Anton Johansson [Wed, 21 Jun 2023 13:56:31 +0000 (15:56 +0200)]
accel/tcg: Replace target_ulong with vaddr in translator_*()
Use vaddr for guest virtual address in translator_use_goto_tb() and
translator_loop().
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-11-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:30 +0000 (15:56 +0200)]
accel/tcg: Replace target_ulong with vaddr in *_mmu_lookup()
Update atomic_mmu_lookup() and cpu_mmu_lookup() to take the guest
virtual address as a vaddr instead of a target_ulong.
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-10-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:29 +0000 (15:56 +0200)]
accel: Replace target_ulong with vaddr in probe_*()
Functions for probing memory accesses (and functions that call these)
are updated to take a vaddr for guest virtual addresses over
target_ulong.
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-9-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:28 +0000 (15:56 +0200)]
accel/tcg: Widen pc to vaddr in CPUJumpCache
Related functions dealing with the jump cache are also updated.
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-8-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:27 +0000 (15:56 +0200)]
accel/tcg/cpu-exec.c: Widen pc to vaddr
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-7-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:26 +0000 (15:56 +0200)]
accel/tcg/cputlb.c: Widen addr in MMULookupPageData
Functions accessing MMULookupPageData are also updated.
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-6-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-5-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:24 +0000 (15:56 +0200)]
target: Widen pc/cs_base in cpu_get_tb_cpu_state
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-4-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:23 +0000 (15:56 +0200)]
accel/tcg/translate-all.c: Widen pc and cs_base
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-3-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anton Johansson [Wed, 21 Jun 2023 13:56:22 +0000 (15:56 +0200)]
accel: Replace target_ulong in tlb_*()
Replaces target_ulong with vaddr for guest virtual addresses in tlb_*()
functions and auxilliary structs.
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230621135633.1649-2-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
virtio,pc,pci: fixes, features, cleanups
asymmetric crypto support for cryptodev-vhost-user
rom migration when rom size changes
poison get, inject, clear; mock cxl events and irq support for cxl
shadow virtqueue offload support for vhost-vdpa
vdpa now maps shadow vrings with MAP_SHARED
max_cpus went up to 1024 and we default to smbios 3.0 for pc
Fixes, cleanups all over the place. In particular
hw/acpi: Fix PM control register access
works around a very long standing bug in memory core.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmSZl5EPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRph+8H/RZodqCadmQ1evpeWs7RBSvJeZgbJTVl/9/h
# +ObvEmVz2+X4D+O1Kxh54vDV0SNVq3XjyrFy3Ur57MAR6r2ZWwB6HySaeFdi4zIm
# N0SMkfUylDnf7ulyjzJoXDzHOoFnqAM6fU/jcoQXBIdUeeqwPrzLOZHrGrwevPWK
# iH5JP66suOVlBuKLJjlUKI3/4vK3oTod5Xa3Oz2Cw1oODtbIa97N8ZAdBgZd3ah9
# 7mjZjcH54kFRwfidz/rkpY5NMru8BlD54MyEOWofvTL2w7aoWmVO99qHEK+SjLkG
# x4Mx3aYlnOEvkJ+5yBHvtXS4Gc5T9ltY84AvcwPNuz4RKCORi1s=
# =Do8p
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Jun 2023 03:50:09 PM CEST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (53 commits)
vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
vhost_net: add an assertion for TAP client backends
intel_iommu: Fix address space unmap
intel_iommu: Fix flag check in replay
intel_iommu: Fix a potential issue in VFIO dirty page sync
vhost-user: fully use new backend/frontend naming
virtio-scsi: avoid dangling host notifier in ->ioeventfd_stop()
hw/i386/pc: Clean up pc_machine_initfn
vdpa: fix not using CVQ buffer in case of error
vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices
vhost: fix vhost_dev_enable_notifiers() error case
vdpa: Allow VIRTIO_NET_F_CTRL_GUEST_OFFLOADS in SVQ
vdpa: Add vhost_vdpa_net_load_offloads()
virtio-net: expose virtio_net_supported_guest_offloads()
hw/net/virtio-net: make some VirtIONet const
vdpa: reuse virtio_vdev_has_feature()
include/hw/virtio: make some VirtIODevice const
vdpa: map shadow vrings with MAP_SHARED
vdpa: reorder vhost_vdpa_net_cvq_cmd_page_len function
vdpa: do not block migration if device has cvq and x-svq=on
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ani Sinha [Mon, 19 Jun 2023 06:52:09 +0000 (12:22 +0530)]
vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:
Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.
All unit tests pass with this change.
CC: imammedo@redhat.com CC: jusual@redhat.com CC: mst@redhat.com Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929 Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ani Sinha [Mon, 19 Jun 2023 04:15:01 +0000 (09:45 +0530)]
vhost_net: add an assertion for TAP client backends
An assertion was missing for tap vhost backends that enforces a non-null
reference from get_vhost_net(). Both vhost-net-user and vhost-net-vdpa
enforces this. Enforce the same for tap. Unit tests pass with this change.
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619041501.111655-1-anisinha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Zhenzhong Duan [Thu, 15 Jun 2023 03:26:26 +0000 (11:26 +0800)]
intel_iommu: Fix address space unmap
During address space unmap, corresponding IOVA tree entries are
also removed. But DMAMap is set beyond notifier's scope by 1, so
in theory there is possibility to remove a continuous entry above
the notifier's scope but falling in adjacent notifier's scope.
There is no issue currently as no use cases allocate notifiers
continuously, but let's be robust.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20230615032626.314476-4-zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhenzhong Duan [Thu, 15 Jun 2023 03:26:25 +0000 (11:26 +0800)]
intel_iommu: Fix flag check in replay
Replay doesn't notify registered notifiers but the one passed
to it. So it's meaningless to check the registered notifier's
synthetic flag.
There is no issue currently as all replay use cases have MAP
flag set, but let's be robust.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20230615032626.314476-3-zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhenzhong Duan [Thu, 15 Jun 2023 03:26:24 +0000 (11:26 +0800)]
intel_iommu: Fix a potential issue in VFIO dirty page sync
Peter Xu found a potential issue:
"The other thing is when I am looking at the new code I found that we
actually extended the replay() to be used also in dirty tracking of vfio,
in vfio_sync_dirty_bitmap(). For that maybe it's already broken if
unmap_all() because afaiu log_sync() can be called in migration thread
anytime during DMA so I think it means the device is prone to DMA with the
IOMMU pgtable quickly erased and rebuilt here, which means the DMA could
fail unexpectedly. Copy Alex, Kirti and Neo."
Fix it by replacing the unmap_all() to only evacuate the iova tree
(keeping all host mappings untouched, IOW, don't notify UNMAP), and
do a full resync in page walk which will notify all existing mappings
as MAP. This way we don't interrupt with any existing mapping if there
is (e.g. for the dirty sync case), meanwhile we keep sync too to latest
(for moving a vfio device into an existing iommu group).
Suggested-by: Peter Xu <peterx@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20230615032626.314476-2-zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Slave/master nomenclature was replaced with backend/frontend in commit 1fc19b65279a ("vhost-user: Adopt new backend naming")
This patch replaces all remaining uses of master and slave in the
codebase.
Signed-off-by: Emmanouil Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20230613080849.2115347-1-manos.pitsidianakis@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Stefan Hajnoczi [Sun, 11 Jun 2023 19:39:24 +0000 (15:39 -0400)]
virtio-scsi: avoid dangling host notifier in ->ioeventfd_stop()
virtio_scsi_dataplane_stop() calls blk_drain_all(), which invokes
->drained_begin()/->drained_end() after we've already detached the host
notifier. virtio_scsi_drained_end() currently attaches the host notifier
again and leaves it dangling after dataplane has stopped.
This results in the following assertion failure because
virtio_scsi_defer_to_dataplane() is called from the IOThread instead of
the main loop thread:
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1680 Reported-by: Jean-Louis Dupond <jean-louis@dupond.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230611193924.2444914-1-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
To use the newly introduced PC machine class local variable.
Suggested-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Message-Id: <20230609164107.23404-1-suravee.suthikulpanit@amd.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Fri, 2 Jun 2023 17:34:51 +0000 (19:34 +0200)]
vdpa: fix not using CVQ buffer in case of error
Bug introducing when refactoring. Otherway, the guest never received
the used buffer.
Fixes: be4278b65fc1 ("vdpa: extract vhost_vdpa_net_cvq_add from vhost_vdpa_net_handle_ctrl_avail") Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602173451.1917999-1-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Tested-by: Lei Yang <leiyang@redhat.com>
Eugenio Pérez [Fri, 2 Jun 2023 17:33:28 +0000 (19:33 +0200)]
vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices
QEMU does not emulate it so it must be disabled as long as the backend
does not support it.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602173328.1917385-1-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Tested-by: Lei Yang <leiyang@redhat.com>
Laurent Vivier [Fri, 2 Jun 2023 16:27:35 +0000 (18:27 +0200)]
vhost: fix vhost_dev_enable_notifiers() error case
in vhost_dev_enable_notifiers(), if virtio_bus_set_host_notifier(true)
fails, we call vhost_dev_disable_notifiers() that executes
virtio_bus_set_host_notifier(false) on all queues, even on queues that
have failed to be initialized.
This triggers a core dump in memory_region_del_eventfd():
virtio_bus_set_host_notifier: unable to init event notifier: Too many open files (-24)
vhost VQ 1 notifier binding failed: 24
.../softmmu/memory.c:2611: memory_region_del_eventfd: Assertion `i != mr->ioeventfd_nb' failed.
Fix the problem by providing to vhost_dev_disable_notifiers() the
number of queues to disable.
Fixes: 8771589b6f81 ("vhost: simplify vhost_dev_enable_notifiers") Cc: longpeng2@huawei.com Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20230602162735.3670785-1-lvivier@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Hawkins Jiawei [Fri, 2 Jun 2023 11:52:18 +0000 (19:52 +0800)]
vdpa: Allow VIRTIO_NET_F_CTRL_GUEST_OFFLOADS in SVQ
Enable SVQ with VIRTIO_NET_F_CTRL_GUEST_OFFLOADS feature.
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com> Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <778d642ecae6deed8a218b0e6232e4d7bb96b439.1685704856.git.yin31149@gmail.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Tested-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Hawkins Jiawei [Fri, 2 Jun 2023 11:52:17 +0000 (19:52 +0800)]
vdpa: Add vhost_vdpa_net_load_offloads()
This patch introduces vhost_vdpa_net_load_offloads() to
restore offloads state at device's startup.
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Message-Id: <7e2b5cad9c48c917df53d80dec27dbfeb513e1a3.1685704856.git.yin31149@gmail.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Tested-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
To support restoring offloads state in vdpa, it is necessary to
expose the function virtio_net_supported_guest_offloads().
According to VirtIO standard, "Upon feature negotiation
corresponding offload gets enabled to preserve backward compatibility.".
Therefore, QEMU uses this function to get the device supported offloads.
This allows QEMU to know the device's defaults and skip the control
message sending if these defaults align with the driver's configuration.
Note that the device's defaults can mismatch the driver's configuration
only at live migration.
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Message-Id: <43679506f3f039a7aa2bdd5b49785107b5dfd7d4.1685704856.git.yin31149@gmail.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Tested-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Hawkins Jiawei [Fri, 2 Jun 2023 11:52:15 +0000 (19:52 +0800)]
hw/net/virtio-net: make some VirtIONet const
The VirtIONet structure is not modified in
virtio_net_supported_guest_offloads().
