Lukas Straub [Mon, 28 Dec 2020 15:09:02 +0000 (16:09 +0100)]
tests/test-char.c: Wait for the chardev to connect in char_socket_client_dupid_test
A connecting chardev object has an additional reference by the connecting
thread, so if the chardev is still connecting by the end of the test,
then the chardev object won't be freed. This in turn means that the yank
instance won't be unregistered and when running the next test-case
yank_register_instance will abort, because the yank instance is
already/still registered.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <1445e97a5800e3f2ba024ad52b500a0315701632.1609167865.git.lukasstraub2@web.de> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Lukas Straub [Mon, 28 Dec 2020 15:08:59 +0000 (16:08 +0100)]
io: Document qmp oob suitability of qio_channel_shutdown and io_shutdown
Migration and yank code assume that qio_channel_shutdown is thread
-safe and can be called from qmp oob handler. Document this after
checking the code.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <32b8c27e256da043f0f00db05bd7ab8fbc506070.1609167865.git.lukasstraub2@web.de> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Lukas Straub [Mon, 28 Dec 2020 15:08:55 +0000 (16:08 +0100)]
io/channel-tls.c: make qio_channel_tls_shutdown thread-safe
Make qio_channel_tls_shutdown thread-safe by using atomics when
accessing tioc->shutdown.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <5bd8733f583f3558b32250fd0eb576b7aa756485.1609167865.git.lukasstraub2@web.de> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Lukas Straub [Mon, 28 Dec 2020 15:08:52 +0000 (16:08 +0100)]
migration: Add yank feature
Register yank functions on sockets to shut them down.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <484c6a14cc2506bebedd5a237259b91363ff8f88.1609167865.git.lukasstraub2@web.de> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Lukas Straub [Mon, 28 Dec 2020 15:08:41 +0000 (16:08 +0100)]
Introduce yank feature
The yank feature allows to recover from hanging qemu by "yanking"
at various parts. Other qemu systems can register themselves and
multiple yank functions. Then all yank functions for selected
instances can be called by the 'yank' out-of-band qmp command.
Available instances can be queried by a 'query-yank' oob command.
Signed-off-by: Lukas Straub <lukasstraub2@web.de> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <69934ceacfd33a7dfe53db145ecc630ad39ee47c.1609167865.git.lukasstraub2@web.de> Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* remotes/bonzini-gitlab/tags/for-upstream:
target/i386: Use X86Seg enum for segment registers
configure: quote command line arguments in config.status
configure: move Cocoa incompatibility checks to Meson
configure: move GTK+ detection to Meson
configure: move X11 detection to Meson
gtk: remove CONFIG_GTK_GL
cocoa: do not enable coreaudio automatically
virtio-scsi: trace events
meson: Propagate gnutls dependency
Docs/RCU: Correct sample code of qatomic_rcu_set
scripts/gdb: implement 'qemu bt'
scripts/gdb: fix 'qemu coroutine' when users selects a non topmost stack frame
meson: fix Cocoa option in summary
whpx: move whpx_lapic_state from header to c file
maintainers: Add me as Windows Hosted Continuous Integration maintainer
cirrus/msys2: Cache msys2 mingw in a better way.
cirrus/msys2: Exit powershell with $LastExitCode
whpx: move internal definitions to whpx-internal.h
whpx: rename whp-dispatch to whpx-internal.h
meson: do not use CONFIG_VIRTFS
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 12 Jan 2021 21:23:25 +0000 (21:23 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210112-1' into staging
target-arm queue:
* arm: Support emulation of ARMv8.4-TTST extension
* arm: Update cpu.h ID register field definitions
* arm: Fix breakage of XScale instruction emulation
* hw/net/lan9118: Fix RX Status FIFO PEEK value
* npcm7xx: Add ADC and PWM emulation
* ui/cocoa: Make "open docs" help menu entry work again when binary
is run from the build tree
* ui/cocoa: Fix openFile: deprecation on Big Sur
* docs: Add qemu-storage-daemon(1) manpage to meson.build
* remotes/pmaydell/tags/pull-target-arm-20210112-1:
ui/cocoa: Fix openFile: deprecation on Big Sur
hw/*: Use type casting for SysBusDevice in NPCM7XX
hw/misc: Add QTest for NPCM7XX PWM Module
hw/misc: Add a PWM module for NPCM7XX
hw/adc: Add an ADC module for NPCM7XX
hw/timer: Refactor NPCM7XX Timer to use CLK clock
hw/misc: Add clock converter in NPCM7XX CLK module
hw/net/lan9118: Add symbolic constants for register offsets
hw/net/lan9118: Fix RX Status FIFO PEEK value
target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns
docs: Add qemu-storage-daemon(1) manpage to meson.build
ui/cocoa: Update path to docs in build tree
target/arm: add aarch32 ID register fields to cpu.h
target/arm: add aarch64 ID register fields to cpu.h
target/arm: add descriptions of CLIDR_EL1, CCSIDR_EL1, CTR_EL0 to cpu.h
target/arm: make ARMCPU.ctr 64-bit
target/arm: make ARMCPU.clidr 64-bit
target/arm: fix typo in cpu.h ID_AA64PFR1 field name
target/arm: enable Small Translation tables in max CPU
target/arm: ARMv8.4-TTST extension
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Roman Bolshakov [Sat, 2 Jan 2021 15:07:21 +0000 (18:07 +0300)]
ui/cocoa: Fix openFile: deprecation on Big Sur
ui/cocoa.m:1188:44: warning: 'openFile:' is deprecated: first deprecated in macOS 11.0 - Use -[NSWorkspace openURL:] instead.
