the
maximum address size for any executed instruction is 32 bits, helpers for
operations such as BOUND, FSAVE or XSAVE may ask get_physical_address()
to translate an address outside of the 32-bit range, if invoked with an
argument that is close to the 4G boundary. Likewise for processor
accesses, for example TSS or IDT accesses, when EFER.LMA==0.
So, move the address truncation in get_physical_address() so that it
applies to 32-bit MMU indexes, but not to MMU_PHYS_IDX and MMU_NESTED_IDX.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2040 Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18) Cc: qemu-stable@nongnu.org Co-developed-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 2 Jan 2024 14:40:18 +0000 (15:40 +0100)]
target/i386: use separate MMU indexes for 32-bit accesses
Accesses from a 32-bit environment (32-bit code segment for instruction
accesses, EFER.LMA==0 for processor accesses) have to mask away the
upper 32 bits of the address. While a bit wasteful, the easiest way
to do so is to use separate MMU indexes. These days, QEMU anyway is
compiled with a fixed value for NB_MMU_MODES. Split MMU_USER_IDX,
MMU_KSMAP_IDX and MMU_KNOSMAP_IDX in two.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 2 Jan 2024 14:36:51 +0000 (15:36 +0100)]
target/i386: introduce function to query MMU indices
Remove knowledge of specific MMU indexes (other than MMU_NESTED_IDX and
MMU_PHYS_IDX) from mmu_translate(). This will make it possible to split
32-bit and 64-bit MMU indexes.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 22 Dec 2023 16:47:38 +0000 (17:47 +0100)]
target/i386: check validity of VMCB addresses
MSR_VM_HSAVE_PA bits 0-11 are reserved, as are the bits above the
maximum physical address width of the processor. Setting them to
1 causes a #GP (see "15.30.4 VM_HSAVE_PA MSR" in the AMD manual).
The same is true of VMCB addresses passed to VMRUN/VMLOAD/VMSAVE,
even though the manual is not clear on that.
Cc: qemu-stable@nongnu.org Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 22 Dec 2023 08:27:36 +0000 (09:27 +0100)]
target/i386: mask high bits of CR3 in 32-bit mode
CR3 bits 63:32 are ignored in 32-bit mode (either legacy 2-level
paging or PAE paging). Do this in mmu_translate() to remove
the last where get_physical_address() meaningfully drops the high
bits of the address.
Cc: qemu-stable@nongnu.org Suggested-by: Richard Henderson <richard.henderson@linaro.org> Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 13 Feb 2024 09:56:56 +0000 (10:56 +0100)]
vl, pc: turn -no-fd-bootchk into a machine property
Add a fd-bootchk property to PC machine types, so that -no-fd-bootchk
returns an error if the machine does not support booting from floppies
and checking for boot signatures therein.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 27 Feb 2024 15:34:41 +0000 (15:34 +0000)]
Merge tag 'pull-target-arm-20240227-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Handle atomic updates of page tables entries in MMIO during PTW
* Advertise Cortex-A53 erratum #843419 fix via REVIDR
* MAINTAINERS: Cover hw/ide/ahci-allwinner.c with AllWinner A10 machine
* misc: m48t59: replace qemu_system_reset_request() call with watchdog_perform_action()
* misc: pxa2xx_timer: replace qemu_system_reset_request() call with watchdog_perform_action()
* xlnx-versal-ospi: disable reentrancy detection for iomem_dac
* sbsa-ref: Simplify init since PCIe is always enabled
* stm32l4x5: Use TYPE_OR_IRQ when connecting STM32L4x5 EXTI fan-in IRQs
* pl031: Update last RTCLR value on write in case it's read back
* block: m25p80: Add support of mt35xu02gbba
* xlnx-versal-virt: Add machine property ospi-flash
* reset: refactor system reset to be three-phase aware
* new board model raspi4b
* tag 'pull-target-arm-20240227-1' of https://git.linaro.org/people/pmaydell/qemu-arm: (36 commits)
docs/system/arm: Add RPi4B to raspi.rst
hw/misc/bcm2835_property: Add missed BCM2835 properties
tests/avocado/boot_linux_console.py: Add Rpi4b boot tests
hw/arm/bcm2838_peripherals: Add clock_isp stub
hw/arm: Add memory region for BCM2837 RPiVid ASB
hw/arm/raspi4b: Temporarily disable unimplemented rpi4b devices
hw/arm: Introduce Raspberry PI 4 machine
hw/arm: Add GPIO and SD to BCM2838 periph
hw/gpio: Connect SD controller to BCM2838 GPIO
hw/gpio: Implement BCM2838 GPIO functionality
hw/gpio: Add BCM2838 GPIO stub
hw/arm/bcm2838: Add GIC-400 to BCM2838 SoC
hw/arm: Introduce BCM2838 SoC
hw/arm/raspi: Split out raspi machine common part
hw/arm/bcm2853_peripherals: Split out common part of peripherals
hw/arm/bcm2836: Split out common part of BCM283X classes
docs/devel/reset: Update to discuss system reset
hw/core/machine: Use qemu_register_resettable for sysbus reset
hw/core/reset: Implement qemu_register_reset via qemu_register_resettable
hw/core/reset: Add qemu_{register, unregister}_resettable()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Sergey Kambalin [Mon, 26 Feb 2024 00:02:59 +0000 (18:02 -0600)]
docs/system/arm: Add RPi4B to raspi.rst
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240226000259.2752893-42-sergey.kambalin@auriga.com
[PMM: list PCIE and GENET as 'missing' for now, until we land
the patches which add those devices] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Our model of the bcm2835 mailbox is missing a few properties
that we need for the raspi4 kernel:
* RPI_FWREQ_GET_CLOCKS
* RPI_FWREQ_GET_THROTTLED
* RPI_FWREQ_VCHIQ_INIT
Add minimal implementations of them.
