Re: [RFC 0/1] virtio-net: add support for SR-IOV emulation
On 2023/07/24 15:58, Jason Wang wrote: On Mon, Jul 24, 2023 at 10:32 AM Yui Washizu wrote: On 2023/07/20 11:20, Jason Wang wrote: On Wed, Jul 19, 2023 at 9:59 AM Yui Washizu wrote: This patch series is the first step towards enabling hardware offloading of the L2 packet switching feature on virtio-net device to host machine. We are considering that this hardware offloading enables the use of high-performance networks in virtual infrastructures, such as container infrastructures on VMs. To enable L2 packet switching by SR-IOV VFs, we are considering the following: - making the guest recognize virtio-net devices as SR-IOV PF devices (archived with this patch series) - allowing virtio-net devices to connect SR-IOV VFs to the backend networks, leaving the L2 packet switching feature to the management layer like libvirt Could you please show the qemu command line you want to propose here? I am considering how to specify the properties of VFs to connect SR-IOV VFs to the backend networks. For example: qemu-system-x86_64 -device pcie-root-port,port=8,chassis=8,id=pci.8,bus=pcie.0,multifunction=on -netdev tap,id=hostnet0,vhost=on -netdev tap,id=vfnet1,vhost=on # backend network for SR-IOV VF 1 -netdev tap,id=vfnet2,vhost=on # backend network for SR-IOV VF 2 -device virtio-net-pci,netdev=hostnet0,sriov_max_vfs=2,sriov_netdev=vfnet1:vfnet2,... In this example, we can specify multiple backend networks to the VFs by adding "sriov_netdev" and separating them with ":". This seems what is in my mind as well, more below Additionally, when passing properties like "rx_queue_size" to VFs, we can utilize new properties, such as "sriov_rx_queue_size_per_vfs," to ensure that the same value is passed to all VFs. Or we can introduce new device like: -netdev tap,id=hn0 \ -device virtio-net-pci,netdev=hn0,id=vnet_pf \ -netdev tap,netdev=hn1 \ -device virtio-net-pci-vf,netdev=hn1,id=vf0,pf=vnet_pf,rx_queue_size=XYZ ... \ This allows us to reuse the codes for configuring vf parameters. But note that rx_queue_size doesn't make too much sense to vhost-vDPA, as qemu can perform nothing more than a simple sanity test. Thanks Thanks for proposing this new way. I have considered how to implement this. As virtio-net-pci-vf device should show up on the guest only when the guest OS creates a VF, the guest must not be able to see the VF device on PCI bus when qemu starts. However, it's hard to realize this without overcomplicating relevant code due to current qemu implementation. It's because qdev_device_add_from_qdict, a function which is called when devices are specified with "-device" option of qemu startup command, always create devices by qdev_new and qdev_realize. It might be possible that we fix it so that qdev_new/qdev_realize aren't triggered for virtio-net-pci-vf devices, but It seems that we need to special case the device in very generic code like qdev_device_add_from_qdict(), qdev_device_add(), device_init_func() or their caller function. Given my current ideas, it seems like this PATCH could become complex. Woule you have any suggestions for achieving this in more simple way possible ? I'm still considering about how to specify it, so please give me any comments if you have any. - This makes hardware offloading of L2 packet switching possible. For example, when using vDPA devices, it allows the guest to utilize SR-IOV NIC embedded switch of hosts. This would be interesting. Thanks This patch series aims to enable SR-IOV emulation on virtio-net devices. With this series, the guest can identify the virtio-net device as an SR-IOV PF device. The newly added property 'sriov_max_vfs' allows us to enable the SR-IOV feature on the virtio-net device. Currently, we are unable to specify the properties of a VF created from the guest. The properties are set to their default values. In the future, we plan to allow users to set the properties. qemu-system-x86_64 --device virtio-net,sriov_max_vfs= # when 'sriov_max_vfs' is present, the SR-IOV feature will be automatically enabled # means the max number of VF on guest Example commands to create VFs in virtio-net device from the guest: guest% readlink -f /sys/class/net/eth1/device /sys/devices/pci:00/:00:02.0/:01:00.0/virtio1 guest% echo "2" > /sys/devices/pci:00/:00:02.0/:01:00.0/sriov_numvfs guest% ip link show eth0: eth1: eth2: #virtual VF created eth3: #virtual VF created Please note that communication between VF and PF/VF is not possible by this patch series itself. Yui Washizu (1): virtio-pci: add SR-IOV capability hw/pci/msix.c | 8 +++-- hw/pci/pci.c | 4 +++ hw/virtio/virtio-pci.c | 62 ++ include/hw/virtio/virtio-pci.h | 1 + 4 files changed, 66
[PATCH v3 2/2] vhost: Add Error parameter to vhost_scsi_common_start()
Add a Error parameter to report the real error, like vhost-user-blk.
Signed-off-by: Li Feng
---
hw/scsi/vhost-scsi-common.c | 16 +---
hw/scsi/vhost-scsi.c | 5 +++--
hw/scsi/vhost-user-scsi.c | 14 --
include/hw/virtio/vhost-scsi-common.h | 2 +-
4 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/hw/scsi/vhost-scsi-common.c b/hw/scsi/vhost-scsi-common.c
index a61cd0e907..4c8637045d 100644
--- a/hw/scsi/vhost-scsi-common.c
+++ b/hw/scsi/vhost-scsi-common.c
@@ -16,6 +16,7 @@
*/
#include "qemu/osdep.h"
+#include "qapi/error.h"
#include "qemu/error-report.h"
#include "qemu/module.h"
#include "hw/virtio/vhost.h"
@@ -25,7 +26,7 @@
#include "hw/virtio/virtio-access.h"
#include "hw/fw-path-provider.h"
-int vhost_scsi_common_start(VHostSCSICommon *vsc)
+int vhost_scsi_common_start(VHostSCSICommon *vsc, Error **errp)
{
int ret, i;
VirtIODevice *vdev = VIRTIO_DEVICE(vsc);
@@ -35,18 +36,19 @@ int vhost_scsi_common_start(VHostSCSICommon *vsc)
VirtIOSCSICommon *vs = (VirtIOSCSICommon *)vsc;
if (!k->set_guest_notifiers) {
-error_report("binding does not support guest notifiers");
+error_setg(errp, "binding does not support guest notifiers");
return -ENOSYS;
}
ret = vhost_dev_enable_notifiers(>dev, vdev);
if (ret < 0) {
+error_setg_errno(errp, -ret, "Error enabling host notifiers");
return ret;
}
ret = k->set_guest_notifiers(qbus->parent, vsc->dev.nvqs, true);
if (ret < 0) {
-error_report("Error binding guest notifier");
+error_setg_errno(errp, -ret, "Error binding guest notifier");
goto err_host_notifiers;
}
@@ -54,7 +56,7 @@ int vhost_scsi_common_start(VHostSCSICommon *vsc)
ret = vhost_dev_prepare_inflight(>dev, vdev);
if (ret < 0) {
-error_report("Error setting inflight format: %d", -ret);
+error_setg_errno(errp, -ret, "Error setting inflight format");
goto err_guest_notifiers;
}
@@ -64,21 +66,21 @@ int vhost_scsi_common_start(VHostSCSICommon *vsc)
vs->conf.virtqueue_size,
vsc->inflight);
if (ret < 0) {
-error_report("Error getting inflight: %d", -ret);
+error_setg_errno(errp, -ret, "Error getting inflight");
goto err_guest_notifiers;
}
}
ret = vhost_dev_set_inflight(>dev, vsc->inflight);
if (ret < 0) {
-error_report("Error setting inflight: %d", -ret);
+error_setg_errno(errp, -ret, "Error setting inflight");
goto err_guest_notifiers;
}
}
ret = vhost_dev_start(>dev, vdev, true);
if (ret < 0) {
-error_report("Error start vhost dev");
+error_setg_errno(errp, -ret, "Error starting vhost dev");
goto err_guest_notifiers;
}
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index 443f67daa4..01a3ab4277 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -75,6 +75,7 @@ static int vhost_scsi_start(VHostSCSI *s)
int ret, abi_version;
VHostSCSICommon *vsc = VHOST_SCSI_COMMON(s);
const VhostOps *vhost_ops = vsc->dev.vhost_ops;
+Error *local_err = NULL;
ret = vhost_ops->vhost_scsi_get_abi_version(>dev, _version);
if (ret < 0) {
@@ -88,14 +89,14 @@ static int vhost_scsi_start(VHostSCSI *s)
return -ENOSYS;
}
-ret = vhost_scsi_common_start(vsc);
+ret = vhost_scsi_common_start(vsc, _err);
if (ret < 0) {
return ret;
}
ret = vhost_scsi_set_endpoint(s);
if (ret < 0) {
-error_report("Error setting vhost-scsi endpoint");
+error_reportf_err(local_err, "Error setting vhost-scsi endpoint");
vhost_scsi_common_stop(vsc);
}
diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c
index e931df9f5b..62fc98bb1c 100644
--- a/hw/scsi/vhost-user-scsi.c
+++ b/hw/scsi/vhost-user-scsi.c
@@ -43,12 +43,12 @@ enum VhostUserProtocolFeature {
VHOST_USER_PROTOCOL_F_RESET_DEVICE = 13,
};
-static int vhost_user_scsi_start(VHostUserSCSI *s)
+static int vhost_user_scsi_start(VHostUserSCSI *s, Error **errp)
{
VHostSCSICommon *vsc = VHOST_SCSI_COMMON(s);
int ret;
-ret = vhost_scsi_common_start(vsc);
+ret = vhost_scsi_common_start(vsc, errp);
s->started_vu = (ret < 0 ? false : true);
return ret;
@@ -73,6 +73,7 @@ static void vhost_user_scsi_set_status(VirtIODevice *vdev,
uint8_t status)
VHostSCSICommon *vsc = VHOST_SCSI_COMMON(s);
VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(dev);
bool should_start = virtio_device_should_start(vdev, status);
+Error *local_err = NULL;
int ret;
if (!s->connected) {
@@ -84,9 +85,10 @@ static void vhost_user_scsi_set_status(VirtIODevice *vdev,
uint8_t status)
}
if
[PATCH v3 0/2] Fix vhost reconnect issues
The patchset fixes the regression issue of vhost reconnect. It's a serious bug that the vhost-user will lose the reconnect forever. The 2nd patch enhances the error handle of vhost-user-scsi. This patchset's parent commit is: https://lore.kernel.org/all/20230731121018.2856310-1-fen...@smartx.com/ Changes for v3: - Fix the code style. Changes for v2: - Add a event_cb in VhostAsyncCallback to be called when dev is NULL; - Fix the error report message. Li Feng (2): vhost-user: Fix lost reconnect vhost: Add Error parameter to vhost_scsi_common_start() hw/block/vhost-user-blk.c | 2 +- hw/scsi/vhost-scsi-common.c | 16 +--- hw/scsi/vhost-scsi.c | 5 +++-- hw/scsi/vhost-user-scsi.c | 17 ++--- hw/virtio/vhost-user-gpio.c | 2 +- hw/virtio/vhost-user.c| 9 +++-- include/hw/virtio/vhost-scsi-common.h | 2 +- include/hw/virtio/vhost-user.h| 3 ++- 8 files changed, 34 insertions(+), 22 deletions(-) -- 2.41.0
Re: [PATCH v2 1/2] vhost-user: Fix lost reconnect
> On 30 Aug 2023, at 6:11 AM, Raphael Norwitz
> wrote:
>
>
>
>> On Aug 24, 2023, at 3:41 AM, Li Feng wrote:
>>
>> When the vhost-user is reconnecting to the backend, and if the vhost-user
>> fails
>> at the get_features in vhost_dev_init(), then the reconnect will fail
>> and it will not be retriggered forever.
>>
>> The reason is:
>> When the vhost-user fails at get_features, the vhost_dev_cleanup will be
>> called
>> immediately.
>>
>> vhost_dev_cleanup calls 'memset(hdev, 0, sizeof(struct vhost_dev))'.
>>
>> The reconnect path is:
>> vhost_user_blk_event
>> vhost_user_async_close(.. vhost_user_blk_disconnect ..)
>>qemu_chr_fe_set_handlers <- clear the notifier callback
>> schedule vhost_user_async_close_bh
>>
>> The vhost->vdev is null, so the vhost_user_blk_disconnect will not be
>> called, then the event fd callback will not be reinstalled.
>>
>> All vhost-user devices have this issue, including vhost-user-blk/scsi.
>>
>> With this patch, if the vdev->vdev is null, the fd callback will still
>> be reinstalled.
>>
>> Fixes: 71e076a07d ("hw/virtio: generalise CHR_EVENT_CLOSED handling")
>>
>
> A couple of NITs, otherwise LGTM
>
> Reviewed-by: Raphael Norwitz >
>
>> Signed-off-by: Li Feng
>> ---
>> hw/block/vhost-user-blk.c | 2 +-
>> hw/scsi/vhost-user-scsi.c | 3 ++-
>> hw/virtio/vhost-user-gpio.c| 2 +-
>> hw/virtio/vhost-user.c | 10 --
>> include/hw/virtio/vhost-user.h | 4 +++-
>> 5 files changed, 15 insertions(+), 6 deletions(-)
>>
>> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
>> index 3c69fa47d5..95c758200d 100644
>> --- a/hw/block/vhost-user-blk.c
>> +++ b/hw/block/vhost-user-blk.c
>> @@ -391,7 +391,7 @@ static void vhost_user_blk_event(void *opaque,
>> QEMUChrEvent event)
>>case CHR_EVENT_CLOSED:
>>/* defer close until later to avoid circular close */
>>vhost_user_async_close(dev, >chardev, >dev,
>> - vhost_user_blk_disconnect);
>> + vhost_user_blk_disconnect,
>> vhost_user_blk_event);
>>break;
>>case CHR_EVENT_BREAK:
>>case CHR_EVENT_MUX_IN:
>> diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c
>> index a7fa8e8df2..e931df9f5b 100644
>> --- a/hw/scsi/vhost-user-scsi.c
>> +++ b/hw/scsi/vhost-user-scsi.c
>> @@ -236,7 +236,8 @@ static void vhost_user_scsi_event(void *opaque,
>> QEMUChrEvent event)
>>case CHR_EVENT_CLOSED:
>>/* defer close until later to avoid circular close */
>>vhost_user_async_close(dev, >conf.chardev, >dev,
>> - vhost_user_scsi_disconnect);
>> + vhost_user_scsi_disconnect,
>> + vhost_user_scsi_event);
>>break;
>>case CHR_EVENT_BREAK:
>>case CHR_EVENT_MUX_IN:
>> diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
>> index d9979aa5db..04c2cc79f4 100644
>> --- a/hw/virtio/vhost-user-gpio.c
>> +++ b/hw/virtio/vhost-user-gpio.c
>> @@ -283,7 +283,7 @@ static void vu_gpio_event(void *opaque, QEMUChrEvent
>> event)
>>case CHR_EVENT_CLOSED:
>>/* defer close until later to avoid circular close */
>>vhost_user_async_close(dev, >chardev, >vhost_dev,
>> - vu_gpio_disconnect);
>> + vu_gpio_disconnect, vu_gpio_event);
>>break;
>>case CHR_EVENT_BREAK:
>>case CHR_EVENT_MUX_IN:
>> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
>> index 8dcf049d42..9540766dd3 100644
>> --- a/hw/virtio/vhost-user.c
>> +++ b/hw/virtio/vhost-user.c
>> @@ -2643,6 +2643,7 @@ typedef struct {
>>DeviceState *dev;
>>CharBackend *cd;
>>struct vhost_dev *vhost;
>> +IOEventHandler *event_cb;
>> } VhostAsyncCallback;
>>
>> static void vhost_user_async_close_bh(void *opaque)
>> @@ -2657,7 +2658,10 @@ static void vhost_user_async_close_bh(void *opaque)
>> */
>>if (vhost->vdev) {
>>data->cb(data->dev);
>> -}
>> +} else if (data->event_cb) {
>> +qemu_chr_fe_set_handlers(data->cd, NULL, NULL, data->event_cb,
>> + NULL, data->dev, NULL, true);
>> + }
>>
>>g_free(data);
>> }
>> @@ -2669,7 +2673,9 @@ static void vhost_user_async_close_bh(void *opaque)
>> */
>> void vhost_user_async_close(DeviceState *d,
>>CharBackend *chardev, struct vhost_dev *vhost,
>> -vu_async_close_fn cb)
>> +vu_async_close_fn cb,
>> +IOEventHandler *event_cb
>
> Nit: why the newline before the closing parenthesis?
Acked.
>
>> +)
>> {
>>if (!runstate_check(RUN_STATE_SHUTDOWN)) {
>>/*
>> diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
>> index 191216a74f..5fdc711d4e 100644
>> ---
[QEMU][PATCH v4 0/2] Add Virtio support to Xenpvh machine for arm
Hi, We added virtio-mmio support in xenpvh machine. Now, it can support upto 10 virtio mmio. Changelog: v3->v4: Moved the defs to xen_native.h v2->v3: Define GUEST_VIRTIO_*, GUEST_RAM* and xendevicemodel_set_irq() manually for old xen version. This was done to avoid build failures in gitlab-ci v1->v2: Add reference for VIRTIO_MMIO_DEV_SIZE. Update ram_size=0 print statement. Oleksandr Tyshchenko (2): xen_arm: Create virtio-mmio devices during initialization xen_arm: Initialize RAM and add hi/low memory regions hw/arm/xen_arm.c| 80 + include/hw/xen/xen_native.h | 24 +++ 2 files changed, 104 insertions(+) -- 2.17.1
[QEMU][PATCH v4 2/2] xen_arm: Initialize RAM and add hi/low memory regions
From: Oleksandr Tyshchenko
In order to use virtio backends we need to initialize RAM for the
xen-mapcache (which is responsible for mapping guest memory using foreign
mapping) to work. Calculate and add hi/low memory regions based on
machine->ram_size.
Use the constants defined in public header arch-arm.h to be aligned with the xen
toolstack.
While using this machine, the toolstack should then pass real ram_size using
"-m" arg. If "-m" is not given, create a QEMU machine without IOREQ and other
emulated devices like TPM and VIRTIO. This is done to keep this QEMU machine
usable for /etc/init.d/xencommons.
Signed-off-by: Oleksandr Tyshchenko
Signed-off-by: Vikram Garhwal
---
hw/arm/xen_arm.c| 45 +
include/hw/xen/xen_native.h | 8 +++
2 files changed, 53 insertions(+)
diff --git a/hw/arm/xen_arm.c b/hw/arm/xen_arm.c
index 7393b37355..f83b983ec5 100644
--- a/hw/arm/xen_arm.c
+++ b/hw/arm/xen_arm.c
@@ -60,6 +60,8 @@ struct XenArmState {
} cfg;
};
+static MemoryRegion ram_lo, ram_hi;
+
/*
* VIRTIO_MMIO_DEV_SIZE is imported from tools/libs/light/libxl_arm.c under Xen
* repository.
@@ -92,6 +94,39 @@ static void xen_create_virtio_mmio_devices(XenArmState *xam)
}
}
+static void xen_init_ram(MachineState *machine)
+{
+MemoryRegion *sysmem = get_system_memory();
+ram_addr_t block_len, ram_size[GUEST_RAM_BANKS];
+
+if (machine->ram_size <= GUEST_RAM0_SIZE) {
+ram_size[0] = machine->ram_size;
+ram_size[1] = 0;
+block_len = GUEST_RAM0_BASE + ram_size[0];
+} else {
+ram_size[0] = GUEST_RAM0_SIZE;
+ram_size[1] = machine->ram_size - GUEST_RAM0_SIZE;
+block_len = GUEST_RAM1_BASE + ram_size[1];
+}
+
+memory_region_init_ram(_memory, NULL, "xen.ram", block_len,
+ _fatal);
+
+memory_region_init_alias(_lo, NULL, "xen.ram.lo", _memory,
+ GUEST_RAM0_BASE, ram_size[0]);
+memory_region_add_subregion(sysmem, GUEST_RAM0_BASE, _lo);
+DPRINTF("Initialized region xen.ram.lo: base 0x%llx size 0x%lx\n",
+GUEST_RAM0_BASE, ram_size[0]);
+
+if (ram_size[1] > 0) {
+memory_region_init_alias(_hi, NULL, "xen.ram.hi", _memory,
+ GUEST_RAM1_BASE, ram_size[1]);
+memory_region_add_subregion(sysmem, GUEST_RAM1_BASE, _hi);
+DPRINTF("Initialized region xen.ram.hi: base 0x%llx size 0x%lx\n",
+GUEST_RAM1_BASE, ram_size[1]);
+}
+}
+
void arch_handle_ioreq(XenIOState *state, ioreq_t *req)
{
hw_error("Invalid ioreq type 0x%x\n", req->type);
@@ -141,6 +176,14 @@ static void xen_arm_init(MachineState *machine)
xam->state = g_new0(XenIOState, 1);
+if (machine->ram_size == 0) {
+DPRINTF("ram_size not specified. QEMU machine started without IOREQ"
+"(no emulated devices including Virtio)\n");
+return;
+}
+
+xen_init_ram(machine);
+
xen_register_ioreq(xam->state, machine->smp.cpus, _memory_listener);
xen_create_virtio_mmio_devices(xam);
@@ -188,6 +231,8 @@ static void xen_arm_machine_class_init(ObjectClass *oc,
void *data)
mc->init = xen_arm_init;
mc->max_cpus = 1;
mc->default_machine_opts = "accel=xen";
+/* Set explicitly here to make sure that real ram_size is passed */
+mc->default_ram_size = 0;
#ifdef CONFIG_TPM
object_class_property_add(oc, "tpm-base-addr", "uint64_t",
diff --git a/include/hw/xen/xen_native.h b/include/hw/xen/xen_native.h
index a4b1aa9e5d..5d2718261f 100644
--- a/include/hw/xen/xen_native.h
+++ b/include/hw/xen/xen_native.h
@@ -539,4 +539,12 @@ static inline int
xendevicemodel_set_irq_level(xendevicemodel_handle *dmod,
#define GUEST_VIRTIO_MMIO_SPI_LAST43
#endif
+#if defined(__i386__) || defined(__x86_64__)
+#define GUEST_RAM_BANKS 2
+#define GUEST_RAM0_BASE 0x4000ULL /* 3GB of low RAM @ 1GB */
+#define GUEST_RAM0_SIZE 0xc000ULL
+#define GUEST_RAM1_BASE 0x02ULL /* 1016GB of RAM @ 8GB */
+#define GUEST_RAM1_SIZE 0xfeULL
+#endif
+
#endif /* QEMU_HW_XEN_NATIVE_H */
--
2.17.1
[QEMU][PATCH v4 1/2] xen_arm: Create virtio-mmio devices during initialization
From: Oleksandr Tyshchenko
In order to use virtio backends we need to allocate virtio-mmio
parameters (irq and base) and register corresponding buses.
Use the constants defined in public header arch-arm.h to be
aligned with the toolstack. So the number of current supported
virtio-mmio devices is 10.
For the interrupts triggering use already existing on Arm
device-model hypercall.
The toolstack should then insert the same amount of device nodes
into guest device-tree.
Signed-off-by: Oleksandr Tyshchenko
Signed-off-by: Vikram Garhwal
---
hw/arm/xen_arm.c| 35 +++
include/hw/xen/xen_native.h | 16
2 files changed, 51 insertions(+)
diff --git a/hw/arm/xen_arm.c b/hw/arm/xen_arm.c
index 1d3e6d481a..7393b37355 100644
--- a/hw/arm/xen_arm.c
+++ b/hw/arm/xen_arm.c
@@ -26,6 +26,7 @@
#include "qapi/qapi-commands-migration.h"
#include "qapi/visitor.h"
#include "hw/boards.h"
+#include "hw/irq.h"
#include "hw/sysbus.h"
#include "sysemu/block-backend.h"
#include "sysemu/tpm_backend.h"
@@ -59,6 +60,38 @@ struct XenArmState {
} cfg;
};
+/*
+ * VIRTIO_MMIO_DEV_SIZE is imported from tools/libs/light/libxl_arm.c under Xen
+ * repository.
