The 'isapc' machine type has no PCI bus, but pc_nic_init() still
calls pci_init_nic_devices() passing it a NULL bus pointer. This
causes the clang sanitizer to complain:
$ ./build/clang/qemu-system-i386 -M isapc
../../hw/pci/pci.c:1866:39: runtime error: member access within null pointer of type 'PCIBus' (aka 'struct PCIBus')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../hw/pci/pci.c:1866:39 in
This is because pci_init_nic_devices() does
&bus->qbus
which is undefined behaviour on a NULL pointer even though we're not
actually dereferencing the pointer. (We don't actually crash as
a result, so if you aren't running a sanitizer build then there
are no user-visible effects.)
Make pc_nic_init() avoid trying to initialize PCI NICs on a non-PCI
system.
Cc: qemu-stable@nongnu.org
Fixes: 8d39f9ba14 ("hw/i386/pc: use qemu_get_nic_info() and pci_init_nic_devices()")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Link: https://lore.kernel.org/r/20241105171813.3031969-1-peter.maydell@linaro.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Check for overflow as well as allocation failure. Resolves Coverity CID 1564859.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Refresh CI container files with the latest changes from libvirt-ci
* Clean up keyboard code of the next-cube machine to get rid of a legacy API
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmct48QRHHRodXRoQHJl
ZGhhdC5jb20ACgkQLtnXdP5wLbUAzw//fOgAe+rNX10KIEWaHzTlw6EPRUHbKEo+
yvy9mZ4CYiK3PfojuW6u9Mt32RIGFjLRUPC+ljZggjbxY2DUjzAUGx/kSwf0bzwE
8eRKRvd+l3ZFKklwDd7YQh+/O38P/uAq+T0AZQv/9h7rr0wPD6O+sVpKjVN4akuh
66Ekz974bDFaVJi8iIix0WCPCUFMZwWQqxaQrnoBH3wN8Ibc6Ermchs7aa1e6KNh
DoX519JVNofXbugONNnqEjp43tbx/hzPZFyWf9tyX8ehp6+8po0zcZZwqdRkWhuv
BkESKPz8rHuQOGMjm8rAnjmDEsbpJ+vOfn/ShdyAERv78mTNWwSvYVwq5zfpcTCt
9gpCNhhFzFLKlbDeIfgy9ky4R8Gzrww3icLzCsLlat6YCK547YkSr57BsYXJzLX4
/NUYsaJ1RPdutwgNnmSzhBhObtUik3rFYH5aD0ETWZBdVY8ig5OqGpJ29P5zo860
ROVFn4RX/XpmODOpYez4dwKVetR5SLHNG1aqduWKOwhAxPzLxK5OghjYkGf0bsel
gA9t7A1TafgneYxJARKi7esD39xeUzhfzdzCOIOLXJga5kD2/bvZnQ4tkoLPl8QR
iQEp1z758XmSFTYfzGUDA7SgIOzi9JG5dqtzcqJklr9wYurxwMYmqicJqA4ImoQt
fZV/axe8Em0=
=YRCB
-----END PGP SIGNATURE-----
Merge tag 'pull-request-2024-11-08' of https://gitlab.com/thuth/qemu into staging
* Various fixes and improvements for the functional tests
* Refresh CI container files with the latest changes from libvirt-ci
* Clean up keyboard code of the next-cube machine to get rid of a legacy API
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmct48QRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUAzw//fOgAe+rNX10KIEWaHzTlw6EPRUHbKEo+
