Re: [PATCH 2/2] hw/arm/aspeed: add Bletchley machine type

2022-03-04 Thread Cédric Le Goater 

On 3/5/22 01:06, Patrick Williams wrote:

Add the 'bletchley-bmc' machine type based on the kernel DTS[1] and
hardware schematics available to me.  The i2c model is as complete as
the current QEMU models support, but in some cases I substituted devices
that are close enough for present functionality.  Strap registers are
kept the same as the AST2600-EVB until I'm able to confirm correct
values with physical hardware.

This has been tested with an openbmc image built from [2] plus a kernel
patch[3] for the SPI flash module.

1. 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/boot/dts/aspeed-bmc-facebook-bletchley.dts?id=a8c729e966c4e9d033242d948b0e53c2a62d32e2
2. 
https://github.com/openbmc/openbmc/commit/b9432b980d7f63f7512ffbcc7124386ba896dfc6
3. 
https://github.com/openbmc/linux/commit/25b566b9a9d7f5d4f10c1b7304007bdb286eefd7

Signed-off-by: Patrick Williams 
---
  hw/arm/aspeed.c | 77 +
  1 file changed, 77 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 617a1ecbdc..3dc2ede823 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -167,6 +167,11 @@ struct AspeedMachineState {
  #define FUJI_BMC_HW_STRAP10x
  #define FUJI_BMC_HW_STRAP20x
  
+/* Bletchley hardware value */

+/* TODO: Leave same as EVB for now. */
+#define BLETCHLEY_BMC_HW_STRAP1 AST2600_EVB_HW_STRAP1
+#define BLETCHLEY_BMC_HW_STRAP2 AST2600_EVB_HW_STRAP2
+
  /*
   * The max ram region is for firmwares that scan the address space
   * with load/store to guess how much RAM the SoC has.
@@ -901,6 +906,54 @@ static void fuji_bmc_i2c_init(AspeedMachineState *bmc)
  }
  }
  
+#define TYPE_TMP421 "tmp421"

+
+static void bletchley_bmc_i2c_init(AspeedMachineState *bmc)
+{
+AspeedSoCState *soc = >soc;
+I2CBus *i2c[13] = {};
+for (int i = 0; i < 13; i++) {
+if ((i == 8) || (i == 11)) {
+continue;
+}
+i2c[i] = aspeed_i2c_get_bus(>i2c, i);
+}
+
+/* Bus 0 - 5 all have the same config. */
+for (int i = 0; i < 6; i++) {
+/* Missing model: ti,ina230 @ 0x45 */
+/* Missing model: mps,mp5023 @ 0x40 */
+i2c_slave_create_simple(i2c[i], TYPE_TMP421, 0x4f);
+/* Missing model: nxp,pca9539 @ 0x76, but PCA9552 works enough */
+i2c_slave_create_simple(i2c[i], TYPE_PCA9552, 0x76);
+i2c_slave_create_simple(i2c[i], TYPE_PCA9552, 0x67);
+/* Missing model: fsc,fusb302 @ 0x22 */
+}
+
+/* Bus 6 */
+at24c_eeprom_init(i2c[6], 0x56, 65536);
+/* Missing model: nxp,pcf85263 @ 0x51 , but ds1338 works enough */
+i2c_slave_create_simple(i2c[6], "ds1338", 0x51);
+
+
+/* Bus 7 */
+at24c_eeprom_init(i2c[7], 0x54, 65536);
+
+/* Bus 9 */
+i2c_slave_create_simple(i2c[9], TYPE_TMP421, 0x4f);
+
+/* Bus 10 */
+i2c_slave_create_simple(i2c[10], TYPE_TMP421, 0x4f);
+/* Missing model: ti,hdc1080 @ 0x40 */
+i2c_slave_create_simple(i2c[10], TYPE_PCA9552, 0x67);
+
+/* Bus 12 */
+/* Missing model: adi,adm1278 @ 0x11 */
+i2c_slave_create_simple(i2c[12], TYPE_TMP421, 0x4c);
+i2c_slave_create_simple(i2c[12], TYPE_TMP421, 0x4d);
+i2c_slave_create_simple(i2c[12], TYPE_PCA9552, 0x67);
+}
+
  static bool aspeed_get_mmio_exec(Object *obj, Error **errp)
  {
  return ASPEED_MACHINE(obj)->mmio_exec;
@@ -1224,6 +1277,26 @@ static void aspeed_machine_fuji_class_init(ObjectClass 
*oc, void *data)
  aspeed_soc_num_cpus(amc->soc_name);
  };
  
+

+static void aspeed_machine_bletchley_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
+
+mc->desc   = "Facebook Bletchley BMC (Cortex-A7)";
+amc->soc_name  = "ast2600-a3";
+amc->hw_strap1 = BLETCHLEY_BMC_HW_STRAP1;
+amc->hw_strap2 = BLETCHLEY_BMC_HW_STRAP2;
+amc->fmc_model = "w25q01jvq";


So we need this patch :

http://patchwork.ozlabs.org/project/qemu-devel/patch/20220304180920.1780992-1-patr...@stwcx.xyz/

May be I can take it through my queue.


+amc->spi_model = NULL;
+amc->num_cs= 1;


There are two flash devices on the FMC. I can fix it inline since
it is the only change I would request.

Reviewed-by: Cédric Le Goater 

Thanks,

C.


+amc->macs_mask = ASPEED_MAC2_ON;
+amc->i2c_init  = bletchley_bmc_i2c_init;
+mc->default_ram_size = 512 * MiB;
+mc->default_cpus = mc->min_cpus = mc->max_cpus =
+aspeed_soc_num_cpus(amc->soc_name);
+}
+
  static const TypeInfo aspeed_machine_types[] = {
  {
  .name  = MACHINE_TYPE_NAME("palmetto-bmc"),
@@ -1277,6 +1350,10 @@ static const TypeInfo aspeed_machine_types[] = {
  .name  = MACHINE_TYPE_NAME("fuji-bmc"),
  .parent= TYPE_ASPEED_MACHINE,
  .class_init= aspeed_machine_fuji_class_init,
+}, {
+.name  = MACHINE_TYPE_NAME("bletchley-bmc"),
+.parent=

Re: [PATCH 1/2] hw/arm/aspeed: allow missing spi_model

2022-03-04 Thread Cédric Le Goater 

On 3/5/22 01:06, Patrick Williams wrote:

Generally all BMCs will use the fmc_model to hold their own flash
and most will have a spi_model to hold the managed system's flash,
but not all systems do.  Add a simple NULL check to allow a system
to set the spi_model as NULL to indicate it should not be instantiated.



OK. Let's do it that way for now but we need to rework 'num_cs' in the
Aspeed SMC model and the Aspeed machines. We started with a simple
requirement (1 FMC and 1 SPI) but since, things have become more complex.

1. we should get rid of AspeedSMCState::num_cs and simply use
   AspeedSMCState::max_peripherals in the SMC model. There is no need to
   restrict the number devices of the controller to match the board layout.

2. aspeed_board_init_flashes() needs a better interface. May be, something
   like :

   static void aspeed_board_init_flashes(AspeedSMCState *s,
 const char **flashtype, int count,
 int unit0)

and change ->fmc_model and ->spi_model to be arrays. Ideas welcome.

Anyhow,

Reviewed-by: Cédric Le Goater 

Thanks,

C.


Signed-off-by: Patrick Williams 
---
  hw/arm/aspeed.c | 6 +-
  1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 11558b327b..617a1ecbdc 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -276,7 +276,11 @@ static void aspeed_board_init_flashes(AspeedSMCState *s,
const char *flashtype,
int unit0)
  {
-int i ;
+int i;
+
+if (!flashtype) {
+return;
+}
  
  for (i = 0; i < s->num_cs; ++i) {

  DriveInfo *dinfo = drive_get(IF_MTD, 0, unit0 + i);

RE: [PATCH v2 06/10] vdpa-dev: implement the unrealize interface

2022-03-04 Thread longpeng2--- via 



> -Original Message-
> From: Stefano Garzarella [mailto:sgarz...@redhat.com]
> Sent: Wednesday, January 19, 2022 7:36 PM
> To: Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
> 
> Cc: stefa...@redhat.com; m...@redhat.com; coh...@redhat.com;
> pbonz...@redhat.com; Gonglei (Arei) ; Yechuan
> ; Huangzhichao ;
> qemu-devel@nongnu.org
> Subject: Re: [PATCH v2 06/10] vdpa-dev: implement the unrealize interface
> 
> On Mon, Jan 17, 2022 at 08:43:27PM +0800, Longpeng(Mike) via wrote:
> >From: Longpeng 
> >
> >Implements the .unrealize interface.
> >
> >Signed-off-by: Longpeng 
> >---
> > hw/virtio/vdpa-dev.c | 24 +++-
> > 1 file changed, 23 insertions(+), 1 deletion(-)
> >
> >diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c
> >index bd28cf7a15..e5691d02bb 100644
> >--- a/hw/virtio/vdpa-dev.c
> >+++ b/hw/virtio/vdpa-dev.c
> >@@ -132,9 +132,31 @@ out:
> > s->vdpa_dev_fd = -1;
> > }
> >
> >+static void vhost_vdpa_vdev_unrealize(VhostVdpaDevice *s)
> >+{
> >+VirtIODevice *vdev = VIRTIO_DEVICE(s);
> >+int i;
> >+
> >+for (i = 0; i < s->num_queues; i++) {
> >+virtio_delete_queue(s->virtqs[i]);
> >+}
> >+g_free(s->virtqs);
> >+virtio_cleanup(vdev);
> >+
> >+g_free(s->config);
> 
> Is there a particular reason for these steps in a separate function?
> 
> >+}
> >+
> > static void vhost_vdpa_device_unrealize(DeviceState *dev)
> > {
> >-return;
> >+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
> >+VhostVdpaDevice *s = VHOST_VDPA_DEVICE(vdev);
> >+
> >+virtio_set_status(vdev, 0);
> >+vhost_vdpa_vdev_unrealize(s);
> >+g_free(s->dev.vqs);
> >+vhost_dev_cleanup(>dev);
> >+qemu_close(s->vdpa_dev_fd);
> >+s->vdpa_dev_fd = -1;
> > }
> 
> Maybe we can have all steps (in the reverse order of
> vhost_vdpa_device_realize) in vhost_vdpa_device_unrealize().
> 

Make sense. Will do.

> Stefano

RE: [PATCH v2 05/10] vdpa-dev: implement the realize interface

2022-03-04 Thread longpeng2--- via 



> -Original Message-
> From: Stefano Garzarella [mailto:sgarz...@redhat.com]
> Sent: Wednesday, January 19, 2022 7:31 PM
> To: Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
> 
> Cc: stefa...@redhat.com; m...@redhat.com; coh...@redhat.com;
> pbonz...@redhat.com; Gonglei (Arei) ; Yechuan
> ; Huangzhichao ;
> qemu-devel@nongnu.org
> Subject: Re: [PATCH v2 05/10] vdpa-dev: implement the realize interface
> 
> On Mon, Jan 17, 2022 at 08:43:26PM +0800, Longpeng(Mike) via wrote:
> >From: Longpeng 
> >
> >Implements the .realize interface.
> >
> >Signed-off-by: Longpeng 
> >---
> > hw/virtio/vdpa-dev.c | 101 +++
> > include/hw/virtio/vdpa-dev.h |   8 +++
> > 2 files changed, 109 insertions(+)
> >
> >diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c
> >index b103768f33..bd28cf7a15 100644
> >--- a/hw/virtio/vdpa-dev.c
> >+++ b/hw/virtio/vdpa-dev.c
> >@@ -27,9 +27,109 @@ uint32_t vhost_vdpa_device_get_u32(int fd, unsigned long
> int cmd, Error **errp)
> > return val;
> > }
> >
> >+static void
> >+vhost_vdpa_device_dummy_handle_output(VirtIODevice *vdev, VirtQueue *vq)
> >+{
> >+/* Nothing to do */
> >+}
> >+
> > static void vhost_vdpa_device_realize(DeviceState *dev, Error **errp)
> > {
> >+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
> >+VhostVdpaDevice *s = VHOST_VDPA_DEVICE(vdev);
> >+uint32_t vdev_id, max_queue_size;
> >+struct vhost_virtqueue *vqs;
> >+int i, ret;
> >+
> >+if (s->vdpa_dev_fd == -1) {
> >+s->vdpa_dev_fd = qemu_open(s->vdpa_dev, O_RDWR, errp);
> 
> So, here we are re-opening the `vdpa_dev` again (without checking if it
> is NULL).
> 
> And we re-do the same ioctls already done in
> vhost_vdpa_device_pci_realize(), so I think we should do them in a
> single place, and that place should be here.
> 
> So, what about doing all the ioctls here, setting appropriate fields in
> VhostVdpaDevice, then using that fields in
> vhost_vdpa_device_pci_realize() after qdev_realize() to set
> `class_code`, `trans_devid`, and `nvectors`?
> 

vhost_vdpa_device_pci_realize()
  qdev_realize()
virtio_device_realize()
  vhost_vdpa_device_realize()
  virtio_bus_device_plugged()
virtio_pci_device_plugged()

These three fields would be used in virtio_pci_device_plugged(), so it's too 
late to set them after qdev_realize().  And they belong to VirtIOPCIProxy, so 
we cannot set them in vhost_vdpa_device_realize() which is transport layer 
independent.

> >+if (*errp) {
> >+return;
> >+}
> >+}
> >+s->vdpa.device_fd = s->vdpa_dev_fd;
> >+
> >+max_queue_size = vhost_vdpa_device_get_u32(s->vdpa_dev_fd,
> >+   VHOST_VDPA_GET_VRING_NUM, 
> >errp);
> >+if (*errp) {
> >+goto out;
> >+}
> >+
> >+if (s->queue_size > max_queue_size) {
> >+error_setg(errp, "vhost-vdpa-device: invalid queue_size: %d
> (max:%d)",
> >+   s->queue_size, max_queue_size);
> >+goto out;
> >+} else if (!s->queue_size) {
> >+s->queue_size = max_queue_size;
> >+}
> >+
> >+s->num_queues = vhost_vdpa_device_get_u32(s->vdpa_dev_fd,
> >+  VHOST_VDPA_GET_VQS_NUM, errp);
>  ^
> VHOST_VDPA_GET_VQS_COUNT
> 

OK, thanks :)

> >+if (*errp) {
> >+goto out;
> >+}
> >+
> >+if (!s->num_queues || s->num_queues > VIRTIO_QUEUE_MAX) {
> >+error_setg(errp, "invalid number of virtqueues: %u (max:%u)",
> >+   s->num_queues, VIRTIO_QUEUE_MAX);
> >+goto out;
> >+}
> >+
> >+s->dev.nvqs = s->num_queues;
> >+vqs = g_new0(struct vhost_virtqueue, s->dev.nvqs);
> >+s->dev.vqs = vqs;
> >+s->dev.vq_index = 0;
> >+s->dev.vq_index_end = s->dev.nvqs;
> >+s->dev.backend_features = 0;
> >+s->started = false;
> >+
> >+ret = vhost_dev_init(>dev, >vdpa, VHOST_BACKEND_TYPE_VDPA, 0,
> NULL);
> >+if (ret < 0) {
> >+error_setg(errp, "vhost-vdpa-device: vhost initialization
> failed: %s",
> >+   strerror(-ret));
> >+goto free_vqs;
> >+}
> >+
> >+vdev_id = vhost_vdpa_device_get_u32(s->vdpa_dev_fd,
> >+VHOST_VDPA_GET_DEVICE_ID, errp);
> >+if (ret < 0) {
> >+error_setg(errp, "vhost-vdpa-device: vhost get device id failed: 
> >%s",
> >+   strerror(-ret));
> >+goto vhost_cleanup;
> >+}
> >+
> >+s->config_size = vhost_vdpa_device_get_u32(s->vdpa_dev_fd,
> >+   VHOST_VDPA_GET_CONFIG_SIZE,
> errp);
> >+if (*errp) {
> >+goto vhost_cleanup;
> >+}
> >+s->config = g_malloc0(s->config_size);
> >+
> >+ret = vhost_dev_get_config(>dev, s->config, s->config_size, NULL);
> >+if (ret < 0) {
> >+error_setg(errp, "vhost-vdpa-device: get config failed");
> >+

Re: [PATCH 1/7] target/ppc: Fix vmul[eo]* instructions marked 2.07

2022-03-04 Thread Cédric Le Goater 

On 3/4/22 18:51, matheus.fe...@eldorado.org.br wrote:

From: "Lucas Mateus Castro (alqotel)" 

Some ISA v2.03 Vector Multiply instructions marked to be ISA v2.07 only.
This patch fixes it.


and MacOSX 10 is also fixed.

There are of lot invalid writes when openbios is loaded :

  ...
  Invalid write at addr 0xB70A8, size 4, region 'ppc_core99.bios', reason: 
rejected
  Invalid write at addr 0xB70AC, size 4, region 'ppc_core99.bios', reason: 
rejected
  Invalid write at addr 0xB70B0, size 4, region 'ppc_core99.bios', reason: 
rejected
  Invalid write at addr 0xB70B4, size 4, region 'ppc_core99.bios', reason: 
rejected
  ...

Mark,

shouldn't we model the FW region with RAM instead ?

@@ -162,7 +162,7 @@ static void ppc_core99_init(MachineState
 memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
 /* allocate and load firmware ROM */

-memory_region_init_rom(bios, NULL, "ppc_core99.bios", PROM_SIZE,
+memory_region_init_ram(bios, NULL, "ppc_core99.bios", PROM_SIZE,
_fatal);
 memory_region_add_subregion(get_system_memory(), PROM_BASE, bios);
 


Thanks,

C.




Fixes: 80eca687c851 ("target/ppc: moved vector even and odd multiplication to 
decodetree")
Reported-by: Howard Spoelstra 
Suggested-by: Fabiano Rosas 
Signed-off-by: Lucas Mateus Castro (alqotel) 
Signed-off-by: Matheus Ferst 
---
  target/ppc/translate/vmx-impl.c.inc | 16 
  1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/target/ppc/translate/vmx-impl.c.inc 
b/target/ppc/translate/vmx-impl.c.inc
index f91bee839d..c5d02d13fe 100644
--- a/target/ppc/translate/vmx-impl.c.inc
+++ b/target/ppc/translate/vmx-impl.c.inc
@@ -3141,14 +3141,14 @@ static bool trans_VMULLD(DisasContext *ctx, arg_VX *a)
  return true;
  }
  
-TRANS_FLAGS2(ALTIVEC_207, VMULESB, do_vx_helper, gen_helper_VMULESB)

-TRANS_FLAGS2(ALTIVEC_207, VMULOSB, do_vx_helper, gen_helper_VMULOSB)
-TRANS_FLAGS2(ALTIVEC_207, VMULEUB, do_vx_helper, gen_helper_VMULEUB)
-TRANS_FLAGS2(ALTIVEC_207, VMULOUB, do_vx_helper, gen_helper_VMULOUB)
-TRANS_FLAGS2(ALTIVEC_207, VMULESH, do_vx_helper, gen_helper_VMULESH)
-TRANS_FLAGS2(ALTIVEC_207, VMULOSH, do_vx_helper, gen_helper_VMULOSH)
-TRANS_FLAGS2(ALTIVEC_207, VMULEUH, do_vx_helper, gen_helper_VMULEUH)
-TRANS_FLAGS2(ALTIVEC_207, VMULOUH, do_vx_helper, gen_helper_VMULOUH)
+TRANS_FLAGS(ALTIVEC, VMULESB, do_vx_helper, gen_helper_VMULESB)
+TRANS_FLAGS(ALTIVEC, VMULOSB, do_vx_helper, gen_helper_VMULOSB)
+TRANS_FLAGS(ALTIVEC, VMULEUB, do_vx_helper, gen_helper_VMULEUB)
+TRANS_FLAGS(ALTIVEC, VMULOUB, do_vx_helper, gen_helper_VMULOUB)
+TRANS_FLAGS(ALTIVEC, VMULESH, do_vx_helper, gen_helper_VMULESH)
+TRANS_FLAGS(ALTIVEC, VMULOSH, do_vx_helper, gen_helper_VMULOSH)
+TRANS_FLAGS(ALTIVEC, VMULEUH, do_vx_helper, gen_helper_VMULEUH)
+TRANS_FLAGS(ALTIVEC, VMULOUH, do_vx_helper, gen_helper_VMULOUH)
  TRANS_FLAGS2(ALTIVEC_207, VMULESW, do_vx_helper, gen_helper_VMULESW)
  TRANS_FLAGS2(ALTIVEC_207, VMULOSW, do_vx_helper, gen_helper_VMULOSW)
  TRANS_FLAGS2(ALTIVEC_207, VMULEUW, do_vx_helper, gen_helper_VMULEUW)

RE: [PATCH v2 04/10] vdpa-dev: implement the instance_init/class_init interface

2022-03-04 Thread longpeng2--- via 
Hi Stefano,

> -Original Message-
> From: Stefano Garzarella [mailto:sgarz...@redhat.com]
> Sent: Wednesday, January 19, 2022 7:24 PM
> To: Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
> 
> Cc: stefa...@redhat.com; m...@redhat.com; coh...@redhat.com;
> pbonz...@redhat.com; Gonglei (Arei) ; Yechuan
> ; Huangzhichao ;
> qemu-devel@nongnu.org
> Subject: Re: [PATCH v2 04/10] vdpa-dev: implement the instance_init/class_init
> interface
> 
> On Mon, Jan 17, 2022 at 08:43:25PM +0800, Longpeng(Mike) via wrote:
> >From: Longpeng 
> >
> >Implements the .instance_init and the .class_init interface.
> >
> >Signed-off-by: Longpeng 
> >---
> > hw/virtio/vdpa-dev-pci.c | 52 ++-
> > hw/virtio/vdpa-dev.c | 81 +++-
> > include/hw/virtio/vdpa-dev.h |  5 +++
> > 3 files changed, 134 insertions(+), 4 deletions(-)
> >
> >diff --git a/hw/virtio/vdpa-dev-pci.c b/hw/virtio/vdpa-dev-pci.c
> >index a5a7b528a9..257538dbdd 100644
> >--- a/hw/virtio/vdpa-dev-pci.c
> >+++ b/hw/virtio/vdpa-dev-pci.c
> >@@ -25,12 +25,60 @@ struct VhostVdpaDevicePCI {
> >
> > static void vhost_vdpa_device_pci_instance_init(Object *obj)
> > {
> >-return;
> >+VhostVdpaDevicePCI *dev = VHOST_VDPA_DEVICE_PCI(obj);
> >+
> >+virtio_instance_init_common(obj, >vdev, sizeof(dev->vdev),
> >+TYPE_VHOST_VDPA_DEVICE);
> >+object_property_add_alias(obj, "bootindex", OBJECT(>vdev),
> >+  "bootindex");
> >+}
> >+
> >+static Property vhost_vdpa_device_pci_properties[] = {
> >+DEFINE_PROP_END_OF_LIST(),
> >+};
> >+
> >+static void
> >+vhost_vdpa_device_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
> >+{
> >+VhostVdpaDevicePCI *dev = VHOST_VDPA_DEVICE_PCI(vpci_dev);
> >+DeviceState *vdev = DEVICE(>vdev);
> >+uint32_t vdev_id;
> >+uint32_t num_queues;
> >+int fd;
> >+
> >+fd = qemu_open(dev->vdev.vdpa_dev, O_RDWR, errp);
> 
> We should use `vdpa_dev_fd` if the user set it, and I think we should
> also check that `vdpa_dev` is not null.
> 

The user can set both 'vdpa_dev_fd' and 'vdpa_dev' now, but how
to make sure the 'vdpa_dev_fd' is really a FD of the 'vdpa_dev' ?
Maybe we should remove 'vdpa_dev_fd' from 'vhost_vdpa_device_properties',
so the user can only set 'vdpa_dev'.

> >+if (*errp) {
> >+return;
> >+}
> >+
> >+vdev_id = vhost_vdpa_device_get_u32(fd, VHOST_VDPA_GET_DEVICE_ID, errp);
> >+if (*errp) {
> >+qemu_close(fd);
> >+return;
> >+}
> >+
> >+num_queues = vhost_vdpa_device_get_u32(fd, VHOST_VDPA_GET_VQS_NUM,
> errp);
>   ^
> The build fails here, I think this should be VHOST_VDPA_GET_VQS_COUNT
> 

Yes, I sent a wrong version, I'll send v3 later.

> >+if (*errp) {
> >+qemu_close(fd);
> >+return;
> >+}
> >+
> >+dev->vdev.vdpa_dev_fd = fd;
> >+vpci_dev->class_code = virtio_pci_get_class_id(vdev_id);
> >+vpci_dev->trans_devid = virtio_pci_get_trans_devid(vdev_id);
> >+/* one for config interrupt, one per vq */
> >+vpci_dev->nvectors = num_queues + 1;
> >+qdev_realize(vdev, BUS(_dev->bus), errp);
> > }
> >
> > static void vhost_vdpa_device_pci_class_init(ObjectClass *klass, void
> > *data)
> > {
> >-return;
> >+DeviceClass *dc = DEVICE_CLASS(klass);
> >+VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
> >+
> >+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
> >+device_class_set_props(dc, vhost_vdpa_device_pci_properties);
> >+k->realize = vhost_vdpa_device_pci_realize;
> > }
> >
> > static const VirtioPCIDeviceTypeInfo vhost_vdpa_device_pci_info = {
> >diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c
> >index f4f92b90b0..b103768f33 100644
> >--- a/hw/virtio/vdpa-dev.c
> >+++ b/hw/virtio/vdpa-dev.c
> >@@ -15,16 +15,93 @@
> > #include "sysemu/sysemu.h"
> > #include "sysemu/runstate.h"
> >
> >-static void vhost_vdpa_device_class_init(ObjectClass *klass, void *data)
> >+uint32_t vhost_vdpa_device_get_u32(int fd, unsigned long int cmd, Error
> **errp)
> >+{
> >+uint32_t val = (uint32_t)-1;
> >+
> >+if (ioctl(fd, cmd, ) < 0) {
> >+error_setg(errp, "vhost-vdpa-device: cmd 0x%lx failed: %s",
> >+   cmd, strerror(errno));
> >+}
> >+
> >+return val;
> >+}
> >+
> >+static void vhost_vdpa_device_realize(DeviceState *dev, Error **errp)
> > {
> > return;
> > }
> >
> >-static void vhost_vdpa_device_instance_init(Object *obj)
> >+static void vhost_vdpa_device_unrealize(DeviceState *dev)
> >+{
> >+return;
> >+}
> >+
> >+static void
> >+vhost_vdpa_device_get_config(VirtIODevice *vdev, uint8_t *config)
> >+{
> >+return;
> >+}
> >+
> >+static void
> >+vhost_vdpa_device_set_config(VirtIODevice *vdev, const uint8_t *config)
> >+{
> >+return;
> >+}
> >+
> >+static uint64_t vhost_vdpa_device_get_features(VirtIODevice *vdev,
> >+

Re: [PATCH v2 3/5] iotests: Remove explicit checks for qemu_img() == 0

2022-03-04 Thread John Snow 
On Fri, Mar 4, 2022 at 3:23 PM Eric Blake  wrote:
>
> On Fri, Mar 04, 2022 at 02:47:44PM -0500, John Snow wrote:
> > qemu_img() returning zero ought to be the rule, not the
> > exception. Remove all explicit checks against the condition in
> > preparation for making non-zero returns an Exception.
> >
> > Signed-off-by: John Snow 
> > ---
>
> > +++ b/tests/qemu-iotests/310
>
> > @@ -105,8 +105,8 @@ with iotests.FilePath('base.img') as base_img_path, \
> >  log('')
> >
> >  # Detach backing to check that we can read the data from the top level 
> > now
> > -assert qemu_img('rebase', '-u', '-b', '', '-f', iotests.imgfmt,
> > -top_img_path) == 0
> > +qemu_img('rebase', '-u', '-b', '', '-f', iotests.imgfmt,
> > + top_img_path)
>
> You collapsed other wrapped lines into one where they fit, why not
> this one?  But it's not essential.
>

jsnow is non-deterministic.

(I can smoosh this in, or kwolf/hreitz can smoosh it in. Probably not
worth a respin, tho.)

> Reviewed-by: Eric Blake 

--js

Re: [PATCH v2 5/9] meson.build: Don't misdetect posix_memalign() on Windows

2022-03-04 Thread Philippe Mathieu-Daudé 

On 4/3/22 12:21, Peter Maydell wrote:

Currently we incorrectly think that posix_memalign() exists on
Windows.  This is because of a combination of:

  * the msys2/mingw toolchain/libc claim to have a
__builtin_posix_memalign when there isn't a builtin of that name
  * meson will assume that if you have a __builtin_foo that
counts for has_function('foo')

Specifying a specific include file via prefix: causes meson to not
treat builtins as sufficient and actually look for the function
itself; see this meson pull request which added that as the official
way to get the right answer:
   https://github.com/mesonbuild/meson/pull/1150


Interesting, TIL.

Reviewed-by: Philippe Mathieu-Daudé 


Currently this misdectection doesn't cause problems because we only
use CONFIG_POSIX_MEMALIGN in oslib-posix.c; however that will change
in a following commit.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20220226180723.1706285-6-peter.mayd...@linaro.org
---
  meson.build | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

Re: [PATCH v3 1/9] hw/i2c: pmbus: add registers

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

- add the VOUT_MIN and STATUS_MFR registers

Signed-off-by: Titus Rwantare 
---
  hw/i2c/pmbus_device.c | 24 
  include/hw/i2c/pmbus_device.h |  3 +++
  2 files changed, 27 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé

Re: MacOS cocoa/OpenGL

2022-03-04 Thread Akihiko Odaki 

On 2022/03/05 0:34, R Kim wrote:

Hello Guys,

Looks like we haven't yet official support for OpenGL on MacOS? I need 
to apply third-party patches to make it work. It would be great if these 
parts are imported to qemu and be official. Nowaways, it's really needed 
Acceleration on VMs for who uses Graphical interfaces browsing, eg, chrome.



I have found it:
https://mail.gnu.org/archive/html/qemu-devel/2021-02/msg04235.html 



It uses Angle from Google and the developer seems to be creating you own 
branch, with a lot of patches in 
https://github.com/akihikodaki/qemu/tree/macos 



Another it this one, did small changes, but uses SDL instead of cocoa:
Based on initial work "Virgil 3D on macOS" by 小田喜陽彦 akihikodaki. 
https://mail.gnu.org/archive/html/qem...  > 
With 

improvements: - Get rid of ANGLE as EGL libraries. Virgil 3D solely uses 
OpenGL Core backend through SDL2 which wraps to NSOpenGL. - No patch to 
"cocoa" display of QEMU. Minimal modification to SDL2 display to support 
Virgil 3D on macOS. QEMU cannot have both "cocoa" and "sdl2" display in 
the same build. - Minimal change to libepoxy and virglrenderer, 
basically only have to make sure they built without libdrm and libEGL. - 
Fix known issues with OpenGL Core - Performance comparable to ANGLE 
OpenGL ES backend. WebGL Aquarium at 60 FPS. Chromium web rendering is 
accelerated. The accelerated ArchLinux ARM is very snappy & usable with 
Apple HVF virtualization. It matches or even exceeds the performance of 
typical ARM Linux flavors running on RK3399 or RPi4 bare-metal. It 
probably makes M1 MacBooks the world fastest (... most expensive) Linux 
ARM laptops. Nested VM is possible, and there is a demo of qemu-3dfx 
Glide passthrough from nested QEMU i386 instance running Blood 1.2 3Dfx 
DOS game.


https://www.youtube.com/watch?v=FVv8UjGhYPU 




What should we do to have this changes in?

Sent with ProtonMail  Secure Email.


Hi,

I'm adding KJ Liew, the author of the implementation with Apple's OpenGL 
and sdl2, to Cc. I found the email address at:

https://github.com/kjliew/qemu-3dfx/commit/e01af020580afe172237dfeb471643aa0b6ea60b

https://github.com/akihikodaki/qemu/tree/macos is my tree. My aim is to 
have a decent Linux desktop experience, and it has changes irrelevant 
with graphics acceleration. The patches I thought ready for submission 
are submitted to the mailing list, but the patch to support Virgil 3D is 
not because the dependent change for libepoxy is somewhat stuck:

https://github.com/anholt/libepoxy/pull/239

It also contains patches posted on the mailing list I am reviewing and 
testing.


I choose cocoa instead of sdl2 to implement Cocoa-specific code like 
HiDPI support and cursor composition.


I decided to use ANGLE because the OpenGL implementation by Apple is 
deprecated and possible bugs in the implementation would not be 
(promptly) fixed. Such bugs may require workarounds in virglrenderer, 
but they are not really great for submitting to the upstream.


Those does not mean, however, it is not appropriate to the other 
implementation you mentioned, which uses Apple's OpenGL with sdl2. It is 
reasonable to choose sdl2 if you don't need features provided by (my 
modified) cocoa. The deprecation of Apple's OpenGL may not matter much 
since there are many other programs which still rely on it. ANGLE is 
also one of them although it is switching to Metal with Apple's help:

https://bugs.chromium.org/p/angleproject/issues/detail?id=5505

The best option to get the patches for Apple OpenGL/sdl2 in is to ask 
the author for that. However, the author may not be willing to spend or 
cannot afford necessary efforts. In that case, you still need to ask the 
author if it is fine to add Signed-off-by line for the patches. The 
implication of the line is described at:

https://www.qemu.org/docs/master/devel/submitting-a-patch.html#patch-emails-must-include-a-signed-off-by-line

If you are going to submit patches, please add me to Cc. I'll review and 
propose necessary changes.


Regards,
Akihiko Odaki

Re: [PATCH v2] qemu-binfmt-conf.sh: allow elf EI_ABIVERSION=1 for mips

2022-03-04 Thread Philippe Mathieu-Daudé 

Cc'ing Laurent:

$ ./scripts/get_maintainer.pl -f scripts/qemu-binfmt-conf.sh
Laurent Vivier  (maintainer:Linux user)
qemu-devel@nongnu.org (open list:All patches CC here)

On 5/3/22 01:06, Andreas K. Hüttel wrote:

With the command line flag -mplt and a recent toolchain, ELF binaries
generated by gcc can obtain EI_ABIVERSION=1, see below, which makes, e.g.,
gcc three-stage bootstrap in a mips-unknown-linux-gnu qemu-user chroot
fail since the binfmt-misc magic does not match anymore.

qemu executes these binaries just fine, so relax the mask slightly.

CHOST=mips-unknown-linux-gnu (and also mipsel-unknown-linux-gnu)
CFLAGS="-O2 -march=mips32 -mabi=32 -mplt -pipe"
gcc-11.2, binutils-2.37, glibc-2.34

|  /*
| - * ELF dump of './prev-gcc/build/gengenrtl'
| - * 29608 (0x73A8) bytes
| + * ELF dump of './gcc/build/gengenrtl'
| + * 54532 (0xD504) bytes
|   */
|
|  Elf32_Dyn dumpedelf_dyn_0[];
|  struct {
| Elf32_Ehdr ehdr;
| Elf32_Phdr phdrs[12];
| -   Elf32_Shdr shdrs[33];
| +   Elf32_Shdr shdrs[44];
| Elf32_Dyn *dyns;
|  } dumpedelf_0 = {
|
|  .ehdr = {
| .e_ident = { /* (EI_NIDENT bytes) */
| /* [0] EI_MAG:*/ 0x7F,'E','L','F',
| /* [4] EI_CLASS:  */ 1 , /* (ELFCLASS32) */
| /* [5] EI_DATA:   */ 2 , /* (ELFDATA2MSB) */
| /* [6] EI_VERSION:*/ 1 , /* (EV_CURRENT) */
| /* [7] EI_OSABI:  */ 0 , /* (ELFOSABI_NONE) */
| -   /* [8] EI_ABIVERSION: */ 0 ,
| +   /* [8] EI_ABIVERSION: */ 1 ,
| /* [9-15] EI_PAD: */ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
| },
| .e_type  = 2  , /* (ET_EXEC) */
| .e_machine   = 8  , /* (EM_MIPS) */
| .e_version   = 1  , /* (EV_CURRENT) */
| (...)

Signed-off-by: Andreas K. Hüttel 
---

v2: Add the same fix for little endian as for big endian

  scripts/qemu-binfmt-conf.sh | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index e9bfeb94d3..fc2f856800 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -61,11 +61,11 @@ m68k_family=m68k
  # FIXME: We could use the other endianness on a MIPS host.
  
  mips_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'

-mips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
+mips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
  mips_family=mips
  
  mipsel_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'

-mipsel_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+mipsel_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
  mipsel_family=mips
  
  mipsn32_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'

Re: [PATCH v3 7/9] hw/sensor: add Intersil ISL69260 device model

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
  MAINTAINERS  |   3 +
  hw/arm/Kconfig   |   1 +
  hw/sensor/Kconfig|   5 +
  hw/sensor/isl_pmbus_vr.c | 211 +
  hw/sensor/meson.build|   1 +
  include/hw/sensor/isl_pmbus_vr.h |  50 
  tests/qtest/isl_pmbus_vr-test.c  | 394 +++
  tests/qtest/meson.build  |   1 +
  8 files changed, 666 insertions(+)
  create mode 100644 hw/sensor/isl_pmbus_vr.c
  create mode 100644 include/hw/sensor/isl_pmbus_vr.h
  create mode 100644 tests/qtest/isl_pmbus_vr-test.c



diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
index 215944decc..a834d2f814 100644
--- a/hw/sensor/Kconfig
+++ b/hw/sensor/Kconfig
@@ -30,3 +30,8 @@ config LSM303DLHC_MAG
  bool
  depends on I2C
  default y if I2C_DEVICES
+
+config ISL_PMBUS_VR
+bool
+depends on I2C


There is a PMBUS kconfig selector (which selects SMBUS -> I2C).


+
diff --git a/hw/sensor/isl_pmbus_vr.c b/hw/sensor/isl_pmbus_vr.c
new file mode 100644
index 00..b3d24e40ab
--- /dev/null
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -0,0 +1,211 @@
+/*
+ * PMBus device for Renesas Digital Multiphase Voltage Regulators
+ *
+ * Copyright 2021 Google LLC
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sensor/isl_pmbus_vr.h"
+#include "hw/qdev-properties.h"
+#include "qapi/visitor.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+
+static uint8_t isl_pmbus_vr_read_byte(PMBusDevice *pmdev)
+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: reading from unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;


Eventually PMBUS_ERROR_BYTE.


+}
+
+static int isl_pmbus_vr_write_data(PMBusDevice *pmdev, const uint8_t *buf,
+  uint8_t len)


Mis-aligned.


+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: write to unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;
+}



+static void raa22xx_init(Object *obj)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+uint64_t flags[2];
+
+flags[0] = PB_HAS_VIN | PB_HAS_VOUT | PB_HAS_VOUT_MODE |
+   PB_HAS_VOUT_RATING | PB_HAS_VOUT_MARGIN | PB_HAS_IIN |
+   PB_HAS_IOUT | PB_HAS_PIN | PB_HAS_POUT | PB_HAS_TEMPERATURE |
+   PB_HAS_TEMP2 | PB_HAS_TEMP3 | PB_HAS_STATUS_MFR_SPECIFIC;
+flags[1] = PB_HAS_IIN | PB_HAS_PIN | PB_HAS_TEMPERATURE | PB_HAS_TEMP3 |
+   PB_HAS_VOUT | PB_HAS_VOUT_MODE | PB_HAS_VOUT_MARGIN |
+   PB_HAS_VOUT_RATING | PB_HAS_IOUT | PB_HAS_POUT |
+   PB_HAS_STATUS_MFR_SPECIFIC;
+
+pmbus_page_config(pmdev, 0, flags[0]);
+pmbus_page_config(pmdev, 1, flags[1]);
+isl_pmbus_vr_add_props(obj, flags, 2);


Eventually 2 -> ARRAY_SIZE(flags).


+++ b/include/hw/sensor/isl_pmbus_vr.h
@@ -0,0 +1,50 @@
+/*
+ * PMBus device for Renesas Digital Multiphase Voltage Regulators
+ *
+ * Copyright 2022 Google LLC
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef HW_MISC_ISL_PMBUS_VR_H
+#define HW_MISC_ISL_PMBUS_VR_H
+
+#include "hw/i2c/pmbus_device.h"
+#include "qom/object.h"
+
+#define TYPE_ISL69260   "isl69260"
+
+struct ISLState {
+PMBusDevice parent;
+};
+
+OBJECT_DECLARE_SIMPLE_TYPE(ISLState, ISL69260)
+
+#define ISL_CAPABILITY_DEFAULT 0x40
+#define ISL_OPERATION_DEFAULT  0x80
+#define ISL_ON_OFF_CONFIG_DEFAULT  0x16
+#define ISL_VOUT_MODE_DEFAULT  0x40
+#define ISL_VOUT_COMMAND_DEFAULT   0x0384
+#define ISL_VOUT_MAX_DEFAULT   0x08FC
+#define ISL_VOUT_MARGIN_HIGH_DEFAULT   0x0640
+#define ISL_VOUT_MARGIN_LOW_DEFAULT0xFA
+#define ISL_VOUT_TRANSITION_RATE_DEFAULT   0x64
+#define ISL_VOUT_OV_FAULT_LIMIT_DEFAULT0x076C
+#define ISL_OT_FAULT_LIMIT_DEFAULT 0x7D
+#define ISL_OT_WARN_LIMIT_DEFAULT  0x07D0
+#define ISL_VIN_OV_WARN_LIMIT_DEFAULT  0x36B0
+#define ISL_VIN_UV_WARN_LIMIT_DEFAULT  0x1F40
+#define ISL_IIN_OC_FAULT_LIMIT_DEFAULT 0x32
+#define ISL_TON_DELAY_DEFAULT  0x14
+#define ISL_TON_RISE_DEFAULT   0x01F4
+#define ISL_TOFF_FALL_DEFAULT  0x01F4
+#define ISL_REVISION_DEFAULT   0x33
+#define ISL_READ_VOUT_DEFAULT  1000
+#define ISL_READ_IOUT_DEFAULT  40
+#define ISL_READ_POUT_DEFAULT  4
+#define ISL_READ_TEMP_DEFAULT  25
+#define ISL_READ_VIN_DEFAULT   1100
+#define ISL_READ_IIN_DEFAULT   40
+#define ISL_READ_PIN_DEFAULT   4


Hmmm we need to expose the DEFAULT definitions for the tests. OK.

Changing Kconfig:
Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 2/9] hw/i2c: pmbus: guard against out of range accesses

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

Signed-off-by: Titus Rwantare 
---
  hw/i2c/pmbus_device.c | 41 -
  1 file changed, 40 insertions(+), 1 deletion(-)



  static uint8_t pmbus_receive_byte(SMBusDevice *smd)
  {
  PMBusDevice *pmdev = PMBUS_DEVICE(smd);
  PMBusDeviceClass *pmdc = PMBUS_DEVICE_GET_CLASS(pmdev);
  uint8_t ret = 0xFF;
-uint8_t index = pmdev->page;
+uint8_t index;
  
  if (pmdev->out_buf_len != 0) {

  ret = pmbus_out_buf_pop(pmdev);
  return ret;
  }
  
+/*

+ * Reading from all pages will return the value from page 0,
+ * this is unspecified behaviour in general.
+ */
+if (pmdev->page == PB_ALL_PAGES) {
+index = 0;
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: tried to read from all pages\n",
+  __func__);
+pmbus_cml_error(pmdev);
+} else if (pmdev->page > pmdev->num_pages - 1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: page %d is out of range\n",
+  __func__, pmdev->page);
+pmbus_cml_error(pmdev);
+return -1;


This file returns a mix of 0xFF/-1 for error. It would be nice
to pick one. Adding a definition (PMBUS_ERR_BYTE?) could help.

Preferably with error unified:
Reviewed-by: Philippe Mathieu-Daudé

[PATCH 2/2] hw/arm/aspeed: add Bletchley machine type

2022-03-04 Thread Patrick Williams 
Add the 'bletchley-bmc' machine type based on the kernel DTS[1] and
hardware schematics available to me.  The i2c model is as complete as
the current QEMU models support, but in some cases I substituted devices
that are close enough for present functionality.  Strap registers are
kept the same as the AST2600-EVB until I'm able to confirm correct
values with physical hardware.

This has been tested with an openbmc image built from [2] plus a kernel
patch[3] for the SPI flash module.

1. 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/boot/dts/aspeed-bmc-facebook-bletchley.dts?id=a8c729e966c4e9d033242d948b0e53c2a62d32e2
2. 
https://github.com/openbmc/openbmc/commit/b9432b980d7f63f7512ffbcc7124386ba896dfc6
3. 
https://github.com/openbmc/linux/commit/25b566b9a9d7f5d4f10c1b7304007bdb286eefd7

Signed-off-by: Patrick Williams 
---
 hw/arm/aspeed.c | 77 +
 1 file changed, 77 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 617a1ecbdc..3dc2ede823 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -167,6 +167,11 @@ struct AspeedMachineState {
 #define FUJI_BMC_HW_STRAP10x
 #define FUJI_BMC_HW_STRAP20x
 
+/* Bletchley hardware value */
+/* TODO: Leave same as EVB for now. */
+#define BLETCHLEY_BMC_HW_STRAP1 AST2600_EVB_HW_STRAP1
+#define BLETCHLEY_BMC_HW_STRAP2 AST2600_EVB_HW_STRAP2
+
 /*
  * The max ram region is for firmwares that scan the address space
  * with load/store to guess how much RAM the SoC has.
@@ -901,6 +906,54 @@ static void fuji_bmc_i2c_init(AspeedMachineState *bmc)
 }
 }
 
+#define TYPE_TMP421 "tmp421"
+
+static void bletchley_bmc_i2c_init(AspeedMachineState *bmc)
+{
+AspeedSoCState *soc = >soc;
+I2CBus *i2c[13] = {};
+for (int i = 0; i < 13; i++) {
+if ((i == 8) || (i == 11)) {
+continue;
+}
+i2c[i] = aspeed_i2c_get_bus(>i2c, i);
+}
+
+/* Bus 0 - 5 all have the same config. */
+for (int i = 0; i < 6; i++) {
+/* Missing model: ti,ina230 @ 0x45 */
+/* Missing model: mps,mp5023 @ 0x40 */
+i2c_slave_create_simple(i2c[i], TYPE_TMP421, 0x4f);
+/* Missing model: nxp,pca9539 @ 0x76, but PCA9552 works enough */
+i2c_slave_create_simple(i2c[i], TYPE_PCA9552, 0x76);
+i2c_slave_create_simple(i2c[i], TYPE_PCA9552, 0x67);
+/* Missing model: fsc,fusb302 @ 0x22 */
+}
+
+/* Bus 6 */
+at24c_eeprom_init(i2c[6], 0x56, 65536);
+/* Missing model: nxp,pcf85263 @ 0x51 , but ds1338 works enough */
+i2c_slave_create_simple(i2c[6], "ds1338", 0x51);
+
+
+/* Bus 7 */
+at24c_eeprom_init(i2c[7], 0x54, 65536);
+
+/* Bus 9 */
+i2c_slave_create_simple(i2c[9], TYPE_TMP421, 0x4f);
+
+/* Bus 10 */
+i2c_slave_create_simple(i2c[10], TYPE_TMP421, 0x4f);
+/* Missing model: ti,hdc1080 @ 0x40 */
+i2c_slave_create_simple(i2c[10], TYPE_PCA9552, 0x67);
+
+/* Bus 12 */
+/* Missing model: adi,adm1278 @ 0x11 */
+i2c_slave_create_simple(i2c[12], TYPE_TMP421, 0x4c);
+i2c_slave_create_simple(i2c[12], TYPE_TMP421, 0x4d);
+i2c_slave_create_simple(i2c[12], TYPE_PCA9552, 0x67);
+}
+
 static bool aspeed_get_mmio_exec(Object *obj, Error **errp)
 {
 return ASPEED_MACHINE(obj)->mmio_exec;
@@ -1224,6 +1277,26 @@ static void aspeed_machine_fuji_class_init(ObjectClass 
*oc, void *data)
 aspeed_soc_num_cpus(amc->soc_name);
 };
 
+
+static void aspeed_machine_bletchley_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
+
+mc->desc   = "Facebook Bletchley BMC (Cortex-A7)";
+amc->soc_name  = "ast2600-a3";
+amc->hw_strap1 = BLETCHLEY_BMC_HW_STRAP1;
+amc->hw_strap2 = BLETCHLEY_BMC_HW_STRAP2;
+amc->fmc_model = "w25q01jvq";
+amc->spi_model = NULL;
+amc->num_cs= 1;
+amc->macs_mask = ASPEED_MAC2_ON;
+amc->i2c_init  = bletchley_bmc_i2c_init;
+mc->default_ram_size = 512 * MiB;
+mc->default_cpus = mc->min_cpus = mc->max_cpus =
+aspeed_soc_num_cpus(amc->soc_name);
+}
+
 static const TypeInfo aspeed_machine_types[] = {
 {
 .name  = MACHINE_TYPE_NAME("palmetto-bmc"),
@@ -1277,6 +1350,10 @@ static const TypeInfo aspeed_machine_types[] = {
 .name  = MACHINE_TYPE_NAME("fuji-bmc"),
 .parent= TYPE_ASPEED_MACHINE,
 .class_init= aspeed_machine_fuji_class_init,
+}, {
+.name  = MACHINE_TYPE_NAME("bletchley-bmc"),
+.parent= TYPE_ASPEED_MACHINE,
+.class_init= aspeed_machine_bletchley_class_init,
 }, {
 .name  = TYPE_ASPEED_MACHINE,
 .parent= TYPE_MACHINE,
-- 
2.34.1

[PATCH 1/2] hw/arm/aspeed: allow missing spi_model

2022-03-04 Thread Patrick Williams 
Generally all BMCs will use the fmc_model to hold their own flash
and most will have a spi_model to hold the managed system's flash,
but not all systems do.  Add a simple NULL check to allow a system
to set the spi_model as NULL to indicate it should not be instantiated.

Signed-off-by: Patrick Williams 
---
 hw/arm/aspeed.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 11558b327b..617a1ecbdc 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -276,7 +276,11 @@ static void aspeed_board_init_flashes(AspeedSMCState *s,
   const char *flashtype,
   int unit0)
 {
-int i ;
+int i;
+
+if (!flashtype) {
+return;
+}
 
 for (i = 0; i < s->num_cs; ++i) {
 DriveInfo *dinfo = drive_get(IF_MTD, 0, unit0 + i);
-- 
2.34.1

[PATCH v2] qemu-binfmt-conf.sh: allow elf EI_ABIVERSION=1 for mips

2022-03-04 Thread Andreas K . Hüttel 
With the command line flag -mplt and a recent toolchain, ELF binaries
generated by gcc can obtain EI_ABIVERSION=1, see below, which makes, e.g.,
gcc three-stage bootstrap in a mips-unknown-linux-gnu qemu-user chroot
fail since the binfmt-misc magic does not match anymore.

qemu executes these binaries just fine, so relax the mask slightly.

CHOST=mips-unknown-linux-gnu (and also mipsel-unknown-linux-gnu)
CFLAGS="-O2 -march=mips32 -mabi=32 -mplt -pipe"
gcc-11.2, binutils-2.37, glibc-2.34

|  /*
| - * ELF dump of './prev-gcc/build/gengenrtl'
| - * 29608 (0x73A8) bytes
| + * ELF dump of './gcc/build/gengenrtl'
| + * 54532 (0xD504) bytes
|   */
|
|  Elf32_Dyn dumpedelf_dyn_0[];
|  struct {
| Elf32_Ehdr ehdr;
| Elf32_Phdr phdrs[12];
| -   Elf32_Shdr shdrs[33];
| +   Elf32_Shdr shdrs[44];
| Elf32_Dyn *dyns;
|  } dumpedelf_0 = {
|
|  .ehdr = {
| .e_ident = { /* (EI_NIDENT bytes) */
| /* [0] EI_MAG:*/ 0x7F,'E','L','F',
| /* [4] EI_CLASS:  */ 1 , /* (ELFCLASS32) */
| /* [5] EI_DATA:   */ 2 , /* (ELFDATA2MSB) */
| /* [6] EI_VERSION:*/ 1 , /* (EV_CURRENT) */
| /* [7] EI_OSABI:  */ 0 , /* (ELFOSABI_NONE) */
| -   /* [8] EI_ABIVERSION: */ 0 ,
| +   /* [8] EI_ABIVERSION: */ 1 ,
| /* [9-15] EI_PAD: */ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
| },
| .e_type  = 2  , /* (ET_EXEC) */
| .e_machine   = 8  , /* (EM_MIPS) */
| .e_version   = 1  , /* (EV_CURRENT) */
| (...)

Signed-off-by: Andreas K. Hüttel 
---

v2: Add the same fix for little endian as for big endian

 scripts/qemu-binfmt-conf.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index e9bfeb94d3..fc2f856800 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -61,11 +61,11 @@ m68k_family=m68k
 # FIXME: We could use the other endianness on a MIPS host.
 
 
mips_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'
-mips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
+mips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 mips_family=mips
 
 
mipsel_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'
-mipsel_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+mipsel_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xfe\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
 mipsel_family=mips
 
 
mipsn32_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'
-- 
2.34.1

Re: [PATCH v3 3/9] hw/i2c: pmbus: add PEC unsupported warning

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

Signed-off-by: Titus Rwantare 
---
  hw/i2c/pmbus_device.c | 5 +
  1 file changed, 5 insertions(+)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 93c746bab3..6eeb0731d7 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -307,6 +307,11 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
  
  case PMBUS_CAPABILITY:

  pmbus_send8(pmdev, pmdev->capability);
+if (pmdev->capability & BIT(7)) {
+qemu_log_mask(LOG_GUEST_ERROR,


That would be LOG_UNIMP?


+  "%s: PEC is enabled but not yet supported.\n",
+  __func__);
+}
  break;
  
  case PMBUS_VOUT_MODE: /* R/W byte */

Re: [PATCH v3 4/9] hw/i2c: pmbus: refactor uint handling

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

This change cleans up the inputs to pmbus_receive uint, the length of
received data is contained in PMBusDevice state and doesn't need to be
passed around.

Signed-off-by: Titus Rwantare 
---
  hw/i2c/pmbus_device.c | 18 +-
  1 file changed, 9 insertions(+), 9 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 9/9] hw/sensor: add Renesas raa228000 device

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
  hw/sensor/isl_pmbus_vr.c | 50 
  include/hw/sensor/isl_pmbus_vr.h |  1 +
  tests/qtest/isl_pmbus_vr-test.c  | 78 ++--
  3 files changed, 126 insertions(+), 3 deletions(-)

diff --git a/hw/sensor/isl_pmbus_vr.c b/hw/sensor/isl_pmbus_vr.c
index e260faeac3..df7c003ea6 100644
--- a/hw/sensor/isl_pmbus_vr.c
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -89,6 +89,24 @@ static void isl_pmbus_vr_exit_reset(Object *obj)
  }
  }
  
+/* The raa228000 uses different direct mode coefficents from most isl devices */

+static void raa228000_exit_reset(Object *obj)
+{
+isl_pmbus_vr_exit_reset(obj);
+
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);


Per QEMU CodingStyle, variables are declared first.


+pmdev->pages[0].read_vout = 0;
+pmdev->pages[0].read_iout = 0;
+pmdev->pages[0].read_pout = 0;
+pmdev->pages[0].read_vin = 0;
+pmdev->pages[0].read_iin = 0;
+pmdev->pages[0].read_pin = 0;
+pmdev->pages[0].read_temperature_1 = 0;
+pmdev->pages[0].read_temperature_2 = 0;
+pmdev->pages[0].read_temperature_3 = 0;
+}



  /* test qmp access */
  static void test_tx_rx(void *obj, void *data, QGuestAllocator *alloc)
  {
@@ -384,9 +448,6 @@ static void isl_pmbus_vr_register_nodes(void)
  qos_node_create_driver("isl69260", i2c_device_create);
  qos_node_consumes("isl69260", "i2c-bus", );
  
-qos_node_create_driver("raa229004", i2c_device_create);

-qos_node_consumes("raa229004", "i2c-bus", );
-
  qos_add_test("test_defaults", "isl69260", test_defaults, NULL);
  qos_add_test("test_tx_rx", "isl69260", test_tx_rx, NULL);
  qos_add_test("test_rw_regs", "isl69260", test_rw_regs, NULL);
@@ -394,9 +455,20 @@ static void isl_pmbus_vr_register_nodes(void)
  qos_add_test("test_ro_regs", "isl69260", test_ro_regs, NULL);
  qos_add_test("test_ov_faults", "isl69260", test_voltage_faults, NULL);
  
+qos_node_create_driver("raa229004", i2c_device_create);

+qos_node_consumes("raa229004", "i2c-bus", );
+


Squash in previous commit?


  qos_add_test("test_tx_rx", "raa229004", test_tx_rx, NULL);
  qos_add_test("test_rw_regs", "raa229004", test_rw_regs, NULL);
  qos_add_test("test_pages_rw", "raa229004", test_pages_rw, NULL);
  qos_add_test("test_ov_faults", "raa229004", test_voltage_faults, NULL);


Otherwise,
Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 8/9] hw/sensor: add Renesas raa229004 PMBus device

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

The Renesas RAA229004 is a PMBus Multiphase Voltage Regulator

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
  hw/sensor/isl_pmbus_vr.c | 18 ++
  include/hw/sensor/isl_pmbus_vr.h |  1 +
  tests/qtest/isl_pmbus_vr-test.c  |  8 
  3 files changed, 27 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 6/9] hw/i2c: Added linear mode translation for pmbus devices

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

From: Shengtan Mao 

Signed-off-by: Shengtan Mao 
Reviewed-by: Titus Rwantare 
---
  hw/i2c/pmbus_device.c | 18 ++
  include/hw/i2c/pmbus_device.h | 20 +++-
  2 files changed, 37 insertions(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 5/9] hw/i2c: pmbus: update MAINTAINERS

2022-03-04 Thread Philippe Mathieu-Daudé 

On 2/3/22 02:50, Titus Rwantare wrote:

add self to MAINTAINERS for the PMBus subsystem and related sensors,
and set PMBus as maintained.

Signed-off-by: Titus Rwantare 
---
  MAINTAINERS | 10 ++
  1 file changed, 10 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v3 0/9] This patch series contains updates to PMBus in QEMU along with some PMBus device models for Renesas regulators. I have also added myself to MAINTAINERS as this code is in use daily,

2022-03-04 Thread Titus Rwantare 
On Fri, 4 Mar 2022 at 13:43, Corey Minyard  wrote:
>
> On Tue, Mar 01, 2022 at 05:50:44PM -0800, Titus Rwantare wrote:
> > v2:
> >   - split PMBus commit with updates into individual fixes
> >   - renamed isl_pmbus[.ch] adding _vr for voltage regulators
> >
> > v3:
> >   - split uint refactor commit and removed commit renaming files
> >   - rename rolled into preceding commits
> >   - update commit description for uint refactoring change
>
> This all looks good to me:
>
> Acked-by: Corey Minyard 
>
> Do you have a plan for getting this in to qemu?  Like through the ARM
> tree?  I could take it into an I2C tree, but there's really not much
> activity or work there.
>
> -corey

In general PMBus is more specific to i2c than ARM, but I'm not sure of
the QEMU implications.

Titus

Re: [PATCH 6/7] target/ppc: Add missing helper_reset_fpstatus to VSX_MAX_MINC

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Víctor Colombo

Fixes: da499405aa ("target/ppc: Refactor VSX_MAX_MINC helper")
Signed-off-by: Víctor Colombo
Signed-off-by: Matheus Ferst
---
  target/ppc/fpu_helper.c | 2 ++
  1 file changed, 2 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 7/7] target/ppc: Add missing helper_reset_fpstatus to helper_XVCVSPBF16

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Víctor Colombo

Fixes: 3909ff1fac ("target/ppc: Implement xvcvbf16spn and xvcvspbf16 
instructions")
Signed-off-by: Víctor Colombo
Signed-off-by: Matheus Ferst
---
  target/ppc/fpu_helper.c | 2 ++
  1 file changed, 2 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 4/7] target/ppc: use andc in vrlqmi

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Matheus Ferst

Fixes: 7e5947df6e94 ("target/ppc: implement vrlqmi")
Signed-off-by: Matheus Ferst
---
  target/ppc/translate/vmx-impl.c.inc | 6 ++
  1 file changed, 2 insertions(+), 4 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 5/7] target/ppc: split XXGENPCV macros for readability

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Matheus Ferst

Fixes: b090f4f1e3c9 ("target/ppc: Implement xxgenpcv[bhwd]m instruction")
Signed-off-by: Matheus Ferst
---
  target/ppc/int_helper.c | 28 +---
  target/ppc/translate/vsx-impl.c.inc | 71 +++--
  2 files changed, 57 insertions(+), 42 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 3/7] target/ppc: use extract/extract2 to create vrlqnm mask

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Matheus Ferst

Fixes: 4e272668406b ("target/ppc: implement vrlqnm")
Signed-off-by: Matheus Ferst
---
  target/ppc/translate/vmx-impl.c.inc | 10 +++---
  1 file changed, 3 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 2/7] target/ppc: use ext32u and deposit in do_vx_vmulhw_i64

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: Matheus Ferst

Fixes: 29e9dfcf755e ("target/ppc: vmulh* instructions without helpers")
Signed-off-by: Matheus Ferst
---
  target/ppc/translate/vmx-impl.c.inc | 10 +++---
  1 file changed, 3 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 1/7] target/ppc: Fix vmul[eo]* instructions marked 2.07

2022-03-04 Thread Richard Henderson 

On 3/4/22 07:51, matheus.fe...@eldorado.org.br wrote:

From: "Lucas Mateus Castro (alqotel)"

Some ISA v2.03 Vector Multiply instructions marked to be ISA v2.07 only.
This patch fixes it.

Fixes: 80eca687c851 ("target/ppc: moved vector even and odd multiplication to 
decodetree")
Reported-by: Howard Spoelstra
Suggested-by: Fabiano Rosas
Signed-off-by: Lucas Mateus Castro (alqotel)
Signed-off-by: Matheus Ferst
---
  target/ppc/translate/vmx-impl.c.inc | 16 
  1 file changed, 8 insertions(+), 8 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PULL 00/11] QEMU changes for 2021-03-02

2022-03-04 Thread Richard Henderson 

On 3/4/22 09:15, Daniel P. Berrangé wrote:

Personally I favour turning it into a non-gating job as
I don't want to invest more of my own time debugging
non-bugs in it.


I would be in favor of removing it from CI entirely, so that we don't even waste cpu time 
on it by default.  Those that care can run it manually within their own build.



r~

Re: [PATCH v4 18/18] hw/arm/virt: Disable LPA2 for -machine virt-6.2

2022-03-04 Thread Richard Henderson 

On 3/4/22 12:14, Peter Maydell wrote:

Yes, that works.  I'll send an update.


Do check it with KVM as well, to check the "CPU doesn't actually
have that property" case...


Argh!  No, doesn't work.

Unexpected error in object_property_find_err() at ../src/qom/object.c:1299:
qemu-system-aarch64: can't apply global max-arm-cpu.lpa2=off: Property 'max-arm-cpu.lpa2' 
not found


I think staying with the v4 patch is best.  It matches quite a few other examples in 
hw/arm, and uses the existence of the property as part of the logic already.



r~

Re: [PATCH v3 3/5] target/nios2: Exteral Interrupt Controller (EIC)

2022-03-04 Thread Richard Henderson 

On 3/3/22 05:39, Amir Gonnen wrote:

@@ -55,6 +55,7 @@ static void nios2_cpu_reset(DeviceState *dev)

  memset(env->regs, 0, sizeof(uint32_t) * NUM_CORE_REGS);
  memset(env->shadow_regs, 0, sizeof(uint32_t) * NUM_REG_SETS * 
NUM_GP_REGS);
+env->regs[CR_STATUS] |= CR_STATUS_RSIE;


status is supposed to be reset to zero other than RSIE.


@@ -131,13 +144,26 @@ static bool nios2_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
  Nios2CPU *cpu = NIOS2_CPU(cs);
  CPUNios2State *env = >env;

-if ((interrupt_request & CPU_INTERRUPT_HARD) &&
-(env->regs[CR_STATUS] & CR_STATUS_PIE) &&
-(env->regs[CR_IPENDING] & env->regs[CR_IENABLE])) {
-cs->exception_index = EXCP_IRQ;
-nios2_cpu_do_interrupt(cs);
-return true;
+if (cpu->intc_present) {
+if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+(env->regs[CR_STATUS] & CR_STATUS_PIE) &&
+(env->regs[CR_IPENDING] & env->regs[CR_IENABLE])) {
+cs->exception_index = EXCP_IRQ;
+nios2_cpu_do_interrupt(cs);
+return true;
+}
+} else {
+/*
+ * IPENDING does not exist with external interrupt controller
+ * but we still use it to signal an external interrupt
+ */
+if (env->regs[CR_IPENDING] && nios2_take_eic_irq(cpu)) {


Why CR_IPENDING?  The ipending register isn't supposed to exist with the EIC.  Did you in 
fact mean interrupt_request & CPU_INTERRUPT_HARD, as set by nios2_cpu_set_irq?




-/*
- * These interrupt lines model the IIC (internal interrupt
- * controller). QEMU does not currently support the EIC
- * (external interrupt controller) -- if we did it would be
- * a separate device in hw/intc with a custom interface to
- * the CPU, and boards using it would not wire up these IRQ lines.
- */


You should note that this is still used for EIC, though only IRQ[0].

There's a fair amount of checking cpu->intc_present, then doing two completely different 
things.  I'm thinking that it might be best to split these into two separate functions, 
and then set up the pointers properly.


You could in fact replace intc_present with two separate cpu classes (which is where many 
of those pointers are registered).  That would be early enough for the cpu_init hook to 
*not* register 32 interrupt lines for the EIC, as per above.



r~

Re: [PATCH v4 18/18] hw/arm/virt: Disable LPA2 for -machine virt-6.2

2022-03-04 Thread Peter Maydell 
On Fri, 4 Mar 2022 at 19:52, Richard Henderson
 wrote:
>
> On 3/4/22 01:52, Peter Maydell wrote:
> > Is it not possible to implement this in the usual "change
> > property for older versioned machines" way of adding to
> > the hw_compat arrays?
> >
> > diff --git a/hw/core/machine.c b/hw/core/machine.c
> > index d856485cb4d..dac82a709ba 100644
> > --- a/hw/core/machine.c
> > +++ b/hw/core/machine.c
> > @@ -37,7 +37,9 @@
> >   #include "hw/virtio/virtio.h"
> >   #include "hw/virtio/virtio-pci.h"
> >
> > -GlobalProperty hw_compat_6_2[] = {};
> > +GlobalProperty hw_compat_6_2[] = {
> > +{ "arm-cpu-max", "lpa2", "false" },
> > +};
> >   const size_t hw_compat_6_2_len = G_N_ELEMENTS(hw_compat_6_2);
>
> Hmm, I didn't try that, just mirrored the other examples within hw/arm/virt.c.
> I guess the real type name would be TYPE_ARM_MAX_CPU, or "max-arm-cpu".
>
> ...
>
> Yes, that works.  I'll send an update.

Do check it with KVM as well, to check the "CPU doesn't actually
have that property" case...

-- PMM

Re: [PULL 00/45] virtio,pc,pci: features, cleanups, fixes

2022-03-04 Thread Peter Maydell 
On Fri, 4 Mar 2022 at 13:37, Michael S. Tsirkin  wrote:
>
> The following changes since commit 6629bf78aac7e53f83fd0bcbdbe322e2302dfd1f:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20220302' into staging (2022-03-03 
> 14:46:48 +)
>
> are available in the Git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to 74bc2c502da74191a34fb61b4c890061368269c8:
>
>   docs: vhost-user: add subsection for non-Linux platforms (2022-03-04 
> 08:30:53 -0500)
>
> 
> virtio,pc,pci: features, cleanups, fixes
>
> vhost-user enabled on non-linux systems
> beginning of nvme sriov support
> bigger tx queue for vdpa
> virtio iommu bypass
> pci tests for arm
>
> Fixes, cleanups all over the place
>
> Signed-off-by: Michael S. Tsirkin 
>
> 

This failed an assertion on ppc64:

>>> G_TEST_DBUS_DAEMON=/home/pm215/qemu/tests/dbus-vmstate-daemon.sh 
>>> QTEST_QEMU_BINARY=./qemu-system-aarch64 QTEST_QEMU_IMG=./qemu-img 
>>> QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon 
>>> MALLOC_PERTURB_=120 /home/pm215/qemu/build/all/tests/qtest/qos-test --tap -k
▶  71/716 /aarch64/xlnx-zcu102/generic-sdhci/sdhci/sdhci-tests/registers
 OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/AC97/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/e1000/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/e1000-82544gc/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/e1000-82545em/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82550/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82551/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82557a/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82557b/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82557c/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82558a/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82558b/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82559a/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82559b/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82559c/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82559er/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82562/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/i82801/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/ES1370/pci-device/pci-device-tests/nop
OK
▶  71/716 
/aarch64/virt/generic-pcihost/pci-bus-generic/pci-bus/megasas/pci-device/pci-device-tests/nop
OK
▶  71/716 ERROR:../../tests/qtest/libqos/pci.c:232:qpci_device_enable:
assertion failed (cmd & PCI_COMMAND_IO == PCI_COMMAND_IO): (0x
== 0x0001) ERROR



-- PMM

Re: [PATCH v2 8/8] softmmu: remove is_daemonized() method

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 06:56:20PM +, Daniel P. Berrangé wrote:
> There are no longer any users of this method, so it can be removed to
> prevent future accidental (mis)use.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  include/sysemu/os-posix.h | 2 --
>  include/sysemu/os-win32.h | 5 -
>  os-posix.c| 5 -
>  stubs/is-daemonized.c | 9 -
>  stubs/meson.build | 1 -
>  5 files changed, 22 deletions(-)
>  delete mode 100644 stubs/is-daemonized.c

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 7/8] softmmu: move parsing of -runas, -chroot and -daemonize code

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 06:56:19PM +, Daniel P. Berrangé wrote:
> With the future intent to try to move to a fully QAPI driven
> configuration system, we want to have any current command
> parsing well isolated from logic that applies the resulting
> configuration.
> 
> We also don't want os-posix.c to contain code that is specific
> to the system emulators, as this file is linked to other binaries
> too.
> 
> To satisfy these goals, we move parsing of the -runas, -chroot and
> -daemonize code out of the os-posix.c helper code, and pass the
> parsed data into APIs in os-posix.c.
> 
> As a side benefit the 'os_daemonize()' function now lives up to
> its name and will always daemonize, instead of using global state
> to decide to be a no-op sometimes.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  include/sysemu/os-posix.h |   4 +-
>  include/sysemu/os-win32.h |   1 -
>  os-posix.c| 148 +++---
>  os-win32.c|   9 ---
>  softmmu/vl.c  |  86 ++
>  5 files changed, 117 insertions(+), 131 deletions(-)

> @@ -2780,6 +2811,14 @@ void qemu_init(int argc, char **argv, char **envp)
>  MachineClass *machine_class;
>  bool userconfig = true;
>  FILE *vmstate_dump_file = NULL;
> +bool daemonize = false;

Given this declaration,...

> +#ifndef WIN32
> +struct passwd *pwd;
> +uid_t runas_uid = -1;
> +gid_t runas_gid = -1;
> +g_autofree char *runas_name = NULL;
> +const char *chroot_dir = NULL;
> +#endif /* !WIN32 */
>  
>  qemu_add_opts(_drive_opts);
>  qemu_add_drive_opts(_legacy_drive_opts);
> @@ -3661,15 +3700,34 @@ void qemu_init(int argc, char **argv, char **envp)
>  case QEMU_OPTION_nouserconfig:
>  /* Nothing to be parsed here. Especially, do not error out 
> below. */
>  break;
> -default:
> -if (os_parse_cmd_args(popt->index, optarg)) {
> -error_report("Option not supported in this build");
> +#ifndef WIN32
> +case QEMU_OPTION_runas:
> +pwd = getpwnam(optarg);
> +if (pwd) {
> +runas_uid = pwd->pw_uid;
> +runas_gid = pwd->pw_gid;
> +runas_name = g_strdup(pwd->pw_name);
> +} else if (!os_parse_runas_uid_gid(optarg,
> +   _uid,
> +   _gid)) {
> +error_report("User \"%s\" doesn't exist"
> + " (and is not :)",
> + optarg);
>  exit(1);
>  }
> -if (is_daemonized()) {
> -qemu_log_stdio_disable();
> -qemu_chr_stdio_disable();
> -}
> +break;
> +case QEMU_OPTION_chroot:
> +chroot_dir = optarg;
> +break;
> +case QEMU_OPTION_daemonize:
> +daemonize = 1;

...this should s/1/true/. With that tweak,

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 6/8] chardev: add API to block use of the stdio implementation

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 06:56:18PM +, Daniel P. Berrangé wrote:
> When daemonizing QEMU it is not possible to use the stdio chardev
> backend because the file descriptors are connected to /dev/null.
> Currently the chardev checks for this scenario directly, but to
> decouple it from the system emulator daemonizing code, we reverse
> the relationship. Now the system emulator calls a helper to
> explicitly disable use of the stdio backend.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  chardev/char-stdio.c | 12 ++--
>  include/chardev/char-stdio.h | 29 +
>  softmmu/vl.c |  2 ++
>  3 files changed, 41 insertions(+), 2 deletions(-)
>  create mode 100644 include/chardev/char-stdio.h
>

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 5/8] softmmu: refactor use of is_daemonized() method

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 06:56:17PM +, Daniel P. Berrangé wrote:
> Use of the is_daemonized() method is isolated to allow it to be
> more easily eliminated in a future change.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  softmmu/vl.c | 13 +++--
>  1 file changed, 7 insertions(+), 6 deletions(-)

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 4/8] util: remove use of is_daemonized flag from logging code

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 06:56:16PM +, Daniel P. Berrangé wrote:
> We want to decouple knowledge of daemonization from other code. What the
> logging code really wants to know is whether it can use stdio or not.
> Add an API to let the logging code be informed of this fact explicitly.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  include/qemu/log.h |  1 +
>  softmmu/vl.c   |  3 +++
>  util/log.c | 12 +---
>  3 files changed, 13 insertions(+), 3 deletions(-)
>

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v3 2/5] target/nios2: Shadow register set

2022-03-04 Thread Richard Henderson 

On 3/3/22 05:39, Amir Gonnen wrote:

Implement shadow register set and related instructions
rdprs, wrprs. Fix eret to update either status or sstatus
according to current register set.
eret also changes register set when needed.

Signed-off-by: Amir Gonnen 
---
  target/nios2/cpu.c   |  1 +
  target/nios2/cpu.h   | 48 +++---
  target/nios2/helper.h|  1 +
  target/nios2/op_helper.c | 18 +++
  target/nios2/translate.c | 64 
  5 files changed, 123 insertions(+), 9 deletions(-)

diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index 6975ae4bdb..026ee18b01 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -54,6 +54,7 @@ static void nios2_cpu_reset(DeviceState *dev)
  ncc->parent_reset(dev);

  memset(env->regs, 0, sizeof(uint32_t) * NUM_CORE_REGS);
+memset(env->shadow_regs, 0, sizeof(uint32_t) * NUM_REG_SETS * NUM_GP_REGS);


Zeroing registers is not part of processing 3.7.4 Reset Exception.
I'd be tempted to set all of the registers to 0xdeadbeef instead, to catch out incorrect 
code, especially wrt the shadowed r0.



-#define   CR_STATUS_CRS  (63 << 10)
-#define   CR_STATUS_PRS  (63 << 16)
+FIELD(CR_STATUS, CRS, 10, 6)
+FIELD(CR_STATUS, PRS, 16, 6)


This change needs to be done separately from introducing shadow registers.

Having read the specification more closely now, I think this implementation may be wrong. 
 In particular:


(1) r0 appears to be hardwired to 0 only in the normal register set (CRS = 0).  That's why 
software is directed to use wrprs to initialize r0 in each shadow register set to 0.


(2) Changes are needed to wrctl to protect the read-only bits of the control registers. 
In this case, especially status.NMI and status.CRS.


(3) The advice I gave you for rdprs/wrprs is wrong when CRS == PRS (you'd need to modify 
regs[n] not shadow_regs[prs][n]).


These 3 items need to be handled in separate patches.


+static inline void cpu_change_reg_set(CPUNios2State *env, uint32_t prev_set,
+  uint32_t new_set)
+{
+if (new_set == prev_set) {
+return;
+}
+memcpy(env->shadow_regs[prev_set], env->regs,
+   sizeof(uint32_t) * NUM_GP_REGS);
+memcpy(env->regs, env->shadow_regs[new_set],
+   sizeof(uint32_t) * NUM_GP_REGS);
+env->regs[CR_STATUS] =
+FIELD_DP32(env->regs[CR_STATUS], CR_STATUS, PRS, prev_set);
+env->regs[CR_STATUS] =
+FIELD_DP32(env->regs[CR_STATUS], CR_STATUS, CRS, new_set);
+}


Another possibility, that doesn't involve moving data around is to use a pointer to the 
CRS base, like sparc does for its register windows.  I'm not necessarily advocating this 
solution, merely pointing it out.



r~

Re: [PATCH v3 0/9] This patch series contains updates to PMBus in QEMU along with some PMBus device models for Renesas regulators. I have also added myself to MAINTAINERS as this code is in use daily,

2022-03-04 Thread Corey Minyard 
On Tue, Mar 01, 2022 at 05:50:44PM -0800, Titus Rwantare wrote:
> v2:
>   - split PMBus commit with updates into individual fixes
>   - renamed isl_pmbus[.ch] adding _vr for voltage regulators
> 
> v3:
>   - split uint refactor commit and removed commit renaming files
>   - rename rolled into preceding commits
>   - update commit description for uint refactoring change

This all looks good to me:

Acked-by: Corey Minyard 

Do you have a plan for getting this in to qemu?  Like through the ARM
tree?  I could take it into an I2C tree, but there's really not much
activity or work there.

-corey

> 
> Shengtan Mao (1):
>   hw/i2c: Added linear mode translation for pmbus devices
> 
> Titus Rwantare (8):
>   hw/i2c: pmbus: add registers
>   hw/i2c: pmbus: guard against out of range accesses
>   hw/i2c: pmbus: add PEC unsupported warning
>   hw/i2c: pmbus: refactor uint handling
>   hw/i2c: pmbus: update MAINTAINERS
>   hw/sensor: add Intersil ISL69260 device model
>   hw/sensor: add Renesas raa229004 PMBus device
>   hw/sensor: add Renesas raa228000 device
> 
>  MAINTAINERS  |  13 +
>  hw/arm/Kconfig   |   1 +
>  hw/i2c/pmbus_device.c| 106 ++-
>  hw/sensor/Kconfig|   5 +
>  hw/sensor/isl_pmbus_vr.c | 279 ++
>  hw/sensor/meson.build|   1 +
>  include/hw/i2c/pmbus_device.h|  23 +-
>  include/hw/sensor/isl_pmbus_vr.h |  52 
>  tests/qtest/isl_pmbus_vr-test.c  | 474 +++
>  tests/qtest/meson.build  |   1 +
>  10 files changed, 944 insertions(+), 11 deletions(-)
>  create mode 100644 hw/sensor/isl_pmbus_vr.c
>  create mode 100644 include/hw/sensor/isl_pmbus_vr.h
>  create mode 100644 tests/qtest/isl_pmbus_vr-test.c
> 
> -- 
> 2.35.1.616.g0bdcbb4464-goog
>

Re: [PULL 00/19] 9p queue 2022-03-04

2022-03-04 Thread Will Cohen 
On Fri, Mar 4, 2022 at 3:16 PM Christian Schoenebeck 
wrote:

> On Freitag, 4. März 2022 19:42:18 CET Peter Maydell wrote:
> > On Fri, 4 Mar 2022 at 12:32, Christian Schoenebeck
> >
> >  wrote:
> > > The following changes since commit
> 5959ef7d431ffd02db112209cf55e47b677256fd:
> > >   Merge remote-tracking branch
> > >   'remotes/alistair/tags/pull-riscv-to-apply-20220303' into staging
> > >   (2022-03-03 19:59:38 +)>
> > > are available in the Git repository at:
> > >   https://github.com/cschoenebeck/qemu.git tags/pull-9p-20220304
> > >
> > > for you to fetch changes up to
> 39edfe337c418995b2932a9a14a612fb0c329dc5:
> > >   fsdev/p9array.h: convert Doxygen -> kerneldoc format (2022-03-04
> > >   13:07:39 +0100)>
> > > 
> > > 9pfs: introduce macOS host support and cleanup
> > >
> > > * Add support for Darwin (a.k.a. macOS) hosts.
> > >
> > > * Code cleanup (move qemu_dirent_dup() from osdep -> 9p-util).
> > >
> > > * API doc cleanup (convert Doxygen -> kerneldoc format).
> >
> > This fails to build on my OSX box:
> >
> > In file included from ../../hw/9pfs/9p-util-darwin.c:12:
> > ../../hw/9pfs/9p-util.h:57:1: error: unused label 'again'
> > [-Werror,-Wunused-label]
> > again:
> > ^~
> >
> > because the use of the label is inside a #ifndef CONFIG_DARWIN
> > but the definition is not.
> >
> > thanks
> > -- PMM
>
> So basically it needs this change:
>
> diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
> index cfa7af43c5..97e681e167 100644
> --- a/hw/9pfs/9p-util.h
> +++ b/hw/9pfs/9p-util.h
> @@ -54,7 +54,9 @@ static inline int openat_file(int dirfd, const char
> *name,
> int flags,
>  {
>  int fd, serrno, ret;
>
> +#ifndef CONFIG_DARWIN
>  again:
> +#endif
>  fd = openat(dirfd, name, flags | O_NOFOLLOW | O_NOCTTY | O_NONBLOCK,
>  mode);
>  if (fd == -1) {
>
> Will, can you check why this did not fail there and whether there are
> probably
> more issues?
>
> If that's the only one, let me know, then I would fix this on my end and
> resend a PR ASAP. Thanks!


These were just warnings for me so I didn’t worry about them. Will check
where else it appears when building!


>
> Best regards,
> Christian Schoenebeck
>
>
>

Re: [PATCH v2 12/12] tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 07:36:10PM +, Daniel P. Berrangé wrote:
> This validates that connections to an NBD server running on a UNIX
> socket can use TLS with pre-shared keys (PSK).
> 
> Reviewed-by: Eric Blake 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  tests/qemu-iotests/233| 28 
>  tests/qemu-iotests/233.out| 17 +
>  tests/qemu-iotests/common.tls | 24 
>  3 files changed, 69 insertions(+)

Same as in 11, and just as in there,

Tested-by: Eric Blake 

Thanks; I'll be queueing this series through my NBD tree.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PULL 00/11] QEMU changes for 2021-03-02

2022-03-04 Thread Paolo Bonzini 

On 3/4/22 20:30, Daniel P. Berrangé wrote:

Interesting. I wonder whether that detection is specifically related
to the fuzzing, or whether it is something we would have seen merely
by building with 'asan' and running 'make check' as normal.

IIUC, the oss-fuzz job we run in GitLab CI is mostly just a sanity
check and the real fuzzing work takes place in Google's fuzz service.


If the intermittent leak is indeed a leak, it's not related to fuzzing 
and it would be found with with asan.


OTOH, if the intermittent leak is not a leak, it probably would be flaky 
even with just asan.


Paolo

[PATCH v2 5/5] oslib: drop qemu_gettimeofday()

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

No longer used after the previous patches.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Laurent Vivier 
Reviewed-by: Stefan Weil 
Reviewed-by: Richard Henderson 
---
 include/sysemu/os-posix.h |  3 ---
 include/sysemu/os-win32.h |  6 --
 util/oslib-win32.c| 20 
 3 files changed, 29 deletions(-)

diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h
index 2edf33658a44..c9b1d63fedda 100644
--- a/include/sysemu/os-posix.h
+++ b/include/sysemu/os-posix.h
@@ -52,9 +52,6 @@ int os_mlock(void);
 #define closesocket(s) close(s)
 #define ioctlsocket(s, r, v) ioctl(s, r, v)
 
-typedef struct timeval qemu_timeval;
-#define qemu_gettimeofday(tp) gettimeofday(tp, NULL)
-
 bool is_daemonized(void);
 
 /**
diff --git a/include/sysemu/os-win32.h b/include/sysemu/os-win32.h
index 43f569b5c216..4d4be826f48c 100644
--- a/include/sysemu/os-win32.h
+++ b/include/sysemu/os-win32.h
@@ -71,12 +71,6 @@ int getpagesize(void);
 # define EPROTONOSUPPORT EINVAL
 #endif
 
-typedef struct {
-long tv_sec;
-long tv_usec;
-} qemu_timeval;
-int qemu_gettimeofday(qemu_timeval *tp);
-
 static inline bool is_daemonized(void)
 {
 return false;
diff --git a/util/oslib-win32.c b/util/oslib-win32.c
index af559ef3398d..7faf59e9aaea 100644
--- a/util/oslib-win32.c
+++ b/util/oslib-win32.c
@@ -265,26 +265,6 @@ void qemu_set_cloexec(int fd)
 {
 }
 
-/* Offset between 1/1/1601 and 1/1/1970 in 100 nanosec units */
-#define _W32_FT_OFFSET (1164447360ULL)
-
-int qemu_gettimeofday(qemu_timeval *tp)
-{
-  union {
-unsigned long long ns100; /*time since 1 Jan 1601 in 100ns units */
-FILETIME ft;
-  }  _now;
-
-  if(tp) {
-  GetSystemTimeAsFileTime (&_now.ft);
-  tp->tv_usec=(long)((_now.ns100 / 10ULL) % 100ULL );
-  tp->tv_sec= (long)((_now.ns100 - _W32_FT_OFFSET) / 1000ULL);
-  }
-  /* Always return 0 as per Open Group Base Specifications Issue 6.
- Do not set errno on error.  */
-  return 0;
-}
-
 int qemu_get_thread_id(void)
 {
 return GetCurrentThreadId();
-- 
2.35.1.273.ge6ebfd0e8cbb

[PATCH v2 2/5] qtest: replace gettimeofday with GTimer

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

glib provides a convenience helper to measure elapsed time. It isn't
subject to wall-clock time changes.

Note that this changes the initial OPENED time, which used to print the
current time.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Laurent Vivier 
---
 softmmu/qtest.c | 39 ++-
 1 file changed, 10 insertions(+), 29 deletions(-)

diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 8b7cb6aa8e46..b2bbd17d 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -58,12 +58,12 @@ static FILE *qtest_log_fp;
 static QTest *qtest;
 static GString *inbuf;
 static int irq_levels[MAX_IRQ];
-static qemu_timeval start_time;
+static GTimer *timer;
 static bool qtest_opened;
 static void (*qtest_server_send)(void*, const char*);
 static void *qtest_server_send_opaque;
 
-#define FMT_timeval "%ld.%06ld"
+#define FMT_timeval "%.06f"
 
 /**
  * DOC: QTest Protocol
@@ -264,28 +264,13 @@ static int hex2nib(char ch)
 }
 }
 
-static void qtest_get_time(qemu_timeval *tv)
-{
-qemu_gettimeofday(tv);
-tv->tv_sec -= start_time.tv_sec;
-tv->tv_usec -= start_time.tv_usec;
-if (tv->tv_usec < 0) {
-tv->tv_usec += 100;
-tv->tv_sec -= 1;
-}
-}
-
 static void qtest_send_prefix(CharBackend *chr)
 {
-qemu_timeval tv;
-
 if (!qtest_log_fp || !qtest_opened) {
 return;
 }
 
-qtest_get_time();
-fprintf(qtest_log_fp, "[S +" FMT_timeval "] ",
-(long) tv.tv_sec, (long) tv.tv_usec);
+fprintf(qtest_log_fp, "[S +" FMT_timeval "] ", g_timer_elapsed(timer, 
NULL));
 }
 
 static void GCC_FMT_ATTR(1, 2) qtest_log_send(const char *fmt, ...)
@@ -386,12 +371,9 @@ static void qtest_process_command(CharBackend *chr, gchar 
**words)
 command = words[0];
 
 if (qtest_log_fp) {
-qemu_timeval tv;
 int i;
 
-qtest_get_time();
-fprintf(qtest_log_fp, "[R +" FMT_timeval "]",
-(long) tv.tv_sec, (long) tv.tv_usec);
+fprintf(qtest_log_fp, "[R +" FMT_timeval "]", g_timer_elapsed(timer, 
NULL));
 for (i = 0; words[i]; i++) {
 fprintf(qtest_log_fp, " %s", words[i]);
 }
@@ -846,21 +828,20 @@ static void qtest_event(void *opaque, QEMUChrEvent event)
 for (i = 0; i < ARRAY_SIZE(irq_levels); i++) {
 irq_levels[i] = 0;
 }
-qemu_gettimeofday(_time);
+
+g_clear_pointer(, g_timer_destroy);
+timer = g_timer_new();
 qtest_opened = true;
 if (qtest_log_fp) {
-fprintf(qtest_log_fp, "[I " FMT_timeval "] OPENED\n",
-(long) start_time.tv_sec, (long) start_time.tv_usec);
+fprintf(qtest_log_fp, "[I " FMT_timeval "] OPENED\n", 
g_timer_elapsed(timer, NULL));
 }
 break;
 case CHR_EVENT_CLOSED:
 qtest_opened = false;
 if (qtest_log_fp) {
-qemu_timeval tv;
-qtest_get_time();
-fprintf(qtest_log_fp, "[I +" FMT_timeval "] CLOSED\n",
-(long) tv.tv_sec, (long) tv.tv_usec);
+fprintf(qtest_log_fp, "[I +" FMT_timeval "] CLOSED\n", 
g_timer_elapsed(timer, NULL));
 }
+g_clear_pointer(, g_timer_destroy);
 break;
 default:
 break;
-- 
2.35.1.273.ge6ebfd0e8cbb

[PATCH v2 4/5] Replace qemu_gettimeofday() with g_get_real_time()

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

GLib g_get_real_time() is an alternative to gettimeofday() which allows
to simplify our code.

For semihosting, a few bits are lost on POSIX host, but this shouldn't
be a big concern.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Laurent Vivier 
---
 blockdev.c |  8 
 hw/rtc/m41t80.c|  6 +++---
 hw/virtio/virtio-balloon.c |  9 +
 qapi/qmp-event.c   | 12 +---
 qemu-img.c |  8 
 target/m68k/m68k-semi.c| 22 ++
 target/nios2/nios2-semi.c  | 23 ++-
 7 files changed, 37 insertions(+), 51 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 42e098b458b1..4b07dbfbdefc 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1235,7 +1235,7 @@ static void internal_snapshot_prepare(BlkActionState 
*common,
 BlockDriverState *bs;
 QEMUSnapshotInfo old_sn, *sn;
 bool ret;
-qemu_timeval tv;
+int64_t rt;
 BlockdevSnapshotInternal *internal;
 InternalSnapshotState *state;
 AioContext *aio_context;
@@ -1305,9 +1305,9 @@ static void internal_snapshot_prepare(BlkActionState 
*common,
 /* 3. take the snapshot */
 sn = >sn;
 pstrcpy(sn->name, sizeof(sn->name), name);
-qemu_gettimeofday();
-sn->date_sec = tv.tv_sec;
-sn->date_nsec = tv.tv_usec * 1000;
+rt = g_get_real_time();
+sn->date_sec = rt / G_USEC_PER_SEC;
+sn->date_nsec = (rt % G_USEC_PER_SEC) * 1000;
 sn->vm_clock_nsec = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 if (replay_mode != REPLAY_MODE_NONE) {
 sn->icount = replay_get_current_icount();
diff --git a/hw/rtc/m41t80.c b/hw/rtc/m41t80.c
index a00971a67e1c..e045c864bb44 100644
--- a/hw/rtc/m41t80.c
+++ b/hw/rtc/m41t80.c
@@ -47,7 +47,7 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
 {
 M41t80State *s = M41T80(i2c);
 struct tm now;
-qemu_timeval tv;
+int64_t rt;
 
 if (s->addr < 0) {
 s->addr = 0;
@@ -57,8 +57,8 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
 }
 switch (s->addr++) {
 case 0:
-qemu_gettimeofday();
-return to_bcd(tv.tv_usec / 1);
+rt = g_get_real_time();
+return to_bcd((rt % G_USEC_PER_SEC) / 1);
 case 1:
 return to_bcd(now.tm_sec);
 case 2:
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e6c1b0aa46fe..b1bada84cecc 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -452,7 +452,6 @@ static void virtio_balloon_receive_stats(VirtIODevice 
*vdev, VirtQueue *vq)
 VirtQueueElement *elem;
 VirtIOBalloonStat stat;
 size_t offset = 0;
-qemu_timeval tv;
 
 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
 if (!elem) {
@@ -484,13 +483,7 @@ static void virtio_balloon_receive_stats(VirtIODevice 
*vdev, VirtQueue *vq)
 s->stats[tag] = val;
 }
 s->stats_vq_offset = offset;
-
-if (qemu_gettimeofday() < 0) {
-warn_report("%s: failed to get time of day", __func__);
-goto out;
-}
-
-s->stats_last_update = tv.tv_sec;
+s->stats_last_update = g_get_real_time() / G_USEC_PER_SEC;
 
 out:
 if (balloon_stats_enabled(s)) {
diff --git a/qapi/qmp-event.c b/qapi/qmp-event.c
index 19d3cd003833..025716b3ec37 100644
--- a/qapi/qmp-event.c
+++ b/qapi/qmp-event.c
@@ -20,15 +20,13 @@
 
 static void timestamp_put(QDict *qdict)
 {
-int err;
 QDict *ts;
-qemu_timeval tv;
+int64_t rt = g_get_real_time();
 
-err = qemu_gettimeofday();
-/* Put -1 to indicate failure of getting host time */
-ts = qdict_from_jsonf_nofail("{ 'seconds': %lld, 'microseconds': %lld }",
- err < 0 ? -1LL : (long long)tv.tv_sec,
- err < 0 ? -1LL : (long long)tv.tv_usec);
+ts = qdict_from_jsonf_nofail("{ 'seconds': %" G_GINT64_FORMAT
+ ", 'microseconds': %" G_GINT64_FORMAT "}",
+ rt / G_USEC_PER_SEC,
+ rt % G_USEC_PER_SEC);
 qdict_put(qdict, "timestamp", ts);
 }
 
diff --git a/qemu-img.c b/qemu-img.c
index 6fe2466032f9..e26773909684 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3304,11 +3304,11 @@ static int img_snapshot(int argc, char **argv)
 char *filename, *snapshot_name = NULL;
 int c, ret = 0, bdrv_oflags;
 int action = 0;
-qemu_timeval tv;
 bool quiet = false;
 Error *err = NULL;
 bool image_opts = false;
 bool force_share = false;
+int64_t rt;
 
 bdrv_oflags = BDRV_O_RDWR;
 /* Parse commandline parameters */
@@ -3405,9 +3405,9 @@ static int img_snapshot(int argc, char **argv)
 memset(, 0, sizeof(sn));
 pstrcpy(sn.name, sizeof(sn.name), snapshot_name);
 
-qemu_gettimeofday();
-sn.date_sec = tv.tv_sec;
-sn.date_nsec = tv.tv_usec * 1000;
+rt = g_get_real_time();
+sn.date_sec = rt / G_USEC_PER_SEC;
+sn.date_nsec = (rt %

[PATCH v2 3/5] qga: replace qemu_gettimeofday() with g_get_real_time()

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

GLib g_get_real_time() is an alternative to gettimeofday() which allows
to simplify our code.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Laurent Vivier 
---
 qga/commands-posix.c | 14 --
 qga/commands-win32.c | 19 ---
 qga/commands.c   |  5 +
 3 files changed, 5 insertions(+), 33 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 75dbaab68ea9..1e7b4656edd1 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -136,20 +136,6 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, 
Error **errp)
 /* succeeded */
 }
 
-int64_t qmp_guest_get_time(Error **errp)
-{
-   int ret;
-   qemu_timeval tq;
-
-   ret = qemu_gettimeofday();
-   if (ret < 0) {
-   error_setg_errno(errp, errno, "Failed to get time");
-   return -1;
-   }
-
-   return tq.tv_sec * 10LL + tq.tv_usec * 1000;
-}
-
 void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp)
 {
 int ret;
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 4fbbad793f2e..ce0af5ba45fc 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -1751,25 +1751,6 @@ static int64_t filetime_to_ns(const FILETIME *tf)
 - W32_FT_OFFSET) * 100;
 }
 
-int64_t qmp_guest_get_time(Error **errp)
-{
-SYSTEMTIME ts = {0};
-FILETIME tf;
-
-GetSystemTime();
-if (ts.wYear < 1601 || ts.wYear > 30827) {
-error_setg(errp, "Failed to get time");
-return -1;
-}
-
-if (!SystemTimeToFileTime(, )) {
-error_setg(errp, "Failed to convert system time: %d", 
(int)GetLastError());
-return -1;
-}
-
-return filetime_to_ns();
-}
-
 void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp)
 {
 Error *local_err = NULL;
diff --git a/qga/commands.c b/qga/commands.c
index 80501e4a737c..653ba3061e24 100644
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -585,3 +585,8 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool 
has_count,
 
 return read_data;
 }
+
+int64_t qmp_guest_get_time(Error **errp)
+{
+return g_get_real_time() * 1000;
+}
-- 
2.35.1.273.ge6ebfd0e8cbb

[PATCH v2 1/5] m68k/nios2-semi: fix gettimeofday() result check

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

gettimeofday() returns 0 for success.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/m68k-semi.c   | 2 +-
 target/nios2/nios2-semi.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/m68k/m68k-semi.c b/target/m68k/m68k-semi.c
index 44ec7e4612c6..c5c164e096c8 100644
--- a/target/m68k/m68k-semi.c
+++ b/target/m68k/m68k-semi.c
@@ -381,7 +381,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
 qemu_timeval tv;
 struct gdb_timeval *p;
 result = qemu_gettimeofday();
-if (result != 0) {
+if (result == 0) {
 if (!(p = lock_user(VERIFY_WRITE,
 arg0, sizeof(struct gdb_timeval), 0))) {
 /* FIXME - check error code? */
diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
index fe5598bae4d7..5a7ad0c7108d 100644
--- a/target/nios2/nios2-semi.c
+++ b/target/nios2/nios2-semi.c
@@ -403,7 +403,7 @@ void do_nios2_semihosting(CPUNios2State *env)
 qemu_timeval tv;
 struct gdb_timeval *p;
 result = qemu_gettimeofday();
-if (result != 0) {
+if (result == 0) {
 p = lock_user(VERIFY_WRITE, arg0, sizeof(struct gdb_timeval),
   0);
 if (!p) {
-- 
2.35.1.273.ge6ebfd0e8cbb

[PATCH v2 0/5] Remove qemu_gettimeofday()

2022-03-04 Thread marcandre . lureau 
From: Marc-André Lureau 

Hi,

Here is a few patches to replace qemu_gettimeofday() helper with functions
provided by GLib.

v2:
- fix return of get-time in nanoseconds
- qga: replace with a common get-time function for qga posix/win32
- split qga patch
- add r-b tags, drop RFC

Marc-André Lureau (5):
  m68k/nios2-semi: fix gettimeofday() result check
  qtest: replace gettimeofday with GTimer
  qga: replace qemu_gettimeofday() with g_get_real_time()
  Replace qemu_gettimeofday() with g_get_real_time()
  oslib: drop qemu_gettimeofday()

 include/sysemu/os-posix.h  |  3 ---
 include/sysemu/os-win32.h  |  6 --
 blockdev.c |  8 
 hw/rtc/m41t80.c|  6 +++---
 hw/virtio/virtio-balloon.c |  9 +
 qapi/qmp-event.c   | 12 +---
 qemu-img.c |  8 
 qga/commands-posix.c   | 14 --
 qga/commands-win32.c   | 19 ---
 qga/commands.c |  5 +
 softmmu/qtest.c| 39 ++
 target/m68k/m68k-semi.c| 22 ++---
 target/nios2/nios2-semi.c  | 23 ++
 util/oslib-win32.c | 20 ---
 14 files changed, 52 insertions(+), 142 deletions(-)

-- 
2.35.1.273.ge6ebfd0e8cbb

Re: [PATCH 2/4] qtest: replace gettimeofday with GTimer

2022-03-04 Thread Marc-André Lureau 
Hi Richard

On Sat, Mar 5, 2022 at 12:50 AM Richard Henderson
 wrote:
>
> On 3/4/22 05:27, marcandre.lur...@redhat.com wrote:
> > +g_clear_pointer(, g_timer_destroy);
> > +timer = g_timer_new();
>
> Why not g_timer_{reset,start}, instead of destroying and recreating?

Well, that didn't seem much easier, as that opens the question where
to create/destroy. And we would potentially have a "running" timer at
creation time, which could be confusing.

(btw, just found that doc : "This function is useless; it's fine to
call g_timer_start() on an already-started timer to reset the start
time, so g_timer_reset() serves no purpose" ;)

thanks

Re: [PATCH v2 11/12] tests/qemu-iotests: validate NBD TLS with UNIX sockets

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 07:36:09PM +, Daniel P. Berrangé wrote:
> This validates that connections to an NBD server running on a UNIX
> socket can use TLS, and require a TLS hostname override to pass
> certificate validation.
> 
> Reviewed-by: Eric Blake 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  tests/qemu-iotests/233 | 24 
>  tests/qemu-iotests/233.out | 15 +++
>  2 files changed, 39 insertions(+)

Rebase fail; but thankfully your earlier patch for regen made it an
easy fix:

diff --git i/tests/qemu-iotests/233.out w/tests/qemu-iotests/233.out
index d79a9ed3467c..6e55be779946 100644
--- i/tests/qemu-iotests/233.out
+++ w/tests/qemu-iotests/233.out
@@ -78,6 +78,7 @@ file format: nbd
 virtual size: 64 MiB (67108864 bytes)
 disk size: unavailable
 exports available: 1
+ export: ''
   size:  67108864
   min block: 1

With that squashed in,

Tested-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v3 1/5] target/nios2: Check supervisor on eret

2022-03-04 Thread Richard Henderson 

On 3/3/22 05:39, Amir Gonnen wrote:

eret instruction is only allowed in supervisor mode.

Signed-off-by: Amir Gonnen
---
  target/nios2/translate.c | 2 ++
  1 file changed, 2 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 4/4] oslib: drop qemu_gettimeofday()

2022-03-04 Thread Richard Henderson 

On 3/4/22 05:27, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau 

No longer used after the previous patches.

Signed-off-by: Marc-André Lureau 
---
  include/sysemu/os-posix.h |  3 ---
  include/sysemu/os-win32.h |  6 --
  util/oslib-win32.c| 20 
  3 files changed, 29 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [PATCH 2/4] qtest: replace gettimeofday with GTimer

2022-03-04 Thread Richard Henderson 

On 3/4/22 05:27, marcandre.lur...@redhat.com wrote:

+g_clear_pointer(, g_timer_destroy);
+timer = g_timer_new();


Why not g_timer_{reset,start}, instead of destroying and recreating?


r~

Re: [PATCH 3/4] Replace qemu_gettimeofday() with g_get_real_time()

2022-03-04 Thread Marc-André Lureau 
Hi

On Sat, Mar 5, 2022 at 12:40 AM BALATON Zoltan  wrote:

> On Fri, 4 Mar 2022, marcandre.lur...@redhat.com wrote:
> > From: Marc-André Lureau 
> >
> > GLib g_get_real_time() is an alternative to gettimeofday().
> >
> > For semihosting, a few bits are lost on POSIX host, but this shouldn't
> > be a big concern.
> >
> > Signed-off-by: Marc-André Lureau 
> > ---
> > blockdev.c |  8 
> > hw/rtc/m41t80.c|  6 +++---
> > hw/virtio/virtio-balloon.c |  9 +
> > qapi/qmp-event.c   | 12 +---
> > qemu-img.c |  8 
> > qga/commands-posix.c   | 11 +--
> > target/m68k/m68k-semi.c| 22 ++
> > target/nios2/nios2-semi.c  | 24 +++-
> > 8 files changed, 39 insertions(+), 61 deletions(-)
> >
> > diff --git a/blockdev.c b/blockdev.c
> > index 42e098b458b1..4b07dbfbdefc 100644
> > --- a/blockdev.c
> > +++ b/blockdev.c
> > @@ -1235,7 +1235,7 @@ static void
> internal_snapshot_prepare(BlkActionState *common,
> > BlockDriverState *bs;
> > QEMUSnapshotInfo old_sn, *sn;
> > bool ret;
> > -qemu_timeval tv;
> > +int64_t rt;
> > BlockdevSnapshotInternal *internal;
> > InternalSnapshotState *state;
> > AioContext *aio_context;
> > @@ -1305,9 +1305,9 @@ static void
> internal_snapshot_prepare(BlkActionState *common,
> > /* 3. take the snapshot */
> > sn = >sn;
> > pstrcpy(sn->name, sizeof(sn->name), name);
> > -qemu_gettimeofday();
> > -sn->date_sec = tv.tv_sec;
> > -sn->date_nsec = tv.tv_usec * 1000;
> > +rt = g_get_real_time();
> > +sn->date_sec = rt / G_USEC_PER_SEC;
> > +sn->date_nsec = (rt % G_USEC_PER_SEC) * 1000;
> > sn->vm_clock_nsec = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
> > if (replay_mode != REPLAY_MODE_NONE) {
> > sn->icount = replay_get_current_icount();
> > diff --git a/hw/rtc/m41t80.c b/hw/rtc/m41t80.c
> > index a00971a67e1c..e045c864bb44 100644
> > --- a/hw/rtc/m41t80.c
> > +++ b/hw/rtc/m41t80.c
>
> This part
>
> Acked-by: BALATON Zoltan 
>
> but why don't you use g_get_current_time() instead which seems to be a
> more direct replacement for gettimeofday, then you don't have to do maths
> with G_USEC_PER_SEC.>
>
>
As per glib docs, "g_get_current_time has been deprecated since version
2.62 and should not be used in newly-written code. GTimeVal is not
year-2038-safe. Use g_get_real_time() instead."

thanks




> Regards.
> BALATON Zoltan
>
> > @@ -47,7 +47,7 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
> > {
> > M41t80State *s = M41T80(i2c);
> > struct tm now;
> > -qemu_timeval tv;
> > +int64_t rt;
> >
> > if (s->addr < 0) {
> > s->addr = 0;
> > @@ -57,8 +57,8 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
> > }
> > switch (s->addr++) {
> > case 0:
> > -qemu_gettimeofday();
> > -return to_bcd(tv.tv_usec / 1);
> > +rt = g_get_real_time();
> > +return to_bcd((rt % G_USEC_PER_SEC) / 1);
> > case 1:
> > return to_bcd(now.tm_sec);
> > case 2:
> > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> > index e6c1b0aa46fe..b1bada84cecc 100644
> > --- a/hw/virtio/virtio-balloon.c
> > +++ b/hw/virtio/virtio-balloon.c
> > @@ -452,7 +452,6 @@ static void
> virtio_balloon_receive_stats(VirtIODevice *vdev, VirtQueue *vq)
> > VirtQueueElement *elem;
> > VirtIOBalloonStat stat;
> > size_t offset = 0;
> > -qemu_timeval tv;
> >
> > elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
> > if (!elem) {
> > @@ -484,13 +483,7 @@ static void
> virtio_balloon_receive_stats(VirtIODevice *vdev, VirtQueue *vq)
> > s->stats[tag] = val;
> > }
> > s->stats_vq_offset = offset;
> > -
> > -if (qemu_gettimeofday() < 0) {
> > -warn_report("%s: failed to get time of day", __func__);
> > -goto out;
> > -}
> > -
> > -s->stats_last_update = tv.tv_sec;
> > +s->stats_last_update = g_get_real_time() / G_USEC_PER_SEC;
> >
> > out:
> > if (balloon_stats_enabled(s)) {
> > diff --git a/qapi/qmp-event.c b/qapi/qmp-event.c
> > index 19d3cd003833..025716b3ec37 100644
> > --- a/qapi/qmp-event.c
> > +++ b/qapi/qmp-event.c
> > @@ -20,15 +20,13 @@
> >
> > static void timestamp_put(QDict *qdict)
> > {
> > -int err;
> > QDict *ts;
> > -qemu_timeval tv;
> > +int64_t rt = g_get_real_time();
> >
> > -err = qemu_gettimeofday();
> > -/* Put -1 to indicate failure of getting host time */
> > -ts = qdict_from_jsonf_nofail("{ 'seconds': %lld, 'microseconds':
> %lld }",
> > - err < 0 ? -1LL : (long long)tv.tv_sec,
> > - err < 0 ? -1LL : (long
> long)tv.tv_usec);
> > +ts = qdict_from_jsonf_nofail("{ 'seconds': %" G_GINT64_FORMAT
> > + ", 'microseconds': %" G_GINT64_FORMAT
> "}",
> > + rt / G_USEC_PER_SEC,
> > +

Re: [PATCH 1/4] m68k/nios2-semi: fix gettimeofday() result check

2022-03-04 Thread Richard Henderson 

On 3/4/22 05:27, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau

gettimeofday() returns 0 for success.

Signed-off-by: Marc-André Lureau
---
  target/m68k/m68k-semi.c   | 2 +-
  target/nios2/nios2-semi.c | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 3/4] Replace qemu_gettimeofday() with g_get_real_time()

2022-03-04 Thread BALATON Zoltan 

On Fri, 4 Mar 2022, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau 

GLib g_get_real_time() is an alternative to gettimeofday().

For semihosting, a few bits are lost on POSIX host, but this shouldn't
be a big concern.

Signed-off-by: Marc-André Lureau 
---
blockdev.c |  8 
hw/rtc/m41t80.c|  6 +++---
hw/virtio/virtio-balloon.c |  9 +
qapi/qmp-event.c   | 12 +---
qemu-img.c |  8 
qga/commands-posix.c   | 11 +--
target/m68k/m68k-semi.c| 22 ++
target/nios2/nios2-semi.c  | 24 +++-
8 files changed, 39 insertions(+), 61 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 42e098b458b1..4b07dbfbdefc 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1235,7 +1235,7 @@ static void internal_snapshot_prepare(BlkActionState 
*common,
BlockDriverState *bs;
QEMUSnapshotInfo old_sn, *sn;
bool ret;
-qemu_timeval tv;
+int64_t rt;
BlockdevSnapshotInternal *internal;
InternalSnapshotState *state;
AioContext *aio_context;
@@ -1305,9 +1305,9 @@ static void internal_snapshot_prepare(BlkActionState 
*common,
/* 3. take the snapshot */
sn = >sn;
pstrcpy(sn->name, sizeof(sn->name), name);
-qemu_gettimeofday();
-sn->date_sec = tv.tv_sec;
-sn->date_nsec = tv.tv_usec * 1000;
+rt = g_get_real_time();
+sn->date_sec = rt / G_USEC_PER_SEC;
+sn->date_nsec = (rt % G_USEC_PER_SEC) * 1000;
sn->vm_clock_nsec = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
if (replay_mode != REPLAY_MODE_NONE) {
sn->icount = replay_get_current_icount();
diff --git a/hw/rtc/m41t80.c b/hw/rtc/m41t80.c
index a00971a67e1c..e045c864bb44 100644
--- a/hw/rtc/m41t80.c
+++ b/hw/rtc/m41t80.c


This part

Acked-by: BALATON Zoltan 

but why don't you use g_get_current_time() instead which seems to be a 
more direct replacement for gettimeofday, then you don't have to do maths 
with G_USEC_PER_SEC.


Regards.
BALATON Zoltan


@@ -47,7 +47,7 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
{
M41t80State *s = M41T80(i2c);
struct tm now;
-qemu_timeval tv;
+int64_t rt;

if (s->addr < 0) {
s->addr = 0;
@@ -57,8 +57,8 @@ static uint8_t m41t80_recv(I2CSlave *i2c)
}
switch (s->addr++) {
case 0:
-qemu_gettimeofday();
-return to_bcd(tv.tv_usec / 1);
+rt = g_get_real_time();
+return to_bcd((rt % G_USEC_PER_SEC) / 1);
case 1:
return to_bcd(now.tm_sec);
case 2:
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e6c1b0aa46fe..b1bada84cecc 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -452,7 +452,6 @@ static void virtio_balloon_receive_stats(VirtIODevice 
*vdev, VirtQueue *vq)
VirtQueueElement *elem;
VirtIOBalloonStat stat;
size_t offset = 0;
-qemu_timeval tv;

elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
if (!elem) {
@@ -484,13 +483,7 @@ static void virtio_balloon_receive_stats(VirtIODevice 
*vdev, VirtQueue *vq)
s->stats[tag] = val;
}
s->stats_vq_offset = offset;
-
-if (qemu_gettimeofday() < 0) {
-warn_report("%s: failed to get time of day", __func__);
-goto out;
-}
-
-s->stats_last_update = tv.tv_sec;
+s->stats_last_update = g_get_real_time() / G_USEC_PER_SEC;

out:
if (balloon_stats_enabled(s)) {
diff --git a/qapi/qmp-event.c b/qapi/qmp-event.c
index 19d3cd003833..025716b3ec37 100644
--- a/qapi/qmp-event.c
+++ b/qapi/qmp-event.c
@@ -20,15 +20,13 @@

static void timestamp_put(QDict *qdict)
{
-int err;
QDict *ts;
-qemu_timeval tv;
+int64_t rt = g_get_real_time();

-err = qemu_gettimeofday();
-/* Put -1 to indicate failure of getting host time */
-ts = qdict_from_jsonf_nofail("{ 'seconds': %lld, 'microseconds': %lld }",
- err < 0 ? -1LL : (long long)tv.tv_sec,
- err < 0 ? -1LL : (long long)tv.tv_usec);
+ts = qdict_from_jsonf_nofail("{ 'seconds': %" G_GINT64_FORMAT
+ ", 'microseconds': %" G_GINT64_FORMAT "}",
+ rt / G_USEC_PER_SEC,
+ rt % G_USEC_PER_SEC);
qdict_put(qdict, "timestamp", ts);
}

diff --git a/qemu-img.c b/qemu-img.c
index 6fe2466032f9..e26773909684 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3304,11 +3304,11 @@ static int img_snapshot(int argc, char **argv)
char *filename, *snapshot_name = NULL;
int c, ret = 0, bdrv_oflags;
int action = 0;
-qemu_timeval tv;
bool quiet = false;
Error *err = NULL;
bool image_opts = false;
bool force_share = false;
+int64_t rt;

bdrv_oflags = BDRV_O_RDWR;
/* Parse commandline parameters */
@@ -3405,9 +3405,9 @@ static int img_snapshot(int argc, char **argv)
memset(, 0, sizeof(sn));
pstrcpy(sn.name, sizeof(sn.name), snapshot_name);

-

Re: [PATCH v2 08/12] tests/qemu-iotests: introduce filter for qemu-nbd export list

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 07:36:06PM +, Daniel P. Berrangé wrote:
> Introduce a filter for the output of qemu-nbd export list so it can be
> reused in multiple tests.
> 
> The filter is a bit more permissive that what test 241 currently uses,
> as its allows printing of the export count, along with any possible
> error messages that might be emitted.
> 
> Reviewed-by: Eric Blake 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  tests/qemu-iotests/241   | 6 +++---
>  tests/qemu-iotests/241.out   | 6 ++
>  tests/qemu-iotests/common.filter | 5 +
>  3 files changed, 14 insertions(+), 3 deletions(-)

Tested-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 3/5] iotests: Remove explicit checks for qemu_img() == 0

2022-03-04 Thread Eric Blake 
On Fri, Mar 04, 2022 at 02:47:44PM -0500, John Snow wrote:
> qemu_img() returning zero ought to be the rule, not the
> exception. Remove all explicit checks against the condition in
> preparation for making non-zero returns an Exception.
> 
> Signed-off-by: John Snow 
> ---

> +++ b/tests/qemu-iotests/310

> @@ -105,8 +105,8 @@ with iotests.FilePath('base.img') as base_img_path, \
>  log('')
>  
>  # Detach backing to check that we can read the data from the top level 
> now
> -assert qemu_img('rebase', '-u', '-b', '', '-f', iotests.imgfmt,
> -top_img_path) == 0
> +qemu_img('rebase', '-u', '-b', '', '-f', iotests.imgfmt,
> + top_img_path)

You collapsed other wrapped lines into one where they fit, why not
this one?  But it's not essential.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 6/9] util: Share qemu_try_memalign() implementation between POSIX and Windows

2022-03-04 Thread Richard Henderson 

On 3/4/22 01:21, Peter Maydell wrote:

+ * platform APIs (for instance _alligned_malloc() will


Typo there with the 'll'.


r~

Re: [PATCH v2 4/9] util: Return valid allocation for qemu_try_memalign() with zero size

2022-03-04 Thread Richard Henderson 

On 3/4/22 01:21, Peter Maydell wrote:

Currently qemu_try_memalign()'s behaviour if asked to allocate
0 bytes is rather variable:
  * on Windows, we will assert
  * on POSIX platforms, we get the underlying behaviour of
the posix_memalign() or equivalent function, which may be
either "return a valid non-NULL pointer" or "return NULL"

Explictly check for 0 byte allocations, so we get consistent
behaviour across platforms.  We handle them by incrementing the size
so that we return a valid non-NULL pointer that can later be passed
to qemu_vfree().  This is permitted behaviour for the
posix_memalign() API and is the most usual way that underlying
malloc() etc implementations handle a zero-sized allocation request,
because it won't trip up calling code that assumes NULL means an
error.  (This includes our own qemu_memalign(), which will abort on
NULL.)

This change is a preparation for sharing the qemu_try_memalign() code
between Windows and POSIX.

Signed-off-by: Peter Maydell
---
  util/oslib-posix.c | 3 +++
  util/oslib-win32.c | 4 +++-
  2 files changed, 6 insertions(+), 1 deletion(-)


Reviewed-by: Richard Henderson 

r~

Re: [PULL 00/19] 9p queue 2022-03-04

2022-03-04 Thread Christian Schoenebeck 
On Freitag, 4. März 2022 19:42:18 CET Peter Maydell wrote:
> On Fri, 4 Mar 2022 at 12:32, Christian Schoenebeck
> 
>  wrote:
> > The following changes since commit 
5959ef7d431ffd02db112209cf55e47b677256fd:
> >   Merge remote-tracking branch
> >   'remotes/alistair/tags/pull-riscv-to-apply-20220303' into staging
> >   (2022-03-03 19:59:38 +)> 
> > are available in the Git repository at:
> >   https://github.com/cschoenebeck/qemu.git tags/pull-9p-20220304
> > 
> > for you to fetch changes up to 39edfe337c418995b2932a9a14a612fb0c329dc5:
> >   fsdev/p9array.h: convert Doxygen -> kerneldoc format (2022-03-04
> >   13:07:39 +0100)> 
> > 
> > 9pfs: introduce macOS host support and cleanup
> > 
> > * Add support for Darwin (a.k.a. macOS) hosts.
> > 
> > * Code cleanup (move qemu_dirent_dup() from osdep -> 9p-util).
> > 
> > * API doc cleanup (convert Doxygen -> kerneldoc format).
> 
> This fails to build on my OSX box:
> 
> In file included from ../../hw/9pfs/9p-util-darwin.c:12:
> ../../hw/9pfs/9p-util.h:57:1: error: unused label 'again'
> [-Werror,-Wunused-label]
> again:
> ^~
> 
> because the use of the label is inside a #ifndef CONFIG_DARWIN
> but the definition is not.
> 
> thanks
> -- PMM

So basically it needs this change:

diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index cfa7af43c5..97e681e167 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -54,7 +54,9 @@ static inline int openat_file(int dirfd, const char *name, 
int flags,
 {
 int fd, serrno, ret;
 
+#ifndef CONFIG_DARWIN
 again:
+#endif
 fd = openat(dirfd, name, flags | O_NOFOLLOW | O_NOCTTY | O_NONBLOCK,
 mode);
 if (fd == -1) {

Will, can you check why this did not fail there and whether there are probably 
more issues?

If that's the only one, let me know, then I would fix this on my end and 
resend a PR ASAP. Thanks!

Best regards,
Christian Schoenebeck

[PATCH v3] i386/sev: Ensure attestation report length is valid before retrieving

2022-03-04 Thread Tyler Fanelli 
The length of the attestation report buffer is never checked to be
valid before allocation is made. If the length of the report is returned
to be 0, the buffer to retrieve the attestation buffer is allocated with
length 0 and passed to the kernel to fill with contents of the attestation
report. Leaving this unchecked is dangerous and could lead to undefined
behavior.

Signed-off-by: Tyler Fanelli 
---
 target/i386/sev.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 025ff7a6f8..e82be3e350 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -616,6 +616,8 @@ static SevAttestationReport 
*sev_get_attestation_report(const char *mnonce,
 return NULL;
 }
 
+input.len = 0;
+
 /* Query the report length */
 ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
 , );
@@ -626,6 +628,11 @@ static SevAttestationReport 
*sev_get_attestation_report(const char *mnonce,
ret, err, fw_error_to_str(err));
 return NULL;
 }
+} else if (input.len == 0) {
+error_setg(errp, "SEV: Failed to query attestation report:"
+ " length returned=%u",
+   input.len);
+return NULL;
 }
 
 data = g_malloc(input.len);
-- 
2.31.1

[PATCH v5 1/2] target/arm: Provide cpu property for controling FEAT_LPA2

2022-03-04 Thread Richard Henderson 
There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG, allow
the feature to be disabled from -cpu max.

Since this kernel bug is present in the Fedora 31 image that
we test in avocado, disable lpa2 on the command-line.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h|  5 -
 target/arm/cpu.c|  6 ++
 target/arm/cpu64.c  | 24 
 tests/avocado/boot_linux.py |  2 ++
 4 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 24d9fff170..4aa70ceca1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -204,10 +204,12 @@ typedef struct {
 # define ARM_MAX_VQ16
 void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp);
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp);
+void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp);
 #else
 # define ARM_MAX_VQ1
 static inline void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) { }
 static inline void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) { }
+static inline void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp) { }
 #endif
 
 typedef struct ARMVectorReg {
@@ -975,10 +977,11 @@ struct ARMCPU {
 
 /*
  * Intermediate values used during property parsing.
- * Once finalized, the values should be read from ID_AA64ISAR1.
+ * Once finalized, the values should be read from ID_AA64*.
  */
 bool prop_pauth;
 bool prop_pauth_impdef;
+bool prop_lpa2;
 
 /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
 uint32_t dcz_blocksize;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 7091684a16..185d4e774d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1392,6 +1392,12 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp)
 error_propagate(errp, local_err);
 return;
 }
+
+arm_cpu_lpa2_finalize(cpu, _err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
 }
 
 if (kvm_enabled()) {
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 2fdc16bf18..eb44c05822 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -688,6 +688,29 @@ void aarch64_add_pauth_properties(Object *obj)
 }
 }
 
+static Property arm_cpu_lpa2_property =
+DEFINE_PROP_BOOL("lpa2", ARMCPU, prop_lpa2, true);
+
+void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp)
+{
+uint64_t t;
+
+/*
+ * We only install the property for tcg -cpu max; this is the
+ * only situation in which the cpu field can be true.
+ */
+if (!cpu->prop_lpa2) {
+return;
+}
+
+t = cpu->isar.id_aa64mmfr0;
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 2);   /* 16k pages w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4, 1);/*  4k pages w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 3); /* 16k stage2 w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 3);  /*  4k stage2 w/ LPA2 */
+cpu->isar.id_aa64mmfr0 = t;
+}
+
 static void aarch64_host_initfn(Object *obj)
 {
 #if defined(CONFIG_KVM)
@@ -897,6 +920,7 @@ static void aarch64_max_initfn(Object *obj)
 aarch64_add_sve_properties(obj);
 object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_vq,
 cpu_max_set_sve_max_vq, NULL, NULL);
+qdev_property_add_static(DEVICE(obj), _cpu_lpa2_property);
 }
 
 static void aarch64_a64fx_initfn(Object *obj)
diff --git a/tests/avocado/boot_linux.py b/tests/avocado/boot_linux.py
index ab19146d1e..ee584d2fdf 100644
--- a/tests/avocado/boot_linux.py
+++ b/tests/avocado/boot_linux.py
@@ -79,6 +79,7 @@ def test_virt_tcg_gicv2(self):
 """
 self.require_accelerator("tcg")
 self.vm.add_args("-accel", "tcg")
+self.vm.add_args("-cpu", "max,lpa2=off")
 self.vm.add_args("-machine", "virt,gic-version=2")
 self.add_common_args()
 self.launch_and_wait(set_up_ssh_connection=False)
@@ -91,6 +92,7 @@ def test_virt_tcg_gicv3(self):
 """
 self.require_accelerator("tcg")
 self.vm.add_args("-accel", "tcg")
+self.vm.add_args("-cpu", "max,lpa2=off")
 self.vm.add_args("-machine", "virt,gic-version=3")
 self.add_common_args()
 self.launch_and_wait(set_up_ssh_connection=False)
-- 
2.25.1

Re: [PATCH v4 18/18] hw/arm/virt: Disable LPA2 for -machine virt-6.2

2022-03-04 Thread Richard Henderson 

On 3/4/22 01:52, Peter Maydell wrote:

Is it not possible to implement this in the usual "change
property for older versioned machines" way of adding to
the hw_compat arrays?

diff --git a/hw/core/machine.c b/hw/core/machine.c
index d856485cb4d..dac82a709ba 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -37,7 +37,9 @@
  #include "hw/virtio/virtio.h"
  #include "hw/virtio/virtio-pci.h"

-GlobalProperty hw_compat_6_2[] = {};
+GlobalProperty hw_compat_6_2[] = {
+{ "arm-cpu-max", "lpa2", "false" },
+};
  const size_t hw_compat_6_2_len = G_N_ELEMENTS(hw_compat_6_2);


Hmm, I didn't try that, just mirrored the other examples within hw/arm/virt.c.
I guess the real type name would be TYPE_ARM_MAX_CPU, or "max-arm-cpu".

...

Yes, that works.  I'll send an update.


r~

[PATCH v5 2/2] hw/core: Disable LPA2 for -machine virt-6.2

2022-03-04 Thread Richard Henderson 
There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG,
disable this feature for machine versions prior to 7.0.

Signed-off-by: Richard Henderson 
---
 hw/core/machine.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index d856485cb4..f3c410fe58 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -37,7 +37,9 @@
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-pci.h"
 
-GlobalProperty hw_compat_6_2[] = {};
+GlobalProperty hw_compat_6_2[] = {
+{ "max-arm-cpu", "lpa2", "off" },
+};
 const size_t hw_compat_6_2_len = G_N_ELEMENTS(hw_compat_6_2);
 
 GlobalProperty hw_compat_6_1[] = {
-- 
2.25.1

[PATCH v2 4/5] iotests: make qemu_img raise on non-zero rc by default

2022-03-04 Thread John Snow 
re-write qemu_img() as a function that will by default raise a
VerboseProcessException (extended from CalledProcessException) on
non-zero return codes. This will produce a stack trace that will show
the command line arguments and return code from the failed process run.

Users that want something more flexible (there appears to be only one)
can use check=False and manage the return themselves. However, when the
return code is negative, the Exception will be raised no matter what.
This is done under the belief that there's no legitimate reason, even in
negative tests, to see a crash from qemu-img.

Signed-off-by: John Snow 
Reviewed-by: Eric Blake 
---
 tests/qemu-iotests/257|  8 +++--
 tests/qemu-iotests/iotests.py | 56 ++-
 2 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/tests/qemu-iotests/257 b/tests/qemu-iotests/257
index fb5359c581..e7e7a2317e 100755
--- a/tests/qemu-iotests/257
+++ b/tests/qemu-iotests/257
@@ -241,11 +241,13 @@ def compare_images(image, reference, baseimg=None, 
expected_match=True):
 expected_ret = 0 if expected_match else 1
 if baseimg:
 qemu_img("rebase", "-u", "-b", baseimg, '-F', iotests.imgfmt, image)
-ret = qemu_img("compare", image, reference)
+
+sub = qemu_img("compare", image, reference, check=False)
+
 log('qemu_img compare "{:s}" "{:s}" ==> {:s}, {:s}'.format(
 image, reference,
-"Identical" if ret == 0 else "Mismatch",
-"OK!" if ret == expected_ret else "ERROR!"),
+"Identical" if sub.returncode == 0 else "Mismatch",
+"OK!" if sub.returncode == expected_ret else "ERROR!"),
 filters=[iotests.filter_testfiles])
 
 def test_bitmap_sync(bsync_mode, msync_mode='bitmap', failure=None):
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 6027780180..f97eeb5f91 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -37,9 +37,10 @@
 
 from contextlib import contextmanager
 
+from qemu.aqmp.legacy import QEMUMonitorProtocol
 from qemu.machine import qtest
 from qemu.qmp import QMPMessage
-from qemu.aqmp.legacy import QEMUMonitorProtocol
+from qemu.utils import VerboseProcessError
 
 # Use this logger for logging messages directly from the iotests module
 logger = logging.getLogger('qemu.iotests')
@@ -216,9 +217,49 @@ def qemu_img_pipe_and_status(*args: str) -> Tuple[str, 
int]:
 return qemu_tool_pipe_and_status('qemu-img', full_args,
  drop_successful_output=is_create)
 
-def qemu_img(*args: str) -> int:
-'''Run qemu-img and return the exit code'''
-return qemu_img_pipe_and_status(*args)[1]
+def qemu_img(*args: str, check: bool = True, combine_stdio: bool = True
+ ) -> subprocess.CompletedProcess[str]:
+"""
+Run qemu_img and return the status code and console output.
+
+This function always prepends QEMU_IMG_OPTIONS and may further alter
+the args for 'create' commands.
+
+:param args: command-line arguments to qemu-img.
+:param check: Enforce a return code of zero.
+:param combine_stdio: set to False to keep stdout/stderr separated.
+
+:raise VerboseProcessError:
+When the return code is negative, or on any non-zero exit code
+when 'check=True' was provided (the default). This exception has
+'stdout', 'stderr', and 'returncode' properties that may be
+inspected to show greater detail. If this exception is not
+handled, the command-line, return code, and all console output
+will be included at the bottom of the stack trace.
+
+:return: a CompletedProcess. This object has args, returncode, and
+stdout properties. If streams are not combined, it will also
+have a stderr property.
+"""
+full_args = qemu_img_args + qemu_img_create_prepare_args(list(args))
+
+subp = subprocess.run(
+full_args,
+stdout=subprocess.PIPE,
+stderr=subprocess.STDOUT if combine_stdio else subprocess.PIPE,
+universal_newlines=True,
+check=False
+)
+
+if check and subp.returncode or (subp.returncode < 0):
+raise VerboseProcessError(
+subp.returncode, full_args,
+output=subp.stdout,
+stderr=subp.stderr,
+)
+
+return subp
+
 
 def ordered_qmp(qmsg, conv_keys=True):
 # Dictionaries are not ordered prior to 3.6, therefore:
@@ -233,7 +274,7 @@ def ordered_qmp(qmsg, conv_keys=True):
 return od
 return qmsg
 
-def qemu_img_create(*args):
+def qemu_img_create(*args: str) -> subprocess.CompletedProcess[str]:
 return qemu_img('create', *args)
 
 def qemu_img_measure(*args):
@@ -465,8 +506,9 @@ def qemu_nbd_popen(*args):
 
 def compare_images(img1, img2, fmt1=imgfmt, fmt2=imgfmt):
 '''Return True if two image files are identical'''
-return qemu_img('compare', '-f', fmt1,
-'-F', fmt2, img1, img2) == 0
+res =

[PATCH v5 0/2] target/arm: Enable LPA2

2022-03-04 Thread Richard Henderson 
Changes for v5:
  * Most of the patch set has been merged.
  * Use hw_compat_6_2 for disabling lpa2.


r~


Richard Henderson (2):
  target/arm: Provide cpu property for controling FEAT_LPA2
  hw/core: Disable LPA2 for -machine virt-6.2

 target/arm/cpu.h|  5 -
 hw/core/machine.c   |  4 +++-
 target/arm/cpu.c|  6 ++
 target/arm/cpu64.c  | 24 
 tests/avocado/boot_linux.py |  2 ++
 5 files changed, 39 insertions(+), 2 deletions(-)

-- 
2.25.1

Re: [PATCH] hw/block: m25p80: Add support for w25q01jvq

2022-03-04 Thread Michael Walle 

Am 2022-03-04 20:30, schrieb Philippe Mathieu-Daudé:

On 4/3/22 19:09, Patrick Williams wrote:
The w25q01jvq is a 128MB part.  Support is being added to the 
kernel[1]

and the two have been tested together.

1. 
https://lore.kernel.org/lkml/2022022209.23108-1-potin@quantatw.com/


Signed-off-by: Patrick Williams 
Cc: Potin Lai 
---
  hw/block/m25p80.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index c6bf3c6bfa..7d3d8b12e0 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -340,6 +340,7 @@ static const FlashPartInfo known_devices[] = {
  { INFO("w25q80bl",0xef4014,  0,  64 << 10,  16, ER_4K) 
},
  { INFO("w25q256", 0xef4019,  0,  64 << 10, 512, ER_4K) 
},
  { INFO("w25q512jv",   0xef4020,  0,  64 << 10, 1024, ER_4K) 
},
+{ INFO("w25q01jvq",   0xef4021,  0,  64 << 10, 2048, ER_4K) 
},

  };
typedef enum {


Reviewed-by: Philippe Mathieu-Daudé 


FWIW, the linux spi nor subsystem will rely more and more on the SFDP
for newer flashes. I had a quick look at qemu's source and command
RDSFDP (0x5a) isn't emulated. Might be worth implementing ;)

-michael

[PATCH v2 3/5] iotests: Remove explicit checks for qemu_img() == 0

2022-03-04 Thread John Snow 
qemu_img() returning zero ought to be the rule, not the
exception. Remove all explicit checks against the condition in
preparation for making non-zero returns an Exception.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/163 |  9 +++--
 tests/qemu-iotests/216 |  6 +++---
 tests/qemu-iotests/218 |  2 +-
 tests/qemu-iotests/224 | 11 +--
 tests/qemu-iotests/228 | 12 ++--
 tests/qemu-iotests/257 |  3 +--
 tests/qemu-iotests/258 |  4 ++--
 tests/qemu-iotests/310 | 14 +++---
 tests/qemu-iotests/tests/block-status-cache|  3 +--
 tests/qemu-iotests/tests/graph-changes-while-io|  7 +++
 tests/qemu-iotests/tests/image-fleecing|  4 ++--
 tests/qemu-iotests/tests/mirror-ready-cancel-error |  6 ++
 tests/qemu-iotests/tests/mirror-top-perms  |  3 +--
 .../qemu-iotests/tests/remove-bitmap-from-backing  |  8 
 tests/qemu-iotests/tests/stream-error-on-reset |  4 ++--
 15 files changed, 43 insertions(+), 53 deletions(-)

diff --git a/tests/qemu-iotests/163 b/tests/qemu-iotests/163
index b8bfc95358..e4cd4b230f 100755
--- a/tests/qemu-iotests/163
+++ b/tests/qemu-iotests/163
@@ -107,8 +107,7 @@ class ShrinkBaseClass(iotests.QMPTestCase):
 
 if iotests.imgfmt == 'raw':
 return
-self.assertEqual(qemu_img('check', test_img), 0,
- "Verifying image corruption")
+qemu_img('check', test_img)
 
 def test_empty_image(self):
 qemu_img('resize',  '-f', iotests.imgfmt, '--shrink', test_img,
@@ -130,8 +129,7 @@ class ShrinkBaseClass(iotests.QMPTestCase):
 qemu_img('resize',  '-f', iotests.imgfmt, '--shrink', test_img,
  self.shrink_size)
 
-self.assertEqual(qemu_img("compare", test_img, check_img), 0,
- "Verifying image content")
+qemu_img("compare", test_img, check_img)
 
 self.image_verify()
 
@@ -146,8 +144,7 @@ class ShrinkBaseClass(iotests.QMPTestCase):
 qemu_img('resize',  '-f', iotests.imgfmt, '--shrink', test_img,
  self.shrink_size)
 
-self.assertEqual(qemu_img("compare", test_img, check_img), 0,
- "Verifying image content")
+qemu_img("compare", test_img, check_img)
 
 self.image_verify()
 
diff --git a/tests/qemu-iotests/216 b/tests/qemu-iotests/216
index c02f8d2880..88b385afa3 100755
--- a/tests/qemu-iotests/216
+++ b/tests/qemu-iotests/216
@@ -51,10 +51,10 @@ with iotests.FilePath('base.img') as base_img_path, \
 log('--- Setting up images ---')
 log('')
 
-assert qemu_img('create', '-f', iotests.imgfmt, base_img_path, '64M') == 0
+qemu_img('create', '-f', iotests.imgfmt, base_img_path, '64M')
 assert qemu_io_silent(base_img_path, '-c', 'write -P 1 0M 1M') == 0
-assert qemu_img('create', '-f', iotests.imgfmt, '-b', base_img_path,
-'-F', iotests.imgfmt, top_img_path) == 0
+qemu_img('create', '-f', iotests.imgfmt, '-b', base_img_path,
+ '-F', iotests.imgfmt, top_img_path)
 assert qemu_io_silent(top_img_path,  '-c', 'write -P 2 1M 1M') == 0
 
 log('Done')
diff --git a/tests/qemu-iotests/218 b/tests/qemu-iotests/218
index 4922b4d3b6..853ed52b34 100755
--- a/tests/qemu-iotests/218
+++ b/tests/qemu-iotests/218
@@ -145,7 +145,7 @@ log('')
 with iotests.VM() as vm, \
  iotests.FilePath('src.img') as src_img_path:
 
-assert qemu_img('create', '-f', iotests.imgfmt, src_img_path, '64M') == 0
+qemu_img('create', '-f', iotests.imgfmt, src_img_path, '64M')
 assert qemu_io_silent('-f', iotests.imgfmt, src_img_path,
   '-c', 'write -P 42 0M 64M') == 0
 
diff --git a/tests/qemu-iotests/224 b/tests/qemu-iotests/224
index 38dd153625..c31c55b49d 100755
--- a/tests/qemu-iotests/224
+++ b/tests/qemu-iotests/224
@@ -47,12 +47,11 @@ for filter_node_name in False, True:
  iotests.FilePath('top.img') as top_img_path, \
  iotests.VM() as vm:
 
-assert qemu_img('create', '-f', iotests.imgfmt,
-base_img_path, '64M') == 0
-assert qemu_img('create', '-f', iotests.imgfmt, '-b', base_img_path,
-'-F', iotests.imgfmt, mid_img_path) == 0
-assert qemu_img('create', '-f', iotests.imgfmt, '-b', mid_img_path,
-'-F', iotests.imgfmt, top_img_path) == 0
+qemu_img('create', '-f', iotests.imgfmt, base_img_path, '64M')
+qemu_img('create', '-f', iotests.imgfmt, '-b', base_img_path,
+ '-F', iotests.imgfmt, mid_img_path)
+qemu_img('create', '-f', iotests.imgfmt, '-b', mid_img_path,
+ '-F', iotests.imgfmt, top_img_path)
 
 # Something to commit
 assert

[PATCH v2 0/5] iotests: add enhanced debugging info to qemu-img failures

2022-03-04 Thread John Snow 
V2:
 - Rebase on top of kwolf's latest PR.
 - Adjust tests/graph-changes-while-io in patch 3/5
 - Drop eblake's r-b on 3/5.

This is secretly V4ish of a series I started in response to Thomas
Huth's encountering a failure in qemu-img because of missing zstd
support. This series changes the qemu_img() function in iotests.py to
one that raises an Exception on non-zero return code by default.

Alongside this, the Exception object itself is also augmented so that it
prints the stdout/stderr logs to screen if the exception goes unhandled
so that failure cases are very obvious and easy to spot in the middle of
python tracebacks.

(Test this out yourself: Disable zstd support and then run qcow2 iotest
065 before and after this patchset. It makes a real difference!)

NOTE: I have another 13-ish patches that go the rest of the way and
ensure that *every* call to qemu-img goes through this new qemu_img()
function, but for the sake of doing the most good in the shortest amount
of time, I am sending just the first 5 patches, and the rest will be
sent later. I think this is a very good series to get in before freeze
so that we have it during the heavy testing season.

John Snow (5):
  python/utils: add add_visual_margin() text decoration utility
  python/utils: add VerboseProcessError
  iotests: Remove explicit checks for qemu_img() == 0
  iotests: make qemu_img raise on non-zero rc by default
  iotests: fortify compare_images() against crashes

 python/qemu/utils/__init__.py | 114 ++
 tests/qemu-iotests/163|   9 +-
 tests/qemu-iotests/216|   6 +-
 tests/qemu-iotests/218|   2 +-
 tests/qemu-iotests/224|  11 +-
 tests/qemu-iotests/228|  12 +-
 tests/qemu-iotests/257|  11 +-
 tests/qemu-iotests/258|   4 +-
 tests/qemu-iotests/310|  14 +--
 tests/qemu-iotests/iotests.py |  71 +--
 tests/qemu-iotests/tests/block-status-cache   |   3 +-
 .../qemu-iotests/tests/graph-changes-while-io |   7 +-
 tests/qemu-iotests/tests/image-fleecing   |   4 +-
 .../tests/mirror-ready-cancel-error   |   6 +-
 tests/qemu-iotests/tests/mirror-top-perms |   3 +-
 .../tests/remove-bitmap-from-backing  |   8 +-
 .../qemu-iotests/tests/stream-error-on-reset  |   4 +-
 17 files changed, 224 insertions(+), 65 deletions(-)

-- 
2.34.1

[PATCH v2 2/5] python/utils: add VerboseProcessError

2022-03-04 Thread John Snow 
This adds an Exception that extends the Python stdlib
subprocess.CalledProcessError.

The difference is that the str() method of this exception also adds the
stdout/stderr logs. In effect, if this exception goes unhandled, Python
will print the output in a visually distinct wrapper to the terminal so
that it's easy to spot in a sea of traceback information.

Signed-off-by: John Snow 
Reviewed-by: Eric Blake 
---
 python/qemu/utils/__init__.py | 36 +++
 1 file changed, 36 insertions(+)

diff --git a/python/qemu/utils/__init__.py b/python/qemu/utils/__init__.py
index 5babf40df2..355ac550bc 100644
--- a/python/qemu/utils/__init__.py
+++ b/python/qemu/utils/__init__.py
@@ -18,6 +18,7 @@
 import os
 import re
 import shutil
+from subprocess import CalledProcessError
 import textwrap
 from typing import Optional
 
@@ -26,6 +27,7 @@
 
 
 __all__ = (
+'VerboseProcessError',
 'add_visual_margin',
 'get_info_usernet_hostfwd_port',
 'kvm_available',
@@ -121,3 +123,37 @@ def _wrap(line: str) -> str:
 os.linesep.join(_wrap(line) for line in content.splitlines()),
 _bar(None, top=False),
 ))
+
+
+class VerboseProcessError(CalledProcessError):
+"""
+The same as CalledProcessError, but more verbose.
+
+This is useful for debugging failed calls during test executions.
+The return code, signal (if any), and terminal output will be displayed
+on unhandled exceptions.
+"""
+def summary(self) -> str:
+"""Return the normal CalledProcessError str() output."""
+return super().__str__()
+
+def __str__(self) -> str:
+lmargin = '  '
+width = -len(lmargin)
+sections = []
+
+name = 'output' if self.stderr is None else 'stdout'
+if self.stdout:
+sections.append(add_visual_margin(self.stdout, width, name))
+else:
+sections.append(f"{name}: N/A")
+
+if self.stderr:
+sections.append(add_visual_margin(self.stderr, width, 'stderr'))
+elif self.stderr is not None:
+sections.append("stderr: N/A")
+
+return os.linesep.join((
+self.summary(),
+textwrap.indent(os.linesep.join(sections), prefix=lmargin),
+))
-- 
2.34.1

[PATCH v2 12/12] tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK

2022-03-04 Thread Daniel P . Berrangé 
This validates that connections to an NBD server running on a UNIX
socket can use TLS with pre-shared keys (PSK).

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/233| 28 
 tests/qemu-iotests/233.out| 17 +
 tests/qemu-iotests/common.tls | 24 
 3 files changed, 69 insertions(+)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 442fd1378c..55db5b3811 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -61,6 +61,8 @@ tls_x509_create_server "ca1" "server1"
 tls_x509_create_client "ca1" "client1"
 tls_x509_create_client "ca2" "client2"
 tls_x509_create_client "ca1" "client3"
+tls_psk_create_creds "psk1"
+tls_psk_create_creds "psk2"
 
 echo
 echo "== preparing image =="
@@ -191,6 +193,32 @@ $QEMU_IMG info --image-opts --object $obj1 \
 $QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \
 --tls-creds=tls0 --tls-hostname=127.0.0.1  2>&1 | _filter_qemu_nbd_exports
 
+
+echo
+echo "== check TLS works over UNIX with PSK =="
+nbd_server_stop
+
+nbd_server_start_unix_socket \
+--object 
tls-creds-psk,dir=${tls_dir}/psk1,endpoint=server,id=tls0,verify-peer=on \
+--tls-creds tls0 \
+-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
+
+obj1=tls-creds-psk,dir=${tls_dir}/psk1,username=psk1,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \
+--tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
+
+echo
+echo "== check TLS fails over UNIX with mismatch PSK =="
+obj1=tls-creds-psk,dir=${tls_dir}/psk2,username=psk2,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \
+--tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
+
 echo
 echo "== final server log =="
 cat "$TEST_DIR/server.log" | _filter_authz_check_tls
diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out
index d79a9ed346..3f160c687c 100644
--- a/tests/qemu-iotests/233.out
+++ b/tests/qemu-iotests/233.out
@@ -7,6 +7,8 @@ Generating a signed certificate...
 Generating a signed certificate...
 Generating a signed certificate...
 Generating a signed certificate...
+Generating a random key for user 'psk1'
+Generating a random key for user 'psk2'
 
 == preparing image ==
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
@@ -81,6 +83,19 @@ exports available: 1
   size:  67108864
   min block: 1
 
+== check TLS works over UNIX with PSK ==
+image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
+file format: nbd
+virtual size: 64 MiB (67108864 bytes)
+disk size: unavailable
+exports available: 1
+  size:  67108864
+  min block: 1
+
+== check TLS fails over UNIX with mismatch PSK ==
+qemu-img: Could not open 
'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': TLS handshake failed: 
The TLS connection was non-properly terminated.
+qemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated.
+
 == final server log ==
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
@@ -90,4 +105,6 @@ qemu-nbd: option negotiation failed: TLS x509 authz check 
for DISTINGUISHED-NAME
 qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
+qemu-nbd: option negotiation failed: TLS handshake failed: An illegal 
parameter has been received.
+qemu-nbd: option negotiation failed: TLS handshake failed: An illegal 
parameter has been received.
 *** done
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
index 4a5760949d..b9c5462986 100644
--- a/tests/qemu-iotests/common.tls
+++ b/tests/qemu-iotests/common.tls
@@ -24,6 +24,7 @@ tls_x509_cleanup()
 {
 rm -f "${tls_dir}"/*.pem
 rm -f "${tls_dir}"/*/*.pem
+rm -f "${tls_dir}"/*/*.psk
 rmdir "${tls_dir}"/*
 rmdir "${tls_dir}"
 }
@@ -40,6 +41,18 @@ tls_certtool()
 rm -f "${tls_dir}"/certtool.log
 }
 
+tls_psktool()
+{
+psktool "$@" 1>"${tls_dir}"/psktool.log 2>&1
+if test "$?" = 0; then
+  head -1 "${tls_dir}"/psktool.log
+else
+  cat "${tls_dir}"/psktool.log
+fi
+rm -f "${tls_dir}"/psktool.log
+}
+
+
 tls_x509_init()
 {
 (certtool --help) >/dev/null 2>&1 || \
@@ -176,3 +189,14 @@ EOF
 
 rm -f "${tls_dir}/cert.info"
 }
+
+tls_psk_create_creds()
+{
+name=$1
+
+mkdir -p

[PATCH v2 11/12] tests/qemu-iotests: validate NBD TLS with UNIX sockets

2022-03-04 Thread Daniel P . Berrangé 
This validates that connections to an NBD server running on a UNIX
socket can use TLS, and require a TLS hostname override to pass
certificate validation.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/233 | 24 
 tests/qemu-iotests/233.out | 15 +++
 2 files changed, 39 insertions(+)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index c24d877be8..442fd1378c 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -167,6 +167,30 @@ $QEMU_IMG info --image-opts \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
 2>&1 | _filter_nbd
 
+nbd_server_stop
+
+nbd_server_start_unix_socket \
+--object 
tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
+--tls-creds tls0 \
+-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
+
+echo
+echo "== check TLS fail over UNIX with no hostname =="
+obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 --tls-creds=tls0 \
+2>&1 | _filter_qemu_nbd_exports
+
+echo
+echo "== check TLS works over UNIX with hostname override =="
+obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=127.0.0.1 \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \
+--tls-creds=tls0 --tls-hostname=127.0.0.1  2>&1 | _filter_qemu_nbd_exports
+
 echo
 echo "== final server log =="
 cat "$TEST_DIR/server.log" | _filter_authz_check_tls
diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out
index d42611bf74..d79a9ed346 100644
--- a/tests/qemu-iotests/233.out
+++ b/tests/qemu-iotests/233.out
@@ -68,6 +68,19 @@ read 1048576/1048576 bytes at offset 1048576
 qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
Failed to read option reply: Cannot read from TLS channel: Software caused 
connection abort
 qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
Failed to read option reply: Cannot read from TLS channel: Software caused 
connection abort
 
+== check TLS fail over UNIX with no hostname ==
+qemu-img: Could not open 
'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for 
certificate validation
+qemu-nbd: No hostname for certificate validation
+
+== check TLS works over UNIX with hostname override ==
+image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
+file format: nbd
+virtual size: 64 MiB (67108864 bytes)
+disk size: unavailable
+exports available: 1
+  size:  67108864
+  min block: 1
+
 == final server log ==
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
 qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
@@ -75,4 +88,6 @@ qemu-nbd: option negotiation failed: Verify failed: No 
certificate was found.
 qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
 qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
 qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
+qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
+qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
 *** done
-- 
2.34.1

[PATCH v2 5/5] iotests: fortify compare_images() against crashes

2022-03-04 Thread John Snow 
Fortify compare_images() to be more discerning about the status codes it
receives. If qemu_img() returns an exit code that implies it didn't
actually perform the comparison, treat that as an exceptional
circumstance and force the caller to be aware of the peril.

If a negative test is desired (perhaps to test how qemu_img compare
behaves on malformed images, for instance), it is still possible to
catch the exception in the test and deal with that circumstance
manually.

Signed-off-by: John Snow 
Reviewed-by: Eric Blake 
---
 tests/qemu-iotests/iotests.py | 21 -
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index f97eeb5f91..cc10ad47c6 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -504,11 +504,22 @@ def qemu_nbd_popen(*args):
 p.kill()
 p.wait()
 
-def compare_images(img1, img2, fmt1=imgfmt, fmt2=imgfmt):
-'''Return True if two image files are identical'''
-res = qemu_img('compare', '-f', fmt1,
-   '-F', fmt2, img1, img2, check=False)
-return res.returncode == 0
+def compare_images(img1: str, img2: str,
+   fmt1: str = imgfmt, fmt2: str = imgfmt) -> bool:
+"""
+Compare two images with QEMU_IMG; return True if they are identical.
+
+:raise CalledProcessError:
+when qemu-img crashes or returns a status code of anything other
+than 0 (identical) or 1 (different).
+"""
+try:
+qemu_img('compare', '-f', fmt1, '-F', fmt2, img1, img2)
+return True
+except subprocess.CalledProcessError as exc:
+if exc.returncode == 1:
+return False
+raise
 
 def create_image(name, size):
 '''Create a fully-allocated raw image with sector markers'''
-- 
2.34.1

[PATCH v2] i386/sev: Ensure attestation report length is valid before retrieving

2022-03-04 Thread Tyler Fanelli 
The length of the attestation report buffer is never checked to be
valid before allocation is made. If the length of the report is returned
to be 0, the buffer to retrieve the attestation buffer is allocated with
length 0 and passed to the kernel to fill with contents of the attestation
report. Leaving this unchecked is dangerous and could lead to undefined
behavior.

Signed-off-by: Tyler Fanelli 
---
 target/i386/sev.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 025ff7a6f8..80d958369b 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -616,6 +616,8 @@ static SevAttestationReport 
*sev_get_attestation_report(const char *mnonce,
 return NULL;
 }
 
+input.len = 0;
+
 /* Query the report length */
 ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
 , );
@@ -626,6 +628,11 @@ static SevAttestationReport 
*sev_get_attestation_report(const char *mnonce,
ret, err, fw_error_to_str(err));
 return NULL;
 }
+} else if (input.len == 0) {
+error_setg(errp, "SEV: Failed to query attestation report:"
+ " length returned=%d",
+   input.len);
+return NULL;
 }
 
 data = g_malloc(input.len);
-- 
2.31.1

[PATCH v2 10/12] tests/qemu-iotests: validate NBD TLS with hostname mismatch

2022-03-04 Thread Daniel P . Berrangé 
This validates that connections to an NBD server where the certificate
hostname does not match will fail. It further validates that using the
new 'tls-hostname' override option can solve the failure.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/233| 18 ++
 tests/qemu-iotests/233.out| 16 
 tests/qemu-iotests/common.tls |  7 ---
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 050267298d..c24d877be8 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -106,6 +106,24 @@ $QEMU_IMG info --image-opts --object $obj2 \
 $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj1 \
 --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
 
+echo
+echo "== check TLS fail over TCP with mismatched hostname =="
+obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+driver=nbd,host=localhost,port=$nbd_tcp_port,tls-creds=tls0 \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -b localhost -p $nbd_tcp_port --object $obj1 \
+--tls-creds=tls0 | _filter_qemu_nbd_exports
+
+echo
+echo "== check TLS works over TCP with mismatched hostname and override =="
+obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
+$QEMU_IMG info --image-opts --object $obj1 \
+
driver=nbd,host=localhost,port=$nbd_tcp_port,tls-creds=tls0,tls-hostname=127.0.0.1
 \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -b localhost -p $nbd_tcp_port --object $obj1 \
+--tls-creds=tls0 --tls-hostname=127.0.0.1 | _filter_qemu_nbd_exports
+
 echo
 echo "== check TLS with different CA fails =="
 obj=tls-creds-x509,dir=${tls_dir}/client2,endpoint=client,id=tls0
diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out
index 67a027d879..d42611bf74 100644
--- a/tests/qemu-iotests/233.out
+++ b/tests/qemu-iotests/233.out
@@ -38,6 +38,20 @@ exports available: 1
   size:  67108864
   min block: 1
 
+== check TLS fail over TCP with mismatched hostname ==
+qemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': 
Certificate does not match the hostname localhost
+qemu-nbd: Certificate does not match the hostname localhost
+
+== check TLS works over TCP with mismatched hostname and override ==
+image: nbd://localhost:PORT
+file format: nbd
+virtual size: 64 MiB (67108864 bytes)
+disk size: unavailable
+exports available: 1
+ export: ''
+  size:  67108864
+  min block: 1
+
 == check TLS with different CA fails ==
 qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
The certificate hasn't got a known issuer
 qemu-nbd: The certificate hasn't got a known issuer
@@ -55,6 +69,8 @@ qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': F
 qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
Failed to read option reply: Cannot read from TLS channel: Software caused 
connection abort
 
 == final server log ==
+qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
+qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: Software caused connection abort
 qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
 qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
 qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
index 6ba28a78d3..4a5760949d 100644
--- a/tests/qemu-iotests/common.tls
+++ b/tests/qemu-iotests/common.tls
@@ -118,12 +118,13 @@ tls_x509_create_server()
 caname=$1
 name=$2
 
+# We don't include 'localhost' in the cert, as
+# we want to keep it unlisted to let tests
+# validate hostname override
 mkdir -p "${tls_dir}/$name"
 cat > "${tls_dir}/cert.info" <

[PATCH v2 06/12] tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file

2022-03-04 Thread Daniel P . Berrangé 
When developing an I/O test it is typical to add some logic to the
test script, run it to view the output diff, and then apply the
output diff to the reference file. This can be drastically simplified
by letting the test runner update the reference file in place.

By setting 'QEMU_IOTESTS_REGEN=1', the test runner will report the
failure and show the diff, but at the same time update the reference
file. So next time the I/O test is run it will succeed.

Continuing to display the diff when updating the reference gives the
developer a chance to review what was changed.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/testrunner.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/qemu-iotests/testrunner.py b/tests/qemu-iotests/testrunner.py
index 9a94273975..8a82696a6b 100644
--- a/tests/qemu-iotests/testrunner.py
+++ b/tests/qemu-iotests/testrunner.py
@@ -25,6 +25,7 @@
 import contextlib
 import json
 import termios
+import shutil
 import sys
 from multiprocessing import Pool
 from contextlib import contextmanager
@@ -320,6 +321,11 @@ def do_run_test(self, test: str, mp: bool) -> TestResult:
 
 diff = file_diff(str(f_reference), str(f_bad))
 if diff:
+if os.environ.get("QEMU_IOTESTS_REGEN", None) is not None:
+shutil.copyfile(str(f_bad), str(f_reference))
+print("")
+print("#REFERENCE FILE UPDATED#")
+print("")
 return TestResult(status='fail', elapsed=elapsed,
   description=f'output mismatch (see {f_bad})',
   diff=diff, casenotrun=casenotrun)
-- 
2.34.1

[PATCH v2 1/5] python/utils: add add_visual_margin() text decoration utility

2022-03-04 Thread John Snow 
>>> print(add_visual_margin(msg, width=72, name="Commit Message"))
┏━ Commit Message ━━
┃ add_visual_margin() takes a chunk of text and wraps it in a visual
┃ container that force-wraps to a specified width. An optional title
┃ label may be given, and any of the individual glyphs used to draw the
┃ box may be replaced or specified as well.
┗━━━

Signed-off-by: John Snow 
Reviewed-by: Eric Blake 
---
 python/qemu/utils/__init__.py | 78 +++
 1 file changed, 78 insertions(+)

diff --git a/python/qemu/utils/__init__.py b/python/qemu/utils/__init__.py
index 7f1a5138c4..5babf40df2 100644
--- a/python/qemu/utils/__init__.py
+++ b/python/qemu/utils/__init__.py
@@ -15,7 +15,10 @@
 # the COPYING file in the top-level directory.
 #
 
+import os
 import re
+import shutil
+import textwrap
 from typing import Optional
 
 # pylint: disable=import-error
@@ -23,6 +26,7 @@
 
 
 __all__ = (
+'add_visual_margin',
 'get_info_usernet_hostfwd_port',
 'kvm_available',
 'list_accel',
@@ -43,3 +47,77 @@ def get_info_usernet_hostfwd_port(info_usernet_output: str) 
-> Optional[int]:
 if match is not None:
 return int(match[1])
 return None
+
+
+# pylint: disable=too-many-arguments
+def add_visual_margin(
+content: str = '',
+width: Optional[int] = None,
+name: Optional[str] = None,
+padding: int = 1,
+upper_left: str = '┏',
+lower_left: str = '┗',
+horizontal: str = '━',
+vertical: str = '┃',
+) -> str:
+"""
+Decorate and wrap some text with a visual decoration around it.
+
+This function assumes that the text decoration characters are single
+characters that display using a single monospace column.
+
+┏━ Example ━
+┃ This is what this function looks like with text content that's
+┃ wrapped to 72 characters. The right-hand margin is left open to
+┃ acommodate the occasional unicode character that might make
+┃ predicting the total "visual" width of a line difficult. This
+┃ provides a visual distinction that's good-enough, though.
+┗━━━
+
+:param content: The text to wrap and decorate.
+:param width:
+The number of columns to use, including for the decoration
+itself. The default (None) uses the the available width of the
+current terminal, or a fallback of 72 lines. A negative number
+subtracts a fixed-width from the default size. The default obeys
+the COLUMNS environment variable, if set.
+:param name: A label to apply to the upper-left of the box.
+:param padding: How many columns of padding to apply inside.
+:param upper_left: Upper-left single-width text decoration character.
+:param lower_left: Lower-left single-width text decoration character.
+:param horizontal: Horizontal single-width text decoration character.
+:param vertical: Vertical single-width text decoration character.
+"""
+if width is None or width < 0:
+avail = shutil.get_terminal_size(fallback=(72, 24))[0]
+if width is None:
+_width = avail
+else:
+_width = avail + width
+else:
+_width = width
+
+prefix = vertical + (' ' * padding)
+
+def _bar(name: Optional[str], top: bool = True) -> str:
+ret = upper_left if top else lower_left
+if name is not None:
+ret += f"{horizontal} {name} "
+
+filler_len = _width - len(ret)
+ret += f"{horizontal * filler_len}"
+return ret
+
+def _wrap(line: str) -> str:
+return os.linesep.join(
+textwrap.wrap(
+line, width=_width - padding, initial_indent=prefix,
+subsequent_indent=prefix, replace_whitespace=False,
+drop_whitespace=True, break_on_hyphens=False)
+)
+
+return os.linesep.join((
+_bar(name, top=True),
+os.linesep.join(_wrap(line) for line in content.splitlines()),
+_bar(None, top=False),
+))
-- 
2.34.1

[PATCH v2 09/12] tests/qemu-iotests: convert NBD TLS test to use standard filters

2022-03-04 Thread Daniel P . Berrangé 
Using standard filters is more future proof than rolling our own.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/233 | 29 -
 tests/qemu-iotests/233.out |  8 
 2 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 9ca7b68f42..050267298d 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -65,7 +65,7 @@ tls_x509_create_client "ca1" "client3"
 echo
 echo "== preparing image =="
 _make_test_img 64M
-$QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" 2>&1 | _filter_qemu_io
 
 echo
 echo "== check TLS client to plain server fails =="
@@ -74,9 +74,9 @@ nbd_server_start_tcp_socket -f $IMGFMT "$TEST_IMG" 2> 
"$TEST_DIR/server.log"
 obj=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
 $QEMU_IMG info --image-opts --object $obj \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \
---tls-creds=tls0
+--tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
 
 nbd_server_stop
 
@@ -88,8 +88,10 @@ nbd_server_start_tcp_socket \
 --tls-creds tls0 \
 -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
 
-$QEMU_IMG info nbd://localhost:$nbd_tcp_port 2>&1 | sed 
"s/$nbd_tcp_port/PORT/g"
-$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port
+$QEMU_IMG info nbd://localhost:$nbd_tcp_port \
+2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port \
+2>&1 | _filter_qemu_nbd_exports
 
 echo
 echo "== check TLS works =="
@@ -97,21 +99,21 @@ 
obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
 obj2=tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0
 $QEMU_IMG info --image-opts --object $obj1 \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 $QEMU_IMG info --image-opts --object $obj2 \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj1 \
---tls-creds=tls0
+--tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
 
 echo
 echo "== check TLS with different CA fails =="
 obj=tls-creds-x509,dir=${tls_dir}/client2,endpoint=client,id=tls0
 $QEMU_IMG info --image-opts --object $obj \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \
---tls-creds=tls0
+--tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
 
 echo
 echo "== perform I/O over TLS =="
@@ -121,7 +123,8 @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' 
--image-opts \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
 2>&1 | _filter_qemu_io
 
-$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" \
+2>&1 | _filter_qemu_io
 
 echo
 echo "== check TLS with authorization =="
@@ -139,12 +142,12 @@ nbd_server_start_tcp_socket \
 $QEMU_IMG info --image-opts \
 --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 
 $QEMU_IMG info --image-opts \
 --object tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 \
 driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
-2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+2>&1 | _filter_nbd
 
 echo
 echo "== final server log =="
diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out
index 4b1f6a0e15..67a027d879 100644
--- a/tests/qemu-iotests/233.out
+++ b/tests/qemu-iotests/233.out
@@ -17,15 +17,12 @@ wrote 1048576/1048576 bytes at offset 1048576
 qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
Denied by server for option 5 (starttls)
 server reported: TLS not configured
 qemu-nbd: Denied by server for option 5 (starttls)
-server reported: TLS not configured
 
 == check plain client to TLS server fails ==
 qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required 
before option 7 (go)
 Did you forget a valid tls-creds?
 server reported: Option 0x7 not permitted before TLS
 qemu-nbd: TLS negotiation required before option 3 (list)
-Did you forget a valid tls-creds?
-server reported: Option 0x3 not permitted before TLS
 
 == check TLS works ==
 image: nbd://127.0.0.1:PORT
@@ -39,12 +36,7 @@ disk size: unavailable
 exports available: 1
  export: ''
   size:  67108864
-  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
   min block: 1
-  opt block: 4096
-  max block:

[PATCH v2 07/12] tests/qemu-iotests: expand _filter_nbd rules

2022-03-04 Thread Daniel P . Berrangé 
Some tests will want to use 'localhost' instead of '127.0.0.1', and
some will use the image options syntax rather than the classic URI
syntax.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/common.filter | 4 
 1 file changed, 4 insertions(+)

diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 75cc241580..25d1d22929 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -300,6 +300,10 @@ _filter_nbd()
 # Filter out the TCP port number since this changes between runs.
 $SED -e '/nbd\/.*\.c:/d' \
 -e 's#127\.0\.0\.1:[0-9]*#127.0.0.1:PORT#g' \
+-e 's#localhost:[0-9]*#localhost:PORT#g' \
+-e 's#host=127\.0\.0\.1,port=[0-9]*#host=127.0.0.1,port=PORT#g' \
+-e 's#host=localhost,port=[0-9]*#host=localhost,port=PORT#g' \
+-e "s#path=$SOCK_DIR#path=SOCK_DIR#g" \
 -e "s#?socket=$SOCK_DIR#?socket=SOCK_DIR#g" \
 -e 's#\(foo\|PORT/\?\|.sock\): Failed to .*$#\1#'
 }
-- 
2.34.1

[PATCH v2 05/12] block/nbd: don't restrict TLS usage to IP sockets

2022-03-04 Thread Daniel P . Berrangé 
The TLS usage for NBD was restricted to IP sockets because validating
x509 certificates requires knowledge of the hostname that the client
is connecting to.

TLS does not have to use x509 certificates though, as PSK (pre-shared
keys) provide an alternative credential option. These have no
requirement for a hostname and can thus be trivially used for UNIX
sockets.

Furthermore, with the ability to overide the default hostname for
TLS validation in the previous patch, it is now also valid to want
to use x509 certificates with FD passing and UNIX sockets.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 block/nbd.c| 8 ++--
 blockdev-nbd.c | 6 --
 qemu-nbd.c | 8 +++-
 3 files changed, 5 insertions(+), 17 deletions(-)

diff --git a/block/nbd.c b/block/nbd.c
index 113aa5d3af..3ede47dec9 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -1838,13 +1838,9 @@ static int nbd_process_options(BlockDriverState *bs, 
QDict *options,
 goto error;
 }
 
-/* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */
-if (s->saddr->type != SOCKET_ADDRESS_TYPE_INET) {
-error_setg(errp, "TLS only supported over IP sockets");
-goto error;
-}
 s->tlshostname = g_strdup(qemu_opt_get(opts, "tls-hostname"));
-if (!s->tlshostname) {
+if (!s->tlshostname &&
+s->saddr->type == SOCKET_ADDRESS_TYPE_INET) {
 s->tlshostname = g_strdup(s->saddr->u.inet.host);
 }
 }
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index bdfa7ed3a5..9840d25a82 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -148,12 +148,6 @@ void nbd_server_start(SocketAddress *addr, const char 
*tls_creds,
 if (!nbd_server->tlscreds) {
 goto error;
 }
-
-/* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */
-if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
-error_setg(errp, "TLS is only supported with IPv4/IPv6");
-goto error;
-}
 }
 
 nbd_server->tlsauthz = g_strdup(tls_authz);
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 18d281aba3..713e7557a9 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -808,7 +808,9 @@ int main(int argc, char **argv)
 
 socket_activation = check_socket_activation();
 if (socket_activation == 0) {
-setup_address_and_port(, );
+if (!sockpath) {
+setup_address_and_port(, );
+}
 } else {
 /* Using socket activation - check user didn't use -p etc. */
 const char *err_msg = socket_activation_validate_opts(device, sockpath,
@@ -829,10 +831,6 @@ int main(int argc, char **argv)
 }
 
 if (tlscredsid) {
-if (sockpath) {
-error_report("TLS is only supported with IPv4/IPv6");
-exit(EXIT_FAILURE);
-}
 if (device) {
 error_report("TLS is not supported with a host device");
 exit(EXIT_FAILURE);
-- 
2.34.1

[PATCH v2 04/12] qemu-nbd: add --tls-hostname option for TLS certificate validation

2022-03-04 Thread Daniel P . Berrangé 
When using the --list option, qemu-nbd acts as an NBD client rather
than a server. As such when using TLS, it has a need to validate
the server certificate. This adds a --tls-hostname option which can
be used to override the default hostname used for certificate
validation.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 docs/tools/qemu-nbd.rst | 13 +
 qemu-nbd.c  | 17 -
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/docs/tools/qemu-nbd.rst b/docs/tools/qemu-nbd.rst
index 6031f96893..2b8c90c354 100644
--- a/docs/tools/qemu-nbd.rst
+++ b/docs/tools/qemu-nbd.rst
@@ -169,6 +169,19 @@ driver options if ``--image-opts`` is specified.
   option; or provide the credentials needed for connecting as a client
   in list mode.
 
+.. option:: --tls-hostname=hostname
+
+  When validating an x509 certificate received over a TLS connection,
+  the hostname that the NBD client used to connect will be checked
+  against information in the server provided certificate. Sometimes
+  it might be required to override the hostname used to perform this
+  check. For example, if the NBD client is using a tunnel from localhost
+  to connect to the remote server, the `--tls-hostname` option should
+  be used to set the officially expected hostname of the remote NBD
+  server. This can also be used if accessing NBD over a UNIX socket
+  where there is no inherent hostname available. This is only permitted
+  when acting as a NBD client with the `--list` option.
+
 .. option:: --fork
 
   Fork off the server process and exit the parent once the server is running.
diff --git a/qemu-nbd.c b/qemu-nbd.c
index c6c20df68a..18d281aba3 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -69,6 +69,7 @@
 #define QEMU_NBD_OPT_TLSAUTHZ  264
 #define QEMU_NBD_OPT_PID_FILE  265
 #define QEMU_NBD_OPT_SELINUX_LABEL 266
+#define QEMU_NBD_OPT_TLSHOSTNAME   267
 
 #define MBR_SIZE 512
 
@@ -542,6 +543,7 @@ int main(int argc, char **argv)
 { "export-name", required_argument, NULL, 'x' },
 { "description", required_argument, NULL, 'D' },
 { "tls-creds", required_argument, NULL, QEMU_NBD_OPT_TLSCREDS },
+{ "tls-hostname", required_argument, NULL, QEMU_NBD_OPT_TLSHOSTNAME },
 { "tls-authz", required_argument, NULL, QEMU_NBD_OPT_TLSAUTHZ },
 { "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS },
 { "trace", required_argument, NULL, 'T' },
@@ -568,6 +570,7 @@ int main(int argc, char **argv)
 strList *bitmaps = NULL;
 bool alloc_depth = false;
 const char *tlscredsid = NULL;
+const char *tlshostname = NULL;
 bool imageOpts = false;
 bool writethrough = false; /* Client will flush as needed. */
 bool fork_process = false;
@@ -747,6 +750,9 @@ int main(int argc, char **argv)
 case QEMU_NBD_OPT_TLSCREDS:
 tlscredsid = optarg;
 break;
+case QEMU_NBD_OPT_TLSHOSTNAME:
+tlshostname = optarg;
+break;
 case QEMU_NBD_OPT_IMAGE_OPTS:
 imageOpts = true;
 break;
@@ -835,6 +841,10 @@ int main(int argc, char **argv)
 error_report("TLS authorization is incompatible with export list");
 exit(EXIT_FAILURE);
 }
+if (tlshostname && !list) {
+error_report("TLS hostname is only supported with export list");
+exit(EXIT_FAILURE);
+}
 tlscreds = nbd_get_tls_creds(tlscredsid, list, _err);
 if (local_err) {
 error_reportf_err(local_err, "Failed to get TLS creds: ");
@@ -845,6 +855,10 @@ int main(int argc, char **argv)
 error_report("--tls-authz is not permitted without --tls-creds");
 exit(EXIT_FAILURE);
 }
+if (tlshostname) {
+error_report("--tls-hostname is not permitted without 
--tls-creds");
+exit(EXIT_FAILURE);
+}
 }
 
 if (selinux_label) {
@@ -861,7 +875,8 @@ int main(int argc, char **argv)
 
 if (list) {
 saddr = nbd_build_socket_address(sockpath, bindto, port);
-return qemu_nbd_client_list(saddr, tlscreds, bindto);
+return qemu_nbd_client_list(saddr, tlscreds,
+tlshostname ? tlshostname : bindto);
 }
 
 #if !HAVE_NBD_DEVICE
-- 
2.34.1

[PATCH v2 00/12] nbd: enable use of TLS on non-TCP transports and other TLS improvements

2022-03-04 Thread Daniel P . Berrangé 
This series was principally motivated by a desire to enabl use of TLS
on non-TCP transports. For x509 certificates this means we need a way
to set the hostname to use for validation. This also lets us override
the hostname when connecting on a TCP transport that is tunnelled or
port-forwarded. It also unlocks the ability to use PSK (pre-shared
keys) with UNIX sockets which would always have worked, had it not
been blocked by explicit checks in NBD code.

NB, the first patch in this series is common with my corresponding
migration series for TLS

  https://lists.gnu.org/archive/html/qemu-devel/2022-03/msg00556.html

In v2:

  - Tweak the filter for qemu-nbd export list to expose export name
  - Add "since" tag to QAPI addition
  - Minor docs fixes

Daniel P. Berrangé (12):
  crypto: mandate a hostname when checking x509 creds on a client
  block: pass desired TLS hostname through from block driver client
  block/nbd: support override of hostname for TLS certificate validation
  qemu-nbd: add --tls-hostname option for TLS certificate validation
  block/nbd: don't restrict TLS usage to IP sockets
  tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file
  tests/qemu-iotests: expand _filter_nbd rules
  tests/qemu-iotests: introduce filter for qemu-nbd export list
  tests/qemu-iotests: convert NBD TLS test to use standard filters
  tests/qemu-iotests: validate NBD TLS with hostname mismatch
  tests/qemu-iotests: validate NBD TLS with UNIX sockets
  tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK

 block/nbd.c  | 25 +---
 blockdev-nbd.c   |  6 --
 crypto/tlssession.c  |  6 ++
 docs/tools/qemu-nbd.rst  | 13 +
 include/block/nbd.h  |  3 +-
 nbd/client-connection.c  | 12 +++-
 qapi/block-core.json |  3 +
 qemu-nbd.c   | 25 ++--
 tests/qemu-iotests/233   | 99 +++-
 tests/qemu-iotests/233.out   | 56 +++---
 tests/qemu-iotests/241   |  6 +-
 tests/qemu-iotests/241.out   |  6 ++
 tests/qemu-iotests/common.filter |  9 +++
 tests/qemu-iotests/common.tls| 31 +-
 tests/qemu-iotests/testrunner.py |  6 ++
 15 files changed, 255 insertions(+), 51 deletions(-)

-- 
2.34.1

[PATCH v2 03/12] block/nbd: support override of hostname for TLS certificate validation

2022-03-04 Thread Daniel P . Berrangé 
When connecting to an NBD server with TLS and x509 credentials,
the client must validate the hostname it uses for the connection,
against that published in the server's certificate. If the client
is tunnelling its connection over some other channel, however, the
hostname it uses may not match the info reported in the server's
certificate. In such a case, the user needs to explicitly set an
override for the hostname to use for certificate validation.

This is achieved by adding a 'tls-hostname' property to the NBD
block driver.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 block/nbd.c  | 18 +++---
 qapi/block-core.json |  3 +++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/block/nbd.c b/block/nbd.c
index dd43929207..113aa5d3af 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -90,9 +90,10 @@ typedef struct BDRVNBDState {
 uint32_t reconnect_delay;
 uint32_t open_timeout;
 SocketAddress *saddr;
-char *export, *tlscredsid;
+char *export;
+char *tlscredsid;
 QCryptoTLSCreds *tlscreds;
-const char *tlshostname;
+char *tlshostname;
 char *x_dirty_bitmap;
 bool alloc_depth;
 
@@ -121,6 +122,8 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
 s->export = NULL;
 g_free(s->tlscredsid);
 s->tlscredsid = NULL;
+g_free(s->tlshostname);
+s->tlshostname = NULL;
 g_free(s->x_dirty_bitmap);
 s->x_dirty_bitmap = NULL;
 }
@@ -1764,6 +1767,11 @@ static QemuOptsList nbd_runtime_opts = {
 .type = QEMU_OPT_STRING,
 .help = "ID of the TLS credentials to use",
 },
+{
+.name = "tls-hostname",
+.type = QEMU_OPT_STRING,
+.help = "Override hostname for validating TLS x509 certificate",
+},
 {
 .name = "x-dirty-bitmap",
 .type = QEMU_OPT_STRING,
@@ -1835,7 +1843,10 @@ static int nbd_process_options(BlockDriverState *bs, 
QDict *options,
 error_setg(errp, "TLS only supported over IP sockets");
 goto error;
 }
-s->tlshostname = s->saddr->u.inet.host;
+s->tlshostname = g_strdup(qemu_opt_get(opts, "tls-hostname"));
+if (!s->tlshostname) {
+s->tlshostname = g_strdup(s->saddr->u.inet.host);
+}
 }
 
 s->x_dirty_bitmap = g_strdup(qemu_opt_get(opts, "x-dirty-bitmap"));
@@ -2037,6 +2048,7 @@ static const char *const nbd_strong_runtime_opts[] = {
 "port",
 "export",
 "tls-creds",
+"tls-hostname",
 "server.",
 
 NULL
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 9a5a3641d0..1c730c6f2a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4078,6 +4078,8 @@
 #
 # @tls-creds: TLS credentials ID
 #
+# @tls-hostname: TLS hostname override for certificate validation (Since 7.0)
+#
 # @x-dirty-bitmap: A metadata context name such as "qemu:dirty-bitmap:NAME"
 #  or "qemu:allocation-depth" to query in place of the
 #  traditional "base:allocation" block status (see
@@ -4108,6 +4110,7 @@
   'data': { 'server': 'SocketAddress',
 '*export': 'str',
 '*tls-creds': 'str',
+'*tls-hostname': 'str',
 '*x-dirty-bitmap': { 'type': 'str', 'features': [ 'unstable' ] },
 '*reconnect-delay': 'uint32',
 '*open-timeout': 'uint32' } }
-- 
2.34.1

[PATCH v2 08/12] tests/qemu-iotests: introduce filter for qemu-nbd export list

2022-03-04 Thread Daniel P . Berrangé 
Introduce a filter for the output of qemu-nbd export list so it can be
reused in multiple tests.

The filter is a bit more permissive that what test 241 currently uses,
as its allows printing of the export count, along with any possible
error messages that might be emitted.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 tests/qemu-iotests/241   | 6 +++---
 tests/qemu-iotests/241.out   | 6 ++
 tests/qemu-iotests/common.filter | 5 +
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/241 b/tests/qemu-iotests/241
index c962c8b607..f196650afa 100755
--- a/tests/qemu-iotests/241
+++ b/tests/qemu-iotests/241
@@ -58,7 +58,7 @@ echo
 
 nbd_server_start_unix_socket -f $IMGFMT "$TEST_IMG_FILE"
 
-$QEMU_NBD_PROG --list -k $nbd_unix_socket | grep '\(size\|min\)'
+$QEMU_NBD_PROG --list -k $nbd_unix_socket | _filter_qemu_nbd_exports
 $QEMU_IMG map -f raw --output=json "$TEST_IMG" | _filter_qemu_img_map
 $QEMU_IO -f raw -c map "$TEST_IMG"
 nbd_server_stop
@@ -71,7 +71,7 @@ echo
 # sector alignment, here at the server.
 nbd_server_start_unix_socket "$TEST_IMG_FILE" 2> "$TEST_DIR/server.log"
 
-$QEMU_NBD_PROG --list -k $nbd_unix_socket | grep '\(size\|min\)'
+$QEMU_NBD_PROG --list -k $nbd_unix_socket | _filter_qemu_nbd_exports
 $QEMU_IMG map -f raw --output=json "$TEST_IMG" | _filter_qemu_img_map
 $QEMU_IO -f raw -c map "$TEST_IMG"
 nbd_server_stop
@@ -84,7 +84,7 @@ echo
 # Now force sector alignment at the client.
 nbd_server_start_unix_socket -f $IMGFMT "$TEST_IMG_FILE"
 
-$QEMU_NBD_PROG --list -k $nbd_unix_socket | grep '\(size\|min\)'
+$QEMU_NBD_PROG --list -k $nbd_unix_socket | _filter_qemu_nbd_exports
 $QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
 $QEMU_IO -c map "$TEST_IMG"
 nbd_server_stop
diff --git a/tests/qemu-iotests/241.out b/tests/qemu-iotests/241.out
index 56e95b599a..88e8cfcd7e 100644
--- a/tests/qemu-iotests/241.out
+++ b/tests/qemu-iotests/241.out
@@ -2,6 +2,8 @@ QA output created by 241
 
 === Exporting unaligned raw image, natural alignment ===
 
+exports available: 1
+ export: ''
   size:  1024
   min block: 1
 [{ "start": 0, "length": 1000, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
@@ -10,6 +12,8 @@ QA output created by 241
 
 === Exporting unaligned raw image, forced server sector alignment ===
 
+exports available: 1
+ export: ''
   size:  1024
   min block: 512
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET}]
@@ -20,6 +24,8 @@ WARNING: Image format was not specified for 'TEST_DIR/t.raw' 
and probing guessed
 
 === Exporting unaligned raw image, forced client sector alignment ===
 
+exports available: 1
+ export: ''
   size:  1024
   min block: 1
 [{ "start": 0, "length": 1000, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 25d1d22929..14b6f80dcb 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -308,6 +308,11 @@ _filter_nbd()
 -e 's#\(foo\|PORT/\?\|.sock\): Failed to .*$#\1#'
 }
 
+_filter_qemu_nbd_exports()
+{
+grep '\(exports available\|export\|size\|min block\|qemu-nbd\):'
+}
+
 _filter_qmp_empty_return()
 {
 grep -v '{"return": {}}'
-- 
2.34.1

[PATCH v2 01/12] crypto: mandate a hostname when checking x509 creds on a client

2022-03-04 Thread Daniel P . Berrangé 
Currently the TLS session object assumes that the caller will always
provide a hostname when using x509 creds on a client endpoint. This
relies on the caller to detect and report an error if the user has
configured QEMU with x509 credentials on a UNIX socket. The migration
code has such a check, but it is too broad, reporting an error when
the user has configured QEMU with PSK credentials on a UNIX socket,
where hostnames are irrelevant.

Putting the check into the TLS session object credentials validation
code ensures we report errors in only the scenario that matters.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 crypto/tlssession.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index a8db8c76d1..b302d835d2 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -373,6 +373,12 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession 
*session,
session->hostname);
 goto error;
 }
+} else {
+if (session->creds->endpoint ==
+QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
+error_setg(errp, "No hostname for certificate validation");
+goto error;
+}
 }
 }
 
-- 
2.34.1

[PATCH v2 02/12] block: pass desired TLS hostname through from block driver client

2022-03-04 Thread Daniel P . Berrangé 
In

  commit a71d597b989fd701b923f09b3c20ac4fcaa55e81
  Author: Vladimir Sementsov-Ogievskiy 
  Date:   Thu Jun 10 13:08:00 2021 +0300

block/nbd: reuse nbd_co_do_establish_connection() in nbd_open()

the use of the 'hostname' field from the BDRVNBDState struct was
lost, and 'nbd_connect' just hardcoded it to match the IP socket
address. This was a harmless bug at the time since we block use
with anything other than IP sockets.

Shortly though, we want to allow the caller to override the hostname
used in the TLS certificate checks. This is to allow for TLS
when doing port forwarding or tunneling. Thus we need to reinstate
the passing along of the 'hostname'.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrangé 
---
 block/nbd.c |  7 ---
 include/block/nbd.h |  3 ++-
 nbd/client-connection.c | 12 +---
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/block/nbd.c b/block/nbd.c
index 5853d85d60..dd43929207 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -92,7 +92,7 @@ typedef struct BDRVNBDState {
 SocketAddress *saddr;
 char *export, *tlscredsid;
 QCryptoTLSCreds *tlscreds;
-const char *hostname;
+const char *tlshostname;
 char *x_dirty_bitmap;
 bool alloc_depth;
 
@@ -1835,7 +1835,7 @@ static int nbd_process_options(BlockDriverState *bs, 
QDict *options,
 error_setg(errp, "TLS only supported over IP sockets");
 goto error;
 }
-s->hostname = s->saddr->u.inet.host;
+s->tlshostname = s->saddr->u.inet.host;
 }
 
 s->x_dirty_bitmap = g_strdup(qemu_opt_get(opts, "x-dirty-bitmap"));
@@ -1875,7 +1875,8 @@ static int nbd_open(BlockDriverState *bs, QDict *options, 
int flags,
 }
 
 s->conn = nbd_client_connection_new(s->saddr, true, s->export,
-s->x_dirty_bitmap, s->tlscreds);
+s->x_dirty_bitmap, s->tlscreds,
+s->tlshostname);
 
 if (s->open_timeout) {
 nbd_client_connection_enable_retry(s->conn);
diff --git a/include/block/nbd.h b/include/block/nbd.h
index 78d101b774..a98eb665da 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -415,7 +415,8 @@ NBDClientConnection *nbd_client_connection_new(const 
SocketAddress *saddr,
bool do_negotiation,
const char *export_name,
const char *x_dirty_bitmap,
-   QCryptoTLSCreds *tlscreds);
+   QCryptoTLSCreds *tlscreds,
+   const char *tlshostname);
 void nbd_client_connection_release(NBDClientConnection *conn);
 
 QIOChannel *coroutine_fn
diff --git a/nbd/client-connection.c b/nbd/client-connection.c
index 2bda42641d..2a632931c3 100644
--- a/nbd/client-connection.c
+++ b/nbd/client-connection.c
@@ -33,6 +33,7 @@ struct NBDClientConnection {
 /* Initialization constants, never change */
 SocketAddress *saddr; /* address to connect to */
 QCryptoTLSCreds *tlscreds;
+char *tlshostname;
 NBDExportInfo initial_info;
 bool do_negotiation;
 bool do_retry;
@@ -77,7 +78,8 @@ NBDClientConnection *nbd_client_connection_new(const 
SocketAddress *saddr,
bool do_negotiation,
const char *export_name,
const char *x_dirty_bitmap,
-   QCryptoTLSCreds *tlscreds)
+   QCryptoTLSCreds *tlscreds,
+   const char *tlshostname)
 {
 NBDClientConnection *conn = g_new(NBDClientConnection, 1);
 
@@ -85,6 +87,7 @@ NBDClientConnection *nbd_client_connection_new(const 
SocketAddress *saddr,
 *conn = (NBDClientConnection) {
 .saddr = QAPI_CLONE(SocketAddress, saddr),
 .tlscreds = tlscreds,
+.tlshostname = g_strdup(tlshostname),
 .do_negotiation = do_negotiation,
 
 .initial_info.request_sizes = true,
@@ -107,6 +110,7 @@ static void 
nbd_client_connection_do_free(NBDClientConnection *conn)
 }
 error_free(conn->err);
 qapi_free_SocketAddress(conn->saddr);
+g_free(conn->tlshostname);
 object_unref(OBJECT(conn->tlscreds));
 g_free(conn->initial_info.x_dirty_bitmap);
 g_free(conn->initial_info.name);
@@ -120,6 +124,7 @@ static void 
nbd_client_connection_do_free(NBDClientConnection *conn)
  */
 static int nbd_connect(QIOChannelSocket *sioc, SocketAddress *addr,
NBDExportInfo *info, QCryptoTLSCreds *tlscreds,
+   const char *tlshostname,
QIOChannel **outioc, Error **errp)
 {
 int ret;
@@ -140,7 +145,7 @@ static int

Re: [PATCH 08/12] tests/qemu-iotests: introduce filter for qemu-nbd export list

2022-03-04 Thread Daniel P . Berrangé 
On Fri, Mar 04, 2022 at 10:43:45AM -0600, Eric Blake wrote:
> On Thu, Mar 03, 2022 at 04:03:26PM +, Daniel P. Berrangé wrote:
> > Introduce a filter for the output of qemu-nbd export list so it can be
> > reused in multiple tests.
> > 
> > The filter is a bit more permissive that what test 241 currently uses,
> > as its allows printing of the export count, along with any possible
> > error messages that might be emitted.
> > 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  tests/qemu-iotests/241   | 6 +++---
> >  tests/qemu-iotests/241.out   | 3 +++
> >  tests/qemu-iotests/common.filter | 5 +
> >  3 files changed, 11 insertions(+), 3 deletions(-)
> >
> 
> Reviewed-by: Eric Blake 

I'm going to post a v2 with a slight tweak to expose one more
interesting piece of (stable) info in the output:

diff --git a/tests/qemu-iotests/241.out b/tests/qemu-iotests/241.out
index db2d71ab9d..88e8cfcd7e 100644
--- a/tests/qemu-iotests/241.out
+++ b/tests/qemu-iotests/241.out
@@ -3,6 +3,7 @@ QA output created by 241
 === Exporting unaligned raw image, natural alignment ===
 
 exports available: 1
+ export: ''
   size:  1024
   min block: 1
 [{ "start": 0, "length": 1000, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
@@ -12,6 +13,7 @@ exports available: 1
 === Exporting unaligned raw image, forced server sector alignment ===
 
 exports available: 1
+ export: ''
   size:  1024
   min block: 512
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET}]
@@ -23,6 +25,7 @@ WARNING: Image format was not specified for 'TEST_DIR/t.raw' 
and probing guessed
 === Exporting unaligned raw image, forced client sector alignment ===
 
 exports available: 1
+ export: ''
   size:  1024
   min block: 1
 [{ "start": 0, "length": 1000, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 940c9884bd..14b6f80dcb 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -310,7 +310,7 @@ _filter_nbd()
 
 _filter_qemu_nbd_exports()
 {
-grep '\(exports available\|size\|min block\|qemu-nbd\):'
+grep '\(exports available\|export\|size\|min block\|qemu-nbd\):'
 }
 
 _filter_qmp_empty_return()


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL 00/11] QEMU changes for 2021-03-02

2022-03-04 Thread Daniel P . Berrangé 
On Fri, Mar 04, 2022 at 07:22:16PM +, Peter Maydell wrote:
> On Fri, 4 Mar 2022 at 19:15, Daniel P. Berrangé  wrote:
> > On Fri, Mar 04, 2022 at 06:46:51PM +, Peter Maydell wrote:
> > > Either of these is fine; my requirement is only that either:
> > >  (1) the oss-fuzz gitlab CI job needs to in practice actually
> > > pass at least most of the time
> > >  (2) we need to switch it to ok-to-fail or disable it
> > >
> > > so I don't have CI failing for every merge I make.
> >
> > This is far from the first time that oss-fuzz has caused us pain. It
> > feels like it has been flaky  for prolonged periods of time, for as
> > long as it has existed.
> >
> > When I tried to switch CI to use Fedora 35 oss-fuzz was consistently
> > failing for months for no obvious reason that I could determine
> > despite days of debugging. Then one day I woke up and it magically
> > started working again, for no obvious reason. Inexplicable.
> >
> > Conceptually we benefit from fuzzing to find obscure bugs.
> > Have we actually found any real bugs from the oss-fuzz CI
> > job we have though ?
> 
> It did find a buffer-overrun bug in the 9p pullreq less than
> a month ago:
> https://lore.kernel.org/qemu-devel/cafeaca-vrnzxowmx4nppm0vqba1ufl5yvww5p1j9s2u7_fb...@mail.gmail.com/

Interesting. I wonder whether that detection is specifically related
to the fuzzing, or whether it is something we would have seen merely
by building with 'asan' and running 'make check' as normal.

IIUC, the oss-fuzz job we run in GitLab CI is mostly just a sanity
check and the real fuzzing work takes place in Google's fuzz service.

> But overall I'm sympathetic to the idea that as it stands it's
> costing us more than it's helping.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH] hw/block: m25p80: Add support for w25q01jvq

2022-03-04 Thread Philippe Mathieu-Daudé 

On 4/3/22 19:09, Patrick Williams wrote:

The w25q01jvq is a 128MB part.  Support is being added to the kernel[1]
and the two have been tested together.

1. https://lore.kernel.org/lkml/2022022209.23108-1-potin@quantatw.com/

Signed-off-by: Patrick Williams 
Cc: Potin Lai 
---
  hw/block/m25p80.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index c6bf3c6bfa..7d3d8b12e0 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -340,6 +340,7 @@ static const FlashPartInfo known_devices[] = {
  { INFO("w25q80bl",0xef4014,  0,  64 << 10,  16, ER_4K) },
  { INFO("w25q256", 0xef4019,  0,  64 << 10, 512, ER_4K) },
  { INFO("w25q512jv",   0xef4020,  0,  64 << 10, 1024, ER_4K) },
+{ INFO("w25q01jvq",   0xef4021,  0,  64 << 10, 2048, ER_4K) },
  };
  
  typedef enum {


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v4 01/12] mm/shmem: Introduce F_SEAL_INACCESSIBLE

2022-03-04 Thread Andy Lutomirski 

On 2/23/22 04:05, Steven Price wrote:

On 23/02/2022 11:49, Chao Peng wrote:

On Thu, Feb 17, 2022 at 11:09:35AM -0800, Andy Lutomirski wrote:

On Thu, Feb 17, 2022, at 5:06 AM, Chao Peng wrote:

On Fri, Feb 11, 2022 at 03:33:35PM -0800, Andy Lutomirski wrote:

On 1/18/22 05:21, Chao Peng wrote:

From: "Kirill A. Shutemov" 

Introduce a new seal F_SEAL_INACCESSIBLE indicating the content of
the file is inaccessible from userspace through ordinary MMU access
(e.g., read/write/mmap). However, the file content can be accessed
via a different mechanism (e.g. KVM MMU) indirectly.

It provides semantics required for KVM guest private memory support
that a file descriptor with this seal set is going to be used as the
source of guest memory in confidential computing environments such
as Intel TDX/AMD SEV but may not be accessible from host userspace.

At this time only shmem implements this seal.



I don't dislike this *that* much, but I do dislike this. F_SEAL_INACCESSIBLE
essentially transmutes a memfd into a different type of object.  While this
can apparently be done successfully and without races (as in this code),
it's at least awkward.  I think that either creating a special inaccessible
memfd should be a single operation that create the correct type of object or
there should be a clear justification for why it's a two-step process.


Now one justification maybe from Stever's comment to patch-00: for ARM
usage it can be used with creating a normal memfd, (partially)populate
it with initial guest memory content (e.g. firmware), and then
F_SEAL_INACCESSIBLE it just before the first time lunch of the guest in
KVM (definitely the current code needs to be changed to support that).


Except we don't allow F_SEAL_INACCESSIBLE on a non-empty file, right?  So this 
won't work.


Hmm, right, if we set F_SEAL_INACCESSIBLE on a non-empty file, we will
need to make sure access to existing mmap-ed area should be prevented,
but that is hard.



In any case, the whole confidential VM initialization story is a bit buddy.  
From the earlier emails, it sounds like ARM expects the host to fill in guest 
memory and measure it.  From my recollection of Intel's scheme (which may well 
be wrong, and I could easily be confusing it with SGX), TDX instead measures 
what is essentially a transcript of the series of operations that initializes 
the VM.  These are fundamentally not the same thing even if they accomplish the 
same end goal.  For TDX, we unavoidably need an operation (ioctl or similar) 
that initializes things according to the VM's instructions, and ARM ought to be 
able to use roughly the same mechanism.


Yes, TDX requires a ioctl. Steven may comment on the ARM part.


The Arm story is evolving so I can't give a definite answer yet. Our
current prototyping works by creating the initial VM content in a
memslot as with a normal VM and then calling an ioctl which throws the
big switch and converts all the (populated) pages to be protected. At
this point the RMM performs a measurement of the data that the VM is
being populated with.

The above (in our prototype) suffers from all the expected problems with
a malicious VMM being able to trick the host kernel into accessing those
pages after they have been protected (causing a fault detected by the
hardware).

The ideal (from our perspective) approach would be to follow the same
flow but where the VMM populates a memfd rather than normal anonymous
pages. The memfd could then be sealed and the pages converted to
protected ones (with the RMM measuring them in the process).

The question becomes how is that memfd populated? It would be nice if
that could be done using normal operations on a memfd (i.e. using
mmap()) and therefore this code could be (relatively) portable. This
would mean that any pages mapped from the memfd would either need to
block the sealing or be revoked at the time of sealing.

The other approach is we could of course implement a special ioctl which
effectively does a memcpy into the (created empty and sealed) memfd and
does the necessary dance with the RMM to measure the contents. This
would match the "transcript of the series of operations" described above
- but seems much less ideal from the viewpoint of the VMM.


A VMM that supports Other Vendors will need to understand this sort of 
model regardless.


I don't particularly mind the idea of having the kernel consume a normal 
memfd and spit out a new object, but I find the concept of changing the 
type of the object in place, even if it has other references, and trying 
to control all the resulting races to be somewhat alarming.


In pseudo-Rust, this is the difference between:

fn convert_to_private(in:  Memfd)

and

fn convert_to_private(in: Memfd) -> PrivateMemoryFd

This doesn't map particularly nicely to the kernel, though.

--Andy\

Re: [PATCH 02/12] block: pass desired TLS hostname through from block driver client

2022-03-04 Thread Daniel P . Berrangé 
On Thu, Mar 03, 2022 at 02:14:34PM -0600, Eric Blake wrote:
> On Thu, Mar 03, 2022 at 04:03:20PM +, Daniel P. Berrangé wrote:
> > In
> > 
> >   commit a71d597b989fd701b923f09b3c20ac4fcaa55e81
> >   Author: Vladimir Sementsov-Ogievskiy 
> >   Date:   Thu Jun 10 13:08:00 2021 +0300
> > 
> > block/nbd: reuse nbd_co_do_establish_connection() in nbd_open()
> > 
> > the use of the 'hostname' field from the BDRVNBDState struct was
> > lost, and 'nbd_connect' just hardcoded it to match the IP socket
> > address. This was a harmless bug at the time since we block use
> > with anything other than IP sockets.
> > 
> > Shortly though, We want to allow the caller to override the hostname
> 
> s/We/we/
> 
> > used in the TLS certificate checks. This is to allow for TLS
> > when doing port forwarding or tunneling. Thus we need to reinstate
> > the passing along of the 'hostname'.
> > 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  block/nbd.c |  7 ---
> >  include/block/nbd.h |  3 ++-
> >  nbd/client-connection.c | 12 +---
> >  3 files changed, 15 insertions(+), 7 deletions(-)
> 
> Nice - this a great step towards fixing a longstanding annoyance of
> mine that libnbd and nbdkit support TLS over Unix sockets, but qemu
> didn't.


> > diff --git a/include/block/nbd.h b/include/block/nbd.h
> > index 78d101b774..a98eb665da 100644
> > --- a/include/block/nbd.h
> > +++ b/include/block/nbd.h
> > @@ -415,7 +415,8 @@ NBDClientConnection *nbd_client_connection_new(const 
> > SocketAddress *saddr,
> > bool do_negotiation,
> > const char *export_name,
> > const char *x_dirty_bitmap,
> > -   QCryptoTLSCreds *tlscreds);
> > +   QCryptoTLSCreds *tlscreds,
> > +   const char *tlshostname);
> 
> We already have a lot of parameters; does it make sense to bundle
> tlshostname into the QCryptoTLSCreds struct at all?  But that would
> change the QAPI (or maybe you do it later in the series), it is not a
> show-stopper to this patch.

The credentials object is something that can be used for multiple
connections. The TLS hostname override meanwhile is specific to
a single connection. Thus it would not be appropriate to store the
TLS hostname in the credentials struct.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL 00/11] QEMU changes for 2021-03-02

2022-03-04 Thread Peter Maydell 
On Fri, 4 Mar 2022 at 19:15, Daniel P. Berrangé  wrote:
> On Fri, Mar 04, 2022 at 06:46:51PM +, Peter Maydell wrote:
> > Either of these is fine; my requirement is only that either:
> >  (1) the oss-fuzz gitlab CI job needs to in practice actually
> > pass at least most of the time
> >  (2) we need to switch it to ok-to-fail or disable it
> >
> > so I don't have CI failing for every merge I make.
>
> This is far from the first time that oss-fuzz has caused us pain. It
> feels like it has been flaky  for prolonged periods of time, for as
> long as it has existed.
>
> When I tried to switch CI to use Fedora 35 oss-fuzz was consistently
> failing for months for no obvious reason that I could determine
> despite days of debugging. Then one day I woke up and it magically
> started working again, for no obvious reason. Inexplicable.
>
> Conceptually we benefit from fuzzing to find obscure bugs.
> Have we actually found any real bugs from the oss-fuzz CI
> job we have though ?

It did find a buffer-overrun bug in the 9p pullreq less than
a month ago:
https://lore.kernel.org/qemu-devel/cafeaca-vrnzxowmx4nppm0vqba1ufl5yvww5p1j9s2u7_fb...@mail.gmail.com/

But overall I'm sympathetic to the idea that as it stands it's
costing us more than it's helping.

-- PMM

Re: [PULL 00/11] QEMU changes for 2021-03-02

2022-03-04 Thread Daniel P . Berrangé 
On Fri, Mar 04, 2022 at 06:46:51PM +, Peter Maydell wrote:
> On Fri, 4 Mar 2022 at 17:41, Paolo Bonzini  wrote:
> > The test seems to be flaky, I've been fighting with it all week---trying
> > multiple versions of this pull request and removing patches until
> > build-oss-fuzz passed.  The set of patches that triggered it or not was
> > completely random, but I'll not that it did pass with this exact commit
> > I'm submitting (https://gitlab.com/bonzini/qemu/-/jobs/2154365356).
> >
> > I wanted to look at this today again before replying to you, but as you
> > know I was sidetracked by work on the qemu.org infrastructure.  So, I
> > can look at this but I really need to ask you one of two favors:
> >
> > 1) decide that the test is flaky and merge this pull request, and then
> > I'll send before Monday the changes that I've omitted here (which again
> > have nothing to do with qos-test).  I'll look at qos-test during soft
> > freeze.
> >
> > 2) accept that I'll send another x86 pull request (not a large one)
> > after soft freeze, so that I have more time to debug this (likely
> > unrelated) build-oss-fuzz issue.
> 
> Either of these is fine; my requirement is only that either:
>  (1) the oss-fuzz gitlab CI job needs to in practice actually
> pass at least most of the time
>  (2) we need to switch it to ok-to-fail or disable it
> 
> so I don't have CI failing for every merge I make.

This is far from the first time that oss-fuzz has caused us pain. It
feels like it has been flaky  for prolonged periods of time, for as
long as it has existed.

When I tried to switch CI to use Fedora 35 oss-fuzz was consistently
failing for months for no obvious reason that I could determine
despite days of debugging. Then one day I woke up and it magically
started working again, for no obvious reason. Inexplicable.

Conceptually we benefit from fuzzing to find obscure bugs.
Have we actually found any real bugs from the oss-fuzz CI
job we have though ? Between us all, we've certainly lost
many many many days of developer time debugging the thing
for false failures.

The magic set of args needed to run it make it even more
unpleasant to deal with, and that scripts/oss-fuzz/build.sh
runs different code inside GitLab vs outside GitLab also
make debugging worse.

Personally I favour turning it into a non-gating job as
I don't want to invest more of my own time debugging
non-bugs in it.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PULL v2 00/21] tcg patch queue

2022-03-04 Thread Richard Henderson 
Version 2: Drop signed 32-bit guest patches while CI failure examined.



The following changes since commit 3d1fbc59665ff8a5d74b0fd30583044fe99e1117:

  Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into 
staging (2022-03-04 15:31:23 +)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220304

for you to fetch changes up to cf320769476c3e2820be2a6280bfa1e15baf396f:

  tcg/i386: Implement bitsel for avx512 (2022-03-04 08:50:41 -1000)


Reorder do_constant_folding_cond test to satisfy valgrind.
Fix value of MAX_OPC_PARAM_IARGS.
Add opcodes for vector nand, nor, eqv.
Support vector nand, nor, eqv on PPC and S390X hosts.
Support AVX512VL, AVX512BW, AVX512DQ, and AVX512VBMI2.


Alex Bennée (1):
  tcg/optimize: only read val after const check

Richard Henderson (19):
  tcg: Add opcodes for vector nand, nor, eqv
  tcg/ppc: Implement vector NAND, NOR, EQV
  tcg/s390x: Implement vector NAND, NOR, EQV
  tcg/i386: Detect AVX512
  tcg/i386: Add tcg_out_evex_opc
  tcg/i386: Use tcg_can_emit_vec_op in expand_vec_cmp_noinv
  tcg/i386: Implement avx512 variable shifts
  tcg/i386: Implement avx512 scalar shift
  tcg/i386: Implement avx512 immediate sari shift
  tcg/i386: Implement avx512 immediate rotate
  tcg/i386: Implement avx512 variable rotate
  tcg/i386: Support avx512vbmi2 vector shift-double instructions
  tcg/i386: Expand vector word rotate as avx512vbmi2 shift-double
  tcg/i386: Remove rotls_vec from tcg_target_op_def
  tcg/i386: Expand scalar rotate with avx512 insns
  tcg/i386: Implement avx512 min/max/abs
  tcg/i386: Implement avx512 multiply
  tcg/i386: Implement more logical operations for avx512
  tcg/i386: Implement bitsel for avx512

Ziqiao Kong (1):
  tcg: Set MAX_OPC_PARAM_IARGS to 7

 include/qemu/cpuid.h  |  20 ++-
 include/tcg/tcg-opc.h |   3 +
 include/tcg/tcg.h |   5 +-
 tcg/aarch64/tcg-target.h  |   3 +
 tcg/arm/tcg-target.h  |   3 +
 tcg/i386/tcg-target-con-set.h |   1 +
 tcg/i386/tcg-target.h |  17 +-
 tcg/i386/tcg-target.opc.h |   3 +
 tcg/ppc/tcg-target.h  |   3 +
 tcg/s390x/tcg-target.h|   3 +
 tcg/optimize.c|  20 +--
 tcg/tcg-op-vec.c  |  27 ++-
 tcg/tcg.c |   6 +
 tcg/i386/tcg-target.c.inc | 387 +++---
 tcg/ppc/tcg-target.c.inc  |  15 ++
 tcg/s390x/tcg-target.c.inc|  17 ++
 tcg/tci/tcg-target.c.inc  |   2 +-
 17 files changed, 441 insertions(+), 94 deletions(-)

[PATCH v2 7/8] softmmu: move parsing of -runas, -chroot and -daemonize code

2022-03-04 Thread Daniel P . Berrangé 
With the future intent to try to move to a fully QAPI driven
configuration system, we want to have any current command
parsing well isolated from logic that applies the resulting
configuration.

We also don't want os-posix.c to contain code that is specific
to the system emulators, as this file is linked to other binaries
too.

To satisfy these goals, we move parsing of the -runas, -chroot and
-daemonize code out of the os-posix.c helper code, and pass the
parsed data into APIs in os-posix.c.

As a side benefit the 'os_daemonize()' function now lives up to
its name and will always daemonize, instead of using global state
to decide to be a no-op sometimes.

Signed-off-by: Daniel P. Berrangé 
---
 include/sysemu/os-posix.h |   4 +-
 include/sysemu/os-win32.h |   1 -
 os-posix.c| 148 +++---
 os-win32.c|   9 ---
 softmmu/vl.c  |  86 ++
 5 files changed, 117 insertions(+), 131 deletions(-)

diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h
index 2edf33658a..390f3f8396 100644
--- a/include/sysemu/os-posix.h
+++ b/include/sysemu/os-posix.h
@@ -46,7 +46,9 @@ void os_set_line_buffering(void);
 void os_set_proc_name(const char *s);
 void os_setup_signal_handling(void);
 void os_daemonize(void);
-void os_setup_post(void);
+void os_setup_post(const char *chroot_dir,
+   uid_t uid, gid_t gid,
+   const char *username);
 int os_mlock(void);
 
 #define closesocket(s) close(s)
diff --git a/include/sysemu/os-win32.h b/include/sysemu/os-win32.h
index 43f569b5c2..4879f8731d 100644
--- a/include/sysemu/os-win32.h
+++ b/include/sysemu/os-win32.h
@@ -61,7 +61,6 @@ struct tm *localtime_r(const time_t *timep, struct tm 
*result);
 
 static inline void os_setup_signal_handling(void) {}
 static inline void os_daemonize(void) {}
-static inline void os_setup_post(void) {}
 void os_set_line_buffering(void);
 static inline void os_set_proc_name(const char *dummy) {}
 
diff --git a/os-posix.c b/os-posix.c
index 30da1a1491..f598a52a4f 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -42,11 +42,6 @@
 #include 
 #endif
 
-static char *user_name;
-static uid_t user_uid = (uid_t)-1;
-static gid_t user_gid = (gid_t)-1;
-
-static const char *chroot_dir;
 static int daemonize;
 static int daemon_pipe;
 
@@ -96,69 +91,6 @@ void os_set_proc_name(const char *s)
 }
 
 
-static bool os_parse_runas_uid_gid(const char *optarg,
-   uid_t *runas_uid, gid_t *runas_gid)
-{
-unsigned long lv;
-const char *ep;
-uid_t got_uid;
-gid_t got_gid;
-int rc;
-
-rc = qemu_strtoul(optarg, , 0, );
-got_uid = lv; /* overflow here is ID in C99 */
-if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) {
-return false;
-}
-
-rc = qemu_strtoul(ep + 1, 0, 0, );
-got_gid = lv; /* overflow here is ID in C99 */
-if (rc || got_gid != lv || got_gid == (gid_t)-1) {
-return false;
-}
-
-*runas_uid = got_uid;
-*runas_gid = got_gid;
-return true;
-}
-
-/*
- * Parse OS specific command line options.
- * return 0 if option handled, -1 otherwise
- */
-int os_parse_cmd_args(int index, const char *optarg)
-{
-struct passwd *user_pwd;
-
-switch (index) {
-case QEMU_OPTION_runas:
-user_pwd = getpwnam(optarg);
-if (user_pwd) {
-user_uid = user_pwd->pw_uid;
-user_gid = user_pwd->pw_gid;
-user_name = g_strdup(user_pwd->pw_name);
-} else if (!os_parse_runas_uid_gid(optarg,
-   _uid,
-   _gid)) {
-error_report("User \"%s\" doesn't exist"
- " (and is not :)",
- optarg);
-exit(1);
-}
-break;
-case QEMU_OPTION_chroot:
-chroot_dir = optarg;
-break;
-case QEMU_OPTION_daemonize:
-daemonize = 1;
-break;
-default:
-return -1;
-}
-
-return 0;
-}
-
 static void change_process_uid(uid_t uid, gid_t gid, const char *name)
 {
 if (setgid(gid) < 0) {
@@ -202,54 +134,56 @@ static void change_root(const char *root)
 
 void os_daemonize(void)
 {
-if (daemonize) {
-pid_t pid;
-int fds[2];
+pid_t pid;
+int fds[2];
 
-if (pipe(fds) == -1) {
-exit(1);
-}
+if (pipe(fds) == -1) {
+exit(1);
+}
 
-pid = fork();
-if (pid > 0) {
-uint8_t status;
-ssize_t len;
+pid = fork();
+if (pid > 0) {
+uint8_t status;
+ssize_t len;
 
-close(fds[1]);
+close(fds[1]);
 
-do {
-len = read(fds[0], , 1);
-} while (len < 0 && errno == EINTR);
+do {
+len = read(fds[0], , 1);
+} while (len < 0 && errno == EINTR);
 
-/* only exit successfully if our child

Re: [PATCH] i386/sev: Ensure attestation report length is valid before retrieving

2022-03-04 Thread Daniel P . Berrangé 
On Fri, Mar 04, 2022 at 01:39:32PM -0500, Tyler Fanelli wrote:
> The length of the attestation report buffer is never checked to be
> valid before allocation is made. If the length of the report is returned
> to be 0, the buffer to retrieve the attestation report is allocated with
> length 0 and passed to the kernel to fill with contents of the attestation
> report. Leaving this unchecked is dangerous and could lead to undefined
> behavior.

I don't see the undefined behaviour risk here.

The KVM_SEV_ATTESTATION_REPORT semantics indicate that the kernel
will fill in a valid length if the buffer we provide is too small
and we can re-call with that buffer.

If the kernel tells us the buffer is 0 bytes, then it should be
fine having a second call with length 0. If not, then the kernel
is broken and we're doomed.

The QEMU code looks like it would cope with a zero length, unless
I'm mistaken, it'll  just return a zero length attestation report.

> Signed-off-by: Tyler Fanelli 
> ---
>  target/i386/sev.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 025ff7a6f8..215acd7c6b 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -616,6 +616,8 @@ static SevAttestationReport 
> *sev_get_attestation_report(const char *mnonce,
>  return NULL;
>  }
>  
> +input.len = 0;

The declaration of 'input' already zero initializes.

>  /* Query the report length */
>  ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
>  , );
> @@ -626,6 +628,11 @@ static SevAttestationReport 
> *sev_get_attestation_report(const char *mnonce,
> ret, err, fw_error_to_str(err));
>  return NULL;
>  }
> +} else if (input.len <= 0) {

It can't be less than 0 because 'len' is an unsigned integer.

> +error_setg(errp, "SEV: Failed to query attestation report:"
> + " length returned=%d",
> +   input.len);
> +return NULL;
>  }



Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

  1   2   3   4   5   >