+ *
+ * Origin: git://xenbits.xen.org/xen.git 2128143c114c
+ */
+#define VIRTIO_MMIO_DEV_SIZE 0x200
+
+#define NR_VIRTIO_MMIO_DEVICES \
+ (GUEST_VIRTIO_MMIO_SPI_LAST - GUEST_VIRTIO_MMIO_SPI_FIRST)
+
+static void xen_set_irq(void *opaque, int irq, int level)
+{
+xendevicemodel_set_irq_level(xen_dmod, xen_domid, irq, level);
+}
+
+static void xen_create_virtio_mmio_devices(XenArmState *xam)
+{
+int i;
+
+for (i = 0; i < NR_VIRTIO_MMIO_DEVICES; i++) {
+hwaddr base = GUEST_VIRTIO_MMIO_BASE + i * VIRTIO_MMIO_DEV_SIZE;
+qemu_irq irq = qemu_allocate_irq(xen_set_irq, NULL,
+ GUEST_VIRTIO_MMIO_SPI_FIRST + i);
+
+sysbus_create_simple("virtio-mmio", base, irq);
+
+DPRINTF("Created virtio-mmio device %d: irq %d base 0x%lx\n",
+i, GUEST_VIRTIO_MMIO_SPI_FIRST + i, base);
+}
+}
+
void arch_handle_ioreq(XenIOState *state, ioreq_t *req)
{
hw_error("Invalid ioreq type 0x%x\n", req->type);
@@ -110,6 +143,8 @@ static void xen_arm_init(MachineState *machine)
xen_register_ioreq(xam->state, machine->smp.cpus, _memory_listener);
+xen_create_virtio_mmio_devices(xam);
+
#ifdef CONFIG_TPM
if (xam->cfg.tpm_base_addr) {
xen_enable_tpm(xam);
diff --git a/include/hw/xen/xen_native.h b/include/hw/xen/xen_native.h
index 4dce905fde..a4b1aa9e5d 100644
--- a/include/hw/xen/xen_native.h
+++ b/include/hw/xen/xen_native.h
@@ -523,4 +523,20 @@ static inline int xen_set_ioreq_server_state(domid_t dom,
enable);
}
+#if CONFIG_XEN_CTRL_INTERFACE_VERSION <= 41500
+static inline int xendevicemodel_set_irq_level(xendevicemodel_handle *dmod,
+ domid_t domid, uint32_t irq,
+ unsigned int level)
+{
+return 0;
+}
+#endif
+
+#if CONFIG_XEN_CTRL_INTERFACE_VERSION <= 41700
+#define GUEST_VIRTIO_MMIO_BASE xen_mk_ullong(0x0200)
+#define GUEST_VIRTIO_MMIO_SIZE xen_mk_ullong(0x0010)
+#define GUEST_VIRTIO_MMIO_SPI_FIRST 33
+#define GUEST_VIRTIO_MMIO_SPI_LAST43
+#endif
+
#endif /* QEMU_HW_XEN_NATIVE_H */
--
2.17.1
[PATCH v2, 1/1] memory: avoid updating ioeventfds for some address_space
When updating ioeventfds, we need to iterate all address spaces,
but some address spaces do not register eventfd_add|del call when
memory_listener_register() and they do nothing when updating ioeventfds.
So we can skip these AS in address_space_update_ioeventfds().
The overhead of memory_region_transaction_commit() can be significantly
reduced. For example, a VM with 8 vhost net devices and each one has
64 vectors, can reduce the time spent on memory_region_transaction_commit by
20%.
Signed-off-by: hongmianquan
Reviewed-by: Peter Xu
---
v2:
-nothing has changed, just pick PeterXu's review.
---
include/exec/memory.h | 1 +
softmmu/memory.c | 12
2 files changed, 13 insertions(+)
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 7f5c11a0cc..556f4f1871 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1089,6 +1089,7 @@ struct AddressSpace {
struct FlatView *current_map;
int ioeventfd_nb;
+int ioeventfd_notifiers;
struct MemoryRegionIoeventfd *ioeventfds;
QTAILQ_HEAD(, MemoryListener) listeners;
QTAILQ_ENTRY(AddressSpace) address_spaces_link;
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 7d9494ce70..178816c845 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -842,6 +842,10 @@ static void address_space_update_ioeventfds(AddressSpace
*as)
AddrRange tmp;
unsigned i;
+if (!as->ioeventfd_notifiers) {
+return;
+}
+
/*
* It is likely that the number of ioeventfds hasn't changed much, so use
* the previous size as the starting value, with some headroom to avoid
@@ -3075,6 +3079,10 @@ void memory_listener_register(MemoryListener *listener,
AddressSpace *as)
}
listener_add_address_space(listener, as);
+
+if (listener->eventfd_add || listener->eventfd_del) {
+as->ioeventfd_notifiers++;
+}
}
void memory_listener_unregister(MemoryListener *listener)
@@ -3083,6 +3091,10 @@ void memory_listener_unregister(MemoryListener *listener)
return;
}
+if (listener->eventfd_add || listener->eventfd_del) {
+listener->address_space->ioeventfd_notifiers--;
+}
+
listener_del_address_space(listener, listener->address_space);
QTAILQ_REMOVE(_listeners, listener, link);
QTAILQ_REMOVE(>address_space->listeners, listener, link_as);
--
2.11.0
Re: [PATCH v1 3/7] hw/fsi: Introduce IBM's cfam,fsi-slave
Hello Cedric,
On 8/29/23 08:43, Cédric Le Goater wrote:
On 8/29/23 15:39, Ninad Palsule wrote:
Hello Thomas,
On 8/28/23 21:03, Thomas Huth wrote:
On 25/08/2023 22.30, Ninad Palsule wrote:
This is a part of patchset where IBM's Flexible Service Interface is
introduced.
The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on busses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.
The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
...
diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
new file mode 100644
index 00..19256050bd
--- /dev/null
+++ b/hw/fsi/cfam.c
@@ -0,0 +1,235 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Common FRU Access Macro
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/cfam.h"
+#include "hw/fsi/engine-scratchpad.h"
+
+#include "hw/qdev-properties.h"
+
+#define TO_REG(x) ((x) >> 2)
+
+#define CFAM_ENGINE_CONFIG TO_REG(0x04)
+
+#define CFAM_CONFIG_CHIP_ID TO_REG(0x00)
+#define CFAM_CONFIG_CHIP_ID_P9 0xc0022d15
+#define CFAM_CONFIG_CHIP_ID_BREAK 0xc0de
+
+static uint64_t cfam_config_read(void *opaque, hwaddr addr,
unsigned size)
+{
+ CFAMConfig *config;
+ CFAMState *cfam;
+ LBusNode *node;
+ int i;
+
+ config = CFAM_CONFIG(opaque);
+ cfam = container_of(config, CFAMState, config);
+
+ qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx "
size=%d\n",
+ __func__, addr, size);
+
+ assert(size == 4);
+ assert(!(addr & 3));
+
+ switch (addr) {
+ case 0x00:
+ return CFAM_CONFIG_CHIP_ID_P9;
+ case 0x04:
+ return ENGINE_CONFIG_NEXT
+ | 0x0001 /* slots */
+ | 0x1000 /* version */
+ | ENGINE_CONFIG_TYPE_PEEK /* type */
+ | 0x000c; /* crc */
+ case 0x08:
+ return ENGINE_CONFIG_NEXT
+ | 0x0001 /* slots */
+ | 0x5000 /* version */
+ | ENGINE_CONFIG_TYPE_FSI /* type */
+ | 0x000a; /* crc */
+ break;
+ default:
+ /* FIXME: Improve this */
+ i = 0xc;
+ QLIST_FOREACH(node, >lbus.devices, next) {
+ if (i == addr) {
+ return LBUS_DEVICE_GET_CLASS(node->ldev)->config;
+ }
+ i += size;
+ }
+
+ if (i == addr) {
+ return 0;
+ }
+
+ return 0xc0de;
Can you explain the magic number at least with a comment?
Added comment for the magic number 0xc0de
Maybe it would also make sense to add a
qemu_log_mask(LOG_GUEST_ERROR, ...) or qemu_log_mask(LOG_UNIMP, ...)
statement here?
There is LOG_UNIMP most of the function. I added it in the reset
function.
I took a quick look at the series and I think that all the
qemu_log_mask(LOG_UNIMP, ..) as the one above should be replaced
by trace events instead.
I have converted 4 logs into trace.
Thank you for the review.
~Ninad
Thanks,
C.
Thomas
Thank you for the review.
Ninad
Re: [PATCH v1 0/7] Introduce model for IBM's FSP
Hello Cedric, On 8/28/23 03:49, Cédric Le Goater wrote: Hello Ninad, On 8/25/23 22:30, Ninad Palsule wrote: Hello, Please review the patch-set. This is a first step towards introducing model for IBM's Flexible Service Interface. The full functionality will be implemented over the time. Ninad Palsule (7): hw/fsi: Introduce IBM's Local bus hw/fsi: Introduce IBM's scratchpad hw/fsi: Introduce IBM's cfam,fsi-slave hw/fsi: Introduce IBM's FSI hw/fsi: IBM's On-chip Peripheral Bus hw/fsi: Aspeed APB2OPB interface hw/arm: Hook up FSI module in AST2600 hw/Kconfig | 1 + hw/arm/Kconfig | 1 + hw/arm/aspeed_ast2600.c | 15 ++ hw/fsi/Kconfig | 23 ++ hw/fsi/aspeed-apb2opb.c | 346 + hw/fsi/cfam.c | 236 hw/fsi/engine-scratchpad.c | 100 + hw/fsi/fsi-master.c | 202 + hw/fsi/fsi-slave.c | 109 + hw/fsi/fsi.c | 54 + hw/fsi/lbus.c | 94 hw/fsi/meson.build | 6 + hw/fsi/opb.c | 194 hw/fsi/trace-events | 2 + hw/fsi/trace.h | 1 + hw/meson.build | 1 + include/hw/arm/aspeed_soc.h | 4 + include/hw/fsi/aspeed-apb2opb.h | 32 +++ include/hw/fsi/bits.h | 15 ++ include/hw/fsi/cfam.h | 59 + include/hw/fsi/engine-scratchpad.h | 32 +++ include/hw/fsi/fsi-master.h | 30 +++ include/hw/fsi/fsi-slave.h | 29 +++ include/hw/fsi/fsi.h | 35 +++ include/hw/fsi/lbus.h | 57 + include/hw/fsi/opb.h | 45 meson.build | 1 + Thanks for creating a series for these models. I think the commit logs have a lot of useful information which would be good for some docs/specs/ file. Please add a need a entry in MAINTAINERS for this new bus model. Tests are *very* much welcome also. Ideally we should have a couple in qtest. A minimum would be an avocado test running pdbg. I have added document, MAINTAINERS and qtest. Thank you for the review. ~Ninad Thanks, C. 27 files changed, 1724 insertions(+) create mode 100644 hw/fsi/Kconfig create mode 100644 hw/fsi/aspeed-apb2opb.c create mode 100644 hw/fsi/cfam.c create mode 100644 hw/fsi/engine-scratchpad.c create mode 100644 hw/fsi/fsi-master.c create mode 100644 hw/fsi/fsi-slave.c create mode 100644 hw/fsi/fsi.c create mode 100644 hw/fsi/lbus.c create mode 100644 hw/fsi/meson.build create mode 100644 hw/fsi/opb.c create mode 100644 hw/fsi/trace-events create mode 100644 hw/fsi/trace.h create mode 100644 include/hw/fsi/aspeed-apb2opb.h create mode 100644 include/hw/fsi/bits.h create mode 100644 include/hw/fsi/cfam.h create mode 100644 include/hw/fsi/engine-scratchpad.h create mode 100644 include/hw/fsi/fsi-master.h create mode 100644 include/hw/fsi/fsi-slave.h create mode 100644 include/hw/fsi/fsi.h create mode 100644 include/hw/fsi/lbus.h create mode 100644 include/hw/fsi/opb.h
[PATCH v3 2/8] hw/fsi: Introduce IBM's scratchpad
This is a part of patchset where IBM's Flexible Service Interface is
introduced.
The LBUS device is embeded inside the scratchpad. The scratchpad
provides a non-functional registers. There is a 1-1 relation between
scratchpad and LBUS devices. Each LBUS device has 1K memory mapped in
the LBUS.
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
v2:
- Incorporated Joel's review comments.
---
hw/fsi/Kconfig | 4 ++
hw/fsi/engine-scratchpad.c | 100 +
hw/fsi/meson.build | 1 +
include/hw/fsi/engine-scratchpad.h | 33 ++
4 files changed, 138 insertions(+)
create mode 100644 hw/fsi/engine-scratchpad.c
create mode 100644 include/hw/fsi/engine-scratchpad.h
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 687449e14e..2a9c49f2c9 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,2 +1,6 @@
+config SCRATCHPAD
+bool
+select LBUS
+
config LBUS
bool
diff --git a/hw/fsi/engine-scratchpad.c b/hw/fsi/engine-scratchpad.c
new file mode 100644
index 00..15a8f8cc66
--- /dev/null
+++ b/hw/fsi/engine-scratchpad.c
@@ -0,0 +1,100 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engine
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/engine-scratchpad.h"
+
+static uint64_t scratchpad_read(void *opaque, hwaddr addr, unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+ __func__, addr, size);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Out of bounds read: 0x%"HWADDR_PRIx" for %u\n",
+ __func__, addr, size);
+return 0;
+}
+
+return s->reg;
+}
+
+static void scratchpad_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+ "value=%"PRIx64"\n", __func__, addr, size, data);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Out of bounds write: 0x%"HWADDR_PRIx" for %u\n",
+ __func__, addr, size);
+return;
+}
+
+s->reg = data;
+}
+
+static const struct MemoryRegionOps scratchpad_ops = {
+.read = scratchpad_read,
+.write = scratchpad_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void scratchpad_realize(DeviceState *dev, Error **errp)
+{
+LBusDevice *ldev = LBUS_DEVICE(dev);
+
+memory_region_init_io(>iomem, OBJECT(ldev), _ops,
+ ldev, TYPE_SCRATCHPAD, 0x400);
+}
+
+static void scratchpad_reset(DeviceState *dev)
+{
+ScratchPad *s = SCRATCHPAD(dev);
+
+s->reg = 0;
+}
+
+static void scratchpad_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+LBusDeviceClass *ldc = LBUS_DEVICE_CLASS(klass);
+
+dc->realize = scratchpad_realize;
+dc->reset = scratchpad_reset;
+
+ldc->config =
+ ENGINE_CONFIG_NEXT/* valid */
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_SCRATCHPAD /* type */
+| 0x0007; /* crc */
+}
+
+static const TypeInfo scratchpad_info = {
+.name = TYPE_SCRATCHPAD,
+.parent = TYPE_LBUS_DEVICE,
+.instance_size = sizeof(ScratchPad),
+.class_init = scratchpad_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void scratchpad_register_types(void)
+{
+type_register_static(_info);
+}
+
+type_init(scratchpad_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index e1007d5fea..f90e09ddab 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -1 +1,2 @@
system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
+system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
diff --git a/include/hw/fsi/engine-scratchpad.h
b/include/hw/fsi/engine-scratchpad.h
new file mode 100644
index 00..63bf89ac5a
--- /dev/null
+++ b/include/hw/fsi/engine-scratchpad.h
@@ -0,0 +1,33 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engne
+ */
+#ifndef FSI_ENGINE_SCRATCHPAD_H
+#define FSI_ENGINE_SCRATCHPAD_H
+
+#include "qemu/bitops.h"
+
+#include "hw/fsi/lbus.h"
+
+#define ENGINE_CONFIG_NEXT BE_BIT(0)
+#define ENGINE_CONFIG_VPD BE_BIT(1)
+#define ENGINE_CONFIG_SLOTS BE_GENMASK(8, 15)
+#define ENGINE_CONFIG_VERSION BE_GENMASK(16, 19)
+#define ENGINE_CONFIG_TYPE BE_GENMASK(20, 27)
+#define ENGINE_CONFIG_TYPE_PEEK (0x02 << 4)
+#define ENGINE_CONFIG_TYPE_FSI(0x03 << 4)
+#define
[PATCH v3 0/8] Introduce model for IBM's FSI
Hello, Please review the patch-set version 3. I have incorporated review comments from Cedric and Thomas. Ninad Palsule (8): hw/fsi: Introduce IBM's Local bus hw/fsi: Introduce IBM's scratchpad hw/fsi: Introduce IBM's cfam,fsi-slave hw/fsi: Introduce IBM's FSI hw/fsi: IBM's On-chip Peripheral Bus hw/fsi: Aspeed APB2OPB interface hw/arm: Hook up FSI module in AST2600 hw/fsi: Documentation and testing MAINTAINERS| 20 ++ docs/specs/fsi.rst | 141 hw/Kconfig | 1 + hw/arm/Kconfig | 1 + hw/arm/aspeed_ast2600.c| 19 ++ hw/fsi/Kconfig | 23 ++ hw/fsi/aspeed-apb2opb.c| 352 + hw/fsi/cfam.c | 239 hw/fsi/engine-scratchpad.c | 100 hw/fsi/fsi-master.c| 201 hw/fsi/fsi-slave.c | 109 + hw/fsi/fsi.c | 54 + hw/fsi/lbus.c | 94 hw/fsi/meson.build | 6 + hw/fsi/opb.c | 194 hw/fsi/trace-events| 8 + hw/fsi/trace.h | 1 + hw/meson.build | 1 + include/hw/arm/aspeed_soc.h| 4 + include/hw/fsi/aspeed-apb2opb.h| 33 +++ include/hw/fsi/cfam.h | 61 + include/hw/fsi/engine-scratchpad.h | 33 +++ include/hw/fsi/fsi-master.h| 30 +++ include/hw/fsi/fsi-slave.h | 29 +++ include/hw/fsi/fsi.h | 31 +++ include/hw/fsi/lbus.h | 48 include/hw/fsi/opb.h | 43 include/qemu/bitops.h | 6 + meson.build| 1 + tests/qtest/fsi-test.c | 210 + tests/qtest/meson.build| 2 + 31 files changed, 2095 insertions(+) create mode 100644 docs/specs/fsi.rst create mode 100644 hw/fsi/Kconfig create mode 100644 hw/fsi/aspeed-apb2opb.c create mode 100644 hw/fsi/cfam.c create mode 100644 hw/fsi/engine-scratchpad.c create mode 100644 hw/fsi/fsi-master.c create mode 100644 hw/fsi/fsi-slave.c create mode 100644 hw/fsi/fsi.c create mode 100644 hw/fsi/lbus.c create mode 100644 hw/fsi/meson.build create mode 100644 hw/fsi/opb.c create mode 100644 hw/fsi/trace-events create mode 100644 hw/fsi/trace.h create mode 100644 include/hw/fsi/aspeed-apb2opb.h create mode 100644 include/hw/fsi/cfam.h create mode 100644 include/hw/fsi/engine-scratchpad.h create mode 100644 include/hw/fsi/fsi-master.h create mode 100644 include/hw/fsi/fsi-slave.h create mode 100644 include/hw/fsi/fsi.h create mode 100644 include/hw/fsi/lbus.h create mode 100644 include/hw/fsi/opb.h create mode 100644 tests/qtest/fsi-test.c -- 2.39.2
[PATCH v3 6/8] hw/fsi: Aspeed APB2OPB interface
This is a part of patchset where IBM's Flexible Service Interface is introduced. An APB-to-OPB bridge enabling access to the OPB from the ARM core in the AST2600. Hardware limitations prevent the OPB from being directly mapped into APB, so all accesses are indirect through the bridge. Signed-off-by: Andrew Jeffery Signed-off-by: Cédric Le Goater Signed-off-by: Ninad Palsule --- v2: - Incorporated review comments by Joel v3: - Incorporated review comments by Thomas Huth --- hw/arm/Kconfig | 1 + hw/fsi/Kconfig | 20 +- hw/fsi/aspeed-apb2opb.c | 352 hw/fsi/meson.build | 9 +- hw/fsi/trace-events | 2 + hw/fsi/trace.h | 1 + include/hw/fsi/aspeed-apb2opb.h | 33 +++ meson.build | 1 + 8 files changed, 407 insertions(+), 12 deletions(-) create mode 100644 hw/fsi/aspeed-apb2opb.c create mode 100644 hw/fsi/trace-events create mode 100644 hw/fsi/trace.h create mode 100644 include/hw/fsi/aspeed-apb2opb.h diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index 7e68348440..c5c16e3859 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -589,6 +589,7 @@ config FSL_IMX7 select PCI_EXPRESS_DESIGNWARE select SDHCI select UNIMP +select FSI_APB2OPB_ASPEED config ARM_SMMUV3 bool diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig index 560ce536db..6bbcb8f6ca 100644 --- a/hw/fsi/Kconfig +++ b/hw/fsi/Kconfig @@ -1,19 +1,23 @@ -config OPB +config FSI_APB2OPB_ASPEED bool -select CFAM +select FSI_OPB -config CFAM +config FSI_OPB +bool +select FSI_CFAM + +config FSI_CFAM bool select FSI -select SCRATCHPAD -select LBUS +select FSI_SCRATCHPAD +select FSI_LBUS config FSI bool -config SCRATCHPAD +config FSI_SCRATCHPAD bool -select LBUS +select FSI_LBUS -config LBUS +config FSI_LBUS bool diff --git a/hw/fsi/aspeed-apb2opb.c b/hw/fsi/aspeed-apb2opb.c new file mode 100644 index 00..88eabd8a73 --- /dev/null +++ b/hw/fsi/aspeed-apb2opb.c @@ -0,0 +1,352 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (C) 2023 IBM Corp. + * + * ASPEED APB-OPB FSI interface + */ + +#include "qemu/osdep.h" +#include "qemu/log.h" +#include "qom/object.h" +#include "qapi/error.h" +#include "trace.h" + +#include "hw/fsi/aspeed-apb2opb.h" +#include "hw/qdev-core.h" + +#define TO_REG(x) (x >> 2) +#define GENMASK(t, b) (((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1)) + +#define APB2OPB_VERSIONTO_REG(0x00) +#define APB2OPB_VERSION_VER GENMASK(7, 0) + +#define APB2OPB_TRIGGERTO_REG(0x04) +#define APB2OPB_TRIGGER_EN BIT(0) + +#define APB2OPB_CONTROLTO_REG(0x08) +#define APB2OPB_CONTROL_OFF GENMASK(31, 13) + +#define APB2OPB_OPB2FSITO_REG(0x0c) +#define APB2OPB_OPB2FSI_OFF GENMASK(31, 22) + +#define APB2OPB_OPB0_SEL TO_REG(0x10) +#define APB2OPB_OPB1_SEL TO_REG(0x28) +#define APB2OPB_OPB_SEL_EN BIT(0) + +#define APB2OPB_OPB0_MODE TO_REG(0x14) +#define APB2OPB_OPB1_MODE TO_REG(0x2c) +#define APB2OPB_OPB_MODE_RD BIT(0) + +#define APB2OPB_OPB0_XFER TO_REG(0x18) +#define APB2OPB_OPB1_XFER TO_REG(0x30) +#define APB2OPB_OPB_XFER_FULLBIT(1) +#define APB2OPB_OPB_XFER_HALFBIT(0) + +#define APB2OPB_OPB0_ADDR TO_REG(0x1c) +#define APB2OPB_OPB0_WRITE_DATATO_REG(0x20) + +#define APB2OPB_OPB1_DMA_ENTO_REG(0x24) +#define APB2OPB_OPB1_DMA_EN_3 BIT(3) +#define APB2OPB_OPB1_DMA_EN_2 BIT(2) +#define APB2OPB_OPB1_DMA_EN_1 BIT(1) +#define APB2OPB_OPB1_DMA_EN_0 BIT(0) + +#define APB2OPB_OPB1_ADDR TO_REG(0x34) +#define APB2OPB_OPB1_WRITE_DATA TO_REG(0x38) + +#define APB2OPB_OPB_CLKTO_REG(0x3c) +#define APB2OPB_OPB_CLK_SYNC BIT(0) + +#define APB2OPB_IRQ_CLEAR TO_REG(0x40) +#define APB2OPB_IRQ_CLEAR_EN BIT(0) + +#define APB2OPB_IRQ_MASK TO_REG(0x44) +#define APB2OPB_IRQ_MASK_OPB1_TX_ACK BIT(17) +#define APB2OPB_IRQ_MASK_OPB0_TX_ACK BIT(16) +#define APB2OPB_IRQ_MASK_CH3_TCONT BIT(15) +#define APB2OPB_IRQ_MASK_CH2_TCONT BIT(14) +#define APB2OPB_IRQ_MASK_CH1_TCONT BIT(13) +#define APB2OPB_IRQ_MASK_CH0_TCONT BIT(12) +#define APB2OPB_IRQ_MASK_CH3_FIFO_EMPTY BIT(11) +#define APB2OPB_IRQ_MASK_CH2_FIFO_EMPTY BIT(10) +#define APB2OPB_IRQ_MASK_CH1_FIFO_EMPTY BIT(9) +#define APB2OPB_IRQ_MASK_CH0_FIFO_EMPTY BIT(8) +#define APB2OPB_IRQ_MASK_CH3_FIFO_FULL BIT(7) +#define APB2OPB_IRQ_MASK_CH2_FIFO_FULL BIT(6) +#define APB2OPB_IRQ_MASK_CH1_FIFO_FULL
[PATCH v3 3/8] hw/fsi: Introduce IBM's cfam,fsi-slave
This is a part of patchset where IBM's Flexible Service Interface is
introduced.