# yvy9mZ4CYiK3PfojuW6u9Mt32RIGFjLRUPC+ljZggjbxY2DUjzAUGx/kSwf0bzwE
# 8eRKRvd+l3ZFKklwDd7YQh+/O38P/uAq+T0AZQv/9h7rr0wPD6O+sVpKjVN4akuh
# 66Ekz974bDFaVJi8iIix0WCPCUFMZwWQqxaQrnoBH3wN8Ibc6Ermchs7aa1e6KNh
# DoX519JVNofXbugONNnqEjp43tbx/hzPZFyWf9tyX8ehp6+8po0zcZZwqdRkWhuv
# BkESKPz8rHuQOGMjm8rAnjmDEsbpJ+vOfn/ShdyAERv78mTNWwSvYVwq5zfpcTCt
# 9gpCNhhFzFLKlbDeIfgy9ky4R8Gzrww3icLzCsLlat6YCK547YkSr57BsYXJzLX4
# /NUYsaJ1RPdutwgNnmSzhBhObtUik3rFYH5aD0ETWZBdVY8ig5OqGpJ29P5zo860
# ROVFn4RX/XpmODOpYez4dwKVetR5SLHNG1aqduWKOwhAxPzLxK5OghjYkGf0bsel
# gA9t7A1TafgneYxJARKi7esD39xeUzhfzdzCOIOLXJga5kD2/bvZnQ4tkoLPl8QR
# iQEp1z758XmSFTYfzGUDA7SgIOzi9JG5dqtzcqJklr9wYurxwMYmqicJqA4ImoQt
# fZV/axe8Em0=
# =YRCB
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 08 Nov 2024 10:11:16 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2024-11-08' of https://gitlab.com/thuth/qemu:
ui/input-legacy.c: remove unused legacy qemu_add_kbd_event_handler() function
next-kbd: convert to use qemu_input_handler_register()
tests: refresh package lists with latest libvirt-ci
tests/functional: Split the test_aarch64_sbsaref test
tests/functional: Bump timeouts of functional tests
tests/functional: Provide the user with hints where to find more log files
tests/functional: Fix the ppc64_hv and the ppc_40p test for read-only assets
test/functional: Fix Aspeed buildroot tests
tests/functional: Convert the riscv_opensbi avocado test into a standalone test
scripts/checkpatch.pl: Ignore ObjC #import lines for operator spacing
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the next-kbd device from the legacy UI qemu_add_kbd_event_handler()
function to use qemu_input_handler_register().
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20241106120928.242443-2-mark.cave-ayland@ilande.co.uk>
[thuth: Removed the NEXTKBD_NO_KEY definition - replaced by 0 now]
Signed-off-by: Thomas Huth <thuth@redhat.com>
A bad (broken or malicious) 9p client (guest) could cause QEMU host to
crash by sending a 9p 'Treaddir' request with a numeric file ID (FID) that
was previously opened for a file instead of an expected directory:
#0 0x0000762aff8f4919 in __GI___rewinddir (dirp=0xf) at
../sysdeps/unix/sysv/linux/rewinddir.c:29
#1 0x0000557b7625fb40 in do_readdir_many (pdu=0x557bb67d2eb0,
fidp=0x557bb67955b0, entries=0x762afe9fff58, offset=0, maxsize=131072,
dostat=<optimized out>) at ../hw/9pfs/codir.c:101
#2 v9fs_co_readdir_many (pdu=pdu@entry=0x557bb67d2eb0,
fidp=fidp@entry=0x557bb67955b0, entries=entries@entry=0x762afe9fff58,
offset=0, maxsize=131072, dostat=false) at ../hw/9pfs/codir.c:226
#3 0x0000557b7625c1f9 in v9fs_do_readdir (pdu=0x557bb67d2eb0,
fidp=0x557bb67955b0, offset=<optimized out>,
max_count=<optimized out>) at ../hw/9pfs/9p.c:2488
#4 v9fs_readdir (opaque=0x557bb67d2eb0) at ../hw/9pfs/9p.c:2602
That's because V9fsFidOpenState was declared as union type. So the
same memory region is used for either an open POSIX file handle (int),
or a POSIX DIR* pointer, etc., so 9p server incorrectly used the
previously opened (valid) POSIX file handle (0xf) as DIR* pointer,
eventually causing a crash in glibc's rewinddir() function.
Root cause was therefore a missing check in 9p server's 'Treaddir'
request handler, which must ensure that the client supplied FID was
really opened as directory stream before trying to access the
aforementioned union and its DIR* member.
Cc: qemu-stable@nongnu.org
Fixes: d62dbb51f7 ("virtio-9p: Add fidtype so that we can do type ...")
Reported-by: Akihiro Suda <suda.kyoto@gmail.com>
Tested-by: Akihiro Suda <suda.kyoto@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1t8GnN-002RS8-E2@kylie.crudebyte.com>
If a host chooses to use the SQHD "hint" in the CQE to know if there is
room in the submission queue for additional commands, it may result in a
situation where there are not enough internal resources (struct
NvmeRequest) available to process the command. For a lack of a better
term, the host may "over-commit" the device (i.e., it may have more
inflight commands than the queue size).
For example, assume a queue with N entries. The host submits N commands
and all are picked up for processing, advancing the head and emptying
the queue. Regardless of which of these N commands complete first, the
SQHD field of that CQE will indicate to the host that the queue is
empty, which allows the host to issue N commands again. However, if the
device has not posted CQEs for all the previous commands yet, the device
will have less than N resources available to process the commands, so
queue processing is suspended.
And here lies an 11 year latent bug. In the absense of any additional
tail updates on the submission queue, we never schedule the processing
bottom-half again unless we observe a head update on an associated full
completion queue. This has been sufficient to handle N-to-1 SQ/CQ setups
(in the absense of over-commit of course). Incidentially, that "kick all
associated SQs" mechanism can now be killed since we now just schedule
queue processing when we return a processing resource to a non-empty
submission queue, which happens to cover both edge cases. However, we
must retain kicking the CQ if it was previously full.
So, apparently, no previous driver tested with hw/nvme has ever used
SQHD (e.g., neither the Linux NVMe driver or SPDK uses it). But then OSv
shows up with the driver that actually does. I salute you.
Fixes: f3c507adcd ("NVMe: Initial commit for new storage interface")
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2388
Reported-by: Waldemar Kozaczuk <jwkozaczuk@gmail.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Check for overflow to avoid that fseek() receives a sign-extended value.
Cc: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Fix broken SiFive UART on big endian hosts
* Fix IOMMU Coverity issues
* Improve the performance of vector unit-stride/whole register ld/st instructions
* Update kvm exts to Linux v6.11
* Convert the RV32-on-RV64 riscv test
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmcsPXsACgkQr3yVEwxT
gBOMjBAAm91x1C+mMLehRo4ESquziP1fGTPO0EyZmv/16Ze2AuKlfs/zPwbypmMY
VuUAsl2+/+XfiIQ+p7XN6YMrI9ixVluEHu6/o0FXObPyMOBE+5fLF+rqWfqmvbin
ifFmh8U7nkQ6Y9fxa7KOph8G5C+I4nDZRi4D6DS01+gljIBbNwxHz07YwAShoJiF
IlqwaiUmZAzA8thR5+WskpYLNOAdfR/0Z67QRc7xw7y3xcRUCsbwyUKCZMC7lWbJ
yvQeWPaOfFetbu7JFUZMlMwwNF1AGe6rigCaqT6Xjt0uBoeJLyXb6IOEOG8BN5aB
o+EeFK4gvn18qqegY1R7YNwS9p3XVvPnlw7AxF6YfkgOEb0qgAYhWabXG0CGizoH
A9prIg1Vft+qvOkAknq7v2knrv2mZ8VJsH4f+gBkKWWRnwpwE3S+jdhbbbw7af6W
AqkKgf96Klncikf/tYtnwUqG/42/yueUPg4Qfp2hUaxgy3M/ichze3FPF/DatS7B
ti/nlb+rXwheKaHUXFG8HpB7S4VNYToOeX+o79lXuV4XJAOVWEUVkE/LFV0B8hKT
O1NpLiF8Ql5MI0ylnUZ+kd/QFNMROrnzDJClOuNKEgBO+wMwZ+f2AKo/FWsCR9gD
8i07SDj9GE+EmDpHtOgWMzp7KcpdqLNmQMBrezpLex/Z3390sQ4=