Therefore, make it const to allow this function to
accept const variables.
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <489b09c3998ac09b9135e57a7dd8c56a4be8cdf9.1685704856.git.yin31149@gmail.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Tested-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Hawkins Jiawei [Fri, 2 Jun 2023 11:52:13 +0000 (19:52 +0800)]
include/hw/virtio: make some VirtIODevice const
The VirtIODevice structure is not modified in
virtio_vdev_has_feature(). Therefore, make it const
to allow this function to accept const variables.
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com> Reviewed-by: Eugenio Pérez Martin <eperezma@redhat.com>
Message-Id: <16c0561b921310a32c240a4fb6e8cee3ffee16fe.1685704856.git.yin31149@gmail.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Tested-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Fri, 2 Jun 2023 14:38:54 +0000 (16:38 +0200)]
vdpa: map shadow vrings with MAP_SHARED
The vdpa devices that use va addresses neeeds these maps shared.
Otherwise, vhost_vdpa checks will refuse to accept the maps.
The mmap call will always return a page aligned address, so removing the
qemu_memalign call. Keeping the ROUND_UP for the size as we still need
to DMA-map them in full.
Not applying fixes tag as it never worked with va devices.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602143854.1879091-4-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Fri, 2 Jun 2023 14:38:53 +0000 (16:38 +0200)]
vdpa: reorder vhost_vdpa_net_cvq_cmd_page_len function
We need to call it from resource cleanup context, as munmap needs the
size of the mappings.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230602143854.1879091-3-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eugenio Pérez [Fri, 2 Jun 2023 14:38:52 +0000 (16:38 +0200)]
vdpa: do not block migration if device has cvq and x-svq=on
It was a mistake to forbid in all cases, as SVQ is already able to send
all the CVQ messages before start forwarding data vqs. It actually
caused a regression, making impossible to migrate device previously
migratable.
Fixes: 36e4647247f2 ("vdpa: add vhost_vdpa_net_valid_svq_features") Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602143854.1879091-2-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Lei Yang <leiyang@redhat.com>
Also, keep max_cpus at 288 for machine version 8.0 and older.
Cc: Igor Mammedov <imammedo@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Julia Suvorova <jusual@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Message-Id: <20230607205717.737749-3-suravee.suthikulpanit@amd.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
hw/i386/pc: Default to use SMBIOS 3.0 for newer machine models
Currently, pc-q35 and pc-i44fx machine models are default to use SMBIOS 2.8
(32-bit entry point). Since SMBIOS 3.0 (64-bit entry point) is now fully
supported since QEMU 7.0, default to use SMBIOS 3.0 for newer machine
models. This is necessary to avoid the following message when launching
a VM with large number of vcpus.
"SMBIOS 2.1 table length 66822 exceeds 65535"
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Message-Id: <20230607205717.737749-2-suravee.suthikulpanit@amd.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
BALATON Zoltan [Wed, 7 Jun 2023 20:01:25 +0000 (22:01 +0200)]
hw/acpi: Fix PM control register access
On pegasos2 which has ACPI as part of VT8231 south bridge the board
firmware writes PM control register by accessing the second byte so
addr will be 1. This wasn't handled correctly and the write went to
addr 0 instead. Remove the acpi_pm1_cnt_write() function which is used
only once and does not take addr into account and handle non-zero
address in acpi_pm_cnt_{read|write}. This fixes ACPI shutdown with
pegasos2 firmware.
The issue below is possibly related to the same memory core bug.
Link: https://gitlab.com/qemu-project/qemu/-/issues/360 Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20230607200125.A9988746377@zero.eik.bme.hu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* kvm: reuse per-vcpu stats fd to avoid vcpu interruption
* Validate cluster and NUMA node boundary on ARM and RISC-V
* various small TCG features from newer processors
* Remove dubious 'event_notifier-posix.c' include
* fix git-submodule.sh in releases
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmSZS0IUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN+tgf/axJdG9NXKCyXgc0vzjKVhSR4Y+tC
# EPxkg7Rq7uOMgbph9oTS/2Kzh9LnP6kLt2qnS4igRHGuEBd58yD6fFNDv0LJsK/l
# B/d0WGHMKV0KMYOX24rkyfohVu37GhVRsiVSIlIiQVTC9JtYer7WxdnyoDaPKvY8
# dpbKgDrd59vAlsHrpj7ZubVQPcL3lXrLryimpDohMH6Ba+4wZq+7dKPpal97QOP2
# 3i7isUBTQiMOcVjW6GEiNcDLSJqj5DSgylhdFnaBsq/ThpC2PxWoXcCbV28QELzf
# 5+J+RXQavmeWKZMR0q98iBzWbrsVtaSxAkHHiwbUMMqQvkfY6Dpo5dMHWw==
# =WHE2
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Jun 2023 10:24:34 AM CEST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
git-submodule.sh: allow running in validate mode without previous update
target/i386: implement SYSCALL/SYSRET in 32-bit emulators
target/i386: implement RDPID in TCG
target/i386: sysret and sysexit are privileged
target/i386: AMD only supports SYSENTER/SYSEXIT in 32-bit mode
target/i386: Intel only supports SYSCALL/SYSRET in long mode
target/i386: TCG supports WBNOINVD
target/i386: TCG supports XSAVEERPTR
target/i386: do not accept RDSEED if CPUID bit absent
target/i386: TCG supports RDSEED
target/i386: TCG supports 3DNow! prefetch(w)
target/i386: fix INVD vmexit
kvm: reuse per-vcpu stats fd to avoid vcpu interruption
hw/riscv: Validate cluster and NUMA node boundary