The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on busses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.
The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
v2:
- Incorporated Joel's review comments.
v3:
- Incorporated Thomas Huth's review comments.
---
hw/fsi/Kconfig | 9 ++
hw/fsi/cfam.c | 241 +
hw/fsi/fsi-slave.c | 109 +
hw/fsi/meson.build | 2 +
include/hw/fsi/cfam.h | 61 ++
include/hw/fsi/fsi-slave.h | 29 +
6 files changed, 451 insertions(+)
create mode 100644 hw/fsi/cfam.c
create mode 100644 hw/fsi/fsi-slave.c
create mode 100644 include/hw/fsi/cfam.h
create mode 100644 include/hw/fsi/fsi-slave.h
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 2a9c49f2c9..087980be22 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,12 @@
+config CFAM
+bool
+select FSI
+select SCRATCHPAD
+select LBUS
+
+config FSI
+bool
+
config SCRATCHPAD
bool
select LBUS
diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
new file mode 100644
index 00..c91fbfbbaa
--- /dev/null
+++ b/hw/fsi/cfam.c
@@ -0,0 +1,241 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Common FRU Access Macro
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/cfam.h"
+#include "hw/fsi/engine-scratchpad.h"
+
+#include "hw/qdev-properties.h"
+
+#define TO_REG(x) ((x) >> 2)
+
+#define CFAM_ENGINE_CONFIG TO_REG(0x04)
+
+#define CFAM_CONFIG_CHIP_IDTO_REG(0x00)
+#define CFAM_CONFIG_CHIP_ID_P9 0xc0022d15
+#define CFAM_CONFIG_CHIP_ID_BREAK0xc0de
+
+static uint64_t cfam_config_read(void *opaque, hwaddr addr, unsigned size)
+{
+CFAMConfig *config;
+CFAMState *cfam;
+LBusNode *node;
+int i;
+
+config = CFAM_CONFIG(opaque);
+cfam = container_of(config, CFAMState, config);
+
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+ __func__, addr, size);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (addr) {
+case 0x00:
+return CFAM_CONFIG_CHIP_ID_P9;
+case 0x04:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_PEEK /* type */
+| 0x000c; /* crc */
+case 0x08:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x5000/* version */
+| ENGINE_CONFIG_TYPE_FSI/* type */
+| 0x000a; /* crc */
+break;
+default:
+/* FIXME: Improve this */
+i = 0xc;
+QLIST_FOREACH(node, >lbus.devices, next) {
+if (i == addr) {
+return LBUS_DEVICE_GET_CLASS(node->ldev)->config;
+}
+i += size;
+}
+
+if (i == addr) {
+return 0;
+}
+
+/*
+ * As per FSI specification, This is a magic value at address 0 of
+ * given FSI port. This causes FSI master to send BREAK command for
+ * initialization and recovery.
+ */
+return 0xc0de;
+}
+}
+
+static void cfam_config_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+CFAMConfig *s = CFAM_CONFIG(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+ "value=%"PRIx64"\n", __func__, addr, size, data);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (TO_REG(addr)) {
+case CFAM_CONFIG_CHIP_ID:
+case CFAM_CONFIG_CHIP_ID + 4:
+if (data == CFAM_CONFIG_CHIP_ID_BREAK) {
+bus_cold_reset(qdev_get_parent_bus(DEVICE(s)));
+}
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Not implemented: 0x%"
+ HWADDR_PRIx" for %u\n",
+ __func__, addr, size);
+}
+}
+
+static const struct MemoryRegionOps cfam_config_ops = {
+.read = cfam_config_read,
+.write = cfam_config_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void cfam_config_realize(DeviceState *dev,
[PATCH v3 5/8] hw/fsi: IBM's On-chip Peripheral Bus
This is a part of patchset where IBM's Flexible Service Interface is
introduced.
The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
v2:
- Incorporated review comment by Joel.
---
hw/fsi/Kconfig | 4 +
hw/fsi/fsi-master.c | 6 +-
hw/fsi/meson.build | 1 +
hw/fsi/opb.c | 194 +++
include/hw/fsi/opb.h | 43 ++
5 files changed, 244 insertions(+), 4 deletions(-)
create mode 100644 hw/fsi/opb.c
create mode 100644 include/hw/fsi/opb.h
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 087980be22..560ce536db 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config OPB
+bool
+select CFAM
+
config CFAM
bool
select FSI
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
index fe1693539a..46103f84e9 100644
--- a/hw/fsi/fsi-master.c
+++ b/hw/fsi/fsi-master.c
@@ -7,14 +7,12 @@
#include "qemu/osdep.h"
+#include "qemu/bitops.h"
#include "qapi/error.h"
-
#include "qemu/log.h"
-#include "hw/fsi/bits.h"
#include "hw/fsi/fsi-master.h"
-
-#define TYPE_OP_BUS "opb"
+#include "hw/fsi/opb.h"
#define TO_REG(x) ((x) >> 2)
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index ca80d11cb9..cab645f4ea 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -2,3 +2,4 @@ system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
system_ss.add(when: 'CONFIG_CFAM', if_true: files('cfam.c'))
system_ss.add(when: 'CONFIG_FSI', if_true:
files('fsi.c','fsi-master.c','fsi-slave.c'))
+system_ss.add(when: 'CONFIG_OPB', if_true: files('opb.c'))
diff --git a/hw/fsi/opb.c b/hw/fsi/opb.c
new file mode 100644
index 00..ac7693c001
--- /dev/null
+++ b/hw/fsi/opb.c
@@ -0,0 +1,194 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM On-chip Peripheral Bus
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/opb.h"
+
+static MemTxResult opb_read(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_read(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+ len);
+}
+
+uint8_t opb_read8(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint8_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint16_t opb_read16(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint16_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint32_t opb_read32(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint32_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+static MemTxResult opb_write(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_write(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+ len);
+}
+
+void opb_write8(OPBus *opb, hwaddr addr, uint8_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write16(OPBus *opb, hwaddr addr, uint16_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write32(OPBus *opb, hwaddr addr, uint32_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_fsi_master_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.iomem, addr);
+memory_region_transaction_commit();
+}
+
+void opb_opb2fsi_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.opb2fsi, addr);
+memory_region_transaction_commit();
+}
+
+static uint64_t opb_unimplemented_read(void *opaque, hwaddr addr, unsigned
size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+ __func__, addr, size);
+
+return 0;
+}
+
+static void opb_unimplemented_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+ "value=%"PRIx64"\n", __func__, addr, size, data);
+}
+
+static const struct MemoryRegionOps opb_unimplemented_ops = {
[PATCH v3 7/8] hw/arm: Hook up FSI module in AST2600
This patchset introduces IBM's Flexible Service Interface(FSI).
Time for some fun with inter-processor buses. FSI allows a service
processor access to the internal buses of a host POWER processor to
perform configuration or debugging.
FSI has long existed in POWER processes and so comes with some baggage,
including how it has been integrated into the ASPEED SoC.
Working backwards from the POWER processor, the fundamental pieces of
interest for the implementation are:
1. The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on buses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.
2. The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.
3. The FSI master: A controller in the platform service processor (e.g.
BMC) driving CFAM engine accesses into the POWER chip. At the
hardware level FSI is a bit-based protocol supporting synchronous and
DMA-driven accesses of engines in a CFAM.
4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.
5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in
the AST2600. Hardware limitations prevent the OPB from being directly
mapped into APB, so all accesses are indirect through the bridge.
The implementation appears as following in the qemu device tree:
(qemu) info qtree
bus: main-system-bus
type System
...
dev: aspeed.apb2opb, id ""
gpio-out "sysbus-irq" 1
mmio 1e79b000/1000
bus: opb.1
type opb
dev: fsi.master, id ""
bus: fsi.bus.1
type fsi.bus
dev: cfam.config, id ""
dev: cfam, id ""
bus: lbus.1
type lbus
dev: scratchpad, id ""
address = 0 (0x0)
bus: opb.0
type opb
dev: fsi.master, id ""
bus: fsi.bus.0
type fsi.bus
dev: cfam.config, id ""
dev: cfam, id ""
bus: lbus.0
type lbus
dev: scratchpad, id ""
address = 0 (0x0)
The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.
CFAM designs offer a lot of flexibility, for instance it is possible for
a CFAM to be simultaneously driven from multiple FSI links. The modeling
is not so complete; it's assumed that each CFAM is attached to a single
FSI slave (as a consequence the CFAM subclasses the FSI slave).
As for FSI, its symbols and wire-protocol are not modelled at all. This
is not necessary to get FSI off the ground thanks to the mapping of the
CFAM address space onto the OPB address space - the models follow this
directly and map the CFAM memory region into the OPB's memory region.
Future work includes supporting more advanced accesses that drive the
FSI master directly rather than indirectly via the CFAM mapping, which
will require implementing the FSI state machine and methods for each of
the FSI symbols on the slave. Further down the track we can also look at
supporting the bitbanged SoftFSI drivers in Linux by extending the FSI
slave model to resolve sequences of GPIO IRQs into FSI symbols, and
calling the associated symbol method on the slave to map the access onto
the CFAM.
Testing:
Tested by reading cfam config address 0 on rainier machine type.
root@p10bmc:~# pdbg -a getcfam 0x0
p0: 0x0 = 0xc0022d15
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
hw/arm/aspeed_ast2600.c | 19 +++
include/hw/arm/aspeed_soc.h | 4
2 files changed, 23 insertions(+)
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index a8b3a8065a..010c9cee8a 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -75,6 +75,8 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
[ASPEED_DEV_UART12]= 0x1E790600,
[ASPEED_DEV_UART13]= 0x1E790700,
[ASPEED_DEV_VUART] = 0x1E787000,
+[ASPEED_DEV_FSI1] = 0x1E79B000,
+[ASPEED_DEV_FSI2]
[PATCH v3 8/8] hw/fsi: Documentation and testing
Added FSI document Added basic qtests for FSI model. Added MAINITAINER for FSI Replaced some qemu logs to traces. Signed-off-by: Ninad Palsule --- v3: - Incorporated Cedric's review comments. --- MAINTAINERS | 20 docs/specs/fsi.rst | 141 +++ hw/fsi/cfam.c | 13 +-- hw/fsi/trace-events | 6 ++ tests/qtest/fsi-test.c | 210 tests/qtest/meson.build | 2 + 6 files changed, 384 insertions(+), 8 deletions(-) create mode 100644 docs/specs/fsi.rst create mode 100644 tests/qtest/fsi-test.c diff --git a/MAINTAINERS b/MAINTAINERS index 6111b6b4d9..183c0f4b32 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3395,6 +3395,26 @@ F: tests/qtest/adm1272-test.c F: tests/qtest/max34451-test.c F: tests/qtest/isl_pmbus_vr-test.c +FSI +M: Ninad Palsule +S: Maintained +F: hw/fsi/aspeed-apb2opb.c +F: hw/fsi/cfam.c +F: hw/fsi/fsi.c +F: hw/fsi/fsi-slave.c +F: hw/fsi/opb.c +F: hw/fsi/engine-scratchpad.c +F: hw/fsi/fsi-master.c +F: hw/fsi/lbus.c +F: include/hw/fsi/aspeed-apb2opb.h +F: include/hw/fsi/cfam.h +F: include/hw/fsi/fsi.h +F: include/hw/fsi/fsi-slave.h +F: include/hw/fsi/opb.h +F: include/hw/fsi/engine-scratchpad.h +F: include/hw/fsi/fsi-master.h +F: include/hw/fsi/lbus.h + Firmware schema specifications M: Philippe Mathieu-Daudé R: Daniel P. Berrange diff --git a/docs/specs/fsi.rst b/docs/specs/fsi.rst new file mode 100644 index 00..73b082afe1 --- /dev/null +++ b/docs/specs/fsi.rst @@ -0,0 +1,141 @@ +== +IBM's Flexible Service Interface (FSI) +== + +The QEMU FSI emulation implements hardware interfaces between ASPEED SOC, FSI +master/slave and the end engine. + +FSI is a point-to-point two wire interface which is capable of supporting +distances of up to 4 meters. FSI interfaces have been used successfully for +many years in IBM servers to attach IBM Flexible Support Processors(FSP) to +CPUs and IBM ASICs. + +FSI allows a service processor access to the internal buses of a host POWER +processor to perform configuration or debugging. FSI has long existed in POWER +processes and so comes with some baggage, including how it has been integrated +into the ASPEED SoC. + +Working backwards from the POWER processor, the fundamental pieces of interest +for the implementation are: + +1. The Common FRU Access Macro (CFAM), an address space containing various + "engines" that drive accesses on buses internal and external to the POWER + chip. Examples include the SBEFIFO and I2C masters. The engines hang off of + an internal Local Bus (LBUS) which is described by the CFAM configuration + block. + +2. The FSI slave: The slave is the terminal point of the FSI bus for FSI + symbols addressed to it. Slaves can be cascaded off of one another. The + slave's configuration registers appear in address space of the CFAM to + which it is attached. + +3. The FSI master: A controller in the platform service processor (e.g. BMC) + driving CFAM engine accesses into the POWER chip. At the hardware level + FSI is a bit-based protocol supporting synchronous and DMA-driven accesses + of engines in a CFAM. + +4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in POWER + processors. This now makes an appearance in the ASPEED SoC due to tight + integration of the FSI master IP with the OPB, mainly the existence of an + MMIO-mapping of the CFAM address straight onto a sub-region of the OPB + address space. + +5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in the + AST2600. Hardware limitations prevent the OPB from being directly mapped + into APB, so all accesses are indirect through the bridge. + +The LBUS is modelled to maintain the qdev bus hierarchy and to take advantages +of the object model to automatically generate the CFAM configuration block. +The configuration block presents engines in the order they are attached to the +CFAM's LBUS. Engine implementations should subclass the LBusDevice and set the +'config' member of LBusDeviceClass to match the engine's type. + +CFAM designs offer a lot of flexibility, for instance it is possible for a +CFAM to be simultaneously driven from multiple FSI links. The modeling is not +so complete; it's assumed that each CFAM is attached to a single FSI slave (as +a consequence the CFAM subclasses the FSI slave). + +As for FSI, its symbols and wire-protocol are not modelled at all. This is not +necessary to get FSI off the ground thanks to the mapping of the CFAM address +space onto the OPB address space - the models follow this directly and map the +CFAM memory region into the OPB's memory region. + +QEMU files related to FSI interface: + - ``hw/fsi/aspeed-apb2opb.c`` + - ``include/hw/fsi/aspeed-apb2opb.h`` + - ``hw/fsi/opb.c`` + - ``include/hw/fsi/opb.h`` + - ``hw/fsi/fsi.c`` + - ``include/hw/fsi/fsi.h`` + - ``hw/fsi/fsi-master.c`` + -
[PATCH v3 4/8] hw/fsi: Introduce IBM's FSI
This is a part of patchset where IBM's Flexible Service Interface is introduced. This commit models the FSI bus. CFAM is hanging out of FSI bus. The bus is model such a way that it is embeded inside the FSI master which is a bus controller. The FSI master: A controller in the platform service processor (e.g. BMC) driving CFAM engine accesses into the POWER chip. At the hardware level FSI is a bit-based protocol supporting synchronous and DMA-driven accesses of engines in a CFAM. Signed-off-by: Andrew Jeffery Signed-off-by: Cédric Le Goater Signed-off-by: Ninad Palsule --- v2: - Incorporated review comments by Joel --- hw/fsi/cfam.c | 3 +- hw/fsi/fsi-master.c | 203 hw/fsi/fsi.c| 54 ++ hw/fsi/meson.build | 2 +- include/hw/fsi/cfam.h | 8 +- include/hw/fsi/fsi-master.h | 30 ++ include/hw/fsi/fsi-slave.h | 4 +- include/hw/fsi/fsi.h| 31 ++ 8 files changed, 327 insertions(+), 8 deletions(-) create mode 100644 hw/fsi/fsi-master.c create mode 100644 hw/fsi/fsi.c create mode 100644 include/hw/fsi/fsi-master.h create mode 100644 include/hw/fsi/fsi.h diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c index c91fbfbbaa..bfcf365618 100644 --- a/hw/fsi/cfam.c +++ b/hw/fsi/cfam.c @@ -7,11 +7,12 @@ #include "qemu/osdep.h" +#include "qemu/bitops.h" #include "qapi/error.h" #include "qemu/log.h" -#include "hw/fsi/bits.h" #include "hw/fsi/cfam.h" +#include "hw/fsi/fsi.h" #include "hw/fsi/engine-scratchpad.h" #include "hw/qdev-properties.h" diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c new file mode 100644 index 00..fe1693539a --- /dev/null +++ b/hw/fsi/fsi-master.c @@ -0,0 +1,203 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (C) 2023 IBM Corp. + * + * IBM Flexible Service Interface master + */ + +#include "qemu/osdep.h" + +#include "qapi/error.h" + +#include "qemu/log.h" + +#include "hw/fsi/bits.h" +#include "hw/fsi/fsi-master.h" + +#define TYPE_OP_BUS "opb" + +#define TO_REG(x) ((x) >> 2) + +#define FSI_MMODE TO_REG(0x000) +#define FSI_MMODE_IPOLL_DMA_ENBE_BIT(0) +#define FSI_MMODE_HW_ERROR_RECOVERY_ENBE_BIT(1) +#define FSI_MMODE_RELATIVE_ADDRESS_EN BE_BIT(2) +#define FSI_MMODE_PARITY_CHECK_EN BE_BIT(3) +#define FSI_MMODE_CLOCK_DIVIDER_0 BE_GENMASK(4, 13) +#define FSI_MMODE_CLOCK_DIVIDER_1 BE_GENMASK(14, 23) +#define FSI_MMODE_DEBUG_ENBE_BIT(24) + +#define FSI_MDELAY TO_REG(0x004) +#define FSI_MDELAY_ECHO_0 BE_GENMASK(0, 3) +#define FSI_MDELAY_SEND_0 BE_GENMASK(4, 7) +#define FSI_MDELAY_ECHO_1 BE_GENMASK(8, 11) +#define FSI_MDELAY_SEND_1 BE_GENMASK(12, 15) + +#define FSI_MENP0 TO_REG(0x010) +#define FSI_MENP32 TO_REG(0x014) +#define FSI_MSENP0 TO_REG(0x018) +#define FSI_MLEVP0 TO_REG(0x018) +#define FSI_MSENP32 TO_REG(0x01c) +#define FSI_MLEVP32 TO_REG(0x01c) +#define FSI_MCENP0 TO_REG(0x020) +#define FSI_MREFP0 TO_REG(0x020) +#define FSI_MCENP32 TO_REG(0x024) +#define FSI_MREFP32 TO_REG(0x024) + +#define FSI_MAEBTO_REG(0x070) +#define FSI_MAEB_ANY_CPU_ERRORBE_BIT(0) +#define FSI_MAEB_ANY_DMA_ERRORBE_GENMASK(1, 16) +#define FSI_MAEB_ANY_PARITY_ERROR BE_BIT(17) + +#define FSI_MVERTO_REG(0x074) +#define FSI_MVER_VERSION BE_GENMASK(0, 7) +#define FSI_MVER_BRIDGES BE_GENMASK(8, 15) +#define FSI_MVER_PORTSBE_GENMASK(16, 23) + +#define FSI_MRESP0 TO_REG(0x0d0) +#define FSI_MRESP0_RESET_PORT_GENERAL BE_BIT(0) +#define FSI_MRESP0_RESET_PORT_ERROR BE_BIT(1) +#define FSI_MRESP0_RESET_ALL_BRIDGES_GENERAL BE_BIT(2) +#define FSI_MRESP0_RESET_ALL_PORTS_GENERALBE_BIT(3) +#define FSI_MRESP0_RESET_MASTER BE_BIT(4) +#define FSI_MRESP0_RESET_PARITY_ERROR_LATCH BE_BIT(5) + +#define FSI_MRESB0 TO_REG(0x1d0) +#define FSI_MRESB0_RESET_GENERAL BE_BIT(0) +#define FSI_MRESB0_RESET_ERRORBE_BIT(1) +#define FSI_MRESB0_SET_DMA_SUSPENDBE_BIT(5) +#define FSI_MRESB0_CLEAR_DMA_SUSPEND BE_BIT(6) +#define FSI_MRESB0_SET_DELAY_MEASURE BE_BIT(7) + +#define FSI_MECTRL TO_REG(0x2e0) +#define FSI_MECTRL_TEST_PULSE
[PATCH v3 1/8] hw/fsi: Introduce IBM's Local bus
This is a part of patchset where IBM's Flexible Service Interface is
introduced.
The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.
Signed-off-by: Andrew Jeffery
Signed-off-by: Cédric Le Goater
Signed-off-by: Ninad Palsule
---
v2:
- Incorporated Joel's review comments.
---
hw/Kconfig| 1 +
hw/fsi/Kconfig| 2 +
hw/fsi/lbus.c | 94 +++
hw/fsi/meson.build| 1 +
hw/meson.build| 1 +
include/hw/fsi/lbus.h | 48 ++
include/qemu/bitops.h | 6 +++
7 files changed, 153 insertions(+)
create mode 100644 hw/fsi/Kconfig
create mode 100644 hw/fsi/lbus.c
create mode 100644 hw/fsi/meson.build
create mode 100644 include/hw/fsi/lbus.h
diff --git a/hw/Kconfig b/hw/Kconfig
index ba62ff6417..2ccb73add5 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -9,6 +9,7 @@ source core/Kconfig
source cxl/Kconfig
source display/Kconfig
source dma/Kconfig
+source fsi/Kconfig
source gpio/Kconfig
source hyperv/Kconfig
source i2c/Kconfig
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
new file mode 100644
index 00..687449e14e
--- /dev/null
+++ b/hw/fsi/Kconfig
@@ -0,0 +1,2 @@
+config LBUS
+bool
diff --git a/hw/fsi/lbus.c b/hw/fsi/lbus.c
new file mode 100644
index 00..afb26ef7ea
--- /dev/null
+++ b/hw/fsi/lbus.c
@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus where FSI slaves are connected
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/lbus.h"
+
+#include "hw/qdev-properties.h"
+
+static void lbus_realize(BusState *bus, Error **errp)
+{
+LBusNode *node;
+LBus *lbus = LBUS(bus);
+
+memory_region_init(>mr, OBJECT(lbus), TYPE_LBUS,
+ (2 * 1024 * 1024) - 0x400);
+
+QLIST_FOREACH(node, >devices, next) {
+memory_region_add_subregion(>mr, node->ldev->address,
+>ldev->iomem);
+}
+}
+
+static void lbus_init(Object *o)
+{
+}
+
+static void lbus_class_init(ObjectClass *klass, void *data)
+{
+BusClass *k = BUS_CLASS(klass);
+k->realize = lbus_realize;
+}
+
+static const TypeInfo lbus_info = {
+.name = TYPE_LBUS,
+.parent = TYPE_BUS,
+.instance_init = lbus_init,
+.instance_size = sizeof(LBus),
+.class_init = lbus_class_init,
+};
+
+static Property lbus_device_props[] = {
+DEFINE_PROP_UINT32("address", LBusDevice, address, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+DeviceState *lbus_create_device(LBus *bus, const char *type, uint32_t addr)
+{
+DeviceState *dev;
+LBusNode *node;
+
+dev = qdev_new(type);
+qdev_prop_set_uint8(dev, "address", addr);
+qdev_realize_and_unref(dev, >bus, _fatal);
+
+/* Move to post_load */
+node = g_malloc(sizeof(struct LBusNode));
+node->ldev = LBUS_DEVICE(dev);
+QLIST_INSERT_HEAD(>devices, node, next);
+
+return dev;
+}
+
+static void lbus_device_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->bus_type = TYPE_LBUS;
+device_class_set_props(dc, lbus_device_props);
+}
+
+static const TypeInfo lbus_device_type_info = {
+.name = TYPE_LBUS_DEVICE,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(LBusDevice),
+.abstract = true,
+.class_init = lbus_device_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void lbus_register_types(void)
+{
+type_register_static(_info);
+type_register_static(_device_type_info);
+}
+
+type_init(lbus_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
new file mode 100644
index 00..e1007d5fea
--- /dev/null
+++ b/hw/fsi/meson.build
@@ -0,0 +1 @@
+system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
diff --git a/hw/meson.build b/hw/meson.build
index c7ac7d3d75..6c71ee9cfa 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -43,6 +43,7 @@ subdir('virtio')
subdir('watchdog')
subdir('xen')
subdir('xenpv')
+subdir('fsi')
subdir('alpha')
subdir('arm')
diff --git a/include/hw/fsi/lbus.h b/include/hw/fsi/lbus.h
new file mode 100644
index 00..fafc065178
--- /dev/null
+++ b/include/hw/fsi/lbus.h
@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus and connected device structures.
+ */
+#ifndef FSI_LBUS_H
+#define FSI_LBUS_H
+
+#include "exec/memory.h"
+#include "hw/qdev-core.h"
+
+#define TYPE_LBUS_DEVICE "lbus.device"
+OBJECT_DECLARE_TYPE(LBusDevice, LBusDeviceClass, LBUS_DEVICE)
+
+typedef struct LBusDevice {
+DeviceState parent;
+
+MemoryRegion iomem;
+
[PULL 0/1] Quick fix patches
The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0: Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400) are available in the Git repository at: https://gitlab.com/bsdimp/qemu.git tags/quick-fix-pull-request for you to fetch changes up to de287fb4e8987b32e133f7f37b990e09f3aa6325: linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h (2023-08-29 20:12:25 -0600) Pull request: Quick fix for clang user-mode job Move the linux-user version of PRAGMA_DISABLE_PACKED_WARNING to qemu/compiler.h and remove it from linux-user/qemu.h. -BEGIN PGP SIGNATURE- Comment: GPGTools - https://gpgtools.org iQIzBAABCgAdFiEEIDX4lLAKo898zeG3bBzRKH2wEQAFAmTup4sACgkQbBzRKH2w EQChXw/9H/hKENL0vLz9LE1iq05+bJ6/uY/Kl4avXX3/ZBq39/ZvNHrgT6h26PMb wU2vFYFL8UTZQsfC8t35B1khmoK3ZUtbTYYUjzpmVQQA1+MGNpflgciSQhsITGkG zOraHo9kSkM/ByHE246zSxqJlgHTziE/mQ1Hg8AFNvI5KChgedMblFz4gu99ADMA sVQwBUTAeOJv3uvY9DhXCxtvg5Lj+ZcJd7Uu4pYl86jHp0RSE7Jk6jrJXo+Xp3GF MnDxK9IrShEmIK1ci+tG8YBiY91GW/GEPVJJxL03JsvWxuRhj8GQsIopD1Mo4xbp mniDs6AbDTpxnE3DpqrN8UFh+3Ko0qZw+/OjCxckYbQadYrWVeL6n+uHxcs15Z+R SmIURzBrcLqzvFmvpUD4KHBQxSdIGdZrCQA+PC54Ghx0tqBBPapd/4LPL5kJsVqX 6DOYwegbbnDNcGIXv/5RXoL+sIF00mWpWslV+xCrTP5Dz9KQmjSC/fgPnNucr2H5 MBbe0BAxZvn1KHbgUhxCVNd1WFyaq1Gu5XZRNsXy0BBs5/NzkrJm614JOLbS+jtO DgvEHvbo57LGB145IBZQOUfAUQUnizyUhb27cK+L8hzg3MHsMG+coQyi5I4zaBGn 5JddIPvbpUFk9mS+i9oeZRr/gPmDgPbylaOQhNGQvYpu8xB8/lU= =QC7n -END PGP SIGNATURE- Warner Losh (1): linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h include/qemu/compiler.h | 6 +- linux-user/qemu.h | 26 -- 2 files changed, 1 insertion(+), 31 deletions(-) -- 2.41.0
[PULL 1/1] linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h
Replace the slightly older version of this in include/qemu/compiler.h
that was commit as part of bsd-user changes with the newer one from
linux-user. bsd-user has no regreassions with this.
Signed-off-by: Warner Losh
Reviewed-by: Richard Henderson
---
include/qemu/compiler.h | 6 +-
linux-user/qemu.h | 26 --
2 files changed, 1 insertion(+), 31 deletions(-)
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index b0374425180..0df9febbe2f 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -31,17 +31,13 @@
* functions than host-endian unaligned load/store plus tswapN.
* - The pragmas are necessary only to silence a clang false-positive
* warning: see https://bugs.llvm.org/show_bug.cgi?id=39113 .
- * - We have to disable -Wpragmas warnings to avoid a complaint about
- * an unknown warning type from older compilers that don't know about
- * -Waddress-of-packed-member.
* - gcc has bugs in its _Pragma() support in some versions, eg
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 -- so we only
* include the warning-suppression pragmas for clang
*/
-#ifdef __clang__
+#if defined(__clang__) && __has_warning("-Waddress-of-packed-member")
#define PRAGMA_DISABLE_PACKED_WARNING \
_Pragma("GCC diagnostic push"); \
-_Pragma("GCC diagnostic ignored \"-Wpragmas\"");\
_Pragma("GCC diagnostic ignored \"-Waddress-of-packed-member\"")
#define PRAGMA_REENABLE_PACKED_WARNING \
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 4f8b55e2fb0..12821e54d0a 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -193,32 +193,6 @@ static inline bool access_ok(CPUState *cpu, int type,
These are usually used to access struct data members once the struct has
been locked - usually with lock_user_struct. */
-/*
- * Tricky points:
- * - Use __builtin_choose_expr to avoid type promotion from ?:,
- * - Invalid sizes result in a compile time error stemming from
- * the fact that abort has no parameters.
- * - It's easier to use the endian-specific unaligned load/store
- * functions than host-endian unaligned load/store plus tswapN.
- * - The pragmas are necessary only to silence a clang false-positive
- * warning: see https://bugs.llvm.org/show_bug.cgi?id=39113 .
- * - gcc has bugs in its _Pragma() support in some versions, eg
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 -- so we only
- * include the warning-suppression pragmas for clang
- */
-#if defined(__clang__) && __has_warning("-Waddress-of-packed-member")
-#define PRAGMA_DISABLE_PACKED_WARNING \
-_Pragma("GCC diagnostic push"); \
-_Pragma("GCC diagnostic ignored \"-Waddress-of-packed-member\"")
-
-#define PRAGMA_REENABLE_PACKED_WARNING \
-_Pragma("GCC diagnostic pop")
-
-#else
-#define PRAGMA_DISABLE_PACKED_WARNING
-#define PRAGMA_REENABLE_PACKED_WARNING
-#endif
-
#define __put_user_e(x, hptr, e)\
do {\
PRAGMA_DISABLE_PACKED_WARNING; \
--
2.41.0
Re: [PULL 0/3] Dirty page rate and dirty page limit 20230828 patches
On Wed, Aug 30, 2023 at 1:31 AM Stefan Hajnoczi wrote: > On Tue, 29 Aug 2023 at 12:30, Yong Huang wrote: > > On Tue, Aug 29, 2023 at 4:01 AM Stefan Hajnoczi > wrote: > >> > >> On Mon, 28 Aug 2023 at 10:36, Hyman Huang > wrote: > >> > > >> > From: Hyman > >> > > >> > The following changes since commit > 50e7a40af372ee5931c99ef7390f5d3d6fbf6ec4: > >> > > >> > Merge tag 'pull-target-arm-20230824' of > https://git.linaro.org/people/pmaydell/qemu-arm into staging (2023-08-24 > 10:08:33 -0400) > >> > > >> > are available in the git repository at: > >> > > >> > https://github.com/newfriday/qemu.git > tags/dirtylimit-dirtyrate-fixes-pull-request > >> > >> Hi, > >> This is not a signed tag. Please use "git tag -s" so the tag is signed > >> with your GPG key. > >> > >> I also noticed that this pull request email thread only has a cover > >> letter. Please also send the individual patches along with the pull > >> request email. This makes it easier for people to reply if they have > >> comments about a patch. > >> > >> After pushing a signed tag, please send the pull request again with > >> "PULL v2" in the subject line. Thanks! > > > > > > Sorry for not noticing this earlier and I have sent a pull request with > "PULL" > > in the subject line instead of "PULL v3" that you mentioned above, please > > ping me if PULL request resending is required indeed. > > I have applied the pull request. To make it easier to verify future > pull requests, please publish your public key to a keyserver: > > $ gpg --send-keys DFF223D6B3FECB9C > Ok, get it. Thanks. Yong > > Thanks! > > Stefan > -- Best regards
Re: [PATCH v2 47/58] i386/tdx: Wire REPORT_FATAL_ERROR with GuestPanic facility
On 8/29/2023 6:28 PM, Daniel P. Berrangé wrote:
On Mon, Aug 28, 2023 at 09:14:41PM +0800, Xiaoyao Li wrote:
On 8/21/2023 5:58 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:30AM -0400, Xiaoyao Li wrote:
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
qapi/run-state.json | 17 +--
softmmu/runstate.c| 49 +++
target/i386/kvm/tdx.c | 24 -
3 files changed, 87 insertions(+), 3 deletions(-)
diff --git a/qapi/run-state.json b/qapi/run-state.json
index f216ba54ec4c..506bbe31541f 100644
--- a/qapi/run-state.json
+++ b/qapi/run-state.json
@@ -499,7 +499,7 @@
# Since: 2.9
##
{ 'enum': 'GuestPanicInformationType',
- 'data': [ 'hyper-v', 's390' ] }
+ 'data': [ 'hyper-v', 's390', 'tdx' ] }
+#
+# Since: 8.2
+##
+{'struct': 'GuestPanicInformationTdx',
+ 'data': {'error-code': 'uint64',
+ 'gpa': 'uint64',
+ 'message': 'str'}}
+
##
# @MEMORY_FAILURE:
#
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index f3bd86281813..cab11484ed7e 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -518,7 +518,56 @@ void qemu_system_guest_panicked(GuestPanicInformation
*info)
S390CrashReason_str(info->u.s390.reason),
info->u.s390.psw_mask,
info->u.s390.psw_addr);
+} else if (info->type == GUEST_PANIC_INFORMATION_TYPE_TDX) {
+char *buf = NULL;
+bool printable = false;
+
+/*
+ * Although message is defined as a json string, we shouldn't
+ * unconditionally treat it as is because the guest generated it
and
+ * it's not necessarily trustable.
+ */
+if (info->u.tdx.message) {
+/* The caller guarantees the NUL-terminated string. */
+int len = strlen(info->u.tdx.message);
+int i;
+
+printable = len > 0;
+for (i = 0; i < len; i++) {
+if (!(0x20 <= info->u.tdx.message[i] &&
+ info->u.tdx.message[i] <= 0x7e)) {
+printable = false;
+break;
+}
+}
+
+/* 3 = length of "%02x " */
+buf = g_malloc(len * 3);
+for (i = 0; i < len; i++) {
+if (info->u.tdx.message[i] == '\0') {
+break;
+} else {
+sprintf(buf + 3 * i, "%02x ", info->u.tdx.message[i]);
+}
+}
+if (i > 0)
+/* replace the last ' '(space) to NUL */
+buf[i * 3 - 1] = '\0';
+else
+buf[0] = '\0';
You're building this escaped buffer but...
+}
+
+qemu_log_mask(LOG_GUEST_ERROR,
+ //" TDX report fatal error:\"%s\" %s",
+ " TDX report fatal error:\"%s\""
+ "error: 0x%016" PRIx64 " gpa page: 0x%016" PRIx64
"\n",
+ printable ? info->u.tdx.message : "",
+ //buf ? buf : "",
...then not actually using it
Either delete the 'buf' code, or use it.
Sorry for posting some internal testing version.
Does below look good to you?
@@ -518,7 +518,56 @@ void qemu_system_guest_panicked(GuestPanicInformation
*info)
S390CrashReason_str(info->u.s390.reason),
info->u.s390.psw_mask,
info->u.s390.psw_addr);
+} else if (info->type == GUEST_PANIC_INFORMATION_TYPE_TDX) {
+bool printable = false;
+char *buf = NULL;
+int len = 0, i;
+
+/*
+ * Although message is defined as a json string, we shouldn't
+ * unconditionally treat it as is because the guest generated
it and
+ * it's not necessarily trustable.
+ */
+if (info->u.tdx.message) {
+/* The caller guarantees the NUL-terminated string. */
+len = strlen(info->u.tdx.message);
+
+printable = len > 0;
+for (i = 0; i < len; i++) {
+if (!(0x20 <= info->u.tdx.message[i] &&
+ info->u.tdx.message[i] <= 0x7e)) {
+printable = false;
+break;
+}
+}
+}
+
+if (!printable && len) {
+/* 3 = length of "%02x " */
+buf = g_malloc(len * 3);
+for (i = 0; i < len; i++) {
+if (info->u.tdx.message[i] == '\0') {
+break;
+} else {
+sprintf(buf + 3 * i, "%02x ",
Re: [PATCH v2 36/58] memory: Introduce memory_region_init_ram_gmem()
On 8/29/2023 10:33 PM, Philippe Mathieu-Daudé wrote: On 18/8/23 11:50, Xiaoyao Li wrote: Introduce memory_region_init_ram_gmem() to allocate private gmem on the MemoryRegion initialization. It's for the usercase of TDVF, which must be private on TDX case. Signed-off-by: Xiaoyao Li --- include/exec/memory.h | 6 + softmmu/memory.c | 52 +++ 2 files changed, 58 insertions(+) diff --git a/softmmu/memory.c b/softmmu/memory.c index af6aa3c1e3c9..ded44dcef1aa 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -25,6 +25,7 @@ #include "qom/object.h" #include "trace.h" +#include Unlikely to build on non-Linux hosts. Thanks for catching it! Will warp it with CONFIG_KVM. Anyway, it's the main open of how to integrating KVM gmem into QEMU's memory system, in QMEU gmem series[*]. I'm still working on it. [*] https://lore.kernel.org/qemu-devel/20230731162201.271114-1-xiaoyao...@intel.com/ #include "exec/memory-internal.h" #include "exec/ram_addr.h" #include "sysemu/kvm.h"
Re: [PATCH v2 13/58] kvm: Introduce kvm_arch_pre_create_vcpu()
On 8/29/2023 10:40 PM, Philippe Mathieu-Daudé wrote:
On 18/8/23 11:49, Xiaoyao Li wrote:
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
accel/kvm/kvm-all.c | 12
include/sysemu/kvm.h | 1 +
2 files changed, 13 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index c9f3aab5e587..5071af917ae0 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -422,6 +422,11 @@ static int kvm_get_vcpu(KVMState *s, unsigned
long vcpu_id)
return kvm_vm_ioctl(s, KVM_CREATE_VCPU, (void *)vcpu_id);
}
+int __attribute__ ((weak)) kvm_arch_pre_create_vcpu(CPUState *cpu)
+{
+ return 0;
+}
kvm_arch_init_vcpu() is implemented for each arch. Why not use the
same approach here?
Because only x86 needs it currently, for TDX. Other arches don't require
an implementation.
If don't provide the _weak_ function, it needs to implement the empty
function (justing return 0) in all the other arches just as the
placeholder. If QEMU community prefers this approach, I can change to it
in next version.
int kvm_init_vcpu(CPUState *cpu, Error **errp)
{
KVMState *s = kvm_state;
@@ -430,6 +435,13 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp)
trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu));
+ ret = kvm_arch_pre_create_vcpu(cpu);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "%s: kvm_arch_pre_create_vcpu()
failed",
+ __func__);
+ goto err;
+ }
+
ret = kvm_get_vcpu(s, kvm_arch_vcpu_id(cpu));
if (ret < 0) {
error_setg_errno(errp, -ret, "kvm_init_vcpu: kvm_get_vcpu
failed (%lu)",
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 49c896d8a512..d89ec87072d7 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -371,6 +371,7 @@ int kvm_arch_put_registers(CPUState *cpu, int level);
int kvm_arch_init(MachineState *ms, KVMState *s);
+int kvm_arch_pre_create_vcpu(CPUState *cpu);
int kvm_arch_init_vcpu(CPUState *cpu);
int kvm_arch_destroy_vcpu(CPUState *cpu);
Re: [PATCH 2/2] hw/riscv/virt.c: fix non-KVM --enable-debug build
On 8/29/23 16:51, Daniel Henrique Barboza wrote:
The compiler certainly does eliminate 0 && foo(), even at -O0.
There must be something else going on.
Pointer to your tree?
It's this tree:
https://github.com/alistair23/qemu/tree/riscv-to-apply.next
Ok, so while -O0 will eliminate 0 && foo(), it doesn't eliminate with bar() && foo(),
where bar must be inlined (multiple times in this case) to find the 0.
Moreover in the case of
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_intc_riscv_aplic.c.o: in function
`riscv_kvm_aplic_request':
/home/danielhb/work/qemu/build/../hw/intc/riscv_aplic.c:486: undefined reference to
`kvm_set_irq'
this one, where foo (aka riscv_kvm_aplic_request) would have to be eliminated as well.
But the compiler won't eliminate entire unused functions with -O0.
This seems to do the trick. Whether it is aesthetically better than what you had with
your patches, I will leave to someone else.
r~
diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
index 592c3ce768..0e22dcaf8a 100644
--- a/hw/intc/riscv_aplic.c
+++ b/hw/intc/riscv_aplic.c
@@ -481,10 +481,14 @@ static uint32_t riscv_aplic_idc_claimi(RISCVAPLICState *aplic,
uint32_t idc)
return topi;
}
+#ifdef CONFIG_KVM
static void riscv_kvm_aplic_request(void *opaque, int irq, int level)
{
kvm_set_irq(kvm_state, irq, !!level);
}
+#else
+#define riscv_kvm_aplic_request ({ qemu_build_not_reached(); NULL; })
+#endif
static void riscv_aplic_request(void *opaque, int irq, int level)
{
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 388e52a294..b787ae38c2 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -782,7 +782,7 @@ static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry
*memmap,
}
/* KVM AIA only has one APLIC instance */
-if (virt_use_kvm_aia(s)) {
+if (kvm_enabled() && virt_use_kvm_aia(s)) {
create_fdt_socket_aplic(s, memmap, 0,
msi_m_phandle, msi_s_phandle, phandle,
_phandles[0], xplic_phandles,
@@ -1461,7 +1461,7 @@ static void virt_machine_init(MachineState *machine)
}
}
-if (virt_use_kvm_aia(s)) {
+if (kvm_enabled() && virt_use_kvm_aia(s)) {
kvm_riscv_aia_create(machine, IMSIC_MMIO_GROUP_MIN_SHIFT,
VIRT_IRQCHIP_NUM_SOURCES, VIRT_IRQCHIP_NUM_MSIS,
memmap[VIRT_APLIC_S].base,
Re: [PATCH 1/2] igb: Add a VF reset handler
On 2023/08/29 18:05, Cédric Le Goater wrote: From: Cédric Le Goater Export the igb_vf_reset() helper routine from the PF model to let the IGBVF model implement its own device reset. Cc: Akihiko Odaki Suggested-by: Sriram Yagnaraman Signed-off-by: Cédric Le Goater Reviewed-by: Akihiko Odaki
Re: [PATCH v2] linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h
On Tue, Aug 29, 2023 at 5:57 PM Warner Losh wrote: > > > On Tue, Aug 29, 2023 at 5:35 PM Richard Henderson < > richard.hender...@linaro.org> wrote: > >> On 8/29/23 11:47, Warner Losh wrote: >> > Replace the slightly older version of this in include/qemu/compiler.h >> > that was commit as part of bsd-user changes with the newer one from >> > linux-user. bsd-user has no regreassions with this. >> > >> > Signed-off-by: Warner Losh >> >> Reviewed-by: Richard Henderson >> >> > diff --git a/tests/lcitool/libvirt-ci b/tests/lcitool/libvirt-ci >> > index bbd55b4d18c..9bff3b763b5 16 >> > --- a/tests/lcitool/libvirt-ci >> > +++ b/tests/lcitool/libvirt-ci >> > @@ -1 +1 @@ >> > -Subproject commit bbd55b4d18cce8f89b5167675e434a6941315634 >> > +Subproject commit 9bff3b763b5531a1490e238bfbf77306dc3a6dbb >> >> Be careful about these. >> > > Doh! how did I miss that... Oh, I only did the git submodule update on my > blitz branch, but not also on the master branch before I created this. Nice > catch. > > My love for submodules... is not increasing. Do I need to fix that and > send a v3? > or just send the pull request with your reviewed by? Warner
Re: [PATCH v2] linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h
On Tue, Aug 29, 2023 at 5:35 PM Richard Henderson < richard.hender...@linaro.org> wrote: > On 8/29/23 11:47, Warner Losh wrote: > > Replace the slightly older version of this in include/qemu/compiler.h > > that was commit as part of bsd-user changes with the newer one from > > linux-user. bsd-user has no regreassions with this. > > > > Signed-off-by: Warner Losh > > Reviewed-by: Richard Henderson > > > diff --git a/tests/lcitool/libvirt-ci b/tests/lcitool/libvirt-ci > > index bbd55b4d18c..9bff3b763b5 16 > > --- a/tests/lcitool/libvirt-ci > > +++ b/tests/lcitool/libvirt-ci > > @@ -1 +1 @@ > > -Subproject commit bbd55b4d18cce8f89b5167675e434a6941315634 > > +Subproject commit 9bff3b763b5531a1490e238bfbf77306dc3a6dbb > > Be careful about these. > Doh! how did I miss that... Oh, I only did the git submodule update on my blitz branch, but not also on the master branch before I created this. Nice catch. My love for submodules... is not increasing. Do I need to fix that and send a v3? Warner
Re: [PATCH 2/2] hw/riscv/virt.c: fix non-KVM --enable-debug build
On 8/29/23 20:30, Richard Henderson wrote:
On 8/29/23 16:09, Daniel Henrique Barboza wrote:
-- >8 --
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
@@ -79,7 +79,9 @@
/* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
static bool virt_use_kvm_aia(RISCVVirtState *s)
{
- return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
+ return kvm_enabled()
+ && kvm_irqchip_in_kernel()
+ && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
}
---
It doesn't work. Same error:
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 388e52a294..ac710006e7 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -79,7 +79,8 @@
/* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
static bool virt_use_kvm_aia(RISCVVirtState *s)
{
- return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
+ return kvm_enabled() &&
+ kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
}
static const MemMapEntry virt_memmap[] = {
diff --git a/target/riscv/kvm_riscv.h b/target/riscv/kvm_riscv.h
index 01be45cc69..7d4b7c60e2 100644
--- a/target/riscv/kvm_riscv.h
+++ b/target/riscv/kvm_riscv.h
@@ -22,19 +22,9 @@
void kvm_riscv_init_user_properties(Object *cpu_obj);
void kvm_riscv_reset_vcpu(RISCVCPU *cpu);
void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level);
-
-#ifdef CONFIG_KVM
void kvm_riscv_aia_create(MachineState *machine, uint64_t group_shift,
uint64_t aia_irq_num, uint64_t aia_msi_num,
uint64_t aplic_base, uint64_t imsic_base,
uint64_t guest_num);
-#else
-static inline void kvm_riscv_aia_create(MachineState *machine,
- uint64_t group_shift, uint64_t aia_irq_num,
- uint64_t aia_msi_num, uint64_t aplic_base,
- uint64_t imsic_base, uint64_t guest_num) {
- g_assert_not_reached();
-}
-#endif
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_riscv_virt.c.o: in function
`virt_machine_init':
/home/danielhb/work/qemu/build/../hw/riscv/virt.c:1466: undefined reference to
`kvm_riscv_aia_create'
collect2: error: ld returned 1 exit status
I'm no compiler expert by any means but it seems that the --enable-debug build
does not strip things
out like the usual build does, e.g. it won't elide a 'if kvm_enabled()' block
out by checking that
kvm_enabled() is always false.
The compiler certainly does eliminate 0 && foo(), even at -O0.
There must be something else going on.
Pointer to your tree?
It's this tree:
https://github.com/alistair23/qemu/tree/riscv-to-apply.next
Building using --enable-debug fails:
[danielhb@grind build]$ ../configure --target-list=riscv64-softmmu --enable-debug
&& make -j
(...)
0.so /usr/lib64/libcairo-gobject.so /usr/lib64/libcairo.so
/usr/lib64/libgdk_pixbuf-2.0.so /usr/lib64/libX11.so
/usr/lib64/libvirglrenderer.so /usr/lib64/libcacard.so
/usr/lib64/libusbredirparser.so /usr/lib64/libusb-1.0.so -lbrlapi @block.syms
-lnuma /usr/lib64/liburing.so -lm /usr/lib64/libfuse3.so -lpthread
/usr/lib64/iscsi/libiscsi.so -laio /usr/lib64/libcurl.so /usr/lib64/libnfs.so
/usr/lib64/libssh.so -lrbd -lrados -lbz2 -lutil -Wl,--end-group
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_riscv_virt.c.o: in function
`virt_machine_init':
/home/danielhb/work/qemu/build/../hw/riscv/virt.c:1465: undefined reference to
`kvm_riscv_aia_create'
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_intc_riscv_aplic.c.o: in function
`riscv_kvm_aplic_request':
/home/danielhb/work/qemu/build/../hw/intc/riscv_aplic.c:486: undefined
reference to `kvm_set_irq'
collect2: error: ld returned 1 exit status
Building without --enable-debug works. gitlab CI doesn't seem to care with it
because it's all
green with this tree.
The commits that introduced these errors are listed in the 'Fixes' tag of
patches 1 and 2.
Thanks,
Daniel
r~
[PULL v2 0/5] tcg patch queue
Gah, second time in a row messing up the PULL tag. r~ On 8/29/23 11:54, Richard Henderson wrote: The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0: Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400) are available in the Git repository at: https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230829-2 for you to fetch changes up to 669fd6151337fdc81e34f7eb4940ba2f20d89957: Revert "include/exec: typedef abi_ptr to vaddr in softmmu" (2023-08-29 11:30:33 -0700) softmmu: Use async_run_on_cpu in tcg_commit tcg: Remove vecop_list check from tcg_gen_not_vec tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32 Revert "include/exec: typedef abi_ptr to vaddr in softmmu" Richard Henderson (5): softmmu: Assert data in bounds in iotlb_to_section softmmu: Use async_run_on_cpu in tcg_commit tcg: Remove vecop_list check from tcg_gen_not_vec tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32 Revert "include/exec: typedef abi_ptr to vaddr in softmmu" include/exec/cpu-common.h| 1 - include/exec/cpu_ldst.h | 4 ++-- tcg/sparc64/tcg-target.h | 2 +- accel/tcg/cpu-exec-common.c | 30 -- softmmu/physmem.c| 50 tcg/tcg-op-vec.c | 7 +++ tcg/sparc64/tcg-target.c.inc | 11 -- 7 files changed, 43 insertions(+), 62 deletions(-)
Re: [PATCH v2] linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h
On 8/29/23 11:47, Warner Losh wrote: Replace the slightly older version of this in include/qemu/compiler.h that was commit as part of bsd-user changes with the newer one from linux-user. bsd-user has no regreassions with this. Signed-off-by: Warner Losh Reviewed-by: Richard Henderson diff --git a/tests/lcitool/libvirt-ci b/tests/lcitool/libvirt-ci index bbd55b4d18c..9bff3b763b5 16 --- a/tests/lcitool/libvirt-ci +++ b/tests/lcitool/libvirt-ci @@ -1 +1 @@ -Subproject commit bbd55b4d18cce8f89b5167675e434a6941315634 +Subproject commit 9bff3b763b5531a1490e238bfbf77306dc3a6dbb Be careful about these. r~
Re: [PATCH 2/2] hw/riscv/virt.c: fix non-KVM --enable-debug build
On 8/29/23 16:09, Daniel Henrique Barboza wrote:
-- >8 --
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
@@ -79,7 +79,9 @@
/* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
static bool virt_use_kvm_aia(RISCVVirtState *s)
{
- return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
+ return kvm_enabled()
+ && kvm_irqchip_in_kernel()
+ && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
}
---
It doesn't work. Same error:
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 388e52a294..ac710006e7 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -79,7 +79,8 @@
/* KVM AIA only supports APLIC MSI. APLIC Wired is always emulated by QEMU. */
static bool virt_use_kvm_aia(RISCVVirtState *s)
{
- return kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
+ return kvm_enabled() &&
+ kvm_irqchip_in_kernel() && s->aia_type == VIRT_AIA_TYPE_APLIC_IMSIC;
}
static const MemMapEntry virt_memmap[] = {
diff --git a/target/riscv/kvm_riscv.h b/target/riscv/kvm_riscv.h
index 01be45cc69..7d4b7c60e2 100644
--- a/target/riscv/kvm_riscv.h
+++ b/target/riscv/kvm_riscv.h
@@ -22,19 +22,9 @@
void kvm_riscv_init_user_properties(Object *cpu_obj);
void kvm_riscv_reset_vcpu(RISCVCPU *cpu);
void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level);
-
-#ifdef CONFIG_KVM
void kvm_riscv_aia_create(MachineState *machine, uint64_t group_shift,
uint64_t aia_irq_num, uint64_t aia_msi_num,
uint64_t aplic_base, uint64_t imsic_base,
uint64_t guest_num);
-#else
-static inline void kvm_riscv_aia_create(MachineState *machine,
- uint64_t group_shift, uint64_t aia_irq_num,
- uint64_t aia_msi_num, uint64_t aplic_base,
- uint64_t imsic_base, uint64_t guest_num) {
- g_assert_not_reached();
-}
-#endif
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_riscv_virt.c.o: in function
`virt_machine_init':
/home/danielhb/work/qemu/build/../hw/riscv/virt.c:1466: undefined reference to
`kvm_riscv_aia_create'
collect2: error: ld returned 1 exit status
I'm no compiler expert by any means but it seems that the --enable-debug build does not
strip things
out like the usual build does, e.g. it won't elide a 'if kvm_enabled()' block out by
checking that
kvm_enabled() is always false.
The compiler certainly does eliminate 0 && foo(), even at -O0.
There must be something else going on.
Pointer to your tree?
r~
[PATCH v5 08/12] targer/arm: Inform helpers whether a PAC instruction is 'combined'
From: Aaron Lindsay
An instruction is a 'combined' Pointer Authentication instruction
if it does something in addition to PAC -- for instance, branching
to or loading an address from the authenticated pointer.
Knowing whether a PAC operation is 'combined' is needed to
implement FEAT_FPACCOMBINE.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Aaron Lindsay
Reviewed-by: Richard Henderson
Message-Id: <20230609172324.982888-7-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson
---
target/arm/tcg/helper-a64.h| 4 ++
target/arm/tcg/pauth_helper.c | 71 +++---
target/arm/tcg/translate-a64.c | 12 +++---
3 files changed, 68 insertions(+), 19 deletions(-)
diff --git a/target/arm/tcg/helper-a64.h b/target/arm/tcg/helper-a64.h
index 3d5957c11f..57cfd68569 100644
--- a/target/arm/tcg/helper-a64.h
+++ b/target/arm/tcg/helper-a64.h
@@ -90,9 +90,13 @@ DEF_HELPER_FLAGS_3(pacda, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(pacdb, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(pacga, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(autia, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autia_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(autib, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autib_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autda_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autdb_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index b6aeb90548..c05c5b30ff 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -397,7 +397,8 @@ static uint64_t pauth_original_ptr(uint64_t ptr,
ARMVAParameters param)
}
static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
- ARMPACKey *key, bool data, int keynumber)
+ ARMPACKey *key, bool data, int keynumber,
+ uintptr_t ra, bool is_combined)
{
ARMCPU *cpu = env_archcpu(env);
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
@@ -519,44 +520,88 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x,
uint64_t y)
return pac & 0xull;
}
-uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+static uint64_t pauth_autia(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
{
int el = arm_current_el(env);
if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
return x;
}
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apia, false, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apia, false, 0, ra, is_combined);
}
-uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autia_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autib(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
{
int el = arm_current_el(env);
if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
return x;
}
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apib, false, 1);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apib, false, 1, ra, is_combined);
}
-uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autib_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autda(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
{
int el = arm_current_el(env);
if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
return x;
}
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apda, true, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apda, true, 0, ra, is_combined);
}
-uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autda(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autda_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autda(env, x, y, GETPC(), true);
+}
+
+static uint64_t
Re: [PATCH v8 07/12] virtio-sound: handle VIRTIO_SND_R_PCM_SET_PARAMS
Emmanouil Pitsidianakis writes: > Handle the set parameters control request. It reconfigures a stream > based on a guest's preference if the values are valid and supported. > > Based-on: > https://github.com/OpenSynergy/qemu/commit/5a2f350eec5d157b90d9c7b40a8e603f4da92471 > Signed-off-by: Igor Skalkin > Signed-off-by: Anton Yakovlev > Signed-off-by: Emmanouil Pitsidianakis > Reviewed-by: Alex Bennée -- Alex Bennée Virtualisation Tech Lead @ Linaro
Re: [PATCH 25/32] bsd-user: Implement procctl(2) system call.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/freebsd/os-proc.c| 114 ++ bsd-user/freebsd/os-syscall.c | 3 + 2 files changed, 117 Acked-by: Richard Henderson I think you need to squash this with patch 24. r~
[PATCH v5 01/12] tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC
With FEAT_FPAC, AUT* instructions that fail authentication
do not produce an error value but instead fault.
For pauth-2, install a signal handler and verify it gets called.
For pauth-4 and pauth-5, we are explicitly testing the error value,
so there's nothing to test with FEAT_FPAC, so exit early.
Adjust the makefile to use -cpu neoverse-v1, which has FEAT_EPAC
but not FEAT_FPAC.
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
---
tests/tcg/aarch64/pauth.h | 23 +
tests/tcg/aarch64/pauth-2.c | 54 ++-
tests/tcg/aarch64/pauth-4.c | 18 ---
tests/tcg/aarch64/pauth-5.c | 10 ++
tests/tcg/aarch64/Makefile.target | 6 +++-
5 files changed, 98 insertions(+), 13 deletions(-)
create mode 100644 tests/tcg/aarch64/pauth.h
diff --git a/tests/tcg/aarch64/pauth.h b/tests/tcg/aarch64/pauth.h
new file mode 100644
index 00..543b234437
--- /dev/null
+++ b/tests/tcg/aarch64/pauth.h
@@ -0,0 +1,23 @@
+/*
+ * Helper for pauth test case
+ *
+ * Copyright (c) 2023 Linaro Ltd
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include
+#include
+
+static int get_pac_feature(void)
+{
+unsigned long isar1, isar2;
+
+assert(getauxval(AT_HWCAP) & HWCAP_CPUID);
+
+asm("mrs %0, id_aa64isar1_el1" : "=r"(isar1));
+asm("mrs %0, S3_0_C0_C6_2" : "=r"(isar2)); /* id_aa64isar2_el1 */
+
+return ((isar1 >> 4) & 0xf) /* APA */
+ | ((isar1 >> 8) & 0xf) /* API */
+ | ((isar2 >> 12) & 0xf); /* APA3 */
+}
diff --git a/tests/tcg/aarch64/pauth-2.c b/tests/tcg/aarch64/pauth-2.c
index 978652ede3..89ffdbf1df 100644
--- a/tests/tcg/aarch64/pauth-2.c
+++ b/tests/tcg/aarch64/pauth-2.c
@@ -1,5 +1,22 @@
#include
+#include
+#include
#include
+#include "pauth.h"
+
+
+static void sigill(int sig, siginfo_t *info, void *vuc)
+{
+ucontext_t *uc = vuc;
+uint64_t test;
+
+/* There is only one insn below that is allowed to fault. */
+asm volatile("adr %0, auth2_insn" : "=r"(test));
+assert(test == uc->uc_mcontext.pc);
+exit(0);
+}
+
+static int pac_feature;
void do_test(uint64_t value)
{
@@ -27,31 +44,52 @@ void do_test(uint64_t value)
* An invalid salt usually fails authorization, but again there
* is a chance of choosing another salt that works.
* Iterate until we find another salt which does fail.
+ *
+ * With FEAT_FPAC, this will SIGILL instead of producing a result.
*/
for (salt2 = salt1 + 1; ; salt2++) {
-asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt2));
+asm volatile("auth2_insn: autda %0, %2"
+ : "=r"(decode) : "0"(encode), "r"(salt2));
if (decode != value) {
break;
}
}
+assert(pac_feature < 4); /* No FEAT_FPAC */
+
/* The VA bits, bit 55, and the TBI bits, should be unchanged. */
assert(((decode ^ value) & 0xff80ull) == 0);
/*
- * Bits [54:53] are an error indicator based on the key used;
- * the DA key above is keynumber 0, so error == 0b01. Otherwise
- * bit 55 of the original is sign-extended into the rest of the auth.
+ * Without FEAT_Pauth2, bits [54:53] are an error indicator based on
+ * the key used; the DA key above is keynumber 0, so error == 0b01.
+ * Otherwise, bit 55 of the original is sign-extended into the rest
+ * of the auth.
*/
-if ((value >> 55) & 1) {
-assert(((decode >> 48) & 0xff) == 0b1011);
-} else {
-assert(((decode >> 48) & 0xff) == 0b0010);
+if (pac_feature < 3) {
+if ((value >> 55) & 1) {
+assert(((decode >> 48) & 0xff) == 0b1011);
+} else {
+assert(((decode >> 48) & 0xff) == 0b0010);
+}
}
}
int main()
{
+static const struct sigaction sa = {
+.sa_sigaction = sigill,
+.sa_flags = SA_SIGINFO
+};
+
+pac_feature = get_pac_feature();
+assert(pac_feature != 0);
+
+if (pac_feature >= 4) {
+/* FEAT_FPAC */
+sigaction(SIGILL, , NULL);
+}
+
do_test(0);
do_test(0xda004acedeadbeefull);
return 0;
diff --git a/tests/tcg/aarch64/pauth-4.c b/tests/tcg/aarch64/pauth-4.c
index 24a639e36c..b254f413af 100644
--- a/tests/tcg/aarch64/pauth-4.c
+++ b/tests/tcg/aarch64/pauth-4.c
@@ -2,14 +2,24 @@
#include
#include
#include
+#include "pauth.h"
#define TESTS 1000
int main()
{
+char base[TESTS];
int i, count = 0;
float perc;
-void *base = malloc(TESTS);
+int pac_feature = get_pac_feature();
+
+/*
+ * Exit if no PAuth or FEAT_FPAC, which will SIGILL on AUTIA failure
+ * rather than return an error for us to check below.
+ */
+if (pac_feature == 0 || pac_feature >= 4) {
+return 0;
+}
for (i = 0; i < TESTS; i++) {
uintptr_t in, x, y;
@@ -17,7 +27,7 @@ int main()
in = i + (uintptr_t) base;
asm("mov %0,
[PATCH v5 11/12] linux-user/aarch64: Fix normal SIGILL si_code
Most illegal instructions use ILL_ILLOPC. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson --- linux-user/aarch64/cpu_loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c index 2e2f7cf218..22c9789326 100644 --- a/linux-user/aarch64/cpu_loop.c +++ b/linux-user/aarch64/cpu_loop.c @@ -110,7 +110,7 @@ void cpu_loop(CPUARMState *env) /* just indicate that signals should be handled asap */ break; case EXCP_UDEF: -force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc); +force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, env->pc); break; case EXCP_PREFETCH_ABORT: case EXCP_DATA_ABORT: -- 2.34.1
Re: [PATCH 10/32] bsd-user: Implement host_to_target_waitstatus conversion.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/bsd-proc.c | 17 + 1 file changed, 17 insertions(+) Reviewed-by: Richard Henderson r~
Re: [PATCH 12/32] bsd-user: Implement getgroups(2) and setgroups(2) system calls.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/bsd-proc.h | 44 +++
bsd-user/freebsd/os-syscall.c | 9 +++
2 files changed, 53 insertions(+)
diff --git a/bsd-user/bsd-proc.h b/bsd-user/bsd-proc.h
index b6225e520e..ecd6a13c2d 100644
--- a/bsd-user/bsd-proc.h
+++ b/bsd-user/bsd-proc.h
@@ -41,4 +41,48 @@ static inline abi_long do_bsd_exit(void *cpu_env, abi_long
arg1)
return 0;
}
+/* getgroups(2) */
+static inline abi_long do_bsd_getgroups(abi_long gidsetsize, abi_long arg2)
+{
+abi_long ret;
+uint32_t *target_grouplist;
+gid_t *grouplist;
+int i;
+
+grouplist = alloca(gidsetsize * sizeof(gid_t));
Don't use alloca for items that are sized by the guest.
Use g_autofree and g_try_new, failing with ENOMEM.
+/* setgroups(2) */
+static inline abi_long do_bsd_setgroups(abi_long gidsetsize, abi_long arg2)
+{
+uint32_t *target_grouplist;
+gid_t *grouplist;
+int i;
+
+grouplist = alloca(gidsetsize * sizeof(gid_t));
Likewise.
r~
Re: [PATCH 1/3] linux-user/aarch64: Add ESR signal frame for SIGSEGV, SIGBUS
On 8/29/23 07:35, Peter Maydell wrote:
+/* See arch/arm64/mm/fault.c, set_thread_esr. */
+if (sig == TARGET_SIGSEGV || sig == TARGET_SIGBUS) {
+return true;
+}
It's possible to get here without env->exception.syndrome
being set correctly, I think, if we take a host
SIGSEGV or SIGBUS and host_signal_handler() calls either
cpu_loop_exit_sigsegv() or cpu_loop_exit_sigbus(). Can also
happen for other places that call one of those two functions,
like allocation_tag_mem(). At least, I can't see where we
would be setting syndrome in that code path.
cpu_loop_exit_sig* go through arm_cpu_record_sigsegv and arm_cpu_record_sigbus, which use
the normal fault processing paths to populate FAR_EL1 and ESR_EL1.
Maybe we should do the "sanitize ESR for fault addresses in
the upper half of guest address space" logic that the kernel
set_thread_esr() does?
I guess we could, though I'm not sure how such an address could occur.
r~
Re: [PATCH 06/32] bsd-user: Add bsd-proc.c to meson.build
On 8/27/23 08:57, Karim Taha wrote:
From: Warner Losh
Signed-off-by: Warner Losh
Signed-off-by: Karim Taha
---
bsd-user/bsd-proc.h | 4
bsd-user/meson.build | 6 ++
2 files changed, 10 insertions(+)
diff --git a/bsd-user/bsd-proc.h b/bsd-user/bsd-proc.h
index a1061bffb8..048773a75d 100644
--- a/bsd-user/bsd-proc.h
+++ b/bsd-user/bsd-proc.h
@@ -22,6 +22,10 @@
#include
+#include "qemu-bsd.h"
+#include "gdbstub/syscalls.h"
+#include "qemu/plugin.h"
+
/* exit(2) */
static inline abi_long do_bsd_exit(void *cpu_env, abi_long arg1)
{
diff --git a/bsd-user/meson.build b/bsd-user/meson.build
index 5243122fc5..b97fce1472 100644
--- a/bsd-user/meson.build
+++ b/bsd-user/meson.build
@@ -7,6 +7,7 @@ bsd_user_ss = ss.source_set()
common_user_inc += include_directories('include')
bsd_user_ss.add(files(
+ 'bsd-proc.c',
'bsdload.c',
'elfload.c',
'main.c',
@@ -16,6 +17,11 @@ bsd_user_ss.add(files(
'uaccess.c',
))
Ok so far.
+elf = cc.find_library('elf', required: true)
+procstat = cc.find_library('procstat', required: true)
+kvm = cc.find_library('kvm', required: true)
+bsd_user_ss.add(elf, procstat, kvm)
What are these for? Particularly kvm?
r~
[PATCH v5 18/20] linux-user/ppc: Add vdso
Signed-off-by: Richard Henderson
---
linux-user/ppc/vdso-asmoffset.h | 20 +++
linux-user/elfload.c| 9 ++
linux-user/ppc/signal.c | 31 +++--
linux-user/gen-vdso-elfn.c.inc | 7 +
linux-user/ppc/Makefile.vdso| 18 +++
linux-user/ppc/meson.build | 12 ++
linux-user/ppc/vdso-32.ld | 70 ++
linux-user/ppc/vdso-32.so | Bin 0 -> 3020 bytes
linux-user/ppc/vdso-64.ld | 68 +
linux-user/ppc/vdso-64.so | Bin 0 -> 3896 bytes
linux-user/ppc/vdso-64le.so | Bin 0 -> 3896 bytes
linux-user/ppc/vdso.S | 239
12 files changed, 466 insertions(+), 8 deletions(-)
create mode 100644 linux-user/ppc/vdso-asmoffset.h
create mode 100644 linux-user/ppc/Makefile.vdso
create mode 100644 linux-user/ppc/vdso-32.ld
create mode 100755 linux-user/ppc/vdso-32.so
create mode 100644 linux-user/ppc/vdso-64.ld
create mode 100755 linux-user/ppc/vdso-64.so
create mode 100755 linux-user/ppc/vdso-64le.so
create mode 100644 linux-user/ppc/vdso.S
diff --git a/linux-user/ppc/vdso-asmoffset.h b/linux-user/ppc/vdso-asmoffset.h
new file mode 100644
index 00..6844c8c81c
--- /dev/null
+++ b/linux-user/ppc/vdso-asmoffset.h
@@ -0,0 +1,20 @@
+/*
+ * Size of dummy stack frame allocated when calling signal handler.
+ * See arch/powerpc/include/asm/ptrace.h.
+ */
+#ifdef TARGET_ABI32
+# define SIGNAL_FRAMESIZE 64
+#else
+# define SIGNAL_FRAMESIZE 128
+#endif
+
+#ifdef TARGET_ABI32
+# define offsetof_sigframe_mcontext 0x20
+# define offsetof_rt_sigframe_mcontext 0x140
+# define offsetof_mcontext_fregs0xc0
+# define offsetof_mcontext_vregs0x1d0
+#else
+# define offsetof_rt_sigframe_mcontext 0xe8
+# define offsetof_mcontext_fregs0x180
+# define offsetof_mcontext_vregs_ptr0x288
+#endif
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 877727e9e7..cdc517952b 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1015,6 +1015,15 @@ static void elf_core_copy_regs(target_elf_gregset_t
*regs, const CPUPPCState *en
#define USE_ELF_CORE_DUMP
#define ELF_EXEC_PAGESIZE 4096
+#ifndef TARGET_PPC64
+# include "vdso-32.c.inc"
+#elif TARGET_BIG_ENDIAN
+# include "vdso-64.c.inc"
+#else
+# include "vdso-64le.c.inc"
+#endif
+#define vdso_image_info()_image_info
+
#endif
#ifdef TARGET_LOONGARCH64
diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index a616f20efb..7e7302823b 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -21,14 +21,7 @@
#include "user-internals.h"
#include "signal-common.h"
#include "linux-user/trace.h"
-
-/* Size of dummy stack frame allocated when calling signal handler.
- See arch/powerpc/include/asm/ptrace.h. */
-#if defined(TARGET_PPC64)
-#define SIGNAL_FRAMESIZE 128
-#else
-#define SIGNAL_FRAMESIZE 64
-#endif
+#include "vdso-asmoffset.h"
/* See arch/powerpc/include/asm/ucontext.h. Only used for 32-bit PPC;
on 64-bit PPC, sigcontext and mcontext are one and the same. */
@@ -73,6 +66,16 @@ struct target_mcontext {
#endif
};
+QEMU_BUILD_BUG_ON(offsetof(struct target_mcontext, mc_fregs)
+ != offsetof_mcontext_fregs);
+#if defined(TARGET_PPC64)
+QEMU_BUILD_BUG_ON(offsetof(struct target_mcontext, v_regs)
+ != offsetof_mcontext_vregs_ptr);
+#else
+QEMU_BUILD_BUG_ON(offsetof(struct target_mcontext, mc_vregs)
+ != offsetof_mcontext_vregs);
+#endif
+
/* See arch/powerpc/include/asm/sigcontext.h. */
struct target_sigcontext {
target_ulong _unused[4];
@@ -161,6 +164,7 @@ struct target_ucontext {
#endif
};
+#if !defined(TARGET_PPC64)
/* See arch/powerpc/kernel/signal_32.c. */
struct target_sigframe {
struct target_sigcontext sctx;
@@ -168,6 +172,10 @@ struct target_sigframe {
int32_t abigap[56];
};
+QEMU_BUILD_BUG_ON(offsetof(struct target_sigframe, mctx)
+ != offsetof_sigframe_mcontext);
+#endif
+
#if defined(TARGET_PPC64)
#define TARGET_TRAMP_SIZE 6
@@ -184,6 +192,10 @@ struct target_rt_sigframe {
char abigap[288];
} __attribute__((aligned(16)));
+QEMU_BUILD_BUG_ON(offsetof(struct target_rt_sigframe,
+ uc.tuc_sigcontext.mcontext)
+ != offsetof_rt_sigframe_mcontext);
+
#else
struct target_rt_sigframe {
@@ -192,6 +204,9 @@ struct target_rt_sigframe {
int32_t abigap[56];
};
+QEMU_BUILD_BUG_ON(offsetof(struct target_rt_sigframe, uc.tuc_mcontext)
+ != offsetof_rt_sigframe_mcontext);
+
#endif
#if defined(TARGET_PPC64)
diff --git a/linux-user/gen-vdso-elfn.c.inc b/linux-user/gen-vdso-elfn.c.inc
index 7034c36d5e..95856eb839 100644
--- a/linux-user/gen-vdso-elfn.c.inc
+++ b/linux-user/gen-vdso-elfn.c.inc
@@ -273,7 +273,14 @@ static void elfN(process)(FILE *outf, void *buf, bool
need_bswap)
errors++;
break;
+case
[PATCH 8/9] migration: Add migration_rp_wait|kick()
It's just a simple wrapper for rp_sem on either wait() or kick(), make it
even clearer on how it is used. Prepared to be used even for other things.
Signed-off-by: Peter Xu
---
migration/migration.h | 15 +++
migration/migration.c | 4 ++--
migration/ram.c | 16 +++-
3 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/migration/migration.h b/migration/migration.h
index a5c95e4d43..b6de78dbdd 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -304,6 +304,12 @@ struct MigrationState {
* be cleared in the rp_thread!
*/
bool rp_thread_created;
+/*
+ * Used to synchonize between migration main thread and return path
+ * thread. The migration thread can wait() on this sem, while
+ * other threads (e.g., return path thread) can kick it using a
+ * post().
+ */
QemuSemaphore rp_sem;
/*
* We post to this when we got one PONG from dest. So far it's an
@@ -516,4 +522,13 @@ void populate_vfio_info(MigrationInfo *info);
void reset_vfio_bytes_transferred(void);
void postcopy_temp_page_reset(PostcopyTmpPage *tmp_page);
+/* Migration thread waiting for return path thread. */
+void migration_rp_wait(MigrationState *s);
+/*
+ * Kick the migration thread waiting for return path messages. NOTE: the
+ * name can be slightly confusing (when read as "kick the rp thread"), just
+ * to remember the target is always the migration thread.
+ */
+void migration_rp_kick(MigrationState *s);
+
#endif
diff --git a/migration/migration.c b/migration/migration.c
index 576e102319..3a5f324781 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1835,7 +1835,7 @@ static int migrate_handle_rp_resume_ack(MigrationState *s,
MIGRATION_STATUS_POSTCOPY_ACTIVE);
/* Notify send thread that time to continue send pages */
-qemu_sem_post(>rp_state.rp_sem);
+migration_rp_kick(s);
return 0;
}
@@ -2503,7 +2503,7 @@ static int postcopy_resume_handshake(MigrationState *s)
qemu_savevm_send_postcopy_resume(s->to_dst_file);
while (s->state == MIGRATION_STATUS_POSTCOPY_RECOVER) {
-qemu_sem_wait(>rp_state.rp_sem);
+migration_rp_wait(s);
}
if (s->state == MIGRATION_STATUS_POSTCOPY_ACTIVE) {
diff --git a/migration/ram.c b/migration/ram.c
index a9541c60b4..b5f6d65d84 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -4157,7 +4157,7 @@ static int ram_dirty_bitmap_sync_all(MigrationState *s,
RAMState *rs)
/* Wait until all the ramblocks' dirty bitmap synced */
while (qatomic_read(>postcopy_bmap_sync_requested)) {
-qemu_sem_wait(>rp_state.rp_sem);
+migration_rp_wait(s);
}
trace_ram_dirty_bitmap_sync_complete();
@@ -4165,11 +4165,6 @@ static int ram_dirty_bitmap_sync_all(MigrationState *s,
RAMState *rs)
return 0;
}
-static void ram_dirty_bitmap_reload_notify(MigrationState *s)
-{
-qemu_sem_post(>rp_state.rp_sem);
-}
-
/*
* Read the received bitmap, revert it as the initial dirty bitmap.
* This is only used when the postcopy migration is paused but wants
@@ -4252,10 +4247,13 @@ int ram_dirty_bitmap_reload(MigrationState *s, RAMBlock
*block, Error **errp)
qatomic_dec(>postcopy_bmap_sync_requested);
/*
- * We succeeded to sync bitmap for current ramblock. If this is
- * the last one to sync, we need to notify the main send thread.
+ * We succeeded to sync bitmap for current ramblock. Always kick the
+ * migration thread to check whether all requested bitmaps are
+ * reloaded. NOTE: it's racy to only kick when requested==0, because
+ * we don't know whether the migration thread may still be increasing
+ * it.
*/
-ram_dirty_bitmap_reload_notify(s);
+migration_rp_kick(s);
ret = 0;
out:
--
2.41.0
[PATCH] linux-user: Move PRAGMA_DISABLE_PACKED_WARNING to compiler.h
Replace the slightly older version of this in include/qemu/compiler.h
that was commit as part of bsd-user changes with the newer one from
linux-user. bsd-user has no regreassions with this.
Signed-off-by: Warner Losh
---
include/qemu/compiler.h | 3 +--
linux-user/qemu.h| 26 --
tests/lcitool/libvirt-ci | 2 +-
3 files changed, 2 insertions(+), 29 deletions(-)
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index b0374425180..9496a65ea57 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -38,10 +38,9 @@
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 -- so we only
* include the warning-suppression pragmas for clang
*/
-#ifdef __clang__
+#if defined(__clang__) && __has_warning("-Waddress-of-packed-member")
#define PRAGMA_DISABLE_PACKED_WARNING \
_Pragma("GCC diagnostic push"); \
-_Pragma("GCC diagnostic ignored \"-Wpragmas\"");\
_Pragma("GCC diagnostic ignored \"-Waddress-of-packed-member\"")
#define PRAGMA_REENABLE_PACKED_WARNING \
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 4f8b55e2fb0..12821e54d0a 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -193,32 +193,6 @@ static inline bool access_ok(CPUState *cpu, int type,
These are usually used to access struct data members once the struct has
been locked - usually with lock_user_struct. */
-/*
- * Tricky points:
- * - Use __builtin_choose_expr to avoid type promotion from ?:,
- * - Invalid sizes result in a compile time error stemming from
- * the fact that abort has no parameters.
- * - It's easier to use the endian-specific unaligned load/store
- * functions than host-endian unaligned load/store plus tswapN.
- * - The pragmas are necessary only to silence a clang false-positive
- * warning: see https://bugs.llvm.org/show_bug.cgi?id=39113 .
- * - gcc has bugs in its _Pragma() support in some versions, eg
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 -- so we only
- * include the warning-suppression pragmas for clang
- */
-#if defined(__clang__) && __has_warning("-Waddress-of-packed-member")
-#define PRAGMA_DISABLE_PACKED_WARNING \
-_Pragma("GCC diagnostic push"); \
-_Pragma("GCC diagnostic ignored \"-Waddress-of-packed-member\"")
-
-#define PRAGMA_REENABLE_PACKED_WARNING \
-_Pragma("GCC diagnostic pop")
-
-#else
-#define PRAGMA_DISABLE_PACKED_WARNING
-#define PRAGMA_REENABLE_PACKED_WARNING
-#endif
-
#define __put_user_e(x, hptr, e)\
do {\
PRAGMA_DISABLE_PACKED_WARNING; \
diff --git a/tests/lcitool/libvirt-ci b/tests/lcitool/libvirt-ci
index bbd55b4d18c..9bff3b763b5 16
--- a/tests/lcitool/libvirt-ci
+++ b/tests/lcitool/libvirt-ci
@@ -1 +1 @@
-Subproject commit bbd55b4d18cce8f89b5167675e434a6941315634
+Subproject commit 9bff3b763b5531a1490e238bfbf77306dc3a6dbb
--
2.41.0
Re: [PATCH 11/32] bsd-user: Get number of cpus.
On Tue, Aug 29, 2023 at 1:50 PM Richard Henderson <
richard.hender...@linaro.org> wrote:
> On 8/27/23 08:57, Karim Taha wrote:
> > From: Kyle Evans
> >
> > Signed-off-by: Kyle Evans
> > Signed-off-by: Karim Taha
> > ---
> > bsd-user/bsd-proc.c | 39 +++
> > bsd-user/bsd-proc.h | 2 ++
> > 2 files changed, 41 insertions(+)
> >
> > diff --git a/bsd-user/bsd-proc.c b/bsd-user/bsd-proc.c
> > index 49c0fb67d0..dd6bad6de3 100644
> > --- a/bsd-user/bsd-proc.c
> > +++ b/bsd-user/bsd-proc.c
> > @@ -185,3 +185,42 @@ int host_to_target_waitstatus(int status)
> > return status;
> > }
> >
> > +int bsd_get_ncpu(void)
> > +{
> > +static int ncpu = -1;
> > +
> > +if (ncpu != -1) {
> > +return ncpu;
> > +}
> > +if (ncpu == -1) {
> > +cpuset_t mask;
> > +
> > +CPU_ZERO();
> > +
> > +if (cpuset_getaffinity(CPU_LEVEL_WHICH, CPU_WHICH_TID, -1,
> sizeof(mask),
> > + ) == 0) {
> > +ncpu = CPU_COUNT();
> > +}
> > +}
> > +#ifdef _SC_NPROCESSORS_ONLN
> > +if (ncpu == -1)
> > +ncpu = sysconf(_SC_NPROCESSORS_ONLN);
> > +#endif
> > +#if defined(CTL_HW) && defined(HW_NCPU)
> > +if (ncpu == -1) {
> > +int mib[2] = {CTL_HW, HW_NCPU};
> > +size_t sz;
> > +
> > +sz = sizeof(ncpu);
> > +if (sysctl(mib, 2, , , NULL, NULL) == -1) {
> > +ncpu = -1;
> > +}
> > +}
> > +#endif
> > +if (ncpu == -1) {
> > +gemu_log("XXX Missing bsd_get_ncpu() implementation\n");
> > +ncpu = 1;
> > +}
> > +return ncpu;
> > +}
>
> This has the look of odd compatibility code. Surely all three of these
> alternatives are
> functional, and that sysconf() is easiest to use.
>
This code dates to the earliest days of the emulator when it ran on all
three BSDs. NetBSD
does support _SC_NPROCESSORS_ONLN, so we should leave that case.
I think the getaffinity stuff is there so that one can restrict a process
group to a subset of
the CPUs in the system for nicer build farms, but I could be mistaken about
that. NetBSD
doesn't support this call, AFAICT, but I'd rather not add #ifdef's for
NetBSD until we actually
do a NetBSD port. I'll have to check with Kyle to see if that was really
needed, or if the
code was cut and pasted from elsewhere.
I don't think we need to fall back to the 4.4BSD hw.ncpu sysctl. Everybody
supports the sysconf
interface.
> Looking at the freebsd implementation of sysconf, it uses AT_NCPUS if
> available, so the
> value is already cached within the process in the common case. So I also
> don't see a need
> for the ncpu local static either.
>
I agree with this... We only use it to impelment hw.ncpu emulation, and to
set AT_NCPUS
when we load, so who cares if it's expensive :).
Warner
Re: [PATCH 32/32] bsd-user: Implement pdfork(2) system call.
On Tue, Aug 29, 2023 at 3:53 PM Richard Henderson <
richard.hender...@linaro.org> wrote:
> On 8/29/23 14:27, Warner Losh wrote:
> > > +if (put_user_s32(fd, target_fdp)) {
> > > +return -TARGET_EFAULT;
> > > +}
> >
> > I *think* this copy belongs in the parent?
> >
> >
> > I think that it's copied out in both cases. For normal fork, this would
> > be 0 for the pid. However, it appears to return the same FD to both
> > the parent and child (see your next comment), so it should be in both
> > paths. And even if it returned something different for parent and child
> > (which seems unlikely given how the code is setup), we want to return
> > the fd each one sees. So either way, I think this code is correct.
> >
> > It's really hard to follow the path of new
> > process creation within the freebsd kernel.
> >
> >
> > Agreed.
>
> I think that the child never returns from do_fork. The child pid == 0
> happens as part of
> do_fork or vm_forkproc or somesuch, but the new process definitely begins
> life at fork_return.
>
I confused the 'returns twice' behavior in userland with the gymnastics the
kernel does
on creating a new process (where things don't return twice). Having looked
at that code,
I'm sure you are right now and it should only be set in the parent. I don't
see where it is
set in the fork_return path. For normal fork, the return value register is
cleared, as is the
carry bit, used to signal errors from system calls on FreeBSD. And having
asked someone
whose more of an expert, he confirms it is not set in the child.
Therefore only the parent passes returns from fork1 to set *fdp.
>
I agree. We should move that code to the parent branch.
Warner
>
> r~
>
[PATCH V4 10/11] tests/qtest: postcopy migration with suspend
Add a test case to verify that the suspended state is handled correctly by
live migration postcopy. The test suspends the src, migrates, then wakes
the dest.
Signed-off-by: Steve Sistare
---
tests/qtest/migration-test.c | 26 --
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index cc508ef..6306fb0 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -599,8 +599,12 @@ static void migrate_postcopy_start(QTestState *from,
QTestState *to)
{
qtest_qmp_assert_success(from, "{ 'execute': 'migrate-start-postcopy' }");
-wait_for_stop(from, _state);
-qtest_qmp_eventwait(to, "RESUME");
+if (src_state.suspend_me) {
+wait_for_suspend(from, _state);
+} else {
+wait_for_stop(from, _state);
+qtest_qmp_eventwait(to, "RESUME");
+}
}
typedef struct {
@@ -1299,6 +1303,11 @@ static void migrate_postcopy_complete(QTestState *from,
QTestState *to,
{
wait_for_migration_complete(from);
+if (args->start.suspend_me) {
+/* wakeup succeeds only if guest is suspended */
+qtest_qmp_assert_success(to, "{'execute': 'system_wakeup'}");
+}
+
/* Make sure we get at least one "B" on destination */
wait_for_serial("dest_serial");
@@ -1332,6 +1341,15 @@ static void test_postcopy(void)
test_postcopy_common();
}
+static void test_postcopy_suspend(void)
+{
+MigrateCommon args = {
+.start.suspend_me = true,
+};
+
+test_postcopy_common();
+}
+
static void test_postcopy_compress(void)
{
MigrateCommon args = {
@@ -2884,6 +2902,10 @@ int main(int argc, char **argv)
qtest_add_func("/migration/postcopy/recovery/compress/plain",
test_postcopy_recovery_compress);
}
+if (is_x86) {
+qtest_add_func("/migration/postcopy/suspend",
+ test_postcopy_suspend);
+}
}
qtest_add_func("/migration/bad_dest", test_baddest);
--
1.8.3.1
[PATCH v5 07/12] target/arm: Implement FEAT_Pauth2
From: Aaron Lindsay
Signed-off-by: Aaron Lindsay
Reviewed-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-Id: <20230609172324.982888-6-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson
---
docs/system/arm/emulation.rst | 1 +
target/arm/tcg/cpu64.c| 2 +-
target/arm/tcg/pauth_helper.c | 21 +
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 4866a73ca0..54234ac090 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -63,6 +63,7 @@ the following architecture extensions:
- FEAT_PAN2 (AT S1E1R and AT S1E1W instruction variants affected by PSTATE.PAN)
- FEAT_PAN3 (Support for SCTLR_ELx.EPAN)
- FEAT_PAuth (Pointer authentication)
+- FEAT_PAuth2 (Enhacements to pointer authentication)
- FEAT_PMULL (PMULL, PMULL2 instructions)
- FEAT_PMUv3p1 (PMU Extensions v3.1)
- FEAT_PMUv3p4 (PMU Extensions v3.4)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 85bf94ee40..d3be14137e 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -758,7 +758,7 @@ void aarch64_max_tcg_initfn(Object *obj)
t = cpu->isar.id_aa64isar1;
t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_EPAC);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_2);
t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 63e1009ea7..b6aeb90548 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -353,7 +353,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t
ptr, uint64_t modifier,
*/
test = sextract64(ptr, bot_bit, top_bit - bot_bit);
if (test != 0 && test != -1) {
-if (pauth_feature == PauthFeat_EPAC) {
+if (pauth_feature >= PauthFeat_2) {
+/* No action required */
+} else if (pauth_feature == PauthFeat_EPAC) {
pac = 0;
} else {
/*
@@ -368,6 +370,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t
ptr, uint64_t modifier,
* Preserve the determination between upper and lower at bit 55,
* and insert pointer authentication code.
*/
+if (pauth_feature >= PauthFeat_2) {
+pac ^= ptr;
+}
if (param.tbi) {
ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
@@ -394,18 +399,26 @@ static uint64_t pauth_original_ptr(uint64_t ptr,
ARMVAParameters param)
static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber)
{
+ARMCPU *cpu = env_archcpu(env);
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
+ARMPauthFeature pauth_feature = cpu_isar_feature(pauth_feature, cpu);
int bot_bit, top_bit;
-uint64_t pac, orig_ptr, test;
+uint64_t pac, orig_ptr, cmp_mask;
orig_ptr = pauth_original_ptr(ptr, param);
pac = pauth_computepac(env, orig_ptr, modifier, *key);
bot_bit = 64 - param.tsz;
top_bit = 64 - 8 * param.tbi;
-test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
-if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
+cmp_mask = MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit);
+cmp_mask &= ~MAKE_64BIT_MASK(55, 1);
+
+if (pauth_feature >= PauthFeat_2) {
+return ptr ^ (pac & cmp_mask);
+}
+
+if ((pac ^ ptr) & cmp_mask) {
int error_code = (keynumber << 1) | (keynumber ^ 1);
if (param.tbi) {
return deposit64(orig_ptr, 53, 2, error_code);
--
2.34.1
Re: [PATCH v2 00/48] tcg patch queue
On 8/28/23 23:17, Bastian Koppelmann wrote: I'm seeing a segfault in "make docker-test-tcg@debian-tricore-cross" after this pull request. git bisect points to: commit fc15bfb6a6bda8d4d01f1383579d385acae17c0f Author: Anton Johansson Date: Mon Aug 7 17:57:03 2023 +0200 include/exec: typedef abi_ptr to vaddr in softmmu In system mode, abi_ptr is primarily used for representing addresses when accessing guest memory with cpu_[st|ld]*(). Widening it from target_ulong to vaddr reduces the target dependence of these functions and is step towards building accel/ once for system mode. Signed-off-by: Anton Johansson Reviewed-by: Richard Henderson Message-Id: <20230807155706.9580-7-a...@rev.ng> Signed-off-by: Richard Henderson diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h index da10ba1433..f3ce4eb1d0 100644 --- a/include/exec/cpu_ldst.h +++ b/include/exec/cpu_ldst.h @@ -121,8 +121,8 @@ static inline bool guest_range_valid_untagged(abi_ulong start, abi_ulong len) h2g_nocheck(x); \ }) #else -typedef target_ulong abi_ptr; -#define TARGET_ABI_FMT_ptr TARGET_FMT_lx +typedef vaddr abi_ptr; +#define TARGET_ABI_FMT_ptr "%016" VADDR_PRIx #endif Changeing typedef vaddr abi_ptr back to target_ulong fixes it. The faulting TriCore insn is OPC1_32_BOL_ST_W_LONGOFF, that tries to write to guest addr 0xd124, which is in a valid memory region. Right. The traceback is #6 0x5582c511 in mmu_lookup (env=0x55e98ee0, addr=18446744072904253376, oi=32, ra=0, type=MMU_DATA_STORE, l=0x71888cc0) at ../src/accel/tcg/cputlb.c:1828 #7 0x5582f531 in do_st4_mmu (env=0x55e98ee0, addr=18446744072904253376, val=0, oi=32, ra=0) at ../src/accel/tcg/cputlb.c:2991 #8 0x5582fe59 in cpu_stl_mmu (env=0x55e98ee0, addr=18446744072904253376, val=0, oi=32, retaddr=0) at ../src/accel/tcg/cputlb.c:3138 #9 0x5583041d in cpu_stl_le_mmuidx_ra (env=0x55e98ee0, addr=18446744072904253376, val=0, mmu_idx=0, ra=0) at ../src/accel/tcg/ldst_common.c.inc:118 #10 0x558308b5 in cpu_stl_le_data_ra (env=0x55e98ee0, addr=18446744072904253376, val=0, ra=0) at ../src/accel/tcg/ldst_common.c.inc:213 #11 0x55830bf2 in cpu_stl_le_data (env=0x55e98ee0, addr=18446744072904253376, val=0) at ../src/accel/tcg/ldst_common.c.inc:301 #12 0x557a2ce2 in save_context_upper (env=0x55e98ee0, ea=-805298240) at ../src/target/tricore/op_helper.c:2400 #13 0x557a35ee in helper_call (env=0x55e98ee0, next_pc=2147484092) at ../src/target/tricore/op_helper.c:2519 With void save_context_upper(CPUTriCoreState *env, int ea) providing the signed address variable, which gets extended to 64-bits with the change to abi_ptr instead of converted to unsigned 32-bits in cpu_stl_le_data. For the short-term, let's revert this patch. r~
Re: [PATCH 01/32] bsd-user: define TARGET_RFSPAWN for rfork to use vfork(2) semantics.
On 8/27/23 08:57, Karim Taha wrote: From: Kyle Evans Signed-off-by: Kyle Evans Signed-off-by: Karim Taha --- bsd-user/syscall_defs.h | 4 1 file changed, 4 insertions(+) Reviewed-by: Richard Henderson r~
[PATCH v5 05/12] target/arm: Implement FEAT_PACQARMA3
Implement the QARMA3 cryptographic algorithm for PAC calculation.
Implement a cpu feature to select the algorithm and document it.
Signed-off-by: Aaron Lindsay
Reviewed-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-Id: <20230609172324.982888-4-aa...@os.amperecomputing.com>
[rth: Merge cpu feature addition from another patch.]
Signed-off-by: Richard Henderson
---
docs/system/arm/cpu-features.rst | 21 -
docs/system/arm/emulation.rst| 3 ++
target/arm/cpu.h | 1 +
target/arm/arm-qmp-cmds.c| 2 +-
target/arm/cpu64.c | 24 --
target/arm/tcg/pauth_helper.c| 54 ++--
tests/qtest/arm-cpu-features.c | 12 ++-
7 files changed, 94 insertions(+), 23 deletions(-)
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index 6bb88a40c7..a5fb929243 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -210,15 +210,20 @@ TCG VCPU Features
TCG VCPU features are CPU features that are specific to TCG.
Below is the list of TCG VCPU features and their descriptions.
-``pauth-impdef``
- When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
- Defined) algorithm is enabled or the *architected* QARMA algorithm
- is enabled. By default the impdef algorithm is disabled, and QARMA
- is enabled.
+``pauth``
+ Enable or disable ``FEAT_Pauth`` entirely.
- The architected QARMA algorithm has good cryptographic properties,
- but can be quite slow to emulate. The impdef algorithm used by QEMU
- is non-cryptographic but significantly faster.
+``pauth-impdef``
+ When ``pauth`` is enabled, select the QEMU implementation defined algorithm.
+
+``pauth-qarma3``
+ When ``pauth`` is enabled, select the architected QARMA3 algorithm.
+
+Without either ``pauth-impdef`` or ``pauth-qarma3`` enabled,
+the architected QARMA5 algorithm is used. The architected QARMA5
+and QARMA3 algorithms have good cryptographic properties, but can
+be quite slow to emulate. The impdef algorithm used by QEMU is
+non-cryptographic but significantly faster.