=dYLw
-----END PGP SIGNATURE-----
Merge tag 'pull-riscv-to-apply-20241107' of https://github.com/alistair23/qemu into staging
RISC-V PR for 9.2
* Fix broken SiFive UART on big endian hosts
* Fix IOMMU Coverity issues
* Improve the performance of vector unit-stride/whole register ld/st instructions
* Update kvm exts to Linux v6.11
* Convert the RV32-on-RV64 riscv test
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmcsPXsACgkQr3yVEwxT
# gBOMjBAAm91x1C+mMLehRo4ESquziP1fGTPO0EyZmv/16Ze2AuKlfs/zPwbypmMY
# VuUAsl2+/+XfiIQ+p7XN6YMrI9ixVluEHu6/o0FXObPyMOBE+5fLF+rqWfqmvbin
# ifFmh8U7nkQ6Y9fxa7KOph8G5C+I4nDZRi4D6DS01+gljIBbNwxHz07YwAShoJiF
# IlqwaiUmZAzA8thR5+WskpYLNOAdfR/0Z67QRc7xw7y3xcRUCsbwyUKCZMC7lWbJ
# yvQeWPaOfFetbu7JFUZMlMwwNF1AGe6rigCaqT6Xjt0uBoeJLyXb6IOEOG8BN5aB
# o+EeFK4gvn18qqegY1R7YNwS9p3XVvPnlw7AxF6YfkgOEb0qgAYhWabXG0CGizoH
# A9prIg1Vft+qvOkAknq7v2knrv2mZ8VJsH4f+gBkKWWRnwpwE3S+jdhbbbw7af6W
# AqkKgf96Klncikf/tYtnwUqG/42/yueUPg4Qfp2hUaxgy3M/ichze3FPF/DatS7B
# ti/nlb+rXwheKaHUXFG8HpB7S4VNYToOeX+o79lXuV4XJAOVWEUVkE/LFV0B8hKT
# O1NpLiF8Ql5MI0ylnUZ+kd/QFNMROrnzDJClOuNKEgBO+wMwZ+f2AKo/FWsCR9gD
# 8i07SDj9GE+EmDpHtOgWMzp7KcpdqLNmQMBrezpLex/Z3390sQ4=
# =dYLw
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 07 Nov 2024 04:09:31 GMT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20241107' of https://github.com/alistair23/qemu:
tests/functional: Convert the RV32-on-RV64 riscv test
target/riscv/kvm: Update kvm exts to Linux v6.11
target/riscv: Inline unit-stride ld/st and corresponding functions for performance
target/riscv: rvv: Provide group continuous ld/st flow for unit-stride ld/st instructions
target/riscv: rvv: Provide a fast path using direct access to host ram for unit-stride load-only-first load instructions
target/riscv: rvv: Provide a fast path using direct access to host ram for unit-stride whole register load/store
target/riscv: rvv: Provide a fast path using direct access to host ram for unmasked unit-stride load/store
target/riscv: rvv: Replace VSTART_CHECK_EARLY_EXIT in vext_ldst_us
target/riscv: Set vdata.vm field for vector load/store whole register instructions
hw/riscv/riscv-iommu: fix riscv_iommu_validate_process_ctx() check
hw/riscv/riscv-iommu: change 'depth' to int
hw/char/sifive_uart: Fix broken UART on big endian hosts
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
'mode' will never be RISCV_IOMMU_CAP_SV32. We are erroring out in the
'switch' right before it if 'mode' isn't 0, 8, 9 or 10.
'mode' should be check with RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV32.
Reported by Coverity via a "DEADCODE" ticket.
Resolves: Coverity CID 1564781
Fixes: 0c54acb824 ("hw/riscv: add RISC-V IOMMU base emulation")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241104123839.533442-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Coverity reports an unsigned overflow when doing:
for (; depth-- > 0; ) {
When depth = 0 inside riscv_iommu_ctx_fetch().
Building it with a recent GCC the code doesn't actually break with depth
= 0, i.e. the comparison "0-- > 0" will exit the loop instead of
proceeding, but 'depth' will retain the overflow value afterwards.
This behavior can be compiler dependent, so change 'depth' to int to
remove this potential ambiguity.