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
Message-id: 20240226000259.2752893-40-sergey.kambalin@auriga.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: improved commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
Message-id: 20240226000259.2752893-31-sergey.kambalin@auriga.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Comment out use of USB, which depends on PCI] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit adds RPi4B device tree modifications:
- disable pcie, rng200, thermal sensor and genet devices
(they're going to be re-enabled in the following commits)
- create additional memory region in device tree
if RAM amount exceeds VC base address.
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240226000259.2752893-12-sergey.kambalin@auriga.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Sergey Kambalin [Mon, 26 Feb 2024 00:02:28 +0000 (18:02 -0600)]
hw/arm: Introduce Raspberry PI 4 machine
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240226000259.2752893-11-sergey.kambalin@auriga.com
[PMM: Change name to 'raspi4b', not 'raspi4b-2g'] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 20 Feb 2024 16:06:22 +0000 (16:06 +0000)]
docs/devel/reset: Update to discuss system reset
Now that system reset uses a three-phase-reset, update the reset
documentation to include a section describing how this works.
Include documentation of the current major beartrap in reset, which
is that only devices on the qbus tree will get automatically reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20240220160622.114437-11-peter.maydell@linaro.org Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Peter Maydell [Tue, 20 Feb 2024 16:06:21 +0000 (16:06 +0000)]
hw/core/machine: Use qemu_register_resettable for sysbus reset
Move the reset of the sysbus (and thus all devices and buses anywhere
on the qbus tree) from qemu_register_reset() to qemu_register_resettable().
This is a behaviour change: because qemu_register_resettable() is
aware of three-phase reset, this now means that:
* 'enter' phase reset methods of devices and buses are called
before any legacy reset callbacks registered with qemu_register_reset()
* 'exit' phase reset methods of devices and buses are called
after any legacy qemu_register_reset() callbacks
Put another way, a qemu_register_reset() callback is now correctly
ordered in the 'hold' phase along with any other 'hold' phase methods.
The motivation for doing this is that we will now be able to resolve
some reset-ordering issues using the three-phase mechanism, because
the 'exit' phase is always after the 'hold' phase, even when the
'hold' phase function was registered with qemu_register_reset().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20240220160622.114437-10-peter.maydell@linaro.org Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Peter Maydell [Tue, 20 Feb 2024 16:06:20 +0000 (16:06 +0000)]
hw/core/reset: Implement qemu_register_reset via qemu_register_resettable
Reimplement qemu_register_reset() via qemu_register_resettable().
We define a new LegacyReset object which implements Resettable and
defines its reset hold phase method to call a QEMUResetHandler
function. When qemu_register_reset() is called, we create a new
LegacyReset object and add it to the simulation_reset
ResettableContainer. When qemu_unregister_reset() is called, we find
the LegacyReset object in the container and remove it.
This implementation of qemu_unregister_reset() means we'll end up
scanning the ResetContainer's list of child objects twice, once
to find the LegacyReset object, and once in g_ptr_array_remove().
In theory we could avoid this by having the ResettableContainer
interface include a resettable_container_remove_with_equal_func()
that took a callback method so that we could use
g_ptr_array_find_with_equal_func() and g_ptr_array_remove_index().
But we don't expect qemu_unregister_reset() to be called frequently
or in hot paths, and we expect the simulation_reset container to
usually not have many children.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20240220160622.114437-9-peter.maydell@linaro.org Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Implement new functions qemu_register_resettable() and
qemu_unregister_resettable(). These are intended to be
three-phase-reset aware equivalents of the old qemu_register_reset()
and qemu_unregister_reset(). Instead of passing in a function
pointer and opaque, you register any QOM object that implements the
Resettable interface.
The implementation is simple: we have a single global instance of a
ResettableContainer, which we reset in qemu_devices_reset(), and
the Resettable objects passed to qemu_register_resettable() are
added to it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20240220160622.114437-8-peter.maydell@linaro.org Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
projects / mirror_qemu.git / log