SVE CPU Properties
==
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index bdafc68819..06af20d10f 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -55,6 +55,9 @@ the following architecture extensions:
- FEAT_MTE (Memory Tagging Extension)
- FEAT_MTE2 (Memory Tagging Extension)
- FEAT_MTE3 (MTE Asymmetric Fault Handling)
+- FEAT_PACIMP (Pointer authentication - IMPLEMENTATION DEFINED algorithm)
+- FEAT_PACQARMA3 (Pointer authentication - QARMA3 algorithm)
+- FEAT_PACQARMA5 (Pointer authentication - QARMA5 algorithm)
- FEAT_PAN (Privileged access never)
- FEAT_PAN2 (AT S1E1R and AT S1E1W instruction variants affected by PSTATE.PAN)
- FEAT_PAN3 (Support for SCTLR_ELx.EPAN)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 0e2545d631..cfca42293a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1072,6 +1072,7 @@ struct ArchCPU {
*/
bool prop_pauth;
bool prop_pauth_impdef;
+bool prop_pauth_qarma3;
bool prop_lpa2;
/* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
diff --git a/target/arm/arm-qmp-cmds.c b/target/arm/arm-qmp-cmds.c
index c8fa524002..b53d5efe13 100644
--- a/target/arm/arm-qmp-cmds.c
+++ b/target/arm/arm-qmp-cmds.c
@@ -95,7 +95,7 @@ static const char *cpu_model_advertised_features[] = {
"sve640", "sve768", "sve896", "sve1024", "sve1152", "sve1280",
"sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048",
"kvm-no-adjvtime", "kvm-steal-time",
-"pauth", "pauth-impdef",
+"pauth", "pauth-impdef", "pauth-qarma3",
NULL
};
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index fd584a31da..f3d87e001f 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -474,7 +474,7 @@ void aarch64_add_sme_properties(Object *obj)
void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
{
ARMPauthFeature features = cpu_isar_feature(pauth_feature, cpu);
-uint64_t isar1;
+uint64_t isar1, isar2;
/*
* These properties enable or disable Pauth as a whole, or change
@@ -490,6 +490,10 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, 0);
isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 0);
+isar2 = cpu->isar.id_aa64isar2;
+isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, APA3, 0);
+isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, GPA3, 0);
+
if (kvm_enabled() || hvf_enabled()) {
/*
* Exit early if PAuth is enabled and fall through to disable it.
@@ -510,26 +514,39 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
}
if (cpu->prop_pauth) {
+if (cpu->prop_pauth_impdef && cpu->prop_pauth_qarma3) {
+error_setg(errp,
+ "cannot enable both pauth-impdef and
[PATCH v5 06/12] target/arm: Implement FEAT_EPAC
From: Aaron Lindsay
Signed-off-by: Aaron Lindsay
Reviewed-by: Peter Maydell
Reviewed-by: Richard Henderson
Message-Id: <20230609172324.982888-5-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson
---
docs/system/arm/emulation.rst | 1 +
target/arm/tcg/cpu64.c| 2 +-
target/arm/tcg/pauth_helper.c | 16 +++-
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 06af20d10f..4866a73ca0 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -27,6 +27,7 @@ the following architecture extensions:
- FEAT_DotProd (Advanced SIMD dot product instructions)
- FEAT_DoubleFault (Double Fault Extension)
- FEAT_E0PD (Preventing EL0 access to halves of address maps)
+- FEAT_EPAC (Enhanced pointer authentication)
- FEAT_ETS (Enhanced Translation Synchronization)
- FEAT_EVT (Enhanced Virtualization Traps)
- FEAT_FCMA (Floating-point complex number instructions)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index fec6a4875d..85bf94ee40 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -758,7 +758,7 @@ void aarch64_max_tcg_initfn(Object *obj)
t = cpu->isar.id_aa64isar1;
t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_1);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_EPAC);
t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index bb03409ee5..63e1009ea7 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -326,8 +326,10 @@ static uint64_t pauth_computepac(CPUARMState *env,
uint64_t data,
static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data)
{
+ARMCPU *cpu = env_archcpu(env);
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
+ARMPauthFeature pauth_feature = cpu_isar_feature(pauth_feature, cpu);
uint64_t pac, ext_ptr, ext, test;
int bot_bit, top_bit;
@@ -351,11 +353,15 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t
ptr, uint64_t modifier,
*/
test = sextract64(ptr, bot_bit, top_bit - bot_bit);
if (test != 0 && test != -1) {
-/*
- * Note that our top_bit is one greater than the pseudocode's
- * version, hence "- 2" here.
- */
-pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+if (pauth_feature == PauthFeat_EPAC) {
+pac = 0;
+} else {
+/*
+ * Note that our top_bit is one greater than the pseudocode's
+ * version, hence "- 2" here.
+ */
+pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+}
}
/*
--
2.34.1
[PATCH v5 13/20] linux-user/aarch64: Add vdso
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 7
linux-user/aarch64/meson.build | 33 +++
linux-user/aarch64/vdso-be.so | Bin 0 -> 3216 bytes
linux-user/aarch64/vdso-le.so | Bin 0 -> 3216 bytes
linux-user/aarch64/vdso.S | 73 +
linux-user/aarch64/vdso.ld | 72
linux-user/meson.build | 1 +
7 files changed, 186 insertions(+)
create mode 100644 linux-user/aarch64/meson.build
create mode 100755 linux-user/aarch64/vdso-be.so
create mode 100755 linux-user/aarch64/vdso-le.so
create mode 100644 linux-user/aarch64/vdso.S
create mode 100644 linux-user/aarch64/vdso.ld
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index b421f04675..8316868bd2 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -768,6 +768,13 @@ static uint32_t get_elf_hwcap2(void)
#undef GET_FEATURE_ID
+#if TARGET_BIG_ENDIAN
+# include "vdso-be.c.inc"
+#else
+# include "vdso-le.c.inc"
+#endif
+#define vdso_image_info()_image_info
+
#endif /* not TARGET_AARCH64 */
#endif /* TARGET_ARM */
diff --git a/linux-user/aarch64/meson.build b/linux-user/aarch64/meson.build
new file mode 100644
index 00..b769c87570
--- /dev/null
+++ b/linux-user/aarch64/meson.build
@@ -0,0 +1,33 @@
+# TARGET_BIG_ENDIAN is defined to 'n' for little-endian; which means it
+# is always true as far as source_set.apply() is concerned. Always build
+# both header files and include the right one via #if.
+
+vdso_cmd = [
+build_vdso_cmd,
+'-B', meson.project_build_root(),
+'-C', meson.current_source_dir(),
+'-T', 'aarch64-linux-user',
+'-o', '@OUTPUT@',
+'--',
+'-nostdlib', '-shared',
+'-Wl,-h,linux-vdso.so.1',
+'-Wl,--build-id=sha1',
+'-Wl,--hash-style=both',
+'-Wl,-T,@INPUT1@',
+'@INPUT0@'
+]
+
+vdso_le_so = custom_target(output: 'vdso-le.so',
+ input: files('vdso.S', 'vdso.ld'),
+ command: vdso_cmd + ['-mlittle-endian'])
+
+vdso_be_so = custom_target(output: 'vdso-be.so',
+ input: files('vdso.S', 'vdso.ld'),
+ command: vdso_cmd + ['-mbig-endian'])
+
+gen = [
+ gen_vdso.process(vdso_le_so, extra_args: ['-r', '__kernel_rt_sigreturn']),
+ gen_vdso.process(vdso_be_so, extra_args: ['-r', '__kernel_rt_sigreturn']),
+]
+
+linux_user_ss.add(when: 'TARGET_AARCH64', if_true: gen)
diff --git a/linux-user/aarch64/vdso-be.so b/linux-user/aarch64/vdso-be.so
new file mode 100755
index
..b19563b648cc3e33a45b9394695d747f55c11db7
GIT binary patch
literal 3216
zcmc&$O>A355T57v+5{-Ysi=q)1g#XIswz)u5h$n}>|m!!<)$HRMcT{OwO?YViH)9L
zih~5?z=Z>%s3*h$7jXfJb1N?G0i;U3Re@n4Wq>3KOr9bY>?#y~^Y=p#tN%nm^
z-^}dn+ud2e5A%iTRLTP@K3u}SLugCJ*oV)vHVIoG18H~$^{v9^IFFKH#BtTHHOQ{@AI9wplKX>5uW8hLCPZyyWXO)_afvt
zPLSS@;?mf*9GW`;SFwXaoUePPPkDT@e|7!-C&$uv?_9aC^5d7czWDXKi@WpeN3fmy
zrxg`AO2vOhEfH@8NmszJhLP@nW06fX~F5^>-dY|g;_5-5_8A8+_8Xaiu
zNtb<@VE+Gra0kFPlQ_7^6QK3ZIs9$rX+Ks*pnaEh7d*#b){Dk@%|d0P+7IUJH%1
zzr5bM^_JZtbK^5wzY+&;bq`^*2`*9?v*xFNq)(mxVb@Eo+;87xAA(Y6
zqqr8Ws^ut2s%uewsa)LXu%*>{>8#lL&~eo0uyLXq)#W%!*5ewiR%`3cm(P_O^$`E}
zLt%FA#G*P7z81dnI?e_Uk^LjhGk;ItxpEOTI?vBzGv}1vC)X5a8Aq>-
z7#qb765KeN3yRdY(U8~Y9{HAGERQApnQ&<1ck3^+0AX=wCnN+i%_Ix1rxS#7W+-
zv2SI-_`={!FtFcyg?#tx46!hrgJ%c*ns9$9wy+dK}f`}+yt+Qg2P{9
z|1^|Jhik7ER%XLGjF(}&2`YDTE_-D5O)NjW_*H)q4RP8yjm$@eE=T8>~pLR!<@b%Nw=gTD7D*=!;lP
ziV!Z>*27A%Q89cH8|GXTH>!irLMisRb7uOeseg#`A)!b<~d>?B9E;Zi4Rbl#NYS7*iYg>r+0LWOd$gY72BNkeGV(#x;0H@0bFqxB|r
zDgixk;Y1K8ZU%9ID-u*(=z#+gH?C8tW2K#(5b)Yi=G>A)TY-ec*nj8$H#2|!
z{y#JO-^~^B1E~~&9QvAiBciklwuhl1*h$*Q>3H*Ev;gkPwHggm`30swMk;T
zGAR={>8b`86H!~|wRv~(Du=(NTR~auS~{=IA7z;kxT=M|q<>!Lvw1eOA_9j$u^H#K
zkK5_R716pbm?J$V>5DHJi~P$^cZTvA|Eu|5{&?}o=EzQE<+n#zLt18ET-@rRrL{)s5@ZRm?=^d8Bt}f;aF))Xy)9ee+$
z!uj{Um(+z6uXE1Y|19H4`Tr{8Np+;6xLrryR@|-^A1S`4UX)4;OIHe)Yi@(4%QW30
zlYMoP9}MRF_k4YyisRwF#{BV^O_
zo3%#0Z(z#gdR4RP7uP*gEwd&@!A
zJ8%xJkZ^Z_J?hqRmdZC3{!t
+
+/* ??? These are in include/elf.h, which is not ready for inclusion in asm. */
+#define NT_GNU_PROPERTY_TYPE_0 5
+#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc000
+#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
+#define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1U << 1)
+
+#define GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT \
+(GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
+
+ .section .note.gnu.property
+ .align 3
+ .long 2f - 1f
+ .long 6f - 3f
+ .long NT_GNU_PROPERTY_TYPE_0
+1: .string "GNU"
+2: .align 3
+3: .long GNU_PROPERTY_AARCH64_FEATURE_1_AND
+ .long 5f - 4f
+4: .long GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT
+5: .align 3
+6:
+
+ .text
+
+.macro endf name
+ .globl \name
+ .type \name, @function
+ .size \name, . - \name
+.endm
+
+.macro vdso_syscall name, nr
+\name:
+ bti c
+ mov x8, #\nr
[PATCH 2/9] migration: Let migrate_set_error() take ownership
migrate_set_error() used one error_copy() so it always copy an error.
However that's not the major use case - the major use case is one would
like to pass the error to migrate_set_error() without further touching the
error.
It can be proved if we see most of the callers are freeing the error
explicitly right afterwards. There're a few outliers (only if when the
caller) where we can use error_copy() explicitly there.
Reviewed-by: Fabiano Rosas
Signed-off-by: Peter Xu
---
migration/migration.h| 4 ++--
migration/channel.c | 1 -
migration/migration.c| 22 --
migration/multifd.c | 10 --
migration/postcopy-ram.c | 1 -
migration/ram.c | 1 -
6 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/migration/migration.h b/migration/migration.h
index 6eea18db36..76e35a5ecf 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -465,7 +465,7 @@ bool migration_has_all_channels(void);
uint64_t migrate_max_downtime(void);
-void migrate_set_error(MigrationState *s, const Error *error);
+void migrate_set_error(MigrationState *s, Error *error);
void migrate_fd_connect(MigrationState *s, Error *error_in);
@@ -510,7 +510,7 @@ int foreach_not_ignored_block(RAMBlockIterFunc func, void
*opaque);
void migration_make_urgent_request(void);
void migration_consume_urgent_request(void);
bool migration_rate_limit(void);
-void migration_cancel(const Error *error);
+void migration_cancel(Error *error);
void populate_vfio_info(MigrationInfo *info);
void reset_vfio_bytes_transferred(void);
diff --git a/migration/channel.c b/migration/channel.c
index ca3319a309..48b3f6abd6 100644
--- a/migration/channel.c
+++ b/migration/channel.c
@@ -90,7 +90,6 @@ void migration_channel_connect(MigrationState *s,
}
}
migrate_fd_connect(s, error);
-error_free(error);
}
diff --git a/migration/migration.c b/migration/migration.c
index c60064d48e..0f3ca168ed 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -162,7 +162,7 @@ void migration_object_init(void)
dirty_bitmap_mig_init();
}
-void migration_cancel(const Error *error)
+void migration_cancel(Error *error)
{
if (error) {
migrate_set_error(current_migration, error);
@@ -1218,11 +1218,22 @@ static void migrate_fd_cleanup_bh(void *opaque)
object_unref(OBJECT(s));
}
-void migrate_set_error(MigrationState *s, const Error *error)
+/*
+ * Set error for current migration state. The `error' ownership will be
+ * moved from the caller to MigrationState, so the caller doesn't need to
+ * free the error.
+ *
+ * If the caller still needs to reference the `error' passed in, one should
+ * use error_copy() explicitly.
+ */
+void migrate_set_error(MigrationState *s, Error *error)
{
QEMU_LOCK_GUARD(>error_mutex);
if (!s->error) {
-s->error = error_copy(error);
+/* Record the first error triggered */
+s->error = error;
+} else {
+error_free(error);
}
}
@@ -1235,7 +1246,7 @@ static void migrate_error_free(MigrationState *s)
}
}
-static void migrate_fd_error(MigrationState *s, const Error *error)
+static void migrate_fd_error(MigrationState *s, Error *error)
{
trace_migrate_fd_error(error_get_pretty(error));
assert(s->to_dst_file == NULL);
@@ -1703,7 +1714,7 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
if (!resume_requested) {
yank_unregister_instance(MIGRATION_YANK_INSTANCE);
}
-migrate_fd_error(s, local_err);
+migrate_fd_error(s, error_copy(local_err));
error_propagate(errp, local_err);
return;
}
@@ -2626,7 +2637,6 @@ static MigThrError migration_detect_error(MigrationState
*s)
if (local_error) {
migrate_set_error(s, local_error);
-error_free(local_error);
}
if (state == MIGRATION_STATUS_POSTCOPY_ACTIVE && ret) {
diff --git a/migration/multifd.c b/migration/multifd.c
index 0f6b203877..69d56104fb 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -551,7 +551,6 @@ void multifd_save_cleanup(void)
multifd_send_state->ops->send_cleanup(p, _err);
if (local_err) {
migrate_set_error(migrate_get_current(), local_err);
-error_free(local_err);
}
}
qemu_sem_destroy(_send_state->channels_ready);
@@ -750,7 +749,6 @@ out:
if (local_err) {
trace_multifd_send_error(p->id);
multifd_send_terminate_threads(local_err);
-error_free(local_err);
}
/*
@@ -883,7 +881,6 @@ static void
multifd_new_send_channel_cleanup(MultiFDSendParams *p,
*/
p->quit = true;
object_unref(OBJECT(ioc));
- error_free(err);
}
static void multifd_new_send_channel_async(QIOTask *task, gpointer opaque)
@@ -1148,7 +1145,6 @@ static void *multifd_recv_thread(void *opaque)
if (local_err) {
multifd_recv_terminate_threads(local_err);
-
Re: [PATCH 22/32] bsd-user: Implement freebsd_exec_common, used in implementing execve/fexecve.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/freebsd/os-proc.c | 177 +
1 file changed, 177 insertions(+)
Acked-by: Richard Henderson
+if (do_fexec) {
+if (((int)path_or_fd > 0 &&
+is_target_elf_binary((int)path_or_fd)) == 1) {
+char execpath[PATH_MAX];
+
+/*
+ * The executable is an elf binary for the target
+ * arch. execve() it using the emulator if we can
+ * determine the filename path from the fd.
+ */
+if (get_filename_from_fd(getpid(), (int)path_or_fd, execpath,
+sizeof(execpath)) != NULL) {
+memmove(qarg1 + 2, qarg1, (qargend-qarg1) * sizeof(*qarg1));
+ qarg1[1] = qarg1[0];
+ qarg1[0] = (char *)"-0";
+ qarg1 += 2;
+ qargend += 2;
+*qarg1 = execpath;
+#ifndef DONT_INHERIT_INTERP_PREFIX
+memmove(qarg1 + 2, qarg1, (qargend-qarg1) * sizeof(*qarg1));
+*qarg1++ = (char *)"-L";
+*qarg1++ = (char *)interp_prefix;
+#endif
I'm not especailly keen on the ifdef, but I'll let that go.
As for get_filename_from_fd, perhaps it would be cleaner to add a command-line parameter
which would allow qemu to run from an open file descriptor? Although perhaps that has
CLOEXEC implications too...
r~
[PATCH v5 10/12] linux-user/aarch64: Add ESR signal frame for SIGSEGV, SIGBUS
These are all synchronous exceptions for which the kernel
passes on ESR to the user signal handler.
Signed-off-by: Richard Henderson
---
linux-user/aarch64/signal.c | 52 -
target/arm/tcg/tlb_helper.c | 8 +-
2 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index b265cfd470..40a476c33e 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -21,6 +21,7 @@
#include "user-internals.h"
#include "signal-common.h"
#include "linux-user/trace.h"
+#include "target/arm/syndrome.h"
struct target_sigcontext {
uint64_t fault_address;
@@ -64,6 +65,13 @@ struct target_fpsimd_context {
uint64_t vregs[32 * 2]; /* really uint128_t vregs[32] */
};
+#define TARGET_ESR_MAGIC0x45535201
+
+struct target_esr_context {
+struct target_aarch64_ctx head;
+uint64_t esr;
+};
+
#define TARGET_EXTRA_MAGIC 0x45585401
struct target_extra_context {
@@ -191,6 +199,14 @@ static void target_setup_end_record(struct
target_aarch64_ctx *end)
__put_user(0, >size);
}
+static void target_setup_esr_record(struct target_esr_context *esr,
+CPUARMState *env)
+{
+__put_user(TARGET_ESR_MAGIC, >head.magic);
+__put_user(sizeof(struct target_esr_context), >head.size);
+__put_user(env->exception.syndrome, >esr);
+}
+
static void target_setup_sve_record(struct target_sve_context *sve,
CPUARMState *env, int size)
{
@@ -443,6 +459,10 @@ static int target_restore_sigframe(CPUARMState *env,
fpsimd = (struct target_fpsimd_context *)ctx;
break;
+case TARGET_ESR_MAGIC:
+/* ignore */
+break;
+
case TARGET_SVE_MAGIC:
if (sve || size < sizeof(struct target_sve_context)) {
goto err;
@@ -558,6 +578,27 @@ static int alloc_sigframe_space(int this_size,
target_sigframe_layout *l)
return this_loc;
}
+static bool need_save_esr(target_siginfo_t *info, CPUARMState *env)
+{
+int sig = info->si_signo;
+int type = info->si_code >> 16;
+
+if (type != QEMU_SI_FAULT) {
+return false;
+}
+
+/*
+ * See arch/arm64/mm/fault.c, for invocations of set_thread_esr.
+ * We populate ESR in arm_cpu_record_sigsegv or arm_cpu_record_sigbus,
+ * called via cpu_loop_exit_{sigsegv,sigbus}.
+ */
+if (sig == TARGET_SIGSEGV || sig == TARGET_SIGBUS) {
+return true;
+}
+
+return false;
+}
+
static void target_setup_frame(int usig, struct target_sigaction *ka,
target_siginfo_t *info, target_sigset_t *set,
CPUARMState *env)
@@ -567,7 +608,7 @@ static void target_setup_frame(int usig, struct
target_sigaction *ka,
.total_size = offsetof(struct target_rt_sigframe,
uc.tuc_mcontext.__reserved),
};
-int fpsimd_ofs, fr_ofs, sve_ofs = 0, za_ofs = 0;
+int fpsimd_ofs, fr_ofs, esr_ofs = 0, sve_ofs = 0, za_ofs = 0;
int sve_size = 0, za_size = 0;
struct target_rt_sigframe *frame;
struct target_rt_frame_record *fr;
@@ -577,6 +618,12 @@ static void target_setup_frame(int usig, struct
target_sigaction *ka,
fpsimd_ofs = alloc_sigframe_space(sizeof(struct target_fpsimd_context),
);
+/* ESR state needs saving only for certain signals. */
+if (need_save_esr(info, env)) {
+esr_ofs = alloc_sigframe_space(sizeof(struct target_esr_context),
+ );
+}
+
/* SVE state needs saving only if it exists. */
if (cpu_isar_feature(aa64_sve, env_archcpu(env)) ||
cpu_isar_feature(aa64_sme, env_archcpu(env))) {
@@ -637,6 +684,9 @@ static void target_setup_frame(int usig, struct
target_sigaction *ka,
layout.extra_size);
target_setup_end_record((void *)frame + layout.extra_end_ofs);
}
+if (esr_ofs) {
+target_setup_esr_record((void *)frame + esr_ofs, env);
+}
if (sve_ofs) {
target_setup_sve_record((void *)frame + sve_ofs, env, sve_size);
}
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
index b22b2a4c6e..27bf30e9e2 100644
--- a/target/arm/tcg/tlb_helper.c
+++ b/target/arm/tcg/tlb_helper.c
@@ -354,7 +354,13 @@ void arm_cpu_record_sigsegv(CPUState *cs, vaddr addr,
{
ARMMMUFaultInfo fi = {
.type = maperr ? ARMFault_Translation : ARMFault_Permission,
-.level = 3,
+/*
+ * In arch/arm64/mm/fault.c, set_thread_esr, for kernel-space
+ * addresses (i.e. TTBR1) the kernel cleans the ESR value to
+ * always report level 0. Since we're manufacturing a level
+ * here, we might as well pick 0 always.