Resolves: Coverity CID 1564783
Fixes: 0c54acb824 ("hw/riscv: add RISC-V IOMMU base emulation")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241104123839.533442-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Casting a "uint32_t *" to a "uint8_t *" to get to the lowest 8-bit
part of the value does not work on big endian hosts. We've got to
take the proper detour through an 8-bit variable.
Fixes: 53c1557b23 ("hw/char: sifive_uart: Print uart characters async")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241104163504.305955-1-thuth@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* rust: integration tests
* rust/pl011: add support for migration
* rust/pl011: add TYPE_PL011_LUMINARY device
* rust: add support for older compilers and bindgen
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmcrrtIUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIBwf/W0Jo87UauGYufhEmoPvWG1EAQEqP
EzNTzem9Iw92VdiSTkAtED0/TSd8RBJOwDfjjusVXZtuMPwpRNgXaFhYTT5gFTMj
Nk3NZGaX/mbNrtdrukdx9mvUWeovytdZDZccTNkpc3oyiqY9NEz06wZ0tCNJEot6
qO3dEtKXTOQTdx2R3o0oS+2OFDGEEPxZ0PuXN3sClN4iZhGfcIDsjGAWxEh6mCDy
VxqKPdax1Ig1w7M+JMclnpOsVHwcefjHiToNPwhCEGelJ9BZilkViuvBzsVRJJz3
ptYyywBE0FT8MiKQ/wyf7U64qoizJuIgHoQnUGj98hdgvbUUiW5jcBNY3A==
=s591
-----END PGP SIGNATURE-----
Merge tag 'for-upstream-rust' of https://gitlab.com/bonzini/qemu into staging
* rust: cleanups
* rust: integration tests
* rust/pl011: add support for migration
* rust/pl011: add TYPE_PL011_LUMINARY device
* rust: add support for older compilers and bindgen
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmcrrtIUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIBwf/W0Jo87UauGYufhEmoPvWG1EAQEqP
# EzNTzem9Iw92VdiSTkAtED0/TSd8RBJOwDfjjusVXZtuMPwpRNgXaFhYTT5gFTMj
# Nk3NZGaX/mbNrtdrukdx9mvUWeovytdZDZccTNkpc3oyiqY9NEz06wZ0tCNJEot6
# qO3dEtKXTOQTdx2R3o0oS+2OFDGEEPxZ0PuXN3sClN4iZhGfcIDsjGAWxEh6mCDy
# VxqKPdax1Ig1w7M+JMclnpOsVHwcefjHiToNPwhCEGelJ9BZilkViuvBzsVRJJz3
# ptYyywBE0FT8MiKQ/wyf7U64qoizJuIgHoQnUGj98hdgvbUUiW5jcBNY3A==
# =s591
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 06 Nov 2024 18:00:50 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream-rust' of https://gitlab.com/bonzini/qemu: (39 commits)
dockerfiles: install bindgen from cargo on Ubuntu 22.04
rust: make rustfmt optional
rust: allow older version of bindgen
rust: do not use --generate-cstr
rust: allow version 1.63.0 of rustc
rust: clean up detection of the language
rust: do not use MaybeUninit::zeroed()
rust: introduce alternative implementation of offset_of!
rust: create a cargo workspace
rust: synchronize dependencies between subprojects and Cargo.lock
rust: silence unknown warnings for the sake of old compilers
rust: introduce a c_str macro
rust: use std::os::raw instead of core::ffi
rust: fix cfgs of proc-macro2 for 1.63.0
rust: patch bilge-impl to allow compilation with 1.63.0
rust/pl011: Use correct masks for IBRD and FBRD
rust/pl011: remove commented out C code
rust/pl011: add TYPE_PL011_LUMINARY device
rust/pl011: move CLK_NAME static to function scope
rust/pl011: add support for migration
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduced in 0c54acb824, "hw/riscv: add RISC-V IOMMU base emulation".
../hw/riscv/riscv-iommu.c:187:17: error: redefinition of '_pext_u64'
187 | static uint64_t _pext_u64(uint64_t val, uint64_t ext)
| ^
D:/a/_temp/msys64/clang64/lib/clang/18/include/bmi2intrin.h:217:1: note: previous definition is here
217 | _pext_u64(unsigned long long __X, unsigned long long __Y)
| ^
After a conversation on the mailing list, it was decided to rename and
add a comment for this function.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241104222225.1523751-1-pierrick.bouvier@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The naming of the TypeInfo array is inspired by hcd-ohci-sysbus.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-25-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-24-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-22-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-21-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-19-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-18-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-17-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Instead of defining redundant constants and using magic numbers reuse the
existing MII constants.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
cc: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20241103133412.73536-16-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-15-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Prefer a macro rather than a string literal when instantiaging device models.
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-14-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Populate this read-only register with some arbitrary values which avoids
U-Boot's get_clocks() to hang().
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-11-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
When compiling a decompiled device tree blob created with dumpdtb, dtc complains
with:
/soc@e0000000/i2c@3000: incorrect #address-cells for I2C bus
/soc@e0000000/i2c@3000: incorrect #size-cells for I2C bus
Fix this by adding the missing device tree properties.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20241103133412.73536-6-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Currently, we have no way to expose the arch-specific default cache
model because the cache model is sometimes related to the CPU model
(e.g., i386).
Since the user might configure "default" level, any comparison with
"default" is meaningless before the machine knows the specific level
that "default" refers to.
We can only check the correctness of the cache topology after the arch
loads the user-configured cache model from MachineState.smp_cache and
consumes the special "default" level by replacing it with the specific
level.
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-ID: <20241101083331.340178-6-zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add cache_supported flags in SMPCompatProps to allow machines to
configure various caches support.
And check the compatibility of the cache properties with the
machine support in machine_parse_smp_cache().
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Tested-by: Yongwei Ma <yongwei.ma@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-ID: <20241101083331.340178-5-zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The x86 and ARM need to allow user to configure cache properties
(current only topology):
* For x86, the default cache topology model (of max/host CPU) does not
always match the Host's real physical cache topology. Performance can
increase when the configured virtual topology is closer to the
physical topology than a default topology would be.
* For ARM, QEMU can't get the cache topology information from the CPU
registers, then user configuration is necessary. Additionally, the
cache information is also needed for MPAM emulation (for TCG) to
build the right PPTT.
Define smp-cache related enumeration and properties in QAPI, so that
user could configure cache properties for SMP system through -machine in
the subsequent patch.
Cache enumeration (CacheLevelAndType) is implemented as the combination
of cache level (level 1/2/3) and cache type (data/instruction/unified).
Currently, separated L1 cache (L1 data cache and L1 instruction cache)
with unified higher-level cache (e.g., unified L2 and L3 caches), is the
most common cache architectures.
Therefore, enumerate the L1 D-cache, L1 I-cache, L2 cache and L3 cache
with smp-cache object to add the basic cache topology support. Other
kinds of caches (e.g., L1 unified or L2/L3 separated caches) can be
added directly into CacheLevelAndType if necessary.
Cache properties (SmpCacheProperties) currently only contains cache
topology information, and other cache properties can be added in it
if necessary.
Note, define cache topology based on CPU topology level with two
reasons:
1. In practice, a cache will always be bound to the CPU container
(either private in the CPU container or shared among multiple
containers), and CPU container is often expressed in terms of CPU
topology level.
2. The x86's cache-related CPUIDs encode cache topology based on APIC
ID's CPU topology layout. And the ACPI PPTT table that ARM/RISCV
relies on also requires CPU containers to help indicate the private
shared hierarchy of the cache. Therefore, for SMP systems, it is
natural to use the CPU topology hierarchy directly in QEMU to define
the cache topology.
With smp-cache QAPI support, add smp cache topology for machine by
parsing the smp-cache object list.
Also add the helper to access/update cache topology level of machine.
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Tested-by: Yongwei Ma <yongwei.ma@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-ID: <20241101083331.340178-4-zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Cache topology needs to be defined based on CPU topology levels. Thus,
define CPU topology enumeration in qapi/machine.json to make it generic
for all architectures.
