[Qemu-commits] [qemu/qemu] 9a7096: softmmu/physmem.c: Keep transaction attribute in a...

[Alexander Bulekov via Qemu-commits]

  Branch: refs/heads/staging-8.2
  Home:   https://github.com/qemu/qemu
  Commit: 9a709679c3718e37d49bef6e87fcf96b69b207e3
      
https://github.com/qemu/qemu/commit/9a709679c3718e37d49bef6e87fcf96b69b207e3
  Author: Fea.Wang <fea.w...@sifive.com>
  Date:   2024-09-19 (Thu, 19 Sep 2024)

  Changed paths:
    M system/physmem.c

  Log Message:
  -----------
  softmmu/physmem.c: Keep transaction attribute in address_space_map()

The follow-up transactions may use the data in the attribution, so keep
the value of attribution from the function parameter just as
flatview_translate() above.

Signed-off-by: Fea.Wang <fea.w...@sifive.com>
Cc: qemu-sta...@nongnu.org
Fixes: f26404fbee ("Make address_space_map() take a MemTxAttrs argument")
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Link: https://lore.kernel.org/r/20240912070404.2993976-2-fea.w...@sifive.com
Signed-off-by: Peter Xu <pet...@redhat.com>
(cherry picked from commit d8d5ca40048b04750de5a0ae0b2b9f153a391951)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: context fix due to lack of
 v9.1.0-134-g637b0aa13956 "softmmu: Support concurrent bounce buffers"
 v9.0.0-564-g69e78f1b3484 "system/physmem: Per-AddressSpace bounce buffering")


  Commit: f699c0267ba6aa10f8b32c734bdd61969c94c82d
      
https://github.com/qemu/qemu/commit/f699c0267ba6aa10f8b32c734bdd61969c94c82d
  Author: Peter Maydell <peter.mayd...@linaro.org>
  Date:   2024-09-20 (Fri, 20 Sep 2024)

  Changed paths:
    M target/arm/tcg/cpu64.c

  Log Message:
  -----------
  target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1

The Neoverse-V1 TRM is a bit confused about the layout of the
ID_AA64ISAR1_EL1 register, and so its table 3-6 has the wrong value
for this ID register.  Trust instead section 3.2.74's list of which
fields are set.

This means that we stop incorrectly reporting FEAT_XS as present, and
now report the presence of FEAT_BF16.

Cc: qemu-sta...@nongnu.org
Reported-by: Marcin Juszkiewicz <marcin.juszkiew...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-id: 20240917161337.3012188-1-peter.mayd...@linaro.org
(cherry picked from commit 8676007eff04bb4e454bcdf92fab3f855bcc59b3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 79f839d5b918c4168545f19247972164ee223d6d
      
https://github.com/qemu/qemu/commit/79f839d5b918c4168545f19247972164ee223d6d
  Author: TANG Tiancheng <tangtiancheng....@alibaba-inc.com>
  Date:   2024-09-28 (Sat, 28 Sep 2024)

  Changed paths:
    M tcg/tcg-op-gvec.c

  Log Message:
  -----------
  tcg: Fix iteration step in 32-bit gvec operation

The loop in the 32-bit case of the vector compare operation
was incorrectly incrementing by 8 bytes per iteration instead
of 4 bytes. This caused the function to process only half of
the intended elements.

Cc: qemu-sta...@nongnu.org
Fixes: 9622c697d1 (tcg: Add gvec compare with immediate and scalar operand)
Signed-off-by: TANG Tiancheng <tangtiancheng....@alibaba-inc.com>
Reviewed-by: Liu Zhiwei <zhiwei_...@linux.alibaba.com>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20240904142739.854-2-zhiwei_...@linux.alibaba.com>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 9d8d5a5b9078a16b4c0862fe54248c5cc8435648)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 40a3cb921391a1a2cf0405354e6fafbe42c47577
      
https://github.com/qemu/qemu/commit/40a3cb921391a1a2cf0405354e6fafbe42c47577
  Author: Fabiano Rosas <faro...@suse.de>
  Date:   2024-09-28 (Sat, 28 Sep 2024)

  Changed paths:
    M target/ppc/translate/vsx-impl.c.inc

  Log Message:
  -----------
  target/ppc: Fix lxvx/stxvx facility check

The XT check for the lxvx/stxvx instructions is currently
inverted. This was introduced during the move to decodetree.

>From the ISA:
  Chapter 7. Vector-Scalar Extension Facility
  Load VSX Vector Indexed X-form

  lxvx XT,RA,RB
  if TX=0 & MSR.VSX=0 then VSX_Unavailable()
  if TX=1 & MSR.VEC=0 then Vector_Unavailable()
  ...
  Let XT be the value 32×TX + T.

The code currently does the opposite:

    if (paired || a->rt >= 32) {
        REQUIRE_VSX(ctx);
    } else {
        REQUIRE_VECTOR(ctx);
    }

This was already fixed for lxv/stxv at commit "2cc0e449d1 (target/ppc:
Fix lxv/stxv MSR facility check)", but the indexed forms were missed.

