Fabiano Rosas [Fri, 18 Feb 2022 07:34:15 +0000 (08:34 +0100)]
target/ppc: cpu_init: Move check_pow and QOM macros to a header
These will need to be accessed from other files once we move the CPUs
code to separate files.
The check_pow_hid0 and check_pow_hid0_74xx are too specific to be
moved to a header so I'll deal with them later when splitting this
code between the multiple CPU families.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-27-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:15 +0000 (08:34 +0100)]
target/ppc: cpu_init: Move SPR registration macros to a header
Put the SPR registration macros in a header that is accessible outside
of cpu_init.c. The following patches will move CPU-specific code to
separate files and will need to access it.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-26-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:15 +0000 (08:34 +0100)]
target/ppc: Rename spr_tcg.h to spr_common.h
Initial intent for the spr_tcg header was to expose the spr_read|write
callbacks that are only used by TCG code. However, although these
routines are TCG-specific, the KVM code needs access to env->sprs
which creation is currently coupled to the callback registration.
We are probably not going to decouple SPR creation and TCG callback
registration any time soon, so let's rename the header to spr_common
to accomodate the register_*_sprs functions that will be moved out of
cpu_init.c in the following patches.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-24-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:15 +0000 (08:34 +0100)]
target/ppc: cpu_init: Rename register_ne_601_sprs
The important part of this function is that it applies to non-embedded
CPUs, not that it also applies to the 601. We removed support for the
601 anyway, so rename this function.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-22-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:15 +0000 (08:34 +0100)]
target/ppc: cpu_init: Move 755 L2 cache SPRs into a function
This is just to have 755-specific registers contained into a function,
intead of leaving them open-coded in init_proc_755. It makes init_proc
easier to read and keeps later patches that touch this code a bit
cleaner.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-16-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
The 745 and 755 can share the HID registration, so move it all into
register_755_sprs, which applies for both CPUs.
Also rename that function to register_745_sprs, since the 745 is the
earliest of the two. This will help with separating 755-specific
registers in a subsequent patch.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-14-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Make sure that every register_*_sprs function only has calls to
spr_register* to register individual SPRs. Do not allow nesting. This
makes the code easier to follow and a look at init_proc_* should
suffice to know what SPRs a CPU has.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-6-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:14 +0000 (08:34 +0100)]
target/ppc: cpu_init: Group registration of generic SPRs
The top level init_proc calls register_generic_sprs but also registers
some other SPRs outside of that function. Let's group everything into
a single place.
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-4-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Fabiano Rosas [Fri, 18 Feb 2022 07:34:14 +0000 (08:34 +0100)]
target/ppc: cpu_init: Remove not implemented comments
The /* XXX : not implemented */ comments all over cpu_init are
confusing and ambiguous.
Do they mean not implemented by QEMU, not implemented in a specific
access mode? Not implemented by the CPU? Do they apply to just the
register right after or to a whole block? Do they mean we have an
action to take in the future to implement these? Are they only
informative?
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20220216162426.1885923-2-farosas@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Fri, 18 Feb 2022 07:34:14 +0000 (08:34 +0100)]
spapr: implement nested-hv capability for the virtual hypervisor
This implements the Nested KVM HV hcall API for spapr under TCG.
The L2 is switched in when the H_ENTER_NESTED hcall is made, and the
L1 is switched back in returned from the hcall when a HV exception
is sent to the vhyp. Register state is copied in and out according to
the nested KVM HV hcall API specification.
The hdecr timer is started when the L2 is switched in, and it provides
the HDEC / 0x980 return to L1.
The MMU re-uses the bare metal radix 2-level page table walker by
using the get_pate method to point the MMU to the nested partition
table entry. MMU faults due to partition scope errors raise HV
exceptions and accordingly are routed back to the L1.
The MMU does not tag translations for the L1 (direct) vs L2 (nested)
guests, so the TLB is flushed on any L1<->L2 transition (hcall entry
and exit).
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org>
[ clg: checkpatch fixes ]
Message-Id: <20220216102545.1808018-10-npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Fri, 18 Feb 2022 07:34:14 +0000 (08:34 +0100)]
target/ppc: Introduce a vhyp framework for nested HV support
Introduce virtual hypervisor methods that can support a "Nested KVM HV"
implementation using the bare metal 2-level radix MMU, and using HV
exceptions to return from H_ENTER_NESTED (rather than cause interrupts).
HV exceptions can now be raised in the TCG spapr machine when running a
nested KVM HV guest. The main ones are the lev==1 syscall, the hdecr,
hdsi and hisi, hv fu, and hv emu, and h_virt external interrupts.
HV exceptions are intercepted in the exception handler code and instead
of causing interrupts in the guest and switching the machine to HV mode,
they go to the vhyp where it may exit the H_ENTER_NESTED hcall with the
interrupt vector numer as return value as required by the hcall API.
Address translation is provided by the 2-level page table walker that is
implemented for the bare metal radix MMU. The partition scope page table
is pointed to the L1's partition scope by the get_pate vhc method.
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20220216102545.1808018-9-npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Nicholas Piggin [Fri, 18 Feb 2022 07:34:14 +0000 (08:34 +0100)]
target/ppc: raise HV interrupts for partition table entry problems
Invalid or missing partition table entry exceptions should cause HV
interrupts. HDSISR is set to bad MMU config, which is consistent with
the ISA and experimentally matches what POWER9 generates.
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[ clg: checkpatch fixes ]
Message-Id: <20220216102545.1808018-2-npiggin@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
If the device backend is not persistent memory for the nvdimm, there is
need for explicit IO flushes on the backend to ensure persistence.
On SPAPR, the issue is addressed by adding a new hcall to request for
an explicit flush from the guest when the backend is not pmem. So, the
approach here is to convey when the hcall flush is required in a device
tree property. The guest once it knows the device backend is not pmem,
makes the hcall whenever flush is required.
To set the device tree property, a new PAPR specific device type inheriting
the nvdimm device is implemented. When the backend doesn't have pmem=on
the device tree property "ibm,hcall-flush-required" is set, and the guest
makes hcall H_SCM_FLUSH requesting for an explicit flush. The new device
has boolean property pmem-override which when "on" advertises the device
tree property even when pmem=on for the backend. The flush function
invokes the fdatasync or pmem_persist() based on the type of backend.
The vmstate structures are made part of the spapr-nvdimm device object.
The patch attempts to keep the migration compatibility between source and
destination while rejecting the incompatibles ones with failures.
Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <164396256092.109112.17933240273840803354.stgit@ltczzess4.aus.stglabs.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
The patch adds support for the SCM flush hcall for the nvdimm devices.
To be available for exploitation by guest through the next patch. The
hcall is applicable only for new SPAPR specific device class which is
also introduced in this patch.
The hcall expects the semantics such that the flush to return with
H_LONG_BUSY_ORDER_10_MSEC when the operation is expected to take longer
time along with a continue_token. The hcall to be called again by providing
the continue_token to get the status. So, all fresh requests are put into
a 'pending' list and flush worker is submitted to the thread pool. The
thread pool completion callbacks move the requests to 'completed' list,
which are cleaned up after collecting the return status for the guest
in subsequent hcall from the guest.
The semantics makes it necessary to preserve the continue_tokens and
their return status across migrations. So, the completed flush states
are forwarded to the destination and the pending ones are restarted
at the destination in post_load. The necessary nvdimm flush specific
vmstate structures are also introduced in this patch which are to be
saved in the new SPAPR specific nvdimm device to be introduced in the
following patch.
Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <164396254862.109112.16675611182159105748.stgit@ltczzess4.aus.stglabs.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
nvdimm: Add realize, unrealize callbacks to NVDIMMDevice class
A new subclass inheriting NVDIMMDevice is going to be introduced in
subsequent patches. The new subclass uses the realize and unrealize
callbacks. Add them on NVDIMMClass to appropriately call them as part
of plug-unplug.
Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com> Acked-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <164396253158.109112.1926755104259023743.stgit@ltczzess4.aus.stglabs.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Peter Maydell [Wed, 16 Feb 2022 09:57:11 +0000 (09:57 +0000)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20220216' into staging
Fourth RISC-V PR for QEMU 7.0
* Remove old Ibex PLIC header file
* Allow writing 8 bytes with generic loader
* Fixes for RV128
* Refactor RISC-V CPU configs
* Initial support for XVentanaCondOps custom extension
* Fix for vill field in vtype
* Fix trap cause for RV32 HS-mode CSR access from RV64 HS-mode
* Support for svnapot, svinval and svpbmt extensions
# gpg: Signature made Wed 16 Feb 2022 06:24:52 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20220216: (35 commits)
docs/system: riscv: Update description of CPU
target/riscv: add support for svpbmt extension
target/riscv: add support for svinval extension
target/riscv: add support for svnapot extension
target/riscv: add PTE_A/PTE_D/PTE_U bits check for inner PTE
target/riscv: Ignore reserved bits in PTE for RV64
hw/intc: Add RISC-V AIA APLIC device emulation
target/riscv: Allow users to force enable AIA CSRs in HART
hw/riscv: virt: Use AIA INTC compatible string when available
target/riscv: Implement AIA IMSIC interface CSRs
target/riscv: Implement AIA xiselect and xireg CSRs
target/riscv: Implement AIA mtopi, stopi, and vstopi CSRs
target/riscv: Implement AIA interrupt filtering CSRs
target/riscv: Implement AIA hvictl and hviprioX CSRs
target/riscv: Implement AIA CSRs for 64 local interrupts on RV32
target/riscv: Implement AIA local interrupt priorities
target/riscv: Allow AIA device emulation to set ireg rmw callback
target/riscv: Add defines for AIA CSRs
target/riscv: Add AIA cpu feature
target/riscv: Allow setting CPU feature from machine/device emulation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Yu Li [Tue, 8 Feb 2022 13:07:23 +0000 (21:07 +0800)]
docs/system: riscv: Update description of CPU
Since the hypervisor extension been non experimental and enabled for
default CPU, the previous command is no longer available and the
option `x-h=true` or `h=true` is also no longer required.
Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <9040401e-8f87-ef4a-d840-6703f08d068c@bytedance.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Fri, 4 Feb 2022 02:26:58 +0000 (10:26 +0800)]
target/riscv: add support for svpbmt extension
- add PTE_PBMT bits: It uses two PTE bits, but otherwise has no effect on QEMU, since QEMU is sequentially consistent and doesn't model PMAs currently
- add PTE_PBMT bit check for inner PTE
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220204022658.18097-6-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Fri, 4 Feb 2022 02:26:57 +0000 (10:26 +0800)]
target/riscv: add support for svinval extension
- sinval.vma, hinval.vvma and hinval.gvma do the same as sfence.vma, hfence.vvma and hfence.gvma except extension check
- do nothing other than extension check for sfence.w.inval and sfence.inval.ir
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220204022658.18097-5-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:54 +0000 (23:16 +0530)]
hw/intc: Add RISC-V AIA APLIC device emulation
The RISC-V AIA (Advanced Interrupt Architecture) defines a new
interrupt controller for wired interrupts called APLIC (Advanced
Platform Level Interrupt Controller). The APLIC is capabable of
forwarding wired interupts to RISC-V HARTs directly or as MSIs
(Message Signaled Interupts).
This patch adds device emulation for RISC-V AIA APLIC.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-19-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:53 +0000 (23:16 +0530)]
target/riscv: Allow users to force enable AIA CSRs in HART
We add "x-aia" command-line option for RISC-V HART using which
allows users to force enable CPU AIA CSRs without changing the
interrupt controller available in RISC-V machine.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-18-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:52 +0000 (23:16 +0530)]
hw/riscv: virt: Use AIA INTC compatible string when available
We should use the AIA INTC compatible string in the CPU INTC
DT nodes when the CPUs support AIA feature. This will allow
Linux INTC driver to use AIA local interrupt CSRs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-17-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:51 +0000 (23:16 +0530)]
target/riscv: Implement AIA IMSIC interface CSRs
The AIA specification defines IMSIC interface CSRs for easy access
to the per-HART IMSIC registers without using indirect xiselect and
xireg CSRs. This patch implements the AIA IMSIC interface CSRs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-16-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:50 +0000 (23:16 +0530)]
target/riscv: Implement AIA xiselect and xireg CSRs
The AIA specification defines [m|s|vs]iselect and [m|s|vs]ireg CSRs
which allow indirect access to interrupt priority arrays and per-HART
IMSIC registers. This patch implements AIA xiselect and xireg CSRs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-15-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The AIA specificaiton adds interrupt filtering support for M-mode
and HS-mode. Using AIA interrupt filtering M-mode and H-mode can
take local interrupt 13 or above and selectively inject same local
interrupt to lower privilege modes.
At the moment, we don't have any local interrupts above 12 so we
add dummy implementation (i.e. read zero and ignore write) of AIA
interrupt filtering CSRs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-13-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:45 +0000 (23:16 +0530)]
target/riscv: Implement AIA local interrupt priorities
The AIA spec defines programmable 8-bit priority for each local interrupt
at M-level, S-level and VS-level so we extend local interrupt processing
to consider AIA interrupt priorities. The AIA CSRs which help software
configure local interrupt priorities will be added by subsequent patches.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220204174700.534953-10-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:44 +0000 (23:16 +0530)]
target/riscv: Allow AIA device emulation to set ireg rmw callback
The AIA device emulation (such as AIA IMSIC) should be able to set
(or provide) AIA ireg read-modify-write callback for each privilege
level of a RISC-V HART.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-9-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:42 +0000 (23:16 +0530)]
target/riscv: Add AIA cpu feature
We define a CPU feature for AIA CSR support in RISC-V CPUs which
can be set by machine/device emulation. The RISC-V CSR emulation
will also check this feature for emulating AIA CSRs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-7-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:41 +0000 (23:16 +0530)]
target/riscv: Allow setting CPU feature from machine/device emulation
The machine or device emulation should be able to force set certain
CPU features because:
1) We can have certain CPU features which are in-general optional
but implemented by RISC-V CPUs on the machine.
2) We can have devices which require a certain CPU feature. For example,
AIA IMSIC devices expect AIA CSRs implemented by RISC-V CPUs.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-6-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:40 +0000 (23:16 +0530)]
target/riscv: Improve delivery of guest external interrupts
The guest external interrupts from an interrupt controller are
delivered only when the Guest/VM is running (i.e. V=1). This means
any guest external interrupt which is triggered while the Guest/VM
is not running (i.e. V=0) will be missed on QEMU resulting in Guest
with sluggish response to serial console input and other I/O events.
To solve this, we check and inject interrupt after setting V=1.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-5-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Fri, 4 Feb 2022 17:46:39 +0000 (23:16 +0530)]
target/riscv: Implement hgeie and hgeip CSRs
The hgeie and hgeip CSRs are required for emulating an external
interrupt controller capable of injecting virtual external interrupt
to Guest/VM running at VS-level.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Signed-off-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20220204174700.534953-4-anup@brainfault.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LIU Zhiwei [Tue, 1 Feb 2022 06:46:01 +0000 (14:46 +0800)]
target/riscv: Fix vill field write in vtype
The guest should be able to set the vill bit as part of vsetvl.
Currently we may set env->vill to 1 in the vsetvl helper, but there
is nowhere that we set it to 0, so once it transitions to 1 it's stuck
there until the system is reset.
Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220201064601.41143-1-zhiwei_liu@c-sky.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:49 +0000 (01:52 +0100)]
target/riscv: add a MAINTAINERS entry for XVentanaCondOps
The XVentanaCondOps extension is supported by VRULL on behalf of the
Ventana Micro. Add myself as a point-of-contact.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220202005249.3566542-8-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This adds the decoder and translation for the XVentanaCondOps custom
extension (vendor-defined by Ventana Micro Systems), which is
documented at https://github.com/ventanamicro/ventana-custom-extensions/releases/download/v1.0.0/ventana-custom-extensions-v1.0.0.pdf
This commit then also adds a guard-function (has_XVentanaCondOps_p)
and the decoder function to the table of decoders, enabling the
support for the XVentanaCondOps extension.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220202005249.3566542-7-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:47 +0000 (01:52 +0100)]
target/riscv: iterate over a table of decoders
To split up the decoder into multiple functions (both to support
vendor-specific opcodes in separate files and to simplify maintenance
of orthogonal extensions), this changes decode_op to iterate over a
table of decoders predicated on guard functions.
This commit only adds the new structure and the table, allowing for
the easy addition of additional decoders in the future.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220202005249.3566542-6-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:46 +0000 (01:52 +0100)]
target/riscv: access cfg structure through DisasContext
The Zb[abcs] support code still uses the RISCV_CPU macros to access
the configuration information (i.e., check whether an extension is
available/enabled). Now that we provide this information directly
from DisasContext, we can access this directly via the cfg_ptr field.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220202005249.3566542-5-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:45 +0000 (01:52 +0100)]
target/riscv: access configuration through cfg_ptr in DisasContext
The implementation in trans_{rvi,rvv,rvzfh}.c.inc accesses the shallow
copies (in DisasContext) of some of the elements available in the
RISCVCPUConfig structure. This commit redirects accesses to use the
cfg_ptr copied into DisasContext and removes the shallow copies.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220202005249.3566542-4-philipp.tomsich@vrull.eu>
[ Changes by AF:
- Fixup checkpatch failures
] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:44 +0000 (01:52 +0100)]
target/riscv: riscv_tr_init_disas_context: copy pointer-to-cfg into cfg_ptr
As the number of extensions is growing, copying them individiually
into the DisasContext will scale less and less... instead we populate
a pointer to the RISCVCPUConfig structure in the DisasContext.
This adds an extra indirection when checking for the availability of
an extension (compared to copying the fields into DisasContext).
While not a performance problem today, we can always (shallow) copy
the entire structure into the DisasContext (instead of putting a
pointer to it) if this is ever deemed necessary.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220202005249.3566542-3-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philipp Tomsich [Wed, 2 Feb 2022 00:52:43 +0000 (01:52 +0100)]
target/riscv: refactor (anonymous struct) RISCVCPU.cfg into 'struct RISCVCPUConfig'
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220202005249.3566542-2-philipp.tomsich@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frédéric Pétrot [Mon, 24 Jan 2022 20:24:56 +0000 (21:24 +0100)]
target/riscv: correct "code should not be reached" for x-rv128
The addition of uxl support in gdbstub adds a few checks on the maximum
register length, but omitted MXL_RV128, an experimental feature.
This patch makes rv128 react as rv64, as previously.
Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220124202456.420258-1-frederic.petrot@univ-grenoble-alpes.fr Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Petr Tesarik [Thu, 20 Jan 2022 09:27:15 +0000 (10:27 +0100)]
Allow setting up to 8 bytes with the generic loader
The documentation for the generic loader says that "the maximum size of
the data is 8 bytes". However, attempts to set data-len=8 trigger the
following assertion failure:
The type of s->data is uint64_t (i.e. 8 bytes long), so I believe this
assert should use <= instead of <.
Fixes: e481a1f63c93 ("generic-loader: Add a generic loader") Signed-off-by: Petr Tesarik <ptesarik@suse.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220120092715.7805-1-ptesarik@suse.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Wilfred Mallawa [Fri, 21 Jan 2022 05:50:05 +0000 (15:50 +1000)]
include: hw: remove ibex_plic.h
This patch removes the left-over/unused `ibex_plic.h` file. Previously
used by opentitan, which now follows the RISC-V standard and uses the
SiFivePlicState.
Fixes: 434e7e021 ("hw/intc: Remove the Ibex PLIC") Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220121055005.3159846-1-alistair.francis@opensource.wdc.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Peter Maydell [Tue, 15 Feb 2022 19:30:33 +0000 (19:30 +0000)]
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging
Pull request
This contains coroutine poll size scaling, virtiofsd rseq seccomp for new glibc
versions, and the QEMU C virtiofsd deprecation notice.
# gpg: Signature made Mon 14 Feb 2022 17:14:21 GMT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha-gitlab/tags/block-pull-request:
util: adjust coroutine pool size to virtio block queue
Deprecate C virtiofsd
tools/virtiofsd: Add rseq syscall to the seccomp allowlist
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 15 Feb 2022 13:51:35 +0000 (13:51 +0000)]
Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into staging
hw/nvme updates
- fix CVE-2021-3929
- add zone random write area support
- misc cleanups from Philippe
# gpg: Signature made Mon 14 Feb 2022 08:01:34 GMT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* remotes/nvme/tags/nvme-next-pull-request:
hw/nvme: add support for zoned random write area
hw/nvme: add ozcs enum
hw/nvme: add struct for zone management send
hw/nvme/ctrl: Pass buffers as 'void *' types
hw/nvme/ctrl: Have nvme_addr_write() take const buffer
hw/nvme: fix CVE-2021-3929
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 15 Feb 2022 11:39:54 +0000 (11:39 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 14 Feb 2022 03:51:14 GMT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net/eth: Don't consider ESP to be an IPv6 option header
hw/net: e1000e: Clear ICR on read when using non MSI-X interrupts
net/filter: Optimize filter_send to coroutine
net/colo-compare.c: Update the default value comments
net/colo-compare.c: Optimize compare order for performance
net: Fix uninitialized data usage
net/tap: Set return code on failure
hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 14 Feb 2022 19:54:00 +0000 (19:54 +0000)]
Merge remote-tracking branch 'remotes/kwolf-gitlab/tags/for-upstream' into staging
Block layer patches
- Fix crash in blockdev-reopen with iothreads
- fdc-isa: Respect QOM properties when building AML
# gpg: Signature made Fri 11 Feb 2022 17:44:52 GMT
# gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kwolf-gitlab/tags/for-upstream:
hw/block/fdc-isa: Respect QOM properties when building AML
iotests: Test blockdev-reopen with iothreads and throttling
block: Lock AioContext for drain_end in blockdev-reopen
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There's a nice new Rust implementation out there; recommend people
do new work on that.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220210174714.19843-1-dgilbert@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This happens not at daemon start, but when a guest connects
/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
-o source=/var/guests/j-virtiofs --socket-group=kvm
virtio_session_mount: Waiting for vhost-user socket connection...
# start ok, now guest will connect
virtio_session_mount: Received vhost-user socket connection
virtio_loop: Entry
fv_queue_set_started: qidx=0 started=1
fv_queue_set_started: qidx=1 started=1
Bad system call (core dumped)
We have to put rseq on the seccomp allowlist to avoid that the daemon
is crashing in this case.
Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com
[Moved rseq to its alphabetically ordered position in the seccomp
allowlist.
--Stefan] Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Mon, 14 Feb 2022 15:24:26 +0000 (15:24 +0000)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20220211' into staging
Fix safe_syscall_base for sparc64.
Fix host signal handling for sparc64-linux.
Speedups for jump cache and work list probing.
Fix for exception replays.
Raise guest SIGBUS for user-only misaligned accesses.
# gpg: Signature made Fri 11 Feb 2022 01:27:16 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20220211: (34 commits)
tests/tcg/multiarch: Add sigbus.c
tcg/sparc: Support unaligned access for user-only
tcg/sparc: Add tcg_out_jmpl_const for better tail calls
tcg/sparc: Use the constant pool for 64-bit constants
tcg/sparc: Convert patch_reloc to return bool
tcg/sparc: Improve code gen for shifted 32-bit constants
tcg/sparc: Add scratch argument to tcg_out_movi_int
tcg/sparc: Split out tcg_out_movi_imm32
tcg/sparc: Use tcg_out_movi_imm13 in tcg_out_addsub2_i64
tcg/mips: Support unaligned access for softmmu
tcg/mips: Support unaligned access for user-only
tcg/arm: Support raising sigbus for user-only
tcg/arm: Reserve a register for guest_base
tcg/arm: Support unaligned access for softmmu
tcg/arm: Check alignment for ldrd and strd
tcg/arm: Remove use_armv6_instructions
tcg/arm: Remove use_armv5t_instructions
tcg/arm: Drop support for armv4 and armv5 hosts
tcg/loongarch64: Support raising sigbus for user-only
tcg/tci: Support raising sigbus for user-only
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Klaus Jensen [Thu, 4 Mar 2021 07:40:11 +0000 (08:40 +0100)]
hw/nvme: add support for zoned random write area
Add support for TP 4076 ("Zoned Random Write Area"), v2021.08.23
("Ratified").
This adds three new namespace parameters: "zoned.numzrwa" (number of
zrwa resources, i.e. number of zones that can have a zrwa),
"zoned.zrwas" (zrwa size in LBAs), "zoned.zrwafg" (granularity in LBAs
for flushes).
Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
These buffers can be anything, not an array of chars,
so use the 'void *' type for them.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
hw/nvme/ctrl: Have nvme_addr_write() take const buffer
The 'buf' argument is not modified, so better pass it as const type.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Fri, 17 Dec 2021 09:44:01 +0000 (10:44 +0100)]
hw/nvme: fix CVE-2021-3929
This fixes CVE-2021-3929 "locally" by denying DMA to the iomem of the
device itself. This still allows DMA to MMIO regions of other devices
(e.g. doing P2P DMA to the controller memory buffer of another NVMe
device).
Fixes: CVE-2021-3929 Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Thomas Jansen [Sat, 12 Feb 2022 18:56:41 +0000 (19:56 +0100)]
net/eth: Don't consider ESP to be an IPv6 option header
The IPv6 option headers all have in common that they start with some
common fields, in particular the type of the next header followed by the
extention header length. This is used to traverse the list of the
options. The ESP header does not follow that format, which can break the
IPv6 option header traversal code in eth_parse_ipv6_hdr().
The effect of that is that network interfaces such as vmxnet3 that use
the following call chain
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
to send packets from the VM out to the host will drop packets of the
following structure:
Ethernet-Header(IPv6-Header(ESP(encrypted data)))
Note that not all types of network interfaces use the net_tx_pkt_parse
function though, leading to inconsistent behavior regarding sending
those packets. The e1000 network interface for example does not suffer
from this limitation.
By not considering ESP to be an IPv6 header we can allow sending those
packets out to the host on all types of network interfaces.
Fixes: 75020a702151 ("Common definitions for VMWARE devices")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/149 Buglink: https://bugs.launchpad.net/qemu/+bug/1758091 Signed-off-by: Thomas Jansen <mithi@mithi.net> Signed-off-by: Jason Wang <jasowang@redhat.com>
Rao Lei [Fri, 14 Jan 2022 05:09:02 +0000 (13:09 +0800)]
net/filter: Optimize filter_send to coroutine
This patch is to improve the logic of QEMU main thread sleep code in
qemu_chr_write_buffer() where it can be blocked and can't run other
coroutines during COLO IO stress test.
Our approach is to put filter_send() in a coroutine. In this way,
filter_send() will call qemu_coroutine_yield() in qemu_co_sleep_ns(),
so that it can be scheduled out and QEMU main thread has opportunity to
run other tasks.
Signed-off-by: Lei Rao <lei.rao@intel.com> Signed-off-by: Zhang Chen <chen.zhang@intel.com> Reviewed-by: Li Zhijian <lizhijian@fujitsu.com> Reviewed-by: Zhang Chen <chen.zhang@intel.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Zhang Chen [Fri, 14 Jan 2022 05:09:00 +0000 (13:09 +0800)]
net/colo-compare.c: Optimize compare order for performance
COLO-compare use the glib function g_queue_find_custom to dump
another VM's networking packet to compare. But this function always
start find from the queue->head(here is the newest packet), It will
reduce the success rate of comparison. So this patch reversed
the order of the queues for performance.
Signed-off-by: Zhang Chen <chen.zhang@intel.com> Reported-by: leirao <lei.rao@intel.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Foley [Fri, 14 Jan 2022 05:08:59 +0000 (13:08 +0800)]
net: Fix uninitialized data usage
e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside [0x7ffc516af9b8, 4)
1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: use-of-uninitialized-value
1109 15:16:20.312923 #0 0x5639b88acb21 in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c:183:9
1109 15:16:20.312952 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.312954 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.312956 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.312957 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.312958 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.312960 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.312961 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.312962 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.312964 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.312965 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.312967 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.312968 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.312969 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.312970
1109 15:16:20.312975 Uninitialized value was stored to memory at
1109 15:16:20.313393 #0 0x5639b88acbee in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c
1109 15:16:20.313396 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.313398 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313399 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313400 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313401 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313403 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313404 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313405 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313407 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313408 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313409 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313410 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313412 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313413
1109 15:16:20.313417 Uninitialized value was stored to memory at
1109 15:16:20.313791 #0 0x5639b88affbd in net_tap_fd_init third_party/qemu/net/tap.c:400:26
1109 15:16:20.313826 #1 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313829 #2 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313831 #3 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313836 #4 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313838 #5 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313839 #6 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313841 #7 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313843 #8 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313844 #9 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313845 #10 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313846 #11 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313847 #12 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313849
1109 15:16:20.313851 Uninitialized value was created by an allocation of 'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
1109 15:16:20.313855 #0 0x5639b88ac680 in tap_probe_vnet_hdr third_party/qemu/net/tap-linux.c:151
1109 15:16:20.313856
1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len
Fixes: dc69004c7d8 ("net: move tap_probe_vnet_hdr() to tap-linux.c") Reviewed-by: Hao Wu <wuhaotsh@google.com> Reviewed-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Foley <pefoley@google.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Foley [Fri, 14 Jan 2022 05:08:58 +0000 (13:08 +0800)]
net/tap: Set return code on failure
Match the other error handling in this function.
Fixes: e7b347d0bf6 ("net: detect errors from probing vnet hdr flag for TAP devices") Reviewed-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Foley <pefoley@google.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR
The "Interrupt Cause" register (VMXNET3_REG_ICR) is read-only.
Write accesses are ignored. Log them with as LOG_GUEST_ERROR
instead of aborting:
[R +0.239743] writeq 0xe0002031 0x46291a5a55460800
ERROR:hw/net/vmxnet3.c:1819:vmxnet3_io_bar1_write: code should not be reached
Thread 1 "qemu-system-i38" received signal SIGABRT, Aborted.
(gdb) bt
#3 0x74c397d3 in __GI_abort () at abort.c:79
#4 0x76d3cd4c in g_assertion_message (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, message=<optimized out>) at ../glib/gtestutils.c:3223
#5 0x76d9d45f in g_assertion_message_expr
(domain=0x0, file=0x59fc2e53 "hw/net/vmxnet3.c", line=1819, func=0x59fc11e0 <__func__.vmxnet3_io_bar1_write> "vmxnet3_io_bar1_write", expr=<optimized out>)
at ../glib/gtestutils.c:3249
#6 0x57e80a3a in vmxnet3_io_bar1_write (opaque=0x62814100, addr=56, val=70, size=4) at hw/net/vmxnet3.c:1819
#7 0x58c2d894 in memory_region_write_accessor (mr=0x62816b90, addr=56, value=0x7fff9450, size=4, shift=0, mask=4294967295, attrs=...) at softmmu/memory.c:492
#8 0x58c2d1d2 in access_with_adjusted_size (addr=56, value=0x7fff9450, size=1, access_size_min=4, access_size_max=4, access_fn=
0x58c2d290 <memory_region_write_accessor>, mr=0x62816b90, attrs=...) at softmmu/memory.c:554
#9 0x58c2bae7 in memory_region_dispatch_write (mr=0x62816b90, addr=56, data=70, op=MO_8, attrs=...) at softmmu/memory.c:1504
#10 0x58bfd034 in flatview_write_continue (fv=0x606000181700, addr=0xe0002038, attrs=..., ptr=0x7fffb9e0, len=1, addr1=56, l=1, mr=0x62816b90)
at softmmu/physmem.c:2782
#11 0x58beba00 in flatview_write (fv=0x606000181700, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2822
#12 0x58beb589 in address_space_write (as=0x608000015f20, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2914
Reported-by: Dike <dike199774@qq.com> Reported-by: Duhao <504224090@qq.com> BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2032932 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Sun, 13 Feb 2022 20:33:28 +0000 (20:33 +0000)]
Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220210' into staging
ppc-7.0 queue
* Exception model rework (Fabiano)
* Unused CPU models removal (Fabiano and Cédric)
* Fix for VOF installation (Alexey)
* Misc fixes
# gpg: Signature made Thu 10 Feb 2022 12:59:07 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* remotes/legoater/tags/pull-ppc-20220210: (42 commits)
spapr/vof: Install rom and nvram binaries
docs: rstfy confidential guest documentation
target/ppc: Change VSX instructions behavior to fill with zeros
target/ppc: books: Remove excp_model argument from ppc_excp_apply_ail
target/ppc: Assert if MSR bits differ from msr_mask during exceptions
target/ppc: powerpc_excp: Move common code to the caller function
target/ppc: Remove powerpc_excp_legacy
target/ppc: 7xx: Set SRRs directly in exception code
target/ppc: 7xx: Software TLB cleanup
target/ppc: 7xx: System Reset cleanup
target/ppc: 7xx: System Call exception cleanup
target/ppc: 7xx: Program exception cleanup
target/ppc: 7xx: External interrupt cleanup
target/ppc: 7xx: Machine Check exception cleanup
target/ppc: Simplify powerpc_excp_7xx
target/ppc: Introduce powerpc_excp_7xx
target/ppc: Merge 7x5 and 7x0 exception model IDs
target/ppc: 6xx: Set SRRs directly in exception code
target/ppc: 6xx: Software TLB exceptions cleanup
target/ppc: 6xx: System Reset interrupt cleanup
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 12 Feb 2022 22:04:07 +0000 (22:04 +0000)]
Merge remote-tracking branch 'remotes/vsementsov/tags/pull-nbd-2022-02-09-v2' into staging
nbd: handle AioContext change correctly
v2: add my s-o-b marks to each commit
# gpg: Signature made Fri 11 Feb 2022 13:14:55 GMT
# gpg: using RSA key 8B9C26CDB2FD147C880E86A1561F24C1F19F79FB
# gpg: Good signature from "Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8B9C 26CD B2FD 147C 880E 86A1 561F 24C1 F19F 79FB
* remotes/vsementsov/tags/pull-nbd-2022-02-09-v2:
iotests/281: Let NBD connection yield in iothread
block/nbd: Move s->ioc on AioContext change
iotests/281: Test lingering timers
iotests.py: Add QemuStorageDaemon class
block/nbd: Assert there are no timers when closed
block/nbd: Delete open timer when done
block/nbd: Delete reconnect delay timer when done
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/block/fdc-isa: Respect QOM properties when building AML
Other ISA devices such as serial-isa use the properties in their
build_aml functions. fdc-isa not using them is probably an oversight.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-Id: <20220209191558.30393-1-shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Fri, 11 Feb 2022 13:11:49 +0000 (13:11 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-plugins-090222-1' into staging
Testing and plugin updates:
- include vhost tests in qtest
- clean-up gcov ephemera in clean/.gitignore
- lcitool and docker updates
- mention .editorconfig in devel notes
- switch Centos8 to Centos Stream 8
- remove TCG tracing support
- add coverage plugin using drcov format
- expand abilities of libinsn.so plugin
- use correct logging for i386 int cases
- move reset of plugin data to start of block
- deprecate ppc6432abi
- fix TARGET_ABI_FMT_ptr for softmmu builds
# gpg: Signature made Wed 09 Feb 2022 14:13:14 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-testing-and-plugins-090222-1: (28 commits)
include/exec: fix softmmu version of TARGET_ABI_FMT_lx
linux-user: Remove the deprecated ppc64abi32 target
plugins: move reset of plugin data to tb_start
target/i386: use CPU_LOG_INT for IRQ servicing
tests/plugins: add instruction matching to libinsn.so
tests/plugin: allow libinsn.so per-CPU counts
contrib/plugins: add a drcov plugin
plugins: add helper functions for coverage plugins
tracing: excise the tcg related from tracetool
tracing: remove the trace-tcg includes from the build
tracing: remove TCG memory access tracing
docs: remove references to TCG tracing
tests/tcg/sh4: disable another unreliable test
tests: Update CentOS 8 container to CentOS Stream 8
tests/lcitool: Allow lcitool-refresh in out-of-tree builds, too
gitlab: fall back to commit hash in qemu-setup filename
docs/devel: mention our .editorconfig
tests/lcitool: Install libibumad to cover RDMA on Debian based distros
tests: Manually remove libxml2 on MSYS2 runners
tests/lcitool: Refresh submodule and remove libxml2
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / mirror_qemu.git / log