To match the general topology naming style, rename CPU_TOPO_LEVEL_* to
CPU_TOPOLOGY_LEVEL_*, and rename SMT and package levels to thread and
socket.
Also, enumerate additional topology levels for non-i386 arches, and add
a CPU_TOPOLOGY_LEVEL_DEFAULT to help future smp-cache object to work
with compatibility requirement of arch-specific cache topology models.
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Tested-by: Yongwei Ma <yongwei.ma@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241101083331.340178-3-zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Include the missing "qemu/units.h" to fix when refactoring code:
../hw/core/machine.c:743:34: error: use of undeclared identifier 'MiB'
743 | mc->default_ram_size = 128 * MiB;
| ^
../hw/core/machine.c:750:44: error: use of undeclared identifier 'TiB'
750 | mc->smbios_memory_device_size = 2047 * TiB;
| ^
and "qemu/error-report.h" to fix:
../hw/core/machine.c:1029:13: error: call to undeclared function 'error_report' [-Wimplicit-function-declaration]
1029 | error_report("NUMA node %" PRIu16 " is missing, use "
| ^
../hw/core/machine.c:1240:9: error: call to undeclared function 'warn_report' [-Wimplicit-function-declaration]
1240 | warn_report("CPU model %s is deprecated -- %s",
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20240930221900.59525-2-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Replace DEFINE_MACHINE() by DEFINE_TYPES(), converting the
class_init() handler.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20241105130431.22564-6-philmd@linaro.org>
The machine datasheet mentions the GPIO device as 'xps_gpio'.
Rename it accordingly to easily find its documentation.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20241105130431.22564-5-philmd@linaro.org>
By default the machine's CPU endianness is 'big' order
('little-endian' property set to %false).
This corresponds to the default when this machine was added;
see commits 6a8b1ae202 "microblaze: Add petalogix s3a1800dsp
MMU linux ref-design." and 72b675caac "microblaze: Hook into
the build-system." which added:
[ "$target_cpu" = "microblaze" ] && target_bigendian=yes
Later commit 877fdc12b1 ("microblaze: Allow targeting
little-endian mb") added little-endian support, forgetting
to set the CPU endianness to little-endian. Not an issue
since this property was never used, but we will use it soon,
so explicit the endianness to get the expected behavior.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20241105130431.22564-4-philmd@linaro.org>
The petalogix-ml605 machine was explicitly added as little-endian only
machine in commit 00914b7d97 ("microblaze: Add PetaLogix ml605 MMU
little-endian ref design"). Mark the big-endian version as deprecated.
When the xlnx-zynqmp-pmu machine's CPU was added in commit 133d23b3ad
("xlnx-zynqmp-pmu: Add the CPU and memory"), its 'endianness' property
was set to %true, thus wired in little endianness.
Both machine are included in the big-endian system binary, while their
CPU is working in little-endian. Unlikely to work as it. Deprecate now
as broken config so we can remove soon.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20241105130431.22564-3-philmd@linaro.org>
Alias the 'endian' property as 'little-endian' because the 'ENDI'
bit is set when the endianness is in little order, and unset in
big order.
Reviewed-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20241105130431.22564-2-philmd@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <3f61b85c-9382-4520-a1ce-5476eb16fb56@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
CXL now can use Generic Port Affinity Structures.
CXL now allows control of link speed and width
vhost-user-blk now supports live resize, by means of
a new device-sync-config command
amd iommu now supports interrupt remapping
pcie devices now report extended tag field support
intel_iommu dropped support for Transient Mapping, to match VTD spec
arch agnostic ACPI infrastructure for vCPU Hotplug
Fixes, cleanups all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmcpNqUPHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRp/2oH/0qO33prhDa48J5mqT9NuJzzYwp5QHKF9Zjv
fDAplMUEmfxZIEgJchcyDWPYTGX2geT4pCFhRWioZMIR/0JyzrFgSwsk1kL88cMh
46gzhNVD6ybyPJ7O0Zq3GLy5jo7rlw/n+fFxKAuRCzcbK/fmH8gNC+RwW1IP64Na
HDczYilHUhnO7yKZFQzQNQVbK4BckrG1bu0Fcx0EMUQBf4V6x7GLOrT+3hkKYcr6
+DG5DmUmv20or/FXnu2Ye+MzR8Ebx6JVK3A3sXEE4Ns2CCzK9QLzeeyc2aU13jWN
OpZ6WcKF8HqYprIwnSsMTxhPcq0/c7TvrGrazVwna5RUBMyjjvc=
=zSX4
-----END PGP SIGNATURE-----
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
virtio,pc,pci: features, fixes, cleanups
CXL now can use Generic Port Affinity Structures.
CXL now allows control of link speed and width
vhost-user-blk now supports live resize, by means of
a new device-sync-config command
amd iommu now supports interrupt remapping
pcie devices now report extended tag field support
intel_iommu dropped support for Transient Mapping, to match VTD spec
arch agnostic ACPI infrastructure for vCPU Hotplug
Fixes, cleanups all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmcpNqUPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp/2oH/0qO33prhDa48J5mqT9NuJzzYwp5QHKF9Zjv
# fDAplMUEmfxZIEgJchcyDWPYTGX2geT4pCFhRWioZMIR/0JyzrFgSwsk1kL88cMh
# 46gzhNVD6ybyPJ7O0Zq3GLy5jo7rlw/n+fFxKAuRCzcbK/fmH8gNC+RwW1IP64Na
# HDczYilHUhnO7yKZFQzQNQVbK4BckrG1bu0Fcx0EMUQBf4V6x7GLOrT+3hkKYcr6
# +DG5DmUmv20or/FXnu2Ye+MzR8Ebx6JVK3A3sXEE4Ns2CCzK9QLzeeyc2aU13jWN
# OpZ6WcKF8HqYprIwnSsMTxhPcq0/c7TvrGrazVwna5RUBMyjjvc=
# =zSX4
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Nov 2024 21:03:33 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (65 commits)
intel_iommu: Add missed reserved bit check for IEC descriptor
intel_iommu: Add missed sanity check for 256-bit invalidation queue
intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL
hw/acpi: Update GED with vCPU Hotplug VMSD for migration
tests/qtest/bios-tables-test: Update DSDT golden masters for x86/{pc,q35}
hw/acpi: Update ACPI `_STA` method with QOM vCPU ACPI Hotplug states
qtest: allow ACPI DSDT Table changes
hw/acpi: Make CPUs ACPI `presence` conditional during vCPU hot-unplug
hw/pci: Add parenthesis to PCI_BUILD_BDF macro
hw/cxl: Ensure there is enough data to read the input header in cmd_get_physical_port_state()
hw/cxl: Ensure there is enough data for the header in cmd_ccls_set_lsa()
hw/cxl: Check that writes do not go beyond end of target attributes
hw/cxl: Ensuring enough data to read parameters in cmd_tunnel_management_cmd()
hw/cxl: Avoid accesses beyond the end of cel_log.
hw/cxl: Check the length of data requested fits in get_log()
hw/cxl: Check enough data in cmd_firmware_update_transfer()
hw/cxl: Check input length is large enough in cmd_events_clear_records()
hw/cxl: Check input includes at least the header in cmd_features_set_feature()
hw/cxl: Check size of input data to dynamic capacity mailbox commands
hw/cxl/cxl-mailbox-util: Fix output buffer index update when retrieving DC extents
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This way both the start and end points of migrating a particular VFIO
device are known.
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
This commit adds a re-implementation of hw/char/pl011.c in Rust.
How to build:
1. Configure a QEMU build with:
--enable-system --target-list=aarch64-softmmu --enable-rust
2. Launching a VM with qemu-system-aarch64 should use the Rust version
of the pl011 device
Co-authored-by: Junjie Mao <junjie.mao@intel.com>
Co-authored-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Link: https://lore.kernel.org/r/20241024-rust-round-2-v1-2-051e7a25b978@linaro.org
Peter Maydell