hw/arm: Validate cluster and NUMA node boundary
numa: Validate cluster and NUMA node boundary if required
hw/remote/proxy: Remove dubious 'event_notifier-posix.c' include
build: further refine build.ninja rules
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-request-2023-06-26' of https://gitlab.com/thuth/qemu into staging
* Improve gitlab-CI with regards to handling of stable staging branches
* Add msys2 gitlab-CI artifacts
* Minor qtest fixes
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmSZR6gRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWoFQ//VieL2UTOBXvw6TlMCYEpqKURdKYc7Uqp
# Y/gJRHK+EQ3C4BGzv8l/P07/H3N5da+8Y2Ta37tNritbs+tyrYVIQAY3+bugG6hO
# lIF5oUGTcbOkC6Z1ajtjHcmxCj+2Z8uumlFW44zMR4HzzcmaRDyVDoU0gUg0Ohkt
# aNdpjJEA8BRzvQTjx92v31uILk8zpd0yL+40p/2DSx0Dt5eoqTjFN4QCgqk+C9A3
# WiiIkJBIIPgfp3XScVGeKS2ZfGSL7/QcJF0wbkkLhWfuF5oBjjkQCJlGYxpAnnbv
# J7esrNCxsks7T7SC/QnEzyePMXxX1DgV9znwBtEobLTQ38LcDWpdqdr0VYgyQhdo
# 9NgBLNkI3J1JCmJ5amCLRNcmH75cMnhxXeZYsjZ70VnirgFEQS1C+YELadCY8QWa
# S3YS/ZvOc5wHFdTrsfIyJG+2AjbefyboiXojzd/sFEY0485A8malTdtn96dhHjkZ
# KvInxQHV7uoUhok1QC68taMHbRUfA6jU7STYjkgDjnf+L+ywIbbKJE7LpyicvnsU
# MUR+9H4EsSlmN2koc9bopG0sspLThviIKORqzPEo3WyBj5jCIZ7tkvUEqBUkJwx2
# hISZeqdhP+wRVR4Ter0RNywjk2gSbaYcPzlnbaRYZ5OoiRchXr+uh/X0dIdkCNPP
# YwB1Y0wBpPU=
# =4Jl2
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Jun 2023 10:09:12 AM CEST
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2023-06-26' of https://gitlab.com/thuth/qemu:
tests/qtest/cxl-test: Clean up temporary directories after testing
gitlab-ci: add msys2 meson test to junit report
gitlab-ci: grab msys2 meson-logs as artifacts
gitlab: support disabling job auto-run in upstream
gitlab: avoid extra pipelines for tags and stable branches
gitlab: stable staging branches publish containers in a separate tag
gitlab: allow overriding name of the upstream repository
gitlab: centralize the container tag name
tests/qtest: Fix a comment typo in vhost-user-test.c
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Paolo Bonzini [Sun, 18 Jun 2023 21:10:39 +0000 (23:10 +0200)]
git-submodule.sh: allow running in validate mode without previous update
The call to git-submodule.sh done in configure may happen without a
previous checkout of the roms/SLOF submodule, or even without a
previous run of the script.
So, handle creating a .git-submodule-status file even in validate
mode. If git is absent, ensure that all passed directories exists
(because you should be in a fresh untar and will not have stale
arguments to git-submodule.sh) but do no other checks. If git
is present, ensure that .git-submodule-status contains an entry
for all submodules passed on the command line.
With this change, "ignore" mode is not needed anymore.
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Fixes: b11f9bd96f4 ("configure: move SLOF submodule handling to pc-bios/s390-ccw", 2023-06-06) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 16 Jun 2023 23:01:29 +0000 (01:01 +0200)]
target/i386: implement SYSCALL/SYSRET in 32-bit emulators
AMD supports both 32-bit and 64-bit SYSCALL/SYSRET, but the TCG only
exposes it for 64-bit targets. For system emulation just reuse the
helper; for user-mode emulation the ABI is the same as "int $80".
The BSDs does not support any fast system call mechanism in 32-bit
mode so add to bsd-user the same stub that FreeBSD has for 64-bit
compatibility mode.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 20 Jun 2023 22:47:31 +0000 (00:47 +0200)]
target/i386: implement RDPID in TCG
RDPID corresponds to a RDMSR(TSC_AUX); however, it is unprivileged
so for user-mode emulation we must provide the value that the kernel
places in the MSR. For Linux, it is a combination of the current CPU
and the current NUMA node, both of which can be retrieved with getcpu(2).
Also try sched_getcpu(), which might be there on the BSDs. If there is
no portable way to retrieve the current CPU id from userspace, return 0.
RDTSCP is reimplemented as RDTSC + RDPID ECX; the differences in terms
of serializability are not relevant to QEMU.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 16 Jun 2023 21:58:25 +0000 (23:58 +0200)]
target/i386: TCG supports WBNOINVD
WBNOINVD is the same as INVD or WBINVD as far as TCG is concerned,
since there is no cache in TCG and therefore no invalidation side effect
in WBNOINVD.
With respect to SVM emulation, processors that do not support WBNOINVD
will ignore the prefix and treat it as WBINVD, while those that support
it will generate exactly the same vmexit.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 20 Jun 2023 22:43:22 +0000 (00:43 +0200)]
target/i386: do not accept RDSEED if CPUID bit absent
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 16 Jun 2023 22:01:58 +0000 (00:01 +0200)]
target/i386: TCG supports 3DNow! prefetch(w)
The AMD prefetch(w) instructions have not been deprecated together with the rest
of 3DNow!, and in fact are even supported by newer Intel processor. Mark them
as supported by TCG, as it supports all of 3DNow!.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 16 Jun 2023 21:57:30 +0000 (23:57 +0200)]
target/i386: fix INVD vmexit
Due to a typo or perhaps a brain fart, the INVD vmexit was never generated.
Fix it (but not that fixing just the typo would break both INVD and WBINVD,
due to a case of two wrongs making a right).
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Marcelo Tosatti [Sun, 18 Jun 2023 21:24:40 +0000 (23:24 +0200)]
kvm: reuse per-vcpu stats fd to avoid vcpu interruption
A regression has been detected in latency testing of KVM guests.
More specifically, it was observed that the cyclictest
numbers inside of an isolated vcpu (running on isolated pcpu) are:
Where a maximum of 50us is acceptable.
The implementation of KVM_GET_STATS_FD uses run_on_cpu to query
per vcpu statistics, which interrupts the vcpu (and is unnecessary).
To fix this, open the per vcpu stats fd on vcpu initialization,
and read from that fd from QEMU's main thread.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gavin Shan [Tue, 9 May 2023 00:27:39 +0000 (10:27 +1000)]
hw/riscv: Validate cluster and NUMA node boundary
There are two RISCV machines where NUMA is aware: 'virt' and 'spike'.
Both of them are required to follow cluster-NUMA-node boundary. To
enable the validation to warn about the irregular configuration where
multiple CPUs in one cluster has been associated with multiple NUMA
nodes.
Signed-off-by: Gavin Shan <gshan@redhat.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20230509002739.18388-4-gshan@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gavin Shan [Tue, 9 May 2023 00:27:38 +0000 (10:27 +1000)]
hw/arm: Validate cluster and NUMA node boundary
There are two ARM machines where NUMA is aware: 'virt' and 'sbsa-ref'.
Both of them are required to follow cluster-NUMA-node boundary. To
enable the validation to warn about the irregular configuration where
multiple CPUs in one cluster have been associated with different NUMA
nodes.
Signed-off-by: Gavin Shan <gshan@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230509002739.18388-3-gshan@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gavin Shan [Tue, 9 May 2023 00:27:37 +0000 (10:27 +1000)]
numa: Validate cluster and NUMA node boundary if required
For some architectures like ARM64, multiple CPUs in one cluster can be
associated with different NUMA nodes, which is irregular configuration
because we shouldn't have this in baremetal environment. The irregular
configuration causes Linux guest to misbehave, as the following warning
messages indicate.
Improve the situation to warn when multiple CPUs in one cluster have
been associated with different NUMA nodes. However, one NUMA node is
allowed to be associated with different clusters.
Signed-off-by: Gavin Shan <gshan@redhat.com> Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230509002739.18388-2-gshan@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
hw/remote/proxy: Remove dubious 'event_notifier-posix.c' include
event_notifier-posix.c is registered in meson's util_ss[] source
set, which is built as libqemuutil.a.p library. Both tools and
system emulation binaries are linked with qemuutil, so there is
no point in including this source file.
Introduced in commit bd36adb8df ("multi-process: create IOHUB
object to handle irq").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230606134913.93724-1-philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 23 May 2023 15:56:33 +0000 (17:56 +0200)]
build: further refine build.ninja rules
In commit b0fcc6fc7fc1 ("build: rebuild build.ninja using
"meson setup --reconfigure"", 2023-05-19) I changed the build.ninja
rule in the Makefile to use "meson setup" so that the Makefile would
pick up a changed path to the meson binary.
However, there was a reason why build.ninja was rebuilt using $(NINJA)
itself. Namely, ninja has its own cache of file modification times,
and if it does not know about the modification that was done outside
its control, it will *also* try to regenerate build.ninja. This can be
simply by running "make" on a fresh tree immediately after "configure";
that will trigger an unnecessary meson run.
So, apply a refinement to the rule in order to cover both cases:
- track the meson binary that was used (and that is embedded in
build.ninja's reconfigure rules); to do this, write build.ninja.stamp
right after executing meson successfully
- if it changed, force usage of "$(MESON) setup --reconfigure" to
update the path in the reconfigure rule
- if it didn't change, use "$(NINJA) build.ninja" just like before
commit b0fcc6fc7fc1.
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Thu, 22 Jun 2023 11:41:32 +0000 (13:41 +0200)]
tests/qtest/cxl-test: Clean up temporary directories after testing
It's good style to clean up temporary directories when they
are not needed anymore.
Message-Id: <20230622114132.372898-1-thuth@redhat.com> Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: support disabling job auto-run in upstream
In forks QEMU_CI=1 can be used to create a pipeline but not auto-run any
jobs. In upstream jobs always auto-run, which is equiv of QEMU_CI=2.
This supports setting QEMU_CI=1 in upstream, to disable job auto-run.
This can be used to preserve CI minutes if repushing a branch to staging
with a specific fix that only needs testing in limited scenarios.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230608164018.2520330-6-berrange@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: avoid extra pipelines for tags and stable branches
In upstream context we only run pipelines on staging branches, and
limited publishing jobs on the default branch.
We don't want to run pipelines on stable branches, or tags, because
the content will have already been tested on a staging branch before
getting pushed.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230608164018.2520330-5-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: stable staging branches publish containers in a separate tag
If the stable staging branches publish containers under the 'latest' tag
they will clash with containers published on the primary staging branch,
as well as with each other. This introduces logic that overrides the
container tag when jobs run against the stable staging branches.
The CI_COMMIT_REF_SLUG variable we use expands to the git branch name,
but with most special characters removed, such that it is valid as a
docker tag name. eg 'staging-8.0' will get a slug of 'staging-8-0'
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230608164018.2520330-4-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: allow overriding name of the upstream repository
The CI rules have special logic for what happens in upstream. To enable
contributors who modify CI rules to test this logic, however, they need
to be able to override which repo is considered upstream. This
introduces the 'QEMU_CI_UPSTREAM' variable
to make it look as if my namespace is the actual upstream. Namespace in
this context refers to the path fragment in gitlab URLs that is above
the repository. Typically this will be the contributor's gitlab login
name.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230608164018.2520330-3-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
We use a fixed container tag of 'latest' so that contributors' forks
don't end up with an ever growing number of containers as they work
on throwaway feature branches.
This fixed tag causes problems running CI upstream in stable staging
branches, however, because the stable staging branch will publish old
container content that clashes with that needed by primary staging
branch. This makes it impossible to reliably run CI pipelines in
parallel in upstream for different staging branches.
This introduces $QEMU_CI_CONTAINER_TAG global variable as a way to
change which tag container publishing uses. Initially it can be set
by contributors as a git push option if they want to override the
default use of 'latest' eg
this is useful if contributors need to run pipelines for different
branches concurrently in their forks.
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230608164018.2520330-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Milan Zamazal [Wed, 21 Jun 2023 10:17:09 +0000 (12:17 +0200)]
tests/qtest: Fix a comment typo in vhost-user-test.c
Signed-off-by: Milan Zamazal <mzamazal@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230621101710.297975-4-mzamazal@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Merge tag 'pull-ppc-20230626' of https://github.com/legoater/qemu into staging
ppc queue:
* New maintainers
* Nested implementation cleanups
* Various cleanups of the CPU implementation
* SMT support for pseries
* Improvements of the XIVE2 TIMA modeling
* Extra avocado tests for pseries
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmSZKF8ACgkQUaNDx8/7
# 7KGSiBAAlHC4S9J5ujzTIojaWY72d2ZinkC+WpBus9Wr91DqaUSUd/JbzDxQCvXh
# dBWEbcyQ+abb8M3OQ3fMq9TfD2/LhxxXb+uwHIJ+ylITBnsRVCQv/4/gi3EkpRid
# h4q3wYH8OYNfCQd/cWYXNgCSNj1nS9sRrEKFXaB0JeQWHzHxriJS/SoIhilqvUru
# LFEytWNb3bxRkEkt8oAetOa9+DNLowUQ9IdzswqGcib09po3b1k4+ThfcvzU9nAc
# ek31/h1W6cJbOJcgRO2dhWUZYp7cfmcnOa02E84tGFvvY/kYbjzPZZnoniSXD4uf
# YWFCoB3VxUoZ/YKCT/pDKHVdXmLLrfckNbo9vQNEcwmjr8m0Q3d1ewD5O9oNRpgN
# H0QMENfsdojztosOm3KPQ20aqNf1R7rQegYTiWf3B2fKZ6PIqnn3tBPxaEDkH7NC
# GTAKnBhF48lcHSF/4XOfGdmqhGgPRWX/Tv0wia7RY/A4NEfiIImIu+nYSGNBbu3y
# 7xlmtcumTlsRityOZnYI3bN5ubv++XPwU5NIJPACqvAbhif2rf1vQ9rMkkK785GL
# ciJ/5f6zXsLU7DfWP+qbTBizchQgigXnRZEEc7Seo6Bwtru22oxug0qQZ5QCgyXl
# Fg5Xuoq/6T4JC75pvxh1BjVlZc3Okzbfmsj+aZNrXO581HVJ2JI=
# =XLtJ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Jun 2023 07:55:43 AM CEST
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-ppc-20230626' of https://github.com/legoater/qemu: (30 commits)
tests/avocado: ppc test VOF bios Linux boot
pnv/xive2: Check TIMA special ops against a dedicated array for P10
pnv/xive2: Add a get_config() method on the presenter class
tests/avocado: Add ppc64 pseries multiprocessor boot tests
tests/avocado: boot ppc64 pseries to Linux VFS mount
spapr: TCG allow up to 8-thread SMT on POWER8 and newer CPUs
hw/ppc/spapr: Test whether TCG is enabled with tcg_enabled()
target/ppc: Add msgsnd/p and DPDES SMT support
target/ppc: Add support for SMT CTRL register
target/ppc: Add initial flags and helpers for SMT support
target/ppc: Fix sc instruction handling of LEV field
target/ppc: Better CTRL SPR implementation
target/ppc: Add ISA v3.1 LEV indication in SRR1 for system call interrupts
target/ppc: Implement HEIR SPR
target/ppc: Add SRR1 prefix indication to interrupt handlers
target/ppc: Change partition-scope translate interface
target/ppc: Fix instruction loading endianness in alignment interrupt
ppc/spapr: Move spapr nested HV to a new file
ppc/spapr: load and store l2 state with helper functions
ppc/spapr: Add a nested state struct
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Nicholas Piggin [Fri, 23 Jun 2023 12:21:35 +0000 (22:21 +1000)]
tests/avocado: ppc test VOF bios Linux boot
VOF is the new lightweight fast pseries bios. Add a Linux boot test
using VOF.
More tests could be moved to use VOF becasue it's much faster, but
just dip one toe in the water first here. SLOF should continue to be
tested too.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Frederic Barrat [Thu, 22 Jun 2023 16:25:27 +0000 (18:25 +0200)]
pnv/xive2: Check TIMA special ops against a dedicated array for P10
Accessing the TIMA from some specific ring/offset combination can
trigger a special operation, with or without side effects. It is
implemented in qemu with an array of special operations to compare
accesses against. Since the presenter on P10 is pretty similar to P9,
we had the full array defined for P9 and we just had a special case
for P10 to treat one access differently. With a recent change, 6f2cbd133d4 ("pnv/xive2: Handle TIMA access through all ports"), we
now ignore some of the bits of the TIMA address, but that patch
managed to botch the detection of the special case for P10.
To clean that up, this patch introduces a full array of special ops to
be used for P10. The code to detect a special access is common with
P9, only the array of operations differs. The presenter can pick the
correct array of special ops based on its configuration introduced in
a previous patch.
Fixes: Coverity CID 1512997, 1512998 Fixes: 6f2cbd133d4 ("pnv/xive2: Handle TIMA access through all ports") Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Frederic Barrat [Thu, 22 Jun 2023 16:25:26 +0000 (18:25 +0200)]
pnv/xive2: Add a get_config() method on the presenter class
The presenters for xive on P9 and P10 are mostly similar but the
behavior can be tuned through a few CQ registers. This patch adds a
"get_config" method, which will allow to access that config from the
presenter in a later patch.
For now, just define the config for the TIMA version.
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Add mult-thread/core/socket Linux boot tests that ensure the right
topology comes up. Of particular note is a SMT test, which is a new
capability for TCG.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Thu, 22 Jun 2023 09:33:55 +0000 (19:33 +1000)]
spapr: TCG allow up to 8-thread SMT on POWER8 and newer CPUs
PPC TCG supports SMT CPU configurations for non-hypervisor state, so
permit POWER8-10 pseries machines to enable SMT.
This requires PIR and TIR be set, because that's how sibling thread
matching is done by TCG.
spapr's nested-HV capability does not currently coexist with SMT, so
that combination is prohibited (interestingly somewhat analogous to
LPAR-per-core mode on real hardware which also does not support KVM).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org>
[ clg: Also test smp_threads when checking for POWER8 CPU and above ] Signed-off-by: Cédric Le Goater <clg@kaod.org>
hw/ppc/spapr: Test whether TCG is enabled with tcg_enabled()
Although the PPC target only supports the TCG and KVM
accelerators, QEMU supports more. We can not assume that
'!kvm == tcg', so test for the correct accelerator. This
also eases code review, because here we don't care about
KVM, we really want to test for TCG.
Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[np: Fix changelog typo noticed by Zoltan] Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Thu, 22 Jun 2023 09:33:52 +0000 (19:33 +1000)]
target/ppc: Add support for SMT CTRL register
A relatively simple case to begin with, CTRL is a SMT shared register
where reads and writes need to synchronise against state changes by
other threads in the core.
Atomic serialisation operations are used to achieve this.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Thu, 22 Jun 2023 09:33:51 +0000 (19:33 +1000)]
target/ppc: Add initial flags and helpers for SMT support
TGC SMT emulation needs to know whether it is running with SMT siblings,
to be able to iterate over siblings in a core, and to serialise
threads to access per-core shared SPRs. Add infrastructure to do these
things.
For now the sibling iteration and serialisation are implemented in a
simple but inefficient way. SMT shared state and sibling access is not
too common, and SMT configurations are mainly useful to test system
code, so performance is not to critical.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org>
[ clg: fix build breakage with clang ] Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Wed, 21 Jun 2023 11:09:38 +0000 (21:09 +1000)]
target/ppc: Fix sc instruction handling of LEV field
The top bits of the LEV field of the sc instruction are to be treated as
as a reserved field rather than a reserved value, meaning LEV is
effectively the bottom bit. LEV=0xF should be treated as LEV=1 and be
a hypercall, for example.
This changes the instruction execution to just set lev from the low bit
of the field. Processors which don't support the LEV field will continue
to ignore it.
ISA v3.1 defines LEV to be 2 bits, in order to add the 'sc 2' ultracall
instruction. TCG does not support Ultravisor, so don't worry about
that bit.
Suggested-by: "Harsh Prateek Bora" <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 13:15:23 +0000 (23:15 +1000)]
target/ppc: Better CTRL SPR implementation
The CTRL register is able to write the bit in the RUN field, which gets
reflected into the TS field which is read-only and contains the state of
the RUN field for all threads in the core.
TCG does not implement SMT, so the correct implementation just requires
mirroring the RUN bit into the first bit of the TS field.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 13:13:21 +0000 (23:13 +1000)]
target/ppc: Add ISA v3.1 LEV indication in SRR1 for system call interrupts
System call interrupts in ISA v3.1 CPUs add a LEV indication in SRR1
that corresponds with the LEV field of the instruction that caused the
interrupt.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 13:10:43 +0000 (23:10 +1000)]
target/ppc: Add SRR1 prefix indication to interrupt handlers
ISA v3.1 introduced prefix instructions. Among the changes, various
synchronous interrupts report whether they were caused by a prefix
instruction in (H)SRR1.
The case of instruction fetch that causes an HDSI due to access of a
process-scoped table faulting on the partition scoped translation is the
tricky one. As with ISIs and HISIs, this does not try to set the prefix
bit because there is no instruction image to be loaded. The HDSI needs
the originating access type to be passed through to the handler to
distinguish this from HDSIs that fault translating process scoped tables
originating from a load or store instruction (in that case the prefix
bit should be provided).
Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[ clg: checkpatch issues ] Signed-off-by: Cédric Le Goater <clg@kaod.org>
Rather than always performing partition scope page table translation
with access type of 0 (MMU_DATA_LOAD), pass through the processor
access type which first initiated the translation sequence. Process-
scoped page table loads are then set to MMU_DATA_LOAD access type in
the xlate function.
This will allow more information to be passed to the exception
handler in the next patch.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 13:10:41 +0000 (23:10 +1000)]
target/ppc: Fix instruction loading endianness in alignment interrupt
powerpc ifetch endianness depends on MSR[LE] so it has to byteswap
after cpu_ldl_code(). This corrects DSISR bits in alignment
interrupts when running in little endian mode.
Reviewed-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 10:57:37 +0000 (20:57 +1000)]
ppc/spapr: Move spapr nested HV to a new file
Create spapr_nested.c for most of the nested HV implementation.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 10:57:36 +0000 (20:57 +1000)]
ppc/spapr: load and store l2 state with helper functions
Arguably this is just shuffling around register accesses, but one nice
thing it does is allow the exit to save away the L2 state then switch
the environment to the L1 before copying L2 data back to the L1, which
logically flows more naturally and simplifies the error paths.
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 10:57:35 +0000 (20:57 +1000)]
ppc/spapr: Add a nested state struct
Rather than use a copy of CPUPPCState to store the host state while
the environment has been switched to the L2, use a new struct for
this purpose.
Have helper functions to save and load this host state.
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Tue, 20 Jun 2023 10:57:34 +0000 (20:57 +1000)]
ppc/spapr: H_ENTER_NESTED should restore host XER ca field
Fix missing env->ca restore when going from L2 back to the host.
Fixes: 120f738a467 ("spapr: implement nested-hv capability for the virtual hypervisor") Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Cédric Le Goater [Tue, 20 Jun 2023 05:59:10 +0000 (07:59 +0200)]
ppc/pnv: Rephrase error when run with KVM
Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Cédric Le Goater [Tue, 20 Jun 2023 05:59:09 +0000 (07:59 +0200)]
ppc/bamboo: Report an error when run with KVM
The 'bamboo' machine was used as a KVM platform in the early days (~2008).
It clearly doesn't support it anymore.
Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Cédric Le Goater [Tue, 20 Jun 2023 05:59:04 +0000 (07:59 +0200)]
MAINTAINERS: Add reviewer for PowerPC TCG CPUs
Nick has great knowledge of the PowerPC CPUs, software and hardware.
Add him as a reviewer on CPU TCG modeling.
Cc: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Cédric Le Goater [Tue, 20 Jun 2023 05:59:03 +0000 (07:59 +0200)]
MAINTAINERS: Add reviewers for PowerNV baremetal emulation
Fred and Nick have been hacking baremetal POWER systems (OPAL) for
many years. They use and modify the QEMU models regularly. Add them as
PowerNV reviewers.
Cc: Frédéric Barrat <fbarrat@linux.ibm.com> Cc: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Acked-by: Frederic Barrat <fbarrat@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Joel Stanley [Mon, 19 Jun 2023 23:36:36 +0000 (09:06 +0930)]
ppc/pnv/pci: Clean up error messages
The phb error macros add a newline for you, so remove the second one to
avoid double whitespace.
Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Wed, 31 May 2023 01:23:09 +0000 (11:23 +1000)]
target/ppc: gdbstub init spr gdb_id for all CPUs
Make sure each CPU gets its state set up for gdb, not just the ones
before PowerPCCPUClass has had its gdb state set up.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Merge tag 'hppa-boot-reboot-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging
target/hppa: Fix boot and reboot for SMP machines
Fix some SMP-related boot and reboot issues with HP-UX and Linux by
correctly initializing the CPU PSW bits, disabling data and instruction
translations and unhalting the CPU in the qemu hppa_machine_reset()
function.
To work correctly some fixes are needed in the SeaBIOS-hppa firmware too,
which is why this series updates it to version 8 which includes those
fixes and enhancements:
Fixes
- boot of HP-UX with SMP, and
- reboot of Linux and HP-UX with SMP
Enhancements:
- show qemu version in boot menu
- adds exit menu entry in boot menu to quit emulation
- allow to trace PCD_CHASSIS codes more specifically
Signed-off-by: Helge Deller <deller@gmx.de>
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZJbYWAAKCRD3ErUQojoP
# X6ExAQCmOXqwJw3SjSE/+hvphJ2mMTJe3i6dU3AWOGlACxxVzAEA7dKSU4d8EtRj
# NZpGKB9NE9eWwQFGJVbVgFeikap44gs=
# =8zCK
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Jun 2023 01:49:44 PM CEST
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'hppa-boot-reboot-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Update to SeaBIOS-hppa version 8
target/hppa: Provide qemu version via fw_cfg to firmware
target/hppa: Fix OS reboot issues
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20230623' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Add (experimental) support for FEAT_RME
* host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
* target/arm: Restructure has_vfp_d32 test
* hw/arm/sbsa-ref: add ITS support in SBSA GIC
* target/arm: Fix sve predicate store, 8 <= VQ <= 15
* pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
* tag 'pull-target-arm-20230623' of https://git.linaro.org/people/pmaydell/qemu-arm: (26 commits)
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
target/arm: Fix sve predicate store, 8 <= VQ <= 15
hw/arm/sbsa-ref: add ITS support in SBSA GIC
target/arm: Restructure has_vfp_d32 test
host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
docs/system/arm: Document FEAT_RME
target/arm: Add cpu properties for enabling FEAT_RME
target/arm: Implement the granule protection check
target/arm: Implement GPC exceptions
target/arm: Add GPC syndrome
target/arm: Use get_phys_addr_with_struct for stage2
target/arm: Move s1_is_el0 into S1Translate
target/arm: Use get_phys_addr_with_struct in S1_ptw_translate
target/arm: Handle no-execute for Realm and Root regimes
target/arm: Handle Block and Page bits for security space
target/arm: NSTable is RES0 for the RME EL3 regime
target/arm: Pipe ARMSecuritySpace through ptw.c
target/arm: Remove __attribute__((nonnull)) from ptw.c
target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Sat, 24 Jun 2023 09:45:52 +0000 (11:45 +0200)]
target/hppa: Update to SeaBIOS-hppa version 8
Update SeaBIOS-hppa to version 8.
Fixes:
- boot of HP-UX with SMP, and
- reboot of Linux and HP-UX with SMP
Enhancements:
- show qemu version in boot menu
- adds exit menu entry in boot menu to quit emulation
- allow to trace PCD_CHASSIS codes & machine run status
Helge Deller [Fri, 23 Jun 2023 06:24:30 +0000 (08:24 +0200)]
target/hppa: Fix OS reboot issues
When the OS triggers a reboot, the reset helper function sends a
qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET) together with an
EXCP_HLT exception to halt the CPUs.
So, at reboot when initializing the CPUs again, make sure to set all
instruction pointers to the firmware entry point, disable any interrupts,
disable data and instruction translations, enable PSW_Q bit and tell qemu
to unhalt (halted=0) the CPUs again.
This fixes the various reboot issues which were seen when rebooting a
Linux VM, including the case where even the monarch CPU has been virtually
halted from the OS (e.g. via "chcpu -d 0" inside the Linux VM).
projects / mirror_qemu.git / log