[-Wdeprecated-declarations]
if ([[NSWorkspace sharedWorkspace] openFile: full_file_path] == YES) {
^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSWorkspace.h:350:1: note:
'openFile:' has been explicitly marked deprecated here
- (BOOL)openFile:(NSString *)fullPath API_DEPRECATED("Use -[NSWorkspace openURL:] instead.", macos(10.0, 11.0));
^
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210102150718.47618-1-r.bolshakov@yadro.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Hao Wu [Fri, 8 Jan 2021 19:09:45 +0000 (11:09 -0800)]
hw/*: Use type casting for SysBusDevice in NPCM7XX
A device shouldn't access its parent object which is QOM internal.
Instead it should use type cast for this purporse. This patch fixes this
issue for all NPCM7XX Devices.
Signed-off-by: Hao Wu <wuhaotsh@google.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210108190945.949196-7-wuhaotsh@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Hao Wu [Fri, 8 Jan 2021 19:09:43 +0000 (11:09 -0800)]
hw/misc: Add a PWM module for NPCM7XX
The PWM module is part of NPCM7XX module. Each NPCM7XX module has two
identical PWM modules. Each module contains 4 PWM entries. Each PWM has
two outputs: frequency and duty_cycle. Both are computed using inputs
from software side.
This module does not model detail pulse signals since it is expensive.
It also does not model interrupts and watchdogs that are dependant on
the detail models. The interfaces for these are left in the module so
that anyone in need for these functionalities can implement on their
own.
The user can read the duty cycle and frequency using qom-get command.
Hao Wu [Fri, 8 Jan 2021 19:09:42 +0000 (11:09 -0800)]
hw/adc: Add an ADC module for NPCM7XX
The ADC is part of NPCM7XX Module. Its behavior is controled by the
ADC_CON register. It converts one of the eight analog inputs into a
digital input and stores it in the ADC_DATA register when enabled.
Users can alter input value by using qom-set QMP command.
Hao Wu [Fri, 8 Jan 2021 19:09:40 +0000 (11:09 -0800)]
hw/misc: Add clock converter in NPCM7XX CLK module
This patch allows NPCM7XX CLK module to compute clocks that are used by
other NPCM7XX modules.
Add a new struct NPCM7xxClockConverterState which represents a
single converter. Each clock converter in CLK module represents one
converter in NPCM7XX CLK Module(PLL, SEL or Divider). Each converter
takes one or more input clocks and converts them into one output clock.
They form a clock hierarchy in the CLK module and are responsible for
outputing clocks for various other modules in an NPCM7XX SoC.
Each converter has a function pointer called "convert" which represents
the unique logic for that converter.
The clock contains two initialization information: ConverterInitInfo and
ConverterConnectionInfo. They represent the vertices and edges in the
clock diagram respectively.
Peter Maydell [Fri, 8 Jan 2021 18:04:01 +0000 (18:04 +0000)]
hw/net/lan9118: Add symbolic constants for register offsets
The lan9118 code mostly uses symbolic constants for register offsets;
the exceptions are those which the datasheet doesn't give an official
symbolic name to.
Add some names for the registers which don't already have them, based
on the longer names they are given in the memory map.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210108180401.2263-3-peter.maydell@linaro.org
Peter Maydell [Fri, 8 Jan 2021 18:04:00 +0000 (18:04 +0000)]
hw/net/lan9118: Fix RX Status FIFO PEEK value
A copy-and-paste error meant that the return value for register offset 0x44
(the RX Status FIFO PEEK register) returned a byte from a bogus offset in
the rx status FIFO. Fix the typo.
Cc: qemu-stable@nongnu.org Fixes: https://bugs.launchpad.net/qemu/+bug/1904954 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210108180401.2263-2-peter.maydell@linaro.org
Peter Maydell [Fri, 8 Jan 2021 19:51:57 +0000 (19:51 +0000)]
target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns
In commit cd8be50e58f63413c0 we converted the A32 coprocessor
insns to decodetree. This accidentally broke XScale/iWMMXt insns,
because it moved the handling of "cp insns which are handled
by looking up the cp register in the hashtable" from after the
call to the legacy disas_xscale_insn() decode to before it,
with the result that all XScale/iWMMXt insns now UNDEF.
Update valid_cp() so that it knows that on XScale cp 0 and 1
are not standard coprocessor instructions; this will cause
the decodetree trans_ functions to ignore them, so that
execution will correctly get through to the legacy decode again.
Cc: qemu-stable@nongnu.org Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20210108195157.32067-1-peter.maydell@linaro.org
target/i386: Use X86Seg enum for segment registers
Use the dedicated X86Seg enum type for segment registers.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210109233427.749748-1-f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 8 Sep 2020 11:20:45 +0000 (13:20 +0200)]
configure: quote command line arguments in config.status
Make config.status generation a bit more robust. (The quote_sh
function will also be reused to parse configure's command line
arguments in an external script driven by Meson build option
introspection).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 7 Jan 2021 13:04:00 +0000 (14:04 +0100)]
configure: move Cocoa incompatibility checks to Meson
The cocoa UI code currently assumes it is always the active UI
and does not interact well with other UI frontend code. Move
the relevant checks to Meson now that all other frontends
have become Meson options. This way, SDL/GTK+/Cocoa can be
parsed entirely by scripts/configure-parse-buildoptions.pl.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 7 Jan 2021 12:46:32 +0000 (13:46 +0100)]
gtk: remove CONFIG_GTK_GL
CONFIG_GTK_GL is defined if OpenGL is present and GTK+
is 3.16 or newer. Since GTK+ 3.22 is the minimum supported
version, just use CONFIG_OPENGL instead.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 7 Jan 2021 12:32:12 +0000 (13:32 +0100)]
cocoa: do not enable coreaudio automatically
Remove the automagic connection between --enable-cocoa
and enabling coreaudio in audio_drv_list. It can be
overridden anyway just by placing --enable-cocoa before
--audio-drv-list.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Roman Bolshakov [Sat, 2 Jan 2021 12:52:13 +0000 (15:52 +0300)]
meson: Propagate gnutls dependency
crypto/tlscreds.h includes GnuTLS headers if CONFIG_GNUTLS is set, but
GNUTLS_CFLAGS, that describe include path, are not propagated
transitively to all users of crypto and build fails if GnuTLS headers
reside in non-standard directory (which is a case for homebrew on Apple
Silicon).
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20210102125213.41279-1-r.bolshakov@yadro.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Maxim Levitsky [Thu, 17 Dec 2020 15:54:36 +0000 (17:54 +0200)]
scripts/gdb: implement 'qemu bt'
This script first runs the regular gdb's 'bt' command, and then if we are in a
coroutine it prints the coroutines backtraces in the order in which they
were called.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20201217155436.927320-3-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Maxim Levitsky [Thu, 17 Dec 2020 15:54:35 +0000 (17:54 +0200)]
scripts/gdb: fix 'qemu coroutine' when users selects a non topmost stack frame
The code that dumps the stack frame works like that:
* save current registers
* overwrite current registers (including rip/rsp) with coroutine snapshot
in the jmpbuf
* print backtrace
* restore the saved registers.
If the user has currently selected a non topmost stack frame in gdb,
the above code will still restore the selected frame registers,
but the gdb will then lose the selected frame index, which makes it impossible
to switch back to frame 0, to continue debugging the executable.
Therefore switch temporarily to the topmost frame of the stack
for the above code.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20201217155436.927320-2-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Yonggang Luo [Thu, 7 Jan 2021 10:19:19 +0000 (02:19 -0800)]
whpx: move whpx_lapic_state from header to c file
This struct only used in whpx-apic.c, there is no need
expose it in whpx.h.
Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20210107101919.80-6-luoyonggang@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Yonggang Luo [Thu, 7 Jan 2021 10:19:17 +0000 (02:19 -0800)]
maintainers: Add me as Windows Hosted Continuous Integration maintainer
Signed-off-by: Yonggang Luo <luoyonggang@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210107101919.80-4-luoyonggang@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Yonggang Luo [Thu, 7 Jan 2021 10:19:16 +0000 (02:19 -0800)]
cirrus/msys2: Cache msys2 mingw in a better way.
Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20210107101919.80-3-luoyonggang@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Yonggang Luo [Thu, 7 Jan 2021 10:19:15 +0000 (02:19 -0800)]
cirrus/msys2: Exit powershell with $LastExitCode
Currently if we don't exit with $LastExitCode manually,
the cirrus would not report the build/testing failure.
Signed-off-by: Yonggang Luo <luoyonggang@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210107101919.80-2-luoyonggang@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Fri, 8 Jan 2021 16:14:15 +0000 (16:14 +0000)]
docs: Add qemu-storage-daemon(1) manpage to meson.build
In commit 1982e1602d15 we added a new qemu-storage-daemon(1) manpage.
At the moment new manpages have to be listed both in the conf.py for
Sphinx and also in docs/meson.build for Meson. We forgot the second
of those -- correct the omission.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20210108161416.21129-2-peter.maydell@linaro.org
Roman Bolshakov [Fri, 8 Jan 2021 21:38:15 +0000 (00:38 +0300)]
ui/cocoa: Update path to docs in build tree
QEMU documentation can't be opened if QEMU is run from build tree
because executables are placed in the top of build tree after conversion
to meson.
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Reported-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210108213815.64678-1-r.bolshakov@yadro.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Leif Lindholm [Fri, 8 Jan 2021 18:51:51 +0000 (18:51 +0000)]
target/arm: make ARMCPU.ctr 64-bit
When FEAT_MTE is implemented, the AArch64 view of CTR_EL0 adds the
TminLine field in bits [37:32].
Extend the ctr field to be able to hold this context.
Leif Lindholm [Fri, 8 Jan 2021 18:51:50 +0000 (18:51 +0000)]
target/arm: make ARMCPU.clidr 64-bit
The AArch64 view of CLIDR_EL1 extends the ICB field to include also bit
32, as well as adding a Ttype<n> field when FEAT_MTE is implemented.
Extend the clidr field to be able to hold this context.
Signed-off-by: Leif Lindholm <leif@nuviainc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20210108185154.8108-3-leif@nuviainc.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/huth-gitlab/tags/pull-request-2021-01-11v2:
fuzz: map all BARs and enable PCI devices
tests/acceptance: Fix race conditions in s390x tests & skip fedora on gitlab-CI
bsd-user: Update strace.list for FreeBSD's latest syscalls
bsd-user: move strace OS/arch dependent code to host/arch dirs
bsd-user: regenerate FreeBSD's system call numbers
fuzz: heuristic split write based on past IOs
fuzz: add minimization options
fuzz: set bits in operand of write/out to zero
fuzz: remove IO commands iteratively
fuzz: split write operand using binary approach
fuzz: double the IOs to remove for every loop
fuzz: accelerate non-crash detection
util/oslib-win32: Fix _aligned_malloc() arguments order
qtest/libqtest: fix heap-buffer-overflow in qtest_cb_for_every_machine()
gitlab-ci.yml: Add openSUSE Leap 15.2 for gitlab CI/CD
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Prior to this patch, the fuzzer found inputs to map PCI device BARs and
enable the device. While it is nice that the fuzzer can do this, it
added significant overhead, since the fuzzer needs to map all the
BARs (regenerating the memory topology), at the start of each input.
With this patch, we do this once, before fuzzing, mitigating some of
this overhead.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20201221181203.1853-1-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 8 Jan 2021 18:56:45 +0000 (19:56 +0100)]
tests/acceptance: Fix race conditions in s390x tests & skip fedora on gitlab-CI
There was a race condition in the first test where there was already the
"crw" output in the dmesg, but the "0.0.4711" entry has not been created
in the /sys fs yet. Fix it by waiting until it is there.
The second test has even more problems on gitlab-CI. Even after adding some
more synchronization points (that wait for some messages in the "dmesg"
output to make sure that the modules got loaded correctly), there are still
occasionally some hangs in this test when it is running in the gitlab-CI.
So far I was unable to reproduce these hangs locally on my computer, so
this issue might take a while to debug. Thus disable the 2nd test in the
gitlab-CI until the problems are better understood and fixed.
Signed-off-by: Thomas Huth <thuth@redhat.com> Tested-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-Id: <20210108185645.86351-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Warner Losh [Fri, 18 Dec 2020 20:54:51 +0000 (13:54 -0700)]
bsd-user: Update strace.list for FreeBSD's latest syscalls
Update strace.list to include all of FreeBSD's syscalls up through svn
r331280.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Sean Bruno <sburno@FreeBSD.org> Signed-off-by: Alexander Kabaev <kan@FreeBSD.org> Signed-off-by: Jung-uk Kim <jkim@FreeBSD.org>
Author: Michal Meloun <mmel@FreeBSD.org> Signed-off-by: Mikaël Urankar <mikael.urankar@gmail.com>
[imp moved this change to early in the sequence] Signed-off-by: Warner Losh <imp@FreeBSD.org>
Message-Id: <20201218205451.10559-5-imp@freebsd.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Stacey Son [Fri, 18 Dec 2020 20:54:50 +0000 (13:54 -0700)]
bsd-user: move strace OS/arch dependent code to host/arch dirs
This change moves host OS and arch dependent code for the sysarch
system call related to the -strace functionality into the
appropriate host OS and target arch directories.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Sean Bruno <sburno@FreeBSD.org>
[ imp integrated minor build fixes from sbruno ] Signed-off-by: Warner Losh <imp@FreeBSD.org>
Message-Id: <20201218205451.10559-4-imp@freebsd.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Warner Losh [Fri, 18 Dec 2020 20:54:48 +0000 (13:54 -0700)]
bsd-user: regenerate FreeBSD's system call numbers
Recreate the FreeBSD system call numbers from current sys/syscall.h. Since this
isn't guaranteed to be on all systems, continue the practice of generating it
with some variation on:
sed -e s/SYS_/TARGET_NR_/ < $FREEBSD_SRC/sys/syscall.h > syscall_nr.h
until a more comprehensive system can be put in place.
Signed-off-by: Warner Losh <imp@FreeBSD.org>
Message-Id: <20201218205451.10559-2-imp@freebsd.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:52 +0000 (14:11 +0800)]
fuzz: heuristic split write based on past IOs
If previous write commands write the same length of data with the same step,
we view it as a hint.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB3502480AD07811A6A49B8FEAFCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:51 +0000 (14:11 +0800)]
fuzz: add minimization options
-M1: remove IO commands iteratively
-M2: try setting bits in operand of write/out to zero
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB350204C52E7A39E6B0EEC870FCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:50 +0000 (14:11 +0800)]
fuzz: set bits in operand of write/out to zero
Simplifying the crash cases by opportunistically setting bits in operands of
out/write to zero may help to debug, since usually bit one means turn on or
trigger a function while zero is the default turn-off setting.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB3502C84B6346A3E3DE708C7BFCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:49 +0000 (14:11 +0800)]
fuzz: remove IO commands iteratively
Now we use a one-time scan and remove strategy in the minimizer,
which is not suitable for timing dependent instructions.
For example, instruction A will indicate an address where the config
chunk locates, and instruction B will make the configuration active.
If we have the following instruction sequence:
...
A1
B1
A2
B2
...
A2 and B2 are the actual instructions that trigger the bug.
If we scan from top to bottom, after we remove A1, the behavior of B1
might be unknowable, including not to crash the program. But we will
successfully remove B1 later cause A2 and B2 will crash the process
anyway:
...
A1
A2
B2
...
Now one more trimming will remove A1.
In the perfect case, we would need to be able to remove A and B (or C!) at
the same time. But for now, let's just add a loop around the minimizer.
Since we only remove instructions, this iterative algorithm is converging.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB350263004448040ACCB9A9F1FCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:48 +0000 (14:11 +0800)]
fuzz: split write operand using binary approach
Currently, we split the write commands' data from the middle. If it does not
work, try to move the pivot left by one byte and retry until there is no
space.
But, this method has two flaws:
1. It may fail to trim all unnecessary bytes on the right side.
For example, there is an IO write command:
write addr uuxxxxuu
u is the unnecessary byte for the crash. Unlike ram write commands, in most
case, a split IO write won't trigger the same crash, So if we split from the
middle, we will get:
write addr uu (will be removed in next round)
write addr xxxxuu
For xxxxuu, since split it from the middle and retry to the leftmost byte
won't get the same crash, we will be stopped from removing the last two
bytes.
2. The algorithm complexity is O(n) since we move the pivot byte by byte.
To solve the first issue, we can try a symmetrical position on the right if
we fail on the left. As for the second issue, instead moving by one byte, we
can approach the boundary exponentially, achieving O(log(n)).
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB3502D26F1BEB680CBBC169E5FCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:47 +0000 (14:11 +0800)]
fuzz: double the IOs to remove for every loop
Instead of removing IO instructions one by one, we can try deleting multiple
instructions at once. According to the locality of reference, we double the
number of instructions to remove for the next round and recover it to one
once we fail.
This patch is usually significant for large input.
Test with quadrupled trace input at:
https://bugs.launchpad.net/qemu/+bug/1890333/comments/1
Patched 1/6 version:
real 0m45.904s
user 0m16.874s
sys 0m10.042s
Refined version:
real 0m11.412s
user 0m6.888s
sys 0m3.325s
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB350280A67BB55C3FADF173E3FCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Qiuhao Li [Mon, 11 Jan 2021 06:11:46 +0000 (14:11 +0800)]
fuzz: accelerate non-crash detection
We spend much time waiting for the timeout program during the minimization
process until it passes a time limit. This patch hacks the CLOSED (indicates
the redirection file closed) notification in QTest's output if it doesn't
crash.
Test with quadrupled trace input at:
https://bugs.launchpad.net/qemu/+bug/1890333/comments/1
Original version:
real 1m37.246s
user 0m13.069s
sys 0m8.399s
Refined version:
real 0m45.904s
user 0m16.874s
sys 0m10.042s
Note:
Sometimes the mutated or the same trace may trigger a different crash
summary (second-to-last line) but indicates the same bug. For example, Bug 1910826 [1], which will trigger a stack overflow, may output summaries
like:
SUMMARY: AddressSanitizer: stack-overflow
/home/qiuhao/hack/qemu/build/../softmmu/physmem.c:488 in
flatview_do_translate
or
SUMMARY: AddressSanitizer: stack-overflow
(/home/qiuhao/hack/qemu/build/qemu-system-i386+0x27ca049) in __asan_memcpy
Etc.
If we use the whole summary line as the token, we may be prevented from
further minimization. So in this patch, we only use the first three words
which indicate the type of crash:
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <SYCPR01MB350251DC04003450348FAF68FCAB0@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Gan Qixin [Wed, 6 Jan 2021 05:06:25 +0000 (13:06 +0800)]
qtest/libqtest: fix heap-buffer-overflow in qtest_cb_for_every_machine()
When the length of mname is less than 5, memcpy("xenfv", mname, 5) will cause
heap buffer overflow. Therefore, use strncmp to avoid this problem.
The asan showed stack:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000f2f4 at
pc 0x7f65d8cc2225 bp 0x7ffe93cc5a60 sp 0x7ffe93cc5208 READ of size 5 at
0x60200000f2f4 thread T0
#0 0x7f65d8cc2224 in memcmp (/lib64/libasan.so.5+0xdf224)
#1 0x5632c20be95b in qtest_cb_for_every_machine tests/qtest/libqtest.c:1282
#2 0x5632c20b7995 in main tests/qtest/test-hmp.c:160
#3 0x7f65d88fed42 in __libc_start_main (/lib64/libc.so.6+0x26d42)
#4 0x5632c20b72cd in _start (build/tests/qtest/test-hmp+0x542cd)
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210106050625.518041-1-ganqixin@huawei.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Peter Maydell [Fri, 8 Jan 2021 15:37:04 +0000 (15:37 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210108' into staging
target-arm queue:
* intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs
* target/arm: Fix MTE0_ACTIVE
* target/arm: Implement v8.1M and Cortex-M55 model
* hw/arm/highbank: Drop dead KVM support code
* util/qemu-timer: Make timer_free() imply timer_del()
* various devices: Use ptimer_free() in finalize function
* docs/system: arm: Add sabrelite board description
* sabrelite: Minor fixes to allow booting U-Boot
* remotes/pmaydell/tags/pull-target-arm-20210108: (23 commits)
docs/system: arm: Add sabrelite board description
hw/arm: sabrelite: Connect the Ethernet PHY at address 6
hw/msic: imx6_ccm: Correct register value for silicon type
hw/misc: imx6_ccm: Update PMU_MISC0 reset value
exynos4210_mct: Use ptimer_free() in the finalize function to avoid memleaks
musicpal: Use ptimer_free() in the finalize function to avoid memleaks
mss-timer: Use ptimer_free() in the finalize function to avoid memleaks
exynos4210_pwm: Use ptimer_free() in the finalize function to avoid memleaks
exynos4210_rtc: Use ptimer_free() in the finalize function to avoid memleaks
allwinner-a10-pit: Use ptimer_free() in the finalize function to avoid memleaks
digic-timer: Use ptimer_free() in the finalize function to avoid memleaks
target/arm: Remove timer_del()/timer_deinit() before timer_free()
Remove superfluous timer_del() calls
scripts/coccinelle: New script to remove unnecessary timer_del() calls
util/qemu-timer: Make timer_free() imply timer_del()
hw/arm/highbank: Drop dead KVM support code
target/arm: Implement Cortex-M55 model
target/arm: Implement FPCXT_NS fp system register
target/arm: Correct store of FPSCR value via FPCXT_S
hw/intc/armv7m_nvic: Correct handling of CCR.BFHFNMIGN
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bin Meng [Wed, 6 Jan 2021 06:35:04 +0000 (14:35 +0800)]
docs/system: arm: Add sabrelite board description
This adds the target guide for SABRE Lite board, and documents how
to boot a Linux kernel and U-Boot bootloader.
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20210106063504.10841-5-bmeng.cn@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bin Meng [Wed, 6 Jan 2021 06:35:03 +0000 (14:35 +0800)]
hw/arm: sabrelite: Connect the Ethernet PHY at address 6
At present, when booting U-Boot on QEMU sabrelite, we see:
Net: Board Net Initialization Failed
No ethernet found.
U-Boot scans PHY at address 4/5/6/7 (see board_eth_init() in the
U-Boot source: board/boundary/nitrogen6x/nitrogen6x.c). On the real
board, the Ethernet PHY is at address 6. Adjust this by updating the
"fec-phy-num" property of the fsl_imx6 SoC object.
With this change, U-Boot sees the PHY but complains MAC address:
Net: using phy at 6
FEC [PRIME]
Error: FEC address not set.
This is due to U-Boot tries to read the MAC address from the fuse,
which QEMU does not have any valid content filled in. However this
does not prevent the Ethernet from working in QEMU. We just need to
set up the MAC address later in the U-Boot command shell, by:
=> setenv ethaddr 00:11:22:33:44:55
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20210106063504.10841-4-bmeng.cn@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bin Meng [Wed, 6 Jan 2021 06:35:02 +0000 (14:35 +0800)]
hw/msic: imx6_ccm: Correct register value for silicon type
Currently when U-Boot boots, it prints "??" for i.MX processor:
CPU: Freescale i.MX?? rev1.0 at 792 MHz
The register that was used to determine the silicon type is
undocumented in the latest IMX6DQRM (Rev. 6, 05/2020), but we
can refer to get_cpu_rev() in arch/arm/mach-imx/mx6/soc.c in
the U-Boot source codes that USB_ANALOG_DIGPROG is used.
Update its reset value to indicate i.MX6Q.
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20210106063504.10841-3-bmeng.cn@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bin Meng [Wed, 6 Jan 2021 06:35:01 +0000 (14:35 +0800)]
hw/misc: imx6_ccm: Update PMU_MISC0 reset value
U-Boot expects PMU_MISC0 register bit 7 is set (see init_bandgap()
in arch/arm/mach-imx/mx6/soc.c) during boot. This bit indicates the
bandgap has stabilized.
With this change, the latest upstream U-Boot (v2021.01-rc3) for imx6
sabrelite board (mx6qsabrelite_defconfig), with a slight change made
by switching CONFIG_OF_SEPARATE to CONFIG_OF_EMBED, boots to U-Boot
shell on QEMU with the following command:
CPU: Freescale i.MX?? rev1.0 at 792 MHz
Reset cause: POR
Model: Freescale i.MX6 Quad SABRE Lite Board
Board: SABRE Lite
I2C: ready
DRAM: 1 GiB
force_idle_bus: sda=0 scl=0 sda.gp=0x5c scl.gp=0x55
force_idle_bus: failed to clear bus, sda=0 scl=0
force_idle_bus: sda=0 scl=0 sda.gp=0x6d scl.gp=0x6c
force_idle_bus: failed to clear bus, sda=0 scl=0
force_idle_bus: sda=0 scl=0 sda.gp=0xcb scl.gp=0x5
force_idle_bus: failed to clear bus, sda=0 scl=0
MMC: FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from MMC... *** Warning - No block device, using default environment
In: serial
Out: serial
Err: serial
Net: Board Net Initialization Failed
No ethernet found.
starting USB...
Bus usb@2184000: usb dr_mode not found
USB EHCI 1.00
Bus usb@2184200: USB EHCI 1.00
scanning bus usb@2184000 for devices... 1 USB Device(s) found
scanning bus usb@2184200 for devices... 1 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
scanning usb for ethernet devices... 0 Ethernet Device(s) found
Hit any key to stop autoboot: 0
=>
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20210106063504.10841-2-bmeng.cn@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:50 +0000 (19:31 +0800)]
exynos4210_mct: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
exynos4210_mct_init function, so use ptimer_free() in the finalize function to
avoid it.
ASAN shows memory leak stack:
Indirect leak of 96 byte(s) in 1 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
#3 0xaaabf56b01a0 in exynos4210_mct_init /qemu/hw/timer/exynos4210_mct.c:1505
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#5 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#6 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#7 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
#8 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
#9 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
#10 0xaaabf6552708 in aio_bh_poll /qemu/util/async.c:164
#11 0xaaabf655f19c in aio_dispatch /qemu/util/aio-posix.c:381
#12 0xaaabf65523f4 in aio_ctx_dispatch /qemu/util/async.c:306
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:54 +0000 (19:31 +0800)]
musicpal: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
mv88w8618_pit_init function, so use ptimer_free() in the finalize function to
avoid it.
ASAN shows memory leak stack:
Indirect leak of 192 byte(s) in 4 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
#6 0xaaabf5bb2290 in mv88w8618_timer_init /qemu/hw/arm/musicpal.c:862
#7 0xaaabf5bb2290 in mv88w8618_pit_init /qemu/hw/arm/musicpal.c:954
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#11 0xaaabf5a95540 in qdev_device_help /qemu/softmmu/qdev-monitor.c:283
#12 0xaaabf5a96940 in qmp_device_add /qemu/softmmu/qdev-monitor.c:801
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:53 +0000 (19:31 +0800)]
mss-timer: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
mss_timer_init function, so use ptimer_free() in the finalize function to avoid
it.
ASAN shows memory leak stack:
Indirect leak of 192 byte(s) in 2 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
#3 0xaaabf58a0010 in mss_timer_init /qemu/hw/timer/mss-timer.c:235
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#5 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
#6 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
#7 0xaaabf5b8316c in m2sxxx_soc_initfn /qemu/hw/arm/msf2-soc.c:70
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#11 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
#12 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:51 +0000 (19:31 +0800)]
exynos4210_pwm: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
exynos4210_pwm_init function, so use ptimer_free() in the finalize function to
avoid it.
ASAN shows memory leak stack:
Indirect leak of 240 byte(s) in 5 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
#6 0xaaabf56a36cc in exynos4210_pwm_init /qemu/hw/timer/exynos4210_pwm.c:401
#7 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#8 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#9 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#10 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
#11 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
#12 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:52 +0000 (19:31 +0800)]
exynos4210_rtc: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
exynos4210_rtc_init function, so use ptimer_free() in the finalize function to
avoid it.
ASAN shows memory leak stack:
Indirect leak of 96 byte(s) in 1 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
#3 0xaaabf57b3934 in exynos4210_rtc_init /qemu/hw/rtc/exynos4210_rtc.c:567
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#5 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#6 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#7 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
#8 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
#9 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
#10 0xaaabf6552708 in aio_bh_poll /qemu/util/async.c:164
#11 0xaaabf655f19c in aio_dispatch /qemu/util/aio-posix.c:381
#12 0xaaabf65523f4 in aio_ctx_dispatch /qemu/util/async.c:306
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:48 +0000 (19:31 +0800)]
allwinner-a10-pit: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the a10_pit_init
function, so use ptimer_free() in the finalize function to avoid it.
ASAN shows memory leak stack:
Indirect leak of 288 byte(s) in 6 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
#6 0xaaabf57415e8 in a10_pit_init /qemu/hw/timer/allwinner-a10-pit.c:278
#7 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#8 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
#9 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
#10 0xaaabf5b94680 in aw_a10_init /qemu/hw/arm/allwinner-a10.c:49
#11 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#12 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gan Qixin [Thu, 17 Dec 2020 11:31:49 +0000 (19:31 +0800)]
digic-timer: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
digic_timer_init function, so use ptimer_free() in the finalize function to
avoid it.
ASAN shows memory leak stack:
Indirect leak of 288 byte(s) in 3 object(s) allocated from:
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
#3 0xaaabf5b04084 in digic_timer_init /qemu/hw/timer/digic-timer.c:142
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#5 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
#6 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
#7 0xaaabf5b40e84 in digic_init /qemu/hw/arm/digic.c:46
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
#11 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
#12 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 15 Dec 2020 15:41:07 +0000 (15:41 +0000)]
target/arm: Remove timer_del()/timer_deinit() before timer_free()
The Arm CPU finalize function uses a sequence of timer_del(), timer_deinit(),
timer_free() to free the timer. The timer_deinit() step in this was always
unnecessary, and now the timer_del() is implied by timer_free(), so we can
collapse this down to simply calling timer_free().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201215154107.3255-5-peter.maydell@linaro.org
Peter Maydell [Tue, 15 Dec 2020 15:41:05 +0000 (15:41 +0000)]
scripts/coccinelle: New script to remove unnecessary timer_del() calls
Now that timer_free() implicitly calls timer_del(), sequences
timer_del(mytimer);
timer_free(mytimer);
can be simplified to just
timer_free(mytimer);
Add a Coccinelle script to do this transformation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201215154107.3255-3-peter.maydell@linaro.org
Peter Maydell [Tue, 15 Dec 2020 15:41:04 +0000 (15:41 +0000)]
util/qemu-timer: Make timer_free() imply timer_del()
Currently timer_free() is a simple wrapper for g_free(). This means
that the timer being freed must not be currently active, as otherwise
QEMU might crash later when the active list is processed and still
has a pointer to freed memory on it. As a result almost all calls to
timer_free() are preceded by a timer_del() call, as can be seen in
the output of
git grep -B1 '\<timer_free\>'
This is unfortunate API design as it makes it easy to accidentally
misuse (by forgetting the timer_del()), and the correct use is
annoyingly verbose.
Make timer_free() imply a timer_del().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201215154107.3255-2-peter.maydell@linaro.org
Peter Maydell [Tue, 15 Dec 2020 14:42:15 +0000 (14:42 +0000)]
hw/arm/highbank: Drop dead KVM support code
Support for running KVM on 32-bit Arm hosts was removed in commit 82bf7ae84ce739e. You can still run a 32-bit guest on a 64-bit Arm
host CPU, but because Arm KVM requires the host and guest CPU types
to match, it is not possible to run a guest that requires a Cortex-A9
or Cortex-A15 CPU there. That means that the code in the
highbank/midway board models to support KVM is no longer used, and we
can delete it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201215144215.28482-1-peter.maydell@linaro.org
Peter Maydell [Thu, 10 Dec 2020 20:14:33 +0000 (20:14 +0000)]
target/arm: Implement Cortex-M55 model
Now that we have implemented all the features needed by the v8.1M
architecture, we can add the model of the Cortex-M55. This is the
configuration without MVE support; we'll add MVE later.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201210201433.26262-5-peter.maydell@linaro.org
Peter Maydell [Thu, 10 Dec 2020 20:14:32 +0000 (20:14 +0000)]
target/arm: Implement FPCXT_NS fp system register
Implement the v8.1M FPCXT_NS floating-point system register. This is
a little more complicated than FPCXT_S, because it has specific
handling for "current FP state is inactive", and it only wants to do
PreserveFPState(), not the full set of actions done by
ExecuteFPCheck() which vfp_access_check() implements.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201210201433.26262-4-peter.maydell@linaro.org
Peter Maydell [Thu, 10 Dec 2020 20:14:31 +0000 (20:14 +0000)]
target/arm: Correct store of FPSCR value via FPCXT_S
In commit 64f863baeedc8659 we implemented the v8.1M FPCXT_S register,
but we got the write behaviour wrong. On read, this register reads
bits [27:0] of FPSCR plus the CONTROL.SFPA bit. On write, it doesn't
just write back those bits -- it writes a value to the whole FPSCR,
whose upper 4 bits are zeroes.
We also incorrectly implemented the write-to-FPSCR as a simple store
to vfp.xregs; this skips the "update the softfloat flags" part of
the vfp_set_fpscr helper so the value would read back correctly but
not actually take effect.
Fix both of these things by doing a complete write to the FPSCR
using the helper function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201210201433.26262-3-peter.maydell@linaro.org
Peter Maydell [Thu, 10 Dec 2020 20:14:30 +0000 (20:14 +0000)]
hw/intc/armv7m_nvic: Correct handling of CCR.BFHFNMIGN
The CCR is a register most of whose bits are banked between security
states but where BFHFNMIGN is not, and we keep it in the non-secure
entry of the v7m.ccr[] array. The logic which tries to handle this
bit fails to implement the "RAZ/WI from Nonsecure if AIRCR.BFHFNMINS
is zero" requirement; correct the omission.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201210201433.26262-2-peter.maydell@linaro.org
In 50244cc76abc we updated mte_check_fail to match the ARM
pseudocode, using the correct EL to select the TCF field.
But we failed to update MTE0_ACTIVE the same way, which led
to g_assert_not_reached().
Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/bugs/1907137 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201221204426.88514-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andrew Jones [Tue, 15 Dec 2020 17:48:15 +0000 (18:48 +0100)]
hw/arm/virt: Remove virt machine state 'smp_cpus'
virt machine's 'smp_cpus' and machine->smp.cpus must always have the
same value. And, anywhere we have virt machine state we have machine
state. So let's remove the redundancy. Also, to make it easier to see
that machine->smp is the true source for "smp_cpus" and "max_cpus",
avoid passing them in function parameters, preferring instead to get
them from the state.
No functional change intended.
Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Reviewed-by: Ying Fang <fangying1@huawei.com>
Message-id: 20201215174815.51520-1-drjones@redhat.com
[PMM: minor formatting tweak to smp_cpus variable declaration] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs
Correct the indexing into s->cpu_ctlr for vCPUs.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20201214222154.3480243-2-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 7 Jan 2021 20:34:05 +0000 (20:34 +0000)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210107' into staging
Build fix for ppc64 centos7.
Reduce the use of scratch registers for tcg/i386.
Use _aligned_malloc for Win32.
Enable split w^x code gen buffers.
# gpg: Signature made Thu 07 Jan 2021 20:06:38 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20210107: (47 commits)
tcg: Constify TCGLabelQemuLdst.raddr
tcg: Constify tcg_code_gen_epilogue
tcg: Remove TCG_TARGET_SUPPORT_MIRROR
tcg/arm: Support split-wx code generation
tcg/mips: Support split-wx code generation
tcg/mips: Do not assert on relocation overflow
accel/tcg: Add mips support to alloc_code_gen_buffer_splitwx_memfd
tcg/riscv: Support split-wx code generation
tcg/riscv: Remove branch-over-branch fallback
tcg/riscv: Fix branch range checks
tcg/s390: Support split-wx code generation
tcg/s390: Use tcg_tbrel_diff
tcg/sparc: Support split-wx code generation
tcg/sparc: Use tcg_tbrel_diff
tcg/ppc: Support split-wx code generation
tcg/ppc: Use tcg_out_mem_long to reset TCG_REG_TB
tcg/ppc: Use tcg_tbrel_diff
tcg: Introduce tcg_tbrel_diff
tcg/tci: Push const down through bytecode reading
disas: Push const down through host disassembly
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that all native tcg hosts support splitwx,
make this pointer const.
Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Now that all native tcg hosts support splitwx,
make this pointer const.
Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since 7ecd02a06f8, we are prepared to re-start code generation
with a smaller TB if a relocation is out of range. We no longer
need to leave a nop in the stream Just In Case.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / mirror_qemu.git / log