Branch: refs/heads/staging-8.0
Home: https://github.com/qemu/qemu
Commit: 8ca83e0ed418380b4ab31b2535bb2e9b1acbb41b
https://github.com/qemu/qemu/commit/8ca83e0ed418380b4ab31b2535bb2e9b1acbb41b
Author: Thomas Huth <th...@redhat.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/char/riscv_htif.c
Log Message:
-----------
hw/char/riscv_htif: Fix the console syscall on big endian hosts
Values that have been read via cpu_physical_memory_read() from the
guest's memory have to be swapped in case the host endianess differs
from the guest.
Fixes: a6e13e31d5 ("riscv_htif: Support console output via proxy syscall")
Signed-off-by: Thomas Huth <th...@redhat.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Reviewed-by: Bin Meng <bm...@tinylab.org>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Message-Id: <20230721094720.902454-3-th...@redhat.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 058096f1c55ab688db7e1d6814aaefc1bcd87f7a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: context fix in hw/char/riscv_htif.c for #include; tswap*() is in
cpu-all.h in 8.0)
Commit: ce0f270058f4b72c1583ae73f12ab4b396f8dac1
https://github.com/qemu/qemu/commit/ce0f270058f4b72c1583ae73f12ab4b396f8dac1
Author: Jason Chien <jason.ch...@sifive.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/intc/riscv_aclint.c
Log Message:
-----------
hw/intc: Fix upper/lower mtime write calculation
When writing the upper mtime, we should keep the original lower mtime
whose value is given by cpu_riscv_read_rtc() instead of
cpu_riscv_read_rtc_raw(). The same logic applies to writes to lower mtime.
Signed-off-by: Jason Chien <jason.ch...@sifive.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20230728082502.26439-1-jason.ch...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit e0922b73baf00c4c19d4ad30d09bb94f7ffea0f4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d066c6f98ade50da2984a9fd2745d50dd9556de1
https://github.com/qemu/qemu/commit/d066c6f98ade50da2984a9fd2745d50dd9556de1
Author: Jason Chien <jason.ch...@sifive.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/intc/riscv_aclint.c
Log Message:
-----------
hw/intc: Make rtc variable names consistent
The variables whose values are given by cpu_riscv_read_rtc() should be named
"rtc". The variables whose value are given by cpu_riscv_read_rtc_raw()
should be named "rtc_r".
Signed-off-by: Jason Chien <jason.ch...@sifive.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20230728082502.26439-2-jason.ch...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 9382a9eafccad8dc6a487ea3a8d2bed03dc35db9)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: a98891bcf25ad45860b5ab23a1b82d8712a25989
https://github.com/qemu/qemu/commit/a98891bcf25ad45860b5ab23a1b82d8712a25989
Author: LIU Zhiwei <zhiwei_...@linux.alibaba.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M linux-user/riscv/signal.c
Log Message:
-----------
linux-user/riscv: Use abi type for target_ucontext
We should not use types dependend on host arch for target_ucontext.
This bug is found when run rv32 applications.
Signed-off-by: LIU Zhiwei <zhiwei_...@linux.alibaba.com>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20230811055438.1945-1-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit ae7d4d625cab49657b9fc2be09d895afb9bcdaf0)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 08ba52e88627c824c5ae213f4c2bd574bdafd3da
https://github.com/qemu/qemu/commit/08ba52e88627c824c5ae213f4c2bd574bdafd3da
Author: Conor Dooley <conor.doo...@microchip.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/riscv/virt.c
Log Message:
-----------
hw/riscv: virt: Fix riscv,pmu DT node path
On a dtb dumped from the virt machine, dt-validate complains:
soc: pmu: {'riscv,event-to-mhpmcounters': [[1, 1, 524281], [2, 2, 524284],
[65561, 65561, 524280], [65563, 65563, 524280], [65569, 65569, 524280]],
'compatible': ['riscv,pmu']} should not be valid under {'type': 'object'}
from schema $id: http://devicetree.org/schemas/simple-bus.yaml#
That's pretty cryptic, but running the dtb back through dtc produces
something a lot more reasonable:
Warning (simple_bus_reg): /soc/pmu: missing or empty reg/ranges property
Moving the riscv,pmu node out of the soc bus solves the problem.