Cc: qemu-sta...@nongnu.org
Fixes: 70426b5bb7 ("target/ppc: moved stxvx and lxvx from legacy to decodtree")
Signed-off-by: Fabiano Rosas <faro...@suse.de>
Reviewed-by: Claudio Fontana <cfont...@suse.de>
Acked-by: Ilya Leoshkevich <i...@linux.ibm.com>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Message-ID: <20240911141651.6914-1-faro...@suse.de>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 8bded2e73e80823a67f730140788a3c5e60bf4b5)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 37bac4b8e6be5f2e4b3636feb226fde4b1cc57de
      
https://github.com/qemu/qemu/commit/37bac4b8e6be5f2e4b3636feb226fde4b1cc57de
  Author: Fiona Ebner <f.eb...@proxmox.com>
  Date:   2024-10-01 (Tue, 01 Oct 2024)

  Changed paths:
    M block/copy-before-write.c
    M block/reqlist.c

  Log Message:
  -----------
  block/reqlist: allow adding overlapping requests

Allow overlapping request by removing the assert that made it
impossible. There are only two callers:

1. block_copy_task_create()

It already asserts the very same condition before calling
reqlist_init_req().

2. cbw_snapshot_read_lock()

There is no need to have read requests be non-overlapping in
copy-before-write when used for snapshot-access. In fact, there was no
protection against two callers of cbw_snapshot_read_lock() calling
reqlist_init_req() with overlapping ranges and this could lead to an
assertion failure [1].

In particular, with the reproducer script below [0], two
cbw_co_snapshot_block_status() callers could race, with the second
calling reqlist_init_req() before the first one finishes and removes
its conflicting request.

[0]:

> #!/bin/bash -e
> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024
> ./qemu-img create /tmp/fleecing.raw -f raw 1G
> (
> ./qemu-system-x86_64 --qmp stdio \
> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \
> --blockdev 
> raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \
> <<EOF
> {"execute": "qmp_capabilities"}
> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", 
> "file": "node0", "target": "node1", "node-name": "node3" } }
> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", 
> "file": "node3", "node-name": "snap0" } }
> {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix", 
> "data": { "path": "/tmp/nbd.socket" } } } }
> {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name": 
> "snap0", "type": "nbd", "name": "exp0"}}
> EOF
> ) &
> sleep 5
> while true; do
> ./qemu-nbd -d /dev/nbd0
> ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r
> nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket'
> done

[1]:

> #5  0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101
> #6  0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23
> #7  0x00006152853e2d98 in cbw_snapshot_read_lock (...) at 
> ../block/copy-before-write.c:237
> #8  0x00006152853e3068 in cbw_co_snapshot_block_status (...) at 
> ../block/copy-before-write.c:304
> #9  0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at 
> ../block/io.c:3726
> #10 0x000061528543a63e in snapshot_access_co_block_status (...) at 
> ../block/snapshot-access.c:48
> #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474
> #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at 
> ../block/io.c:2652
> #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at 
> ../block/io.c:2732
> #14 0x00006152853d9a86 in blk_co_block_status_above (...) at 
> ../block/block-backend.c:1473
> #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374
> #16 0x000061528538deb1 in nbd_co_send_block_status (...) at 
> ../nbd/server.c:2481
> #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978
> #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121
> #19 0x00006152855a7caf in coroutine_trampoline (...) at 
> ../util/coroutine-ucontext.c:175

Cc: qemu-sta...@nongnu.org
Suggested-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
Signed-off-by: Fiona Ebner <f.eb...@proxmox.com>
Message-Id: <20240712140716.517911-1-f.eb...@proxmox.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
(cherry picked from commit 6475155d519209c80fdda53e05130365aa769838)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: de4918b4f596210180145b903d1c383709bed14e
      
https://github.com/qemu/qemu/commit/de4918b4f596210180145b903d1c383709bed14e
  Author: Ard Biesheuvel <a...@kernel.org>
  Date:   2024-10-02 (Wed, 02 Oct 2024)

  Changed paths:
    M target/arm/internals.h
    M target/arm/ptw.c

  Log Message:
  -----------
  target/arm: Avoid target_ulong for physical address lookups

target_ulong is typedef'ed as a 32-bit integer when building the
qemu-system-arm target, and this is smaller than the size of an
intermediate physical address when LPAE is being used.

Given that Linux may place leaf level user page tables in high memory
when built for LPAE, the kernel will crash with an external abort as
soon as it enters user space when running with more than ~3 GiB of
system RAM.

So replace target_ulong with vaddr in places where it may carry an
address value that is not representable in 32 bits.

Fixes: f3639a64f602ea ("target/arm: Use softmmu tlbs for page table walking")
Cc: qemu-sta...@nongnu.org
Reported-by: Arnd Bergmann <a...@arndb.de>
Tested-by: Arnd Bergmann <a...@arndb.de>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Ard Biesheuvel <a...@kernel.org>
Message-id: 20240927071051.1444768-1-ardb+...@google.com
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 67d762e716a7127ecc114e9708254316dd521911)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: f1e70d3de0a0d98556c02255ee060eb7beb3fb28
      
https://github.com/qemu/qemu/commit/f1e70d3de0a0d98556c02255ee060eb7beb3fb28
  Author: Alexander Bulekov <alx...@bu.edu>
  Date:   2024-10-02 (Wed, 02 Oct 2024)

  Changed paths:
    M scripts/oss-fuzz/build.sh

  Log Message:
  -----------
  fuzz: disable leak-detection for oss-fuzz builds

When we are building for OSS-Fuzz, we want to ensure that the fuzzer
targets are actually created, regardless of leaks. Leaks will be
detected by the subsequent tests of the individual fuzz-targets.

Signed-off-by: Alexander Bulekov <alx...@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20240527150001.325565-1-alx...@bu.edu>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit 3e964275d65b92075249201c49b39dfb06d08ad4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/317c999868df...f1e70d3de0a0

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications