From 13aae9b4b466720ad34e2140da030997be5edd0e Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Wed, 23 Oct 2024 12:33:49 +0100 Subject: [PATCH 01/17] tests/docker: Fix microblaze atomics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GCC produces invalid code for microblaze atomics. The fix is unfortunately not upstream, so fetch it from an external location and apply it locally. Suggested-by: Peter Maydell Signed-off-by: Ilya Leoshkevich Reviewed-by: Pierrick Bouvier Message-Id: <20240919152308.10440-1-iii@linux.ibm.com> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-2-alex.bennee@linaro.org> --- .../debian-microblaze-cross.d/build-toolchain.sh | 8 ++++++++ tests/docker/dockerfiles/debian-toolchain.docker | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/tests/docker/dockerfiles/debian-microblaze-cross.d/build-toolchain.sh b/tests/docker/dockerfiles/debian-microblaze-cross.d/build-toolchain.sh index 23ec0aa9a7..c5cd0aa931 100755 --- a/tests/docker/dockerfiles/debian-microblaze-cross.d/build-toolchain.sh +++ b/tests/docker/dockerfiles/debian-microblaze-cross.d/build-toolchain.sh @@ -10,6 +10,8 @@ TOOLCHAIN_INSTALL=/usr/local TOOLCHAIN_BIN=${TOOLCHAIN_INSTALL}/bin CROSS_SYSROOT=${TOOLCHAIN_INSTALL}/$TARGET/sys-root +GCC_PATCH0_URL=https://raw.githubusercontent.com/Xilinx/meta-xilinx/refs/tags/xlnx-rel-v2024.1/meta-microblaze/recipes-devtools/gcc/gcc-12/0009-Patch-microblaze-Fix-atomic-boolean-return-value.patch + export PATH=${TOOLCHAIN_BIN}:$PATH # @@ -31,6 +33,12 @@ mv gcc-11.2.0 src-gcc mv musl-1.2.2 src-musl mv linux-5.10.70 src-linux +# +# Patch gcc +# + +wget -O - ${GCC_PATCH0_URL} | patch -d src-gcc -p1 + mkdir -p bld-hdr bld-binu bld-gcc bld-musl mkdir -p ${CROSS_SYSROOT}/usr/include diff --git a/tests/docker/dockerfiles/debian-toolchain.docker b/tests/docker/dockerfiles/debian-toolchain.docker index 687a97fec4..ab4ce29533 100644 --- a/tests/docker/dockerfiles/debian-toolchain.docker +++ b/tests/docker/dockerfiles/debian-toolchain.docker @@ -10,6 +10,8 @@ FROM docker.io/library/debian:11-slim # ??? The build-dep isn't working, missing a number of # minimal build dependiencies, e.g. libmpc. +RUN sed 's/^deb /deb-src /' /etc/apt/sources.list.d/deb-src.list + RUN apt update && \ DEBIAN_FRONTEND=noninteractive apt install -yy eatmydata && \ DEBIAN_FRONTEND=noninteractive eatmydata \ @@ -33,6 +35,11 @@ RUN cd /root && ./build-toolchain.sh # and the build trees by restoring the original image, # then copying the built toolchain from stage 0. FROM docker.io/library/debian:11-slim +RUN apt update && \ + DEBIAN_FRONTEND=noninteractive apt install -yy eatmydata && \ + DEBIAN_FRONTEND=noninteractive eatmydata \ + apt install -y --no-install-recommends \ + libmpc3 COPY --from=0 /usr/local /usr/local # As a final step configure the user (if env is defined) ARG USER From 16cacff7b49d20149a93963e2768c7d7572ad195 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:50 +0100 Subject: [PATCH 02/17] tests/docker: add NOFETCH env variable for testing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Testing non-auto built docker containers (i.e. custom built compilers) is a bit fiddly as you couldn't continue a build with a previously locally built container. While you can play games with REGISTRY its simpler to allow a NOFETCH that will go through the cached build process when you run the tests. Reviewed-by: Pierrick Bouvier Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-3-alex.bennee@linaro.org> --- tests/docker/Makefile.include | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 681feae744..fead7d3abe 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -92,10 +92,10 @@ endif docker-image-alpine: NOUSER=1 debian-toolchain-run = \ - $(if $(NOCACHE), \ + $(if $(NOCACHE)$(NOFETCH), \ $(call quiet-command, \ $(DOCKER_SCRIPT) build -t qemu/$1 -f $< \ - $(if $V,,--quiet) --no-cache \ + $(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \ --registry $(DOCKER_REGISTRY) --extra-files \ $(DOCKER_FILES_DIR)/$1.d/build-toolchain.sh, \ "BUILD", $1), \ @@ -177,6 +177,7 @@ docker: @echo ' NETWORK=$$BACKEND Enable virtual network interface with $$BACKEND.' @echo ' NOUSER=1 Define to disable adding current user to containers passwd.' @echo ' NOCACHE=1 Ignore cache when build images.' + @echo ' NOFETCH=1 Do not fetch from the registry.' @echo ' EXECUTABLE= Include executable in image.' @echo ' EXTRA_FILES=" [... ]"' @echo ' Include extra files in image.' From e4239ee92fe07bffe74759832499cf732923c76a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:51 +0100 Subject: [PATCH 03/17] MAINTAINERS: mention my testing/next tree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I put it under my name as there may be other maintainer testing trees as well. Reviewed-by: Thomas Huth Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-4-alex.bennee@linaro.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index c3bfa132fd..ef1678a1a8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4080,6 +4080,7 @@ Build and test automation ------------------------- Build and test automation, general continuous integration M: Alex Bennée +T: git https://gitlab.com/stsquad/qemu testing/next M: Philippe Mathieu-Daudé M: Thomas Huth R: Wainer dos Santos Moschetta From cf6fbba724f19355d31b7d8dd1a711538dd91645 Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 23 Oct 2024 12:33:52 +0100 Subject: [PATCH 04/17] meson: hide tsan related warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When building with gcc-12 -fsanitize=thread, gcc reports some constructions not supported with tsan. Found on debian stable. qemu/include/qemu/atomic.h:36:52: error: ‘atomic_thread_fence’ is not supported with ‘-fsanitize=thread’ [-Werror=tsan] 36 | #define smp_mb() ({ barrier(); __atomic_thread_fence(__ATOMIC_SEQ_CST); }) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Pierrick Bouvier Reviewed-by: Thomas Huth Message-Id: <20240910174013.1433331-2-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-5-alex.bennee@linaro.org> --- meson.build | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index d26690ce20..bdd67a2d6d 100644 --- a/meson.build +++ b/meson.build @@ -538,7 +538,15 @@ if get_option('tsan') prefix: '#include ') error('Cannot enable TSAN due to missing fiber annotation interface') endif - qemu_cflags = ['-fsanitize=thread'] + qemu_cflags + tsan_warn_suppress = [] + # gcc (>=11) will report constructions not supported by tsan: + # "error: ‘atomic_thread_fence’ is not supported with ‘-fsanitize=thread’" + # https://gcc.gnu.org/gcc-11/changes.html + # However, clang does not support this warning and this triggers an error. + if cc.has_argument('-Wno-tsan') + tsan_warn_suppress = ['-Wno-tsan'] + endif + qemu_cflags = ['-fsanitize=thread'] + tsan_warn_suppress + qemu_cflags qemu_ldflags = ['-fsanitize=thread'] + qemu_ldflags endif From dfbc72a77cd9441e8c29aebb2ea11547972806f0 Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 23 Oct 2024 12:33:53 +0100 Subject: [PATCH 05/17] docs/devel: update tsan build documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mention it's now possible to build with gcc, instead of clang, and explain how to build a sanitized glib version. Signed-off-by: Pierrick Bouvier Reviewed-by: Thomas Huth Message-Id: <20240910174013.1433331-4-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-6-alex.bennee@linaro.org> --- docs/devel/testing/main.rst | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/docs/devel/testing/main.rst b/docs/devel/testing/main.rst index 09725e8ea9..91f4dc61fb 100644 --- a/docs/devel/testing/main.rst +++ b/docs/devel/testing/main.rst @@ -628,20 +628,38 @@ Building and Testing with TSan It is possible to build and test with TSan, with a few additional steps. These steps are normally done automatically in the docker. -There is a one time patch needed in clang-9 or clang-10 at this time: +TSan is supported for clang and gcc. +One particularity of sanitizers is that all the code, including shared objects +dependencies, should be built with it. +In the case of TSan, any synchronization primitive from glib (GMutex for +instance) will not be recognized, and will lead to false positives. + +To build a tsan version of glib: .. code:: - sed -i 's/^const/static const/g' \ - /usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h + $ git clone --depth=1 --branch=2.81.0 https://github.com/GNOME/glib.git + $ cd glib + $ CFLAGS="-O2 -g -fsanitize=thread" meson build + $ ninja -C build To configure the build for TSan: .. code:: - ../configure --enable-tsan --cc=clang-10 --cxx=clang++-10 \ + ../configure --enable-tsan \ --disable-werror --extra-cflags="-O0" +When executing qemu, don't forget to point to tsan glib: + +.. code:: + + $ glib_dir=/path/to/glib + $ export LD_LIBRARY_PATH=$glib_dir/build/gio:$glib_dir/build/glib:$glib_dir/build/gmodule:$glib_dir/build/gobject:$glib_dir/build/gthread + # check correct version is used + $ ldd build/qemu-x86_64 | grep glib + $ qemu-system-x86_64 ... + The runtime behavior of TSAN is controlled by the TSAN_OPTIONS environment variable. From 7f117cbb464b2e25f3de25e7487e495c29a4ea03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:54 +0100 Subject: [PATCH 06/17] scripts/ci: remove architecture checks for build-environment updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were missing s390x here. There isn't much point testing for the architecture here as we will fail anyway if the appropriate package list is missing. Reviewed-by: Pierrick Bouvier Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-7-alex.bennee@linaro.org> --- scripts/ci/setup/ubuntu/build-environment.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/ci/setup/ubuntu/build-environment.yml b/scripts/ci/setup/ubuntu/build-environment.yml index edf1900b3e..56b51609e3 100644 --- a/scripts/ci/setup/ubuntu/build-environment.yml +++ b/scripts/ci/setup/ubuntu/build-environment.yml @@ -39,7 +39,6 @@ when: - ansible_facts['distribution'] == 'Ubuntu' - ansible_facts['distribution_version'] == '22.04' - - ansible_facts['architecture'] == 'aarch64' or ansible_facts['architecture'] == 'x86_64' - name: Install packages for QEMU on Ubuntu 22.04 package: @@ -47,7 +46,6 @@ when: - ansible_facts['distribution'] == 'Ubuntu' - ansible_facts['distribution_version'] == '22.04' - - ansible_facts['architecture'] == 'aarch64' or ansible_facts['architecture'] == 'x86_64' - name: Install armhf cross-compile packages to build QEMU on AArch64 Ubuntu 22.04 package: From b6a48d2a4b9341f46061a59a94cd402e03381177 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Wed, 23 Oct 2024 12:33:55 +0100 Subject: [PATCH 07/17] tests/tcg/x86_64: Add cross-modifying code test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit f025692c992c ("accel/tcg: Clear PAGE_WRITE before translation") fixed cross-modifying code handling, but did not add a test. The changed code was further improved recently [1], and I was not sure whether these modifications were safe (spoiler: they were fine). Add a test to make sure there are no regressions. [1] https://lists.gnu.org/archive/html/qemu-devel/2022-09/msg00034.html Signed-off-by: Ilya Leoshkevich Reviewed-by: Pierrick Bouvier Message-Id: <20241001150617.9977-1-iii@linux.ibm.com> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-8-alex.bennee@linaro.org> --- tests/tcg/x86_64/Makefile.target | 4 ++ tests/tcg/x86_64/cross-modifying-code.c | 80 +++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 tests/tcg/x86_64/cross-modifying-code.c diff --git a/tests/tcg/x86_64/Makefile.target b/tests/tcg/x86_64/Makefile.target index 783ab5b21a..d6dff559c7 100644 --- a/tests/tcg/x86_64/Makefile.target +++ b/tests/tcg/x86_64/Makefile.target @@ -17,6 +17,7 @@ X86_64_TESTS += cmpxchg X86_64_TESTS += adox X86_64_TESTS += test-1648 X86_64_TESTS += test-2175 +X86_64_TESTS += cross-modifying-code TESTS=$(MULTIARCH_TESTS) $(X86_64_TESTS) test-x86_64 else TESTS=$(MULTIARCH_TESTS) @@ -27,6 +28,9 @@ adox: CFLAGS=-O2 run-test-i386-ssse3: QEMU_OPTS += -cpu max run-plugin-test-i386-ssse3-%: QEMU_OPTS += -cpu max +cross-modifying-code: CFLAGS+=-pthread +cross-modifying-code: LDFLAGS+=-pthread + test-x86_64: LDFLAGS+=-lm -lc test-x86_64: test-i386.c test-i386.h test-i386-shift.h test-i386-muldiv.h $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS) diff --git a/tests/tcg/x86_64/cross-modifying-code.c b/tests/tcg/x86_64/cross-modifying-code.c new file mode 100644 index 0000000000..2704df6061 --- /dev/null +++ b/tests/tcg/x86_64/cross-modifying-code.c @@ -0,0 +1,80 @@ +/* + * Test patching code, running in one thread, from another thread. + * + * Intel SDM calls this "cross-modifying code" and recommends a special + * sequence, which requires both threads to cooperate. + * + * Linux kernel uses a different sequence that does not require cooperation and + * involves patching the first byte with int3. + * + * Finally, there is user-mode software out there that simply uses atomics, and + * that seems to be good enough in practice. Test that QEMU has no problems + * with this as well. + */ + +#include +#include +#include +#include + +void add1_or_nop(long *x); +asm(".pushsection .rwx,\"awx\",@progbits\n" + ".globl add1_or_nop\n" + /* addq $0x1,(%rdi) */ + "add1_or_nop: .byte 0x48, 0x83, 0x07, 0x01\n" + "ret\n" + ".popsection\n"); + +#define THREAD_WAIT 0 +#define THREAD_PATCH 1 +#define THREAD_STOP 2 + +static void *thread_func(void *arg) +{ + int val = 0x0026748d; /* nop */ + + while (true) { + switch (__atomic_load_n((int *)arg, __ATOMIC_SEQ_CST)) { + case THREAD_WAIT: + break; + case THREAD_PATCH: + val = __atomic_exchange_n((int *)&add1_or_nop, val, + __ATOMIC_SEQ_CST); + break; + case THREAD_STOP: + return NULL; + default: + assert(false); + __builtin_unreachable(); + } + } +} + +#define INITIAL 42 +#define COUNT 1000000 + +int main(void) +{ + int command = THREAD_WAIT; + pthread_t thread; + long x = 0; + int err; + int i; + + err = pthread_create(&thread, NULL, &thread_func, &command); + assert(err == 0); + + __atomic_store_n(&command, THREAD_PATCH, __ATOMIC_SEQ_CST); + for (i = 0; i < COUNT; i++) { + add1_or_nop(&x); + } + __atomic_store_n(&command, THREAD_STOP, __ATOMIC_SEQ_CST); + + err = pthread_join(thread, NULL); + assert(err == 0); + + assert(x >= INITIAL); + assert(x <= INITIAL + COUNT); + + return EXIT_SUCCESS; +} From b24bad34bf6017d49724bedd0a428dea0056bbd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:56 +0100 Subject: [PATCH 08/17] accel/tcg: add tracepoints for cpu_loop_exit_atomic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We try to avoid using cpu_loop_exit_atomic as it brings in an all-core sync point. However on some cpu/kernel/benchmark combinations it is starting to show up in the performance profile. To make it easier to see whats going on add tracepoints for the slow path so we can see what is triggering the wait. It seems for a modern CPU it can be quite a bit, for example: ./qemu-system-aarch64 \ -machine type=virt,virtualization=on,pflash0=rom,pflash1=efivars,gic-version=max \ -smp 4 \ -accel tcg \ -device virtio-net-pci,netdev=unet \ -device virtio-scsi-pci \ -device scsi-hd,drive=hd \ -netdev user,id=unet,hostfwd=tcp::2222-:22 \ -blockdev driver=raw,node-name=hd,file.driver=host_device,file.filename=/dev/zen-ssd2/trixie-arm64,discard=unmap \ -serial mon:stdio \ -blockdev node-name=rom,driver=file,filename=(pwd)/pc-bios/edk2-aarch64-code.fd,read-only=true \ -blockdev node-name=efivars,driver=file,filename=$HOME/images/qemu-arm64-efivars \ -m 8192 \ -object memory-backend-memfd,id=mem,size=8G,share=on \ -kernel /home/alex/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image -append "root=/dev/sda2 console=ttyAMA0 systemd.unit=benchmark-stress-ng.service" \ -display none -d trace:load_atom\*_fallback,trace:store_atom\*_fallback With: -cpu neoverse-v1,pauth-impdef=on => 2203343 With: -cpu cortex-a76 => 0 Reviewed-by: Richard Henderson Reviewed-by: Pierrick Bouvier Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-9-alex.bennee@linaro.org> --- accel/tcg/ldst_atomicity.c.inc | 9 +++++++++ accel/tcg/trace-events | 12 ++++++++++++ accel/tcg/user-exec.c | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/accel/tcg/ldst_atomicity.c.inc b/accel/tcg/ldst_atomicity.c.inc index 134da3c1da..c735add261 100644 --- a/accel/tcg/ldst_atomicity.c.inc +++ b/accel/tcg/ldst_atomicity.c.inc @@ -168,6 +168,7 @@ static uint64_t load_atomic8_or_exit(CPUState *cpu, uintptr_t ra, void *pv) #endif /* Ultimate fallback: re-execute in serial context. */ + trace_load_atom8_or_exit_fallback(ra); cpu_loop_exit_atomic(cpu, ra); } @@ -212,6 +213,7 @@ static Int128 load_atomic16_or_exit(CPUState *cpu, uintptr_t ra, void *pv) } /* Ultimate fallback: re-execute in serial context. */ + trace_load_atom16_or_exit_fallback(ra); cpu_loop_exit_atomic(cpu, ra); } @@ -519,6 +521,7 @@ static uint64_t load_atom_8(CPUState *cpu, uintptr_t ra, if (HAVE_al8) { return load_atom_extract_al8x2(pv); } + trace_load_atom8_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); default: g_assert_not_reached(); @@ -563,6 +566,7 @@ static Int128 load_atom_16(CPUState *cpu, uintptr_t ra, break; case MO_64: if (!HAVE_al8) { + trace_load_atom16_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); } a = load_atomic8(pv); @@ -570,6 +574,7 @@ static Int128 load_atom_16(CPUState *cpu, uintptr_t ra, break; case -MO_64: if (!HAVE_al8) { + trace_load_atom16_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); } a = load_atom_extract_al8x2(pv); @@ -897,6 +902,7 @@ static void store_atom_2(CPUState *cpu, uintptr_t ra, g_assert_not_reached(); } + trace_store_atom2_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); } @@ -961,6 +967,7 @@ static void store_atom_4(CPUState *cpu, uintptr_t ra, return; } } + trace_store_atom4_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); default: g_assert_not_reached(); @@ -1029,6 +1036,7 @@ static void store_atom_8(CPUState *cpu, uintptr_t ra, default: g_assert_not_reached(); } + trace_store_atom8_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); } @@ -1107,5 +1115,6 @@ static void store_atom_16(CPUState *cpu, uintptr_t ra, default: g_assert_not_reached(); } + trace_store_atom16_fallback(memop, ra); cpu_loop_exit_atomic(cpu, ra); } diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events index 4e9b450520..14f638810c 100644 --- a/accel/tcg/trace-events +++ b/accel/tcg/trace-events @@ -12,3 +12,15 @@ memory_notdirty_set_dirty(uint64_t vaddr) "0x%" PRIx64 # translate-all.c translate_block(void *tb, uintptr_t pc, const void *tb_code) "tb:%p, pc:0x%"PRIxPTR", tb_code:%p" + +# ldst_atomicity +load_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +load_atom4_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +load_atom8_or_exit_fallback(uintptr_t ra) "ra:0x%"PRIxPTR"" +load_atom8_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +load_atom16_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +load_atom16_or_exit_fallback(uintptr_t ra) "ra:0x%"PRIxPTR"" +store_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +store_atom4_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +store_atom8_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" +store_atom16_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR"" diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c index 51b2c16dbe..aa8af52cc3 100644 --- a/accel/tcg/user-exec.c +++ b/accel/tcg/user-exec.c @@ -29,7 +29,7 @@ #include "exec/page-protection.h" #include "exec/helper-proto.h" #include "qemu/atomic128.h" -#include "trace/trace-root.h" +#include "trace.h" #include "tcg/tcg-ldst.h" #include "internal-common.h" #include "internal-target.h" From 24be5341fbeea341cca38b59d4c0928a8cf5fac1 Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 23 Oct 2024 12:33:57 +0100 Subject: [PATCH 09/17] dockerfiles: fix default targets for debian-loongarch-cross MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix system target name, and remove --disable-system (which deactivates system target). Found using: make docker-test-build@debian-loongarch-cross V=1 Signed-off-by: Pierrick Bouvier Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Message-Id: <20241020213759.2168248-1-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-10-alex.bennee@linaro.org> --- tests/docker/dockerfiles/debian-loongarch-cross.docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/docker/dockerfiles/debian-loongarch-cross.docker b/tests/docker/dockerfiles/debian-loongarch-cross.docker index 79eab5621e..538ab53490 100644 --- a/tests/docker/dockerfiles/debian-loongarch-cross.docker +++ b/tests/docker/dockerfiles/debian-loongarch-cross.docker @@ -43,8 +43,8 @@ RUN curl -#SL https://github.com/loongson/build-tools/releases/download/2023.08. ENV PATH $PATH:/opt/cross-tools/bin ENV LD_LIBRARY_PATH /opt/cross-tools/lib:/opt/cross-tools/loongarch64-unknown-linux-gnu/lib:$LD_LIBRARY_PATH -ENV QEMU_CONFIGURE_OPTS --disable-system --disable-docs --disable-tools -ENV DEF_TARGET_LIST loongarch64-linux-user,loongarch-softmmu +ENV QEMU_CONFIGURE_OPTS --disable-docs --disable-tools +ENV DEF_TARGET_LIST loongarch64-linux-user,loongarch64-softmmu ENV MAKE /usr/bin/make # As a final step configure the user (if env is defined) From 97f116f9c6fd127b6ed2953993fa9fb05e82f450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:58 +0100 Subject: [PATCH 10/17] gitlab: make check-[dco|patch] a little more verbose MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When git fails the rather terse backtrace only indicates it failed without some useful context. Add some to make the log a little more useful. Reviewed-by: Daniel P. Berrangé Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-11-alex.bennee@linaro.org> --- .gitlab-ci.d/check-dco.py | 5 ++--- .gitlab-ci.d/check-patch.py | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.d/check-dco.py b/.gitlab-ci.d/check-dco.py index 632c8bcce8..d221b16bd5 100755 --- a/.gitlab-ci.d/check-dco.py +++ b/.gitlab-ci.d/check-dco.py @@ -19,10 +19,9 @@ cwd = os.getcwd() reponame = os.path.basename(cwd) repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame) +print(f"adding upstream git repo @ {repourl}") subprocess.check_call(["git", "remote", "add", "check-dco", repourl]) -subprocess.check_call(["git", "fetch", "check-dco", "master"], - stdout=subprocess.DEVNULL, - stderr=subprocess.DEVNULL) +subprocess.check_call(["git", "fetch", "check-dco", "master"]) ancestor = subprocess.check_output(["git", "merge-base", "check-dco/master", "HEAD"], diff --git a/.gitlab-ci.d/check-patch.py b/.gitlab-ci.d/check-patch.py index 39e2b403c9..68c549a146 100755 --- a/.gitlab-ci.d/check-patch.py +++ b/.gitlab-ci.d/check-patch.py @@ -19,13 +19,12 @@ cwd = os.getcwd() reponame = os.path.basename(cwd) repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame) +print(f"adding upstream git repo @ {repourl}") # GitLab CI environment does not give us any direct info about the # base for the user's branch. We thus need to figure out a common # ancestor between the user's branch and current git master. subprocess.check_call(["git", "remote", "add", "check-patch", repourl]) -subprocess.check_call(["git", "fetch", "check-patch", "master"], - stdout=subprocess.DEVNULL, - stderr=subprocess.DEVNULL) +subprocess.check_call(["git", "fetch", "check-patch", "master"]) ancestor = subprocess.check_output(["git", "merge-base", "check-patch/master", "HEAD"], From 0f48656a098892f69642f97a8e6876761c07951b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:33:59 +0100 Subject: [PATCH 11/17] MAINTAINERS: mention my gdbstub/next tree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make it easy for people to see what is already queued. Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-12-alex.bennee@linaro.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index ef1678a1a8..7eea7b7954 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2984,6 +2984,7 @@ F: gdb-xml/ F: tests/tcg/multiarch/gdbstub/* F: scripts/feature_to_c.py F: scripts/probe-gdb-support.py +T: git https://gitlab.com/stsquad/qemu gdbstub/next Memory API M: Paolo Bonzini From 591e848aca7af3b4d25af03ed5bd266c479054bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:34:00 +0100 Subject: [PATCH 12/17] config/targets: update aarch64_be-linux-user gdb XML list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attempting to run the binary asserts when it can't find the XML entry. We can fix it so we don't although I suspect other stuff is broken. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2580 Reviewed-by: Pierrick Bouvier Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-13-alex.bennee@linaro.org> --- configs/targets/aarch64_be-linux-user.mak | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/targets/aarch64_be-linux-user.mak b/configs/targets/aarch64_be-linux-user.mak index 778d22b2a9..dcef597a80 100644 --- a/configs/targets/aarch64_be-linux-user.mak +++ b/configs/targets/aarch64_be-linux-user.mak @@ -1,7 +1,7 @@ TARGET_ARCH=aarch64 TARGET_BASE_ARCH=arm TARGET_BIG_ENDIAN=y -TARGET_XML_FILES= gdb-xml/aarch64-core.xml gdb-xml/aarch64-fpu.xml gdb-xml/aarch64-pauth.xml +TARGET_XML_FILES= gdb-xml/aarch64-core.xml gdb-xml/aarch64-fpu.xml gdb-xml/aarch64-pauth.xml gdb-xml/aarch64-mte.xml TARGET_HAS_BFLT=y CONFIG_SEMIHOSTING=y CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y From 2e1cacfb8a1e2d84c787fc1f34937a309fbe65ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:34:01 +0100 Subject: [PATCH 13/17] tests/tcg: enable basic testing for aarch64_be-linux-user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We didn't notice breakage of aarch64_be because we don't have any TCG tests for it. However while the existing aarch64 compiler can target big-endian builds no one packages a BE libc. Instead we bang some rocks together to do the most basic of hello world with a nostdlib syscall test. Reviewed-by: Pierrick Bouvier Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-14-alex.bennee@linaro.org> --- configure | 5 ++++ tests/tcg/Makefile.target | 7 +++++- tests/tcg/aarch64_be/Makefile.target | 17 ++++++++++++++ tests/tcg/aarch64_be/hello.c | 35 ++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 tests/tcg/aarch64_be/Makefile.target create mode 100644 tests/tcg/aarch64_be/hello.c diff --git a/configure b/configure index 72d1a94225..7dd3400ccb 100755 --- a/configure +++ b/configure @@ -1418,6 +1418,7 @@ probe_target_compiler() { target_arch=${1%%-*} case $target_arch in aarch64) container_hosts="x86_64 aarch64" ;; + aarch64_be) container_hosts="x86_64 aarch64" ;; alpha) container_hosts=x86_64 ;; arm) container_hosts="x86_64 aarch64" ;; hexagon) container_hosts=x86_64 ;; @@ -1447,6 +1448,10 @@ probe_target_compiler() { case $target_arch in # debian-all-test-cross architectures + aarch64_be) + container_image=debian-all-test-cross + container_cross_prefix=aarch64-linux-gnu- + ;; hppa|m68k|mips|riscv64|sparc64) container_image=debian-all-test-cross ;; diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target index 2da70b2fcf..9722145b97 100644 --- a/tests/tcg/Makefile.target +++ b/tests/tcg/Makefile.target @@ -103,9 +103,14 @@ ifeq ($(filter %-softmmu, $(TARGET)),) # then the target. If there are common tests shared between # sub-targets (e.g. ARM & AArch64) then it is up to # $(TARGET_NAME)/Makefile.target to include the common parent -# architecture in its VPATH. +# architecture in its VPATH. However some targets are so minimal we +# can't even build the multiarch tests. +ifneq ($(filter $(TARGET_NAME),aarch64_be),) +-include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.target +else -include $(SRC_PATH)/tests/tcg/multiarch/Makefile.target -include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.target +endif # Add the common build options CFLAGS+=-Wall -Werror -O0 -g -fno-strict-aliasing diff --git a/tests/tcg/aarch64_be/Makefile.target b/tests/tcg/aarch64_be/Makefile.target new file mode 100644 index 0000000000..cbe5fa0b2d --- /dev/null +++ b/tests/tcg/aarch64_be/Makefile.target @@ -0,0 +1,17 @@ +# -*- Mode: makefile -*- +# +# A super basic AArch64 BE makefile. As we don't have any big-endian +# libc available the best we can do is a basic Hello World. + +AARCH64BE_SRC=$(SRC_PATH)/tests/tcg/aarch64_be +VPATH += $(AARCH64BE_SRC) + +AARCH64BE_TEST_SRCS=$(notdir $(wildcard $(AARCH64BE_SRC)/*.c)) +AARCH64BE_TESTS=$(AARCH64BE_TEST_SRCS:.c=) +#MULTIARCH_TESTS = $(MULTIARCH_SRCS:.c=) + +# We need to specify big-endian cflags +CFLAGS +=-mbig-endian -ffreestanding +LDFLAGS +=-nostdlib + +TESTS += $(AARCH64BE_TESTS) diff --git a/tests/tcg/aarch64_be/hello.c b/tests/tcg/aarch64_be/hello.c new file mode 100644 index 0000000000..a9b2ab45de --- /dev/null +++ b/tests/tcg/aarch64_be/hello.c @@ -0,0 +1,35 @@ +/* + * Non-libc syscall hello world for Aarch64 BE + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#define __NR_write 64 +#define __NR_exit 93 + +int write(int fd, char *buf, int len) +{ + register int x0 __asm__("x0") = fd; + register char *x1 __asm__("x1") = buf; + register int x2 __asm__("x2") = len; + register int x8 __asm__("x8") = __NR_write; + + asm volatile("svc #0" : : "r"(x0), "r"(x1), "r"(x2), "r"(x8)); + + return len; +} + +void exit(int ret) +{ + register int x0 __asm__("x0") = ret; + register int x8 __asm__("x8") = __NR_exit; + + asm volatile("svc #0" : : "r"(x0), "r"(x8)); + __builtin_unreachable(); +} + +void _start(void) +{ + write(1, "Hello World\n", 12); + exit(0); +} From bb77c68dbd54931b7bb4a3385021f2c43ed61f3e Mon Sep 17 00:00:00 2001 From: Gustavo Romero Date: Wed, 23 Oct 2024 12:34:02 +0100 Subject: [PATCH 14/17] tests/tcg/aarch64: Use raw strings for regexes in test-mte.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use Python's raw string notation instead of string literals for regex so it's not necessary to double backslashes when regex special forms are used. Raw notation is preferred for regex and easier to read. Signed-off-by: Gustavo Romero Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20241015140806.385449-1-gustavo.romero@linaro.org> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-15-alex.bennee@linaro.org> --- tests/tcg/aarch64/gdbstub/test-mte.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/tcg/aarch64/gdbstub/test-mte.py b/tests/tcg/aarch64/gdbstub/test-mte.py index a4cae6caa0..9ad98e7a54 100644 --- a/tests/tcg/aarch64/gdbstub/test-mte.py +++ b/tests/tcg/aarch64/gdbstub/test-mte.py @@ -23,8 +23,8 @@ from sys import argv from test_gdbstub import arg_parser, main, report -PATTERN_0 = "Memory tags for address 0x[0-9a-f]+ match \\(0x[0-9a-f]+\\)." -PATTERN_1 = ".*(0x[0-9a-f]+)" +PATTERN_0 = r"Memory tags for address 0x[0-9a-f]+ match \(0x[0-9a-f]+\)." +PATTERN_1 = r".*(0x[0-9a-f]+)" def run_test(): From 345dedbad2db44af897e838a6505f572b982e52e Mon Sep 17 00:00:00 2001 From: Gustavo Romero Date: Wed, 23 Oct 2024 12:34:03 +0100 Subject: [PATCH 15/17] testing: Enhance gdb probe script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use list and set comprehension to simplify code. Also, gently handle invalid gdb filenames. Signed-off-by: Gustavo Romero Reviewed-by: Pierrick Bouvier Message-Id: <20241015145848.387281-1-gustavo.romero@linaro.org> Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-16-alex.bennee@linaro.org> --- scripts/probe-gdb-support.py | 75 +++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/scripts/probe-gdb-support.py b/scripts/probe-gdb-support.py index 6dc58d06c7..6bcadce150 100644 --- a/scripts/probe-gdb-support.py +++ b/scripts/probe-gdb-support.py @@ -19,58 +19,61 @@ import argparse import re -from subprocess import check_output, STDOUT +from subprocess import check_output, STDOUT, CalledProcessError +import sys -# mappings from gdb arch to QEMU target -mappings = { - "alpha" : "alpha", +# Mappings from gdb arch to QEMU target +MAP = { + "alpha" : ["alpha"], "aarch64" : ["aarch64", "aarch64_be"], - "armv7": "arm", + "armv7": ["arm"], "armv8-a" : ["aarch64", "aarch64_be"], - "avr" : "avr", + "avr" : ["avr"], # no hexagon in upstream gdb - "hppa1.0" : "hppa", - "i386" : "i386", - "i386:x86-64" : "x86_64", - "Loongarch64" : "loongarch64", - "m68k" : "m68k", - "MicroBlaze" : "microblaze", + "hppa1.0" : ["hppa"], + "i386" : ["i386"], + "i386:x86-64" : ["x86_64"], + "Loongarch64" : ["loongarch64"], + "m68k" : ["m68k"], + "MicroBlaze" : ["microblaze"], "mips:isa64" : ["mips64", "mips64el"], - "or1k" : "or1k", - "powerpc:common" : "ppc", + "or1k" : ["or1k"], + "powerpc:common" : ["ppc"], "powerpc:common64" : ["ppc64", "ppc64le"], - "riscv:rv32" : "riscv32", - "riscv:rv64" : "riscv64", - "s390:64-bit" : "s390x", + "riscv:rv32" : ["riscv32"], + "riscv:rv64" : ["riscv64"], + "s390:64-bit" : ["s390x"], "sh4" : ["sh4", "sh4eb"], - "sparc": "sparc", - "sparc:v8plus": "sparc32plus", - "sparc:v9a" : "sparc64", + "sparc": ["sparc"], + "sparc:v8plus": ["sparc32plus"], + "sparc:v9a" : ["sparc64"], # no tricore in upstream gdb "xtensa" : ["xtensa", "xtensaeb"] } + def do_probe(gdb): - gdb_out = check_output([gdb, - "-ex", "set architecture", - "-ex", "quit"], stderr=STDOUT) + try: + gdb_out = check_output([gdb, + "-ex", "set architecture", + "-ex", "quit"], stderr=STDOUT, encoding="utf-8") + except (OSError) as e: + sys.exit(e) + except CalledProcessError as e: + sys.exit(f'{e}. Output:\n\n{e.output}') - m = re.search(r"Valid arguments are (.*)", - gdb_out.decode("utf-8")) + found_gdb_archs = re.search(r'Valid arguments are (.*)', gdb_out) - valid_arches = set() + targets = set() + if found_gdb_archs: + gdb_archs = found_gdb_archs.group(1).split(", ") + mapped_gdb_archs = [arch for arch in gdb_archs if arch in MAP] - if m.group(1): - for arch in m.group(1).split(", "): - if arch in mappings: - mapping = mappings[arch] - if isinstance(mapping, str): - valid_arches.add(mapping) - else: - for entry in mapping: - valid_arches.add(entry) + targets = {target for arch in mapped_gdb_archs for target in MAP[arch]} + + # QEMU targets + return targets - return valid_arches def main() -> None: parser = argparse.ArgumentParser(description='Probe GDB Architectures') From 4603156f77e8aaa29ad9e63be55d726fee5973af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Wed, 23 Oct 2024 12:34:04 +0100 Subject: [PATCH 16/17] MAINTAINERS: mention my plugins/next tree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make it easier to find where plugin patches are being staged. Reviewed-by: Pierrick Bouvier Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-17-alex.bennee@linaro.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 7eea7b7954..5b6c722a20 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3708,6 +3708,7 @@ F: include/tcg/ TCG Plugins M: Alex Bennée +T: git https://gitlab.com/stsquad/qemu plugins/next R: Alexandre Iooss R: Mahmoud Mandour R: Pierrick Bouvier From b56f7dd203c301231d3bb2d071b4e32b345f49d6 Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 23 Oct 2024 12:34:06 +0100 Subject: [PATCH 17/17] plugins: fix qemu_plugin_reset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 34e5e1 refactored the plugin context initialization. After this change, tcg_ctx->plugin_insn is not reset inconditionnally anymore, but only if one plugin at least is active. When uninstalling the last plugin active, we stopped reinitializing tcg_ctx->plugin_insn, which leads to memory callbacks being emitted. This results in an error as they don't appear in a plugin op sequence as expected. The correct fix is to make sure we reset plugin translation variables after current block translation ends. This way, we can catch any potential misuse of those after a given block, in more than fixing the current bug. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2570 Reviewed-by: Richard Henderson Signed-off-by: Pierrick Bouvier Tested-by: Robbin Ehn Message-Id: <20241015003819.984601-1-pierrick.bouvier@linaro.org> [AJB: trim patch version details from commit msg] Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-19-alex.bennee@linaro.org> --- accel/tcg/plugin-gen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c index 2ee4c22bef..0f47bfbb48 100644 --- a/accel/tcg/plugin-gen.c +++ b/accel/tcg/plugin-gen.c @@ -467,4 +467,8 @@ void plugin_gen_tb_end(CPUState *cpu, size_t num_insns) /* inject the instrumentation at the appropriate places */ plugin_gen_inject(ptb); + + /* reset plugin translation state (plugin_tb is reused between blocks) */ + tcg_ctx->plugin_db = NULL; + tcg_ctx->plugin_insn = NULL; }