Signed-off-by: Conor Dooley <conor.doo...@microchip.com>
Acked-by: Alistair Francis <alistair.fran...@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Message-ID: <20230727-groom-decline-2c57ce42841c@spud>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 9ff31406312500053ecb5f92df01dd9ce52e635d)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 1d596827a866143a4994da50ccf7360bd8bb21e7
https://github.com/qemu/qemu/commit/1d596827a866143a4994da50ccf7360bd8bb21e7
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: fix satp_mode_finalize() when satp_mode.supported = 0
In the same emulated RISC-V host, the 'host' KVM CPU takes 4 times
longer to boot than the 'rv64' KVM CPU.
The reason is an unintended behavior of riscv_cpu_satp_mode_finalize()
when satp_mode.supported = 0, i.e. when cpu_init() does not set
satp_mode_max_supported(). satp_mode_max_from_map(map) does:
31 - __builtin_clz(map)
This means that, if satp_mode.supported = 0, satp_mode_supported_max
wil be '31 - 32'. But this is C, so satp_mode_supported_max will gladly
set it to UINT_MAX (4294967295). After that, if the user didn't set a
satp_mode, set_satp_mode_default_map(cpu) will make
cfg.satp_mode.map = cfg.satp_mode.supported
So satp_mode.map = 0. And then satp_mode_map_max will be set to
satp_mode_max_from_map(cpu->cfg.satp_mode.map), i.e. also UINT_MAX. The
guard "satp_mode_map_max > satp_mode_supported_max" doesn't protect us
here since both are UINT_MAX.
And finally we have 2 loops:
for (int i = satp_mode_map_max - 1; i >= 0; --i) {
Which are, in fact, 2 loops from UINT_MAX -1 to -1. This is where the
extra delay when booting the 'host' CPU is coming from.
Commit 43d1de32f8 already set a precedence for satp_mode.supported = 0
in a different manner. We're doing the same here. If supported == 0,
interpret as 'the CPU wants the OS to handle satp mode alone' and skip
satp_mode_finalize().
We'll also put a guard in satp_mode_max_from_map() to assert out if map
is 0 since the function is not ready to deal with it.
Cc: Alexandre Ghiti <alexgh...@rivosinc.com>
Fixes: 6f23aaeb9b ("riscv: Allow user to set the satp mode")
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Message-ID: <20230817152903.694926-1-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 3a2fc23563885c219c73c8f24318921daf02f3f2)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 8a14c74917a2ff433f6e36f363b46838d3b8f333
https://github.com/qemu/qemu/commit/8a14c74917a2ff433f6e36f363b46838d3b8f333
Author: Leon Schuermann <le...@opentitan.org>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M target/riscv/pmp.c
Log Message:
-----------
target/riscv/pmp.c: respect mseccfg.RLB for pmpaddrX changes
When the rule-lock bypass (RLB) bit is set in the mseccfg CSR, the PMP
configuration lock bits must not apply. While this behavior is
implemented for the pmpcfgX CSRs, this bit is not respected for
changes to the pmpaddrX CSRs. This patch ensures that pmpaddrX CSR
writes work even on locked regions when the global rule-lock bypass is
enabled.
Signed-off-by: Leon Schuermann <le...@opentitan.org>
Reviewed-by: Mayuresh Chitale <mchit...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20230829215046.1430463-1-leon@is.currently.online>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 4e3adce1244e1ca30ec05874c3eca14911dc0825)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b8353ece02e351ea5de59a5eb4b6f158dda36705
https://github.com/qemu/qemu/commit/b8353ece02e351ea5de59a5eb4b6f158dda36705
Author: Stefan Berger <stef...@linux.ibm.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/tpm/tpm_tis_sysbus.c
Log Message:
-----------
hw/tpm: TIS on sysbus: Remove unsupport ppi command line option
The ppi command line option for the TIS device on sysbus never worked
and caused an immediate segfault. Remove support for it since it also
needs support in the firmware and needs testing inside the VM.
Reproducer with the ppi=on option passed:
qemu-system-aarch64 \
-machine virt,gic-version=3 \
-m 4G \
-nographic -no-acpi \
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-device,tpmdev=tpm0,ppi=on
[...]
Segmentation fault (core dumped)
Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
Reviewed-by: Eric Auger <eric.au...@redhat.com>
Message-id: 20230713171955.149236-1-stef...@linux.ibm.com
(cherry picked from commit 4c46fe2ed492f35f411632c8b5a8442f322bc3f0)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: fbaa35165048aa9645cc2e5d61e6fae3dc28368f
https://github.com/qemu/qemu/commit/fbaa35165048aa9645cc2e5d61e6fae3dc28368f
Author: Marc-André Lureau <marcandre.lur...@redhat.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M ui/console.c
Log Message:
-----------
ui: fix crash when there are no active_console
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555888630 in dpy_ui_info_supported (con=0x0) at ../ui/console.c:812
812 return con->hw_ops->ui_info != NULL;
(gdb) bt
#0 0x0000555555888630 in dpy_ui_info_supported (con=0x0) at ../ui/console.c:812
#1 0x00005555558a44b1 in protocol_client_msg (vs=0x5555578c76c0,
data=0x5555581e93f0 <incomplete sequence \373>, len=24) at ../ui/vnc.c:2585
#2 0x00005555558a19ac in vnc_client_read (vs=0x5555578c76c0) at
../ui/vnc.c:1607
#3 0x00005555558a1ac2 in vnc_client_io (ioc=0x5555581eb0e0, condition=G_IO_IN,
opaque=0x5555578c76c0) at ../ui/vnc.c:1635
Fixes:
https://issues.redhat.com/browse/RHEL-2600
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Albert Esteve <aest...@redhat.com>
(cherry picked from commit 48a35e12faf90a896c5aa4755812201e00d60316)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 938813bc390f099f5a28b0de50e9f72fa1eadbe4
https://github.com/qemu/qemu/commit/938813bc390f099f5a28b0de50e9f72fa1eadbe4
Author: Janosch Frank <fran...@linux.ibm.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M hw/s390x/s390-virtio-ccw.c
Log Message:
-----------
s390x/ap: fix missing subsystem reset registration
A subsystem reset contains a reset of AP resources which has been
missing. Adding the AP bridge to the list of device types that need
reset fixes this issue.
Reviewed-by: Jason J. Herne <jjhe...@linux.ibm.com>
Reviewed-by: Tony Krowiak <akrow...@linux.ibm.com>
Signed-off-by: Janosch Frank <fran...@linux.ibm.com>
Fixes: a51b3153 ("s390x/ap: base Adjunct Processor (AP) object model")
Message-ID: <20230823142219.1046522-2-sei...@linux.ibm.com>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit 297ec01f0b9864ea8209ca0ddc6643b4c0574bdb)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: cd666e49210dcf6e80bd385176929c5d0600591d
https://github.com/qemu/qemu/commit/cd666e49210dcf6e80bd385176929c5d0600591d
Author: Marc-André Lureau <marcandre.lur...@redhat.com>
Date: 2023-09-20 (Wed, 20 Sep 2023)
Changed paths:
M backends/tpm/tpm_util.c
Log Message:
-----------
tpm: fix crash when FD >= 1024 and unnecessary errors due to EINTR
Replace select() with poll() to fix a crash when QEMU has a large number
of FDs. Also use RETRY_ON_EINTR to avoid unnecessary errors due to EINTR.
Cc: qemu-sta...@nongnu.org
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2020133
Fixes: 56a3c24ffc ("tpm: Probe for connected TPM 1.2 or TPM 2")
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
(cherry picked from commit 8e32ddff69b6b4547cc00592ad816484e160817a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/678c8fe4ae0a...cd666e49210d