+ */
+.level = 0,
};
ARMCPU *cpu = ARM_CPU(cs);
--
2.34.1
[PATCH v5 02/12] target/arm: Add ID_AA64ISAR2_EL1
From: Aaron Lindsay
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Aaron Lindsay
[PMM: drop the HVF part of the patch and just comment that
we need to do something when the register appears in that API]
Signed-off-by: Peter Maydell
Signed-off-by: Richard Henderson
---
target/arm/cpu.h | 1 +
target/arm/helper.c | 4 ++--
target/arm/hvf/hvf.c | 1 +
target/arm/kvm64.c | 2 ++
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index cdf8600b96..4a5a5e9eb8 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1033,6 +1033,7 @@ struct ArchCPU {
uint32_t dbgdevid1;
uint64_t id_aa64isar0;
uint64_t id_aa64isar1;
+uint64_t id_aa64isar2;
uint64_t id_aa64pfr0;
uint64_t id_aa64pfr1;
uint64_t id_aa64mmfr0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 85291d5b8e..b5be68be58 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8439,11 +8439,11 @@ void register_cp_regs_for_features(ARMCPU *cpu)
.access = PL1_R, .type = ARM_CP_CONST,
.accessfn = access_aa64_tid3,
.resetvalue = cpu->isar.id_aa64isar1 },
-{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
+{ .name = "ID_AA64ISAR2_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
.access = PL1_R, .type = ARM_CP_CONST,
.accessfn = access_aa64_tid3,
- .resetvalue = 0 },
+ .resetvalue = cpu->isar.id_aa64isar2 },
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
.access = PL1_R, .type = ARM_CP_CONST,
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 486f90be1d..546c0e817f 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -847,6 +847,7 @@ static bool
hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
{ HV_SYS_REG_ID_AA64DFR1_EL1, _isar.id_aa64dfr1 },
{ HV_SYS_REG_ID_AA64ISAR0_EL1, _isar.id_aa64isar0 },
{ HV_SYS_REG_ID_AA64ISAR1_EL1, _isar.id_aa64isar1 },
+/* Add ID_AA64ISAR2_EL1 here when HVF supports it */
{ HV_SYS_REG_ID_AA64MMFR0_EL1, _isar.id_aa64mmfr0 },
{ HV_SYS_REG_ID_AA64MMFR1_EL1, _isar.id_aa64mmfr1 },
{ HV_SYS_REG_ID_AA64MMFR2_EL1, _isar.id_aa64mmfr2 },
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 4d904a1d11..ac440c33f9 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -304,6 +304,8 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
ARM64_SYS_REG(3, 0, 0, 6, 0));
err |= read_sys_reg64(fdarray[2], >isar.id_aa64isar1,
ARM64_SYS_REG(3, 0, 0, 6, 1));
+err |= read_sys_reg64(fdarray[2], >isar.id_aa64isar2,
+ ARM64_SYS_REG(3, 0, 0, 6, 2));
err |= read_sys_reg64(fdarray[2], >isar.id_aa64mmfr0,
ARM64_SYS_REG(3, 0, 0, 7, 0));
err |= read_sys_reg64(fdarray[2], >isar.id_aa64mmfr1,
--
2.34.1
Re: [PATCH 03/32] bsd-user: Implement host_to_target_siginfo.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Used in wait6 system call Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/signal-common.h | 1 + bsd-user/signal.c| 6 ++ 2 files changed, 7 insertions(+) Reviewed-by: Richard Henderson r~
[PATCH v5 09/12] target/arm: Implement FEAT_FPAC and FEAT_FPACCOMBINE
From: Aaron Lindsay
Signed-off-by: Aaron Lindsay
Reviewed-by: Richard Henderson
Message-Id: <20230609172324.982888-8-aa...@os.amperecomputing.com>
[rth: Simplify fpac comparison, reusing cmp_mask]
Signed-off-by: Richard Henderson
---
docs/system/arm/emulation.rst | 2 ++
target/arm/syndrome.h | 7 +++
target/arm/tcg/cpu64.c| 2 +-
target/arm/tcg/pauth_helper.c | 18 +-
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 54234ac090..8be04edbcc 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -34,6 +34,8 @@ the following architecture extensions:
- FEAT_FGT (Fine-Grained Traps)
- FEAT_FHM (Floating-point half-precision multiplication instructions)
- FEAT_FP16 (Half-precision floating-point data processing)
+- FEAT_FPAC (Faulting on AUT* instructions)
+- FEAT_FPACCOMBINE (Faulting on combined pointer authentication instructions)
- FEAT_FRINTTS (Floating-point to integer instructions)
- FEAT_FlagM (Flag manipulation instructions v2)
- FEAT_FlagM2 (Enhancements to flag manipulation instructions)
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index 62254d0e51..8a6b8f8162 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -49,6 +49,7 @@ enum arm_exception_class {
EC_SYSTEMREGISTERTRAP = 0x18,
EC_SVEACCESSTRAP = 0x19,
EC_ERETTRAP = 0x1a,
+EC_PACFAIL= 0x1c,
EC_SMETRAP= 0x1d,
EC_GPC= 0x1e,
EC_INSNABORT = 0x20,
@@ -232,6 +233,12 @@ static inline uint32_t syn_smetrap(SMEExceptionType etype,
bool is_16bit)
| (is_16bit ? 0 : ARM_EL_IL) | etype;
}
+static inline uint32_t syn_pacfail(bool data, int keynumber)
+{
+int error_code = (data << 1) | keynumber;
+return (EC_PACFAIL << ARM_EL_EC_SHIFT) | ARM_EL_IL | error_code;
+}
+
static inline uint32_t syn_pactrap(void)
{
return EC_PACTRAP << ARM_EL_EC_SHIFT;
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index d3be14137e..7734058bb1 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -758,7 +758,7 @@ void aarch64_max_tcg_initfn(Object *obj)
t = cpu->isar.id_aa64isar1;
t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_2);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_FPACCOMBINED);
t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index c05c5b30ff..4da2962ad5 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -396,6 +396,14 @@ static uint64_t pauth_original_ptr(uint64_t ptr,
ARMVAParameters param)
}
}
+static G_NORETURN
+void pauth_fail_exception(CPUARMState *env, bool data,
+ int keynumber, uintptr_t ra)
+{
+raise_exception_ra(env, EXCP_UDEF, syn_pacfail(data, keynumber),
+ exception_target_el(env), ra);
+}
+
static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber,
uintptr_t ra, bool is_combined)
@@ -416,7 +424,15 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr,
uint64_t modifier,
cmp_mask &= ~MAKE_64BIT_MASK(55, 1);
if (pauth_feature >= PauthFeat_2) {
-return ptr ^ (pac & cmp_mask);
+ARMPauthFeature fault_feature =
+is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC;
+uint64_t result = ptr ^ (pac & cmp_mask);
+
+if (pauth_feature >= fault_feature
+&& ((result ^ sextract64(result, 55, 1)) & cmp_mask)) {
+pauth_fail_exception(env, data, keynumber, ra);
+}
+return result;
}
if ((pac ^ ptr) & cmp_mask) {
--
2.34.1
[PATCH v5 03/12] target/arm: Add feature detection for FEAT_Pauth2 and extensions
From: Aaron Lindsay
Rename isar_feature_aa64_pauth_arch to isar_feature_aa64_pauth_qarma5
to distinguish the other architectural algorithm qarma3.
Add ARMPauthFeature and isar_feature_pauth_feature to cover the
other pauth conditions.
Reviewed-by: Peter Maydell
Signed-off-by: Aaron Lindsay
Message-Id: <20230609172324.982888-3-aa...@os.amperecomputing.com>
[rth: Add ARMPauthFeature and eliminate most other predicates]
Signed-off-by: Richard Henderson
---
target/arm/cpu.h | 47 +--
target/arm/tcg/pauth_helper.c | 2 +-
2 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4a5a5e9eb8..0e2545d631 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3801,28 +3801,59 @@ static inline bool isar_feature_aa64_fcma(const
ARMISARegisters *id)
return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FCMA) != 0;
}
+/*
+ * These are the values from APA/API/APA3.
+ * In general these must be compared '>=', per the normal Arm ARM
+ * treatment of fields in ID registers.
+ */
+typedef enum {
+PauthFeat_None = 0,
+PauthFeat_1= 1,
+PauthFeat_EPAC = 2,
+PauthFeat_2= 3,
+PauthFeat_FPAC = 4,
+PauthFeat_FPACCOMBINED = 5,
+} ARMPauthFeature;
+
+static inline ARMPauthFeature
+isar_feature_pauth_feature(const ARMISARegisters *id)
+{
+/*
+ * Architecturally, only one of {APA,API,APA3} may be active (non-zero)
+ * and the other two must be zero. Thus we may avoid conditionals.
+ */
+return (FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA) |
+FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, API) |
+FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, APA3));
+}
+
static inline bool isar_feature_aa64_pauth(const ARMISARegisters *id)
{
/*
* Return true if any form of pauth is enabled, as this
* predicate controls migration of the 128-bit keys.
*/
-return (id->id_aa64isar1 &
-(FIELD_DP64(0, ID_AA64ISAR1, APA, 0xf) |
- FIELD_DP64(0, ID_AA64ISAR1, API, 0xf) |
- FIELD_DP64(0, ID_AA64ISAR1, GPA, 0xf) |
- FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0;
+return isar_feature_pauth_feature(id) != PauthFeat_None;
}
-static inline bool isar_feature_aa64_pauth_arch(const ARMISARegisters *id)
+static inline bool isar_feature_aa64_pauth_qarma5(const ARMISARegisters *id)
{
/*
- * Return true if pauth is enabled with the architected QARMA algorithm.
- * QEMU will always set APA+GPA to the same value.
+ * Return true if pauth is enabled with the architected QARMA5 algorithm.
+ * QEMU will always enable or disable both APA and GPA.
*/
return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA) != 0;
}
+static inline bool isar_feature_aa64_pauth_qarma3(const ARMISARegisters *id)
+{
+/*
+ * Return true if pauth is enabled with the architected QARMA3 algorithm.
+ * QEMU will always enable or disable both APA3 and GPA3.
+ */
+return FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, APA3) != 0;
+}
+
static inline bool isar_feature_aa64_tlbirange(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TLB) == 2;
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 62af569341..6271a84ec9 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -282,7 +282,7 @@ static uint64_t pauth_computepac_impdef(uint64_t data,
uint64_t modifier,
static uint64_t pauth_computepac(CPUARMState *env, uint64_t data,
uint64_t modifier, ARMPACKey key)
{
-if (cpu_isar_feature(aa64_pauth_arch, env_archcpu(env))) {
+if (cpu_isar_feature(aa64_pauth_qarma5, env_archcpu(env))) {
return pauth_computepac_architected(data, modifier, key);
} else {
return pauth_computepac_impdef(data, modifier, key);
--
2.34.1
Re: [PATCH 30/32] bsd-user: Implement fork(2) and vfork(2) system calls.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/freebsd/os-proc.h| 34 ++ bsd-user/freebsd/os-syscall.c | 8 2 files changed, 42 insertions(+) Reviewed-by: Richard Henderson r~
Re: [PATCH 26/32] bsd-user: Implement execve(2) and fexecve(2) system calls.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/freebsd/os-proc.h| 49 +++ bsd-user/freebsd/os-syscall.c | 10 +++ 2 files changed, 59 insertions(+) create mode 100644 bsd-user/freebsd/os-proc.h Reviewed-by: Richard Henderson r~
[PATCH v5 12/12] linux-user/aarch64: Add ESR signal frame for PACFAIL
The PACFAIL fault uses ILL_ILLOPN and includes ESR.
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
---
linux-user/aarch64/cpu_loop.c | 7 ++-
linux-user/aarch64/signal.c | 6 ++
tests/tcg/aarch64/pauth-2.c | 25 -
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index 22c9789326..5af17e8724 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -110,7 +110,12 @@ void cpu_loop(CPUARMState *env)
/* just indicate that signals should be handled asap */
break;
case EXCP_UDEF:
-force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, env->pc);
+/* See kernel's do_el0_fpac, and our need_save_esr(). */
+if (syn_get_ec(env->exception.syndrome) == EC_PACFAIL) {
+force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc);
+} else {
+force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, env->pc);
+}
break;
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index 40a476c33e..375b8350f6 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -582,6 +582,7 @@ static bool need_save_esr(target_siginfo_t *info,
CPUARMState *env)
{
int sig = info->si_signo;
int type = info->si_code >> 16;
+int code = info->si_code & 0x;
if (type != QEMU_SI_FAULT) {
return false;
@@ -596,6 +597,11 @@ static bool need_save_esr(target_siginfo_t *info,
CPUARMState *env)
return true;
}
+/* See arch/arm64/kernel/traps.c, do_el0_fpac, and our cpu_loop(). */
+if (sig == TARGET_SIGILL && code == TARGET_ILL_ILLOPN) {
+return true;
+}
+
return false;
}
diff --git a/tests/tcg/aarch64/pauth-2.c b/tests/tcg/aarch64/pauth-2.c
index 89ffdbf1df..aaf7c4a19f 100644
--- a/tests/tcg/aarch64/pauth-2.c
+++ b/tests/tcg/aarch64/pauth-2.c
@@ -5,14 +5,37 @@
#include "pauth.h"
+static inline struct _aarch64_ctx *first_ctx(ucontext_t *uc)
+{
+return (struct _aarch64_ctx *)>uc_mcontext.__reserved;
+}
+
+static inline struct _aarch64_ctx *next_ctx(struct _aarch64_ctx *hdr)
+{
+return (struct _aarch64_ctx *)((char *)hdr + hdr->size);
+}
+
static void sigill(int sig, siginfo_t *info, void *vuc)
{
ucontext_t *uc = vuc;
-uint64_t test;
+struct _aarch64_ctx *hdr;
+struct esr_context *ec;
+uint64_t test, esr;
/* There is only one insn below that is allowed to fault. */
asm volatile("adr %0, auth2_insn" : "=r"(test));
assert(test == uc->uc_mcontext.pc);
+
+/* Find the esr_context. */
+for (hdr = first_ctx(uc); hdr->magic != ESR_MAGIC; hdr = next_ctx(hdr)) {
+assert(hdr->magic != 0);
+}
+
+ec = (struct esr_context *)hdr;
+esr = ec->esr;
+
+assert((esr >> 26) == 0x1c); /* EC_PACFAIL */
+assert((esr & 3) == 2); /* AUTDA: data=1 key=0 */
exit(0);
}
--
2.34.1
[PATCH v5 04/12] target/arm: Don't change pauth features when changing algorithm
We have cpu properties to adjust the pauth algorithm for the
purpose of speed of emulation. Retain the set of pauth features
supported by the cpu even as the algorithm changes.
This already affects the neoverse-v1 cpu, which has FEAT_EPAC.
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
---
target/arm/cpu64.c | 70 +++---
target/arm/tcg/cpu64.c | 2 ++
2 files changed, 47 insertions(+), 25 deletions(-)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 96158093cc..fd584a31da 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -473,37 +473,57 @@ void aarch64_add_sme_properties(Object *obj)
void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
{
-int arch_val = 0, impdef_val = 0;
-uint64_t t;
+ARMPauthFeature features = cpu_isar_feature(pauth_feature, cpu);
+uint64_t isar1;
-/* Exit early if PAuth is enabled, and fall through to disable it */
-if ((kvm_enabled() || hvf_enabled()) && cpu->prop_pauth) {
-if (!cpu_isar_feature(aa64_pauth, cpu)) {
-error_setg(errp, "'pauth' feature not supported by %s on this
host",
- kvm_enabled() ? "KVM" : "hvf");
+/*
+ * These properties enable or disable Pauth as a whole, or change
+ * the pauth algorithm, but do not change the set of features that
+ * are present. We have saved a copy of those features above and
+ * will now place it into the field that chooses the algorithm.
+ *
+ * Begin by disabling all fields.
+ */
+isar1 = cpu->isar.id_aa64isar1;
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, APA, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPA, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 0);
+
+if (kvm_enabled() || hvf_enabled()) {
+/*
+ * Exit early if PAuth is enabled and fall through to disable it.
+ * The algorithm selection properties are not present.
+ */
+if (cpu->prop_pauth) {
+if (features == 0) {
+error_setg(errp, "'pauth' feature not supported by "
+ "%s on this host", current_accel_name());
+}
+return;
+}
+} else {
+/* Pauth properties are only present when the model supports it. */
+if (features == 0) {
+assert(!cpu->prop_pauth);
+return;
}
-return;
-}
-
-/* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */
-if (cpu->prop_pauth) {
-if (cpu->prop_pauth_impdef) {
-impdef_val = 1;
-} else {
-arch_val = 1;
+if (cpu->prop_pauth) {
+if (cpu->prop_pauth_impdef) {
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, features);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 1);
+} else {
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, APA, features);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPA, 1);
+}
+} else if (cpu->prop_pauth_impdef) {
+error_setg(errp, "cannot enable pauth-impdef without pauth");
+error_append_hint(errp, "Add pauth=on to the CPU property
list.\n");
}
-} else if (cpu->prop_pauth_impdef) {
-error_setg(errp, "cannot enable pauth-impdef without pauth");
-error_append_hint(errp, "Add pauth=on to the CPU property list.\n");
}
-t = cpu->isar.id_aa64isar1;
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, API, impdef_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPI, impdef_val);
-cpu->isar.id_aa64isar1 = t;
+cpu->isar.id_aa64isar1 = isar1;
}
static Property arm_cpu_pauth_property =
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 8019f00bc3..fec6a4875d 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -758,6 +758,8 @@ void aarch64_max_tcg_initfn(Object *obj)
t = cpu->isar.id_aa64isar1;
t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); /* FEAT_DPB2 */
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_1);
+t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
t = FIELD_DP64(t, ID_AA64ISAR1, LRCPC, 2);/* FEAT_LRCPC2 */
--
2.34.1
Re: [PATCH v8 08/12] virtio-sound: handle VIRTIO_SND_R_PCM_PREPARE
Emmanouil Pitsidianakis writes: > Handles the PCM prepare control request. It initializes a PCM stream > when the guests asks for it. > > Based-on: > https://github.com/OpenSynergy/qemu/commit/5a2f350eec5d157b90d9c7b40a8e603f4da92471 > Signed-off-by: Igor Skalkin > Signed-off-by: Anton Yakovlev > Signed-off-by: Emmanouil Pitsidianakis > Reviewed-by: Alex Bennée -- Alex Bennée Virtualisation Tech Lead @ Linaro
Re: [PATCH 23/32] bsd-user: Implement t2h procctl control request commands and h2t reaper status struct conversion.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/freebsd/os-proc.c | 52 ++
1 file changed, 52 insertions(+)
diff --git a/bsd-user/freebsd/os-proc.c b/bsd-user/freebsd/os-proc.c
index 396f258a64..f069472156 100644
--- a/bsd-user/freebsd/os-proc.c
+++ b/bsd-user/freebsd/os-proc.c
@@ -249,3 +249,55 @@ execve_end:
return ret;
}
+#include
+
+static abi_long
+t2h_procctl_cmd(int target_cmd, int *host_cmd)
+{
+
Identity function?
r~
Re: [PATCH 19/32] bsd-user: Implement getpriority(2) and setpriority(2).
On 8/27/23 08:57, Karim Taha wrote:
+static inline abi_long do_bsd_getpriority(abi_long which, abi_long who)
+{
+abi_long ret;
+/*
+ * Note that negative values are valid for getpriority, so we must
+ * differentiate based on errno settings.
+ */
+errno = 0;
+ret = getpriority(which, who);
+if (ret == -1 && errno != 0) {
+ret = -host_to_target_errno(errno);
+return ret;
+}
+/* Return value is a biased priority to avoid negative numbers. */
+ret = 20 - ret;
This appears to be a linux-ism.
There is no such bias in sys/kern/kern_resource.c, kern_getpriority(), but there is in
sys/compat/linux/linux_misc.c, linux_getpriority().
r~
[PATCH v5 00/12] Implement Most ARMv8.3 Pointer Authentication Features
Changes for v5: * Updates for review. * Include linux-user ESR changes. Patch 10 is the only one without review. r~ Aaron Lindsay (6): target/arm: Add ID_AA64ISAR2_EL1 target/arm: Add feature detection for FEAT_Pauth2 and extensions target/arm: Implement FEAT_EPAC target/arm: Implement FEAT_Pauth2 targer/arm: Inform helpers whether a PAC instruction is 'combined' target/arm: Implement FEAT_FPAC and FEAT_FPACCOMBINE Richard Henderson (6): tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC target/arm: Don't change pauth features when changing algorithm target/arm: Implement FEAT_PACQARMA3 linux-user/aarch64: Add ESR signal frame for SIGSEGV, SIGBUS linux-user/aarch64: Fix normal SIGILL si_code linux-user/aarch64: Add ESR signal frame for PACFAIL docs/system/arm/cpu-features.rst | 21 ++-- docs/system/arm/emulation.rst | 7 ++ target/arm/cpu.h | 49 ++-- target/arm/syndrome.h | 7 ++ target/arm/tcg/helper-a64.h | 4 + tests/tcg/aarch64/pauth.h | 23 linux-user/aarch64/cpu_loop.c | 7 +- linux-user/aarch64/signal.c | 58 +- target/arm/arm-qmp-cmds.c | 2 +- target/arm/cpu64.c| 86 ++ target/arm/helper.c | 4 +- target/arm/hvf/hvf.c | 1 + target/arm/kvm64.c| 2 + target/arm/tcg/cpu64.c| 2 + target/arm/tcg/pauth_helper.c | 180 -- target/arm/tcg/tlb_helper.c | 8 +- target/arm/tcg/translate-a64.c| 12 +- tests/qtest/arm-cpu-features.c| 12 +- tests/tcg/aarch64/pauth-2.c | 77 +++-- tests/tcg/aarch64/pauth-4.c | 18 ++- tests/tcg/aarch64/pauth-5.c | 10 ++ tests/tcg/aarch64/Makefile.target | 6 +- 22 files changed, 497 insertions(+), 99 deletions(-) create mode 100644 tests/tcg/aarch64/pauth.h -- 2.34.1
Re: [PATCH 08/32] bsd-user: Implement target_to_host_rlim and host_to_target_rlim conversion.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/bsd-proc.c | 33 +
1 file changed, 33 insertions(+)
Reviewed-by: Richard Henderson
+rlim_t target_to_host_rlim(abi_llong target_rlim)
+{
+abi_llong target_rlim_swap;
+rlim_t result;
+
+target_rlim_swap = tswap64(target_rlim);
+if (target_rlim_swap == TARGET_RLIM_INFINITY) {
+return RLIM_INFINITY;
+}
+
+result = target_rlim_swap;
+if (target_rlim_swap != (rlim_t)result) {
+return RLIM_INFINITY;
+}
+
+return result;
+}
+
+abi_llong host_to_target_rlim(rlim_t rlim)
+{
+abi_llong target_rlim_swap;
+abi_llong result;
+
+if (rlim == RLIM_INFINITY || rlim != (abi_llong)rlim) {
+target_rlim_swap = TARGET_RLIM_INFINITY;
+} else {
+target_rlim_swap = rlim;
+}
+result = tswap64(target_rlim_swap);
+
+return result;
+}
Though I think these are the identity function as well, since afaict we're always talking
about 64-bit data.
r~
Re: [PATCH 31/32] bsd-user: Implement rfork(2) system call.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/freebsd/os-proc.h| 38 +++ bsd-user/freebsd/os-syscall.c | 4 2 files changed, 42 insertions(+) Reviewed-by: Richard Henderson +/* + * XXX We need to handle RFMEM here, as well. Neither are safe to execute + * as-is on x86 hosts because they'll split memory but not the stack, + * wreaking havoc on host architectures that use the stack to store the + * return address as both threads try to pop it off. Rejecting RFSPAWN + * entirely for now is ok, the only consumer at the moment is posix_spawn + * and it will fall back to classic vfork(2) if we return EINVAL. + */ +if ((flags & TARGET_RFSPAWN) != 0) +return -TARGET_EINVAL; Braces. r~
[PATCH V4 11/11] tests/qtest: background migration with suspend
Add a test case to verify that the suspended state is handled correctly by
a background migration. The test suspends the src, migrates, then wakes
the dest.
Signed-off-by: Steve Sistare
---
tests/qtest/migration-test.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 6306fb0..5cc8b91 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -1679,6 +1679,26 @@ static void test_precopy_unix_suspend_notlive(void)
test_precopy_common();
}
+static void *test_bg_suspend_start(QTestState *from, QTestState *to)
+{
+migrate_set_capability(from, "background-snapshot", true);
+return NULL;
+}
+
+static void test_bg_suspend(void)
+{
+g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
+MigrateCommon args = {
+.listen_uri = uri,
+.connect_uri = uri,
+.live = true, /* runs fast, the src suspends immediately. */
+.start.suspend_me = true,
+.start_hook = test_bg_suspend_start
+};
+
+test_precopy_common();
+}
+
static void test_precopy_unix_dirty_ring(void)
{
g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
@@ -2905,6 +2925,7 @@ int main(int argc, char **argv)
if (is_x86) {
qtest_add_func("/migration/postcopy/suspend",
test_postcopy_suspend);
+qtest_add_func("/migration/bg/suspend", test_bg_suspend);
}
}
--
1.8.3.1
Re: [PATCH v2 1/4] nbd: drop unused nbd_receive_negotiate() aio_context argument
On Tue, Aug 29, 2023 at 12:06:19PM -0400, Stefan Hajnoczi wrote: > aio_context is always NULL, so drop it. > > Suggested-by: Fabiano Rosas > Signed-off-by: Stefan Hajnoczi > --- > include/block/nbd.h | 3 +-- > nbd/client-connection.c | 3 +-- > nbd/client.c| 5 ++--- > qemu-nbd.c | 4 ++-- > 4 files changed, 6 insertions(+), 9 deletions(-) > Reviewed-by: Eric Blake -- Eric Blake, Principal Software Engineer Red Hat, Inc. Virtualization: qemu.org | libguestfs.org
Re: [PATCH v4 1/9] tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC
On 8/29/23 05:52, Peter Maydell wrote: -run-pauth-%: QEMU_OPTS += -cpu max +run-pauth-1: QEMU_OPTS += -cpu max +run-pauth-2: QEMU_OPTS += -cpu max +run-pauth-4: QEMU_OPTS += -cpu neoverse-v1 +run-pauth-5: QEMU_OPTS += -cpu neoverse-v1 Why do we need to specify neoverse-v1 here ? A comment would help. neoverse-v1 has FEAT_EPAC, but not FEAT_FPAC. r~
[PATCH v5 14/20] linux-user/arm: Add vdso
Signed-off-by: Richard Henderson
---
linux-user/arm/signal.c| 28 +++---
linux-user/elfload.c | 3 +-
linux-user/arm/meson.build | 35
linux-user/arm/vdso-be.so | Bin 0 -> 2680 bytes
linux-user/arm/vdso-le.so | Bin 0 -> 2680 bytes
linux-user/arm/vdso.S | 177 +
linux-user/arm/vdso.ld | 67 ++
7 files changed, 293 insertions(+), 17 deletions(-)
create mode 100755 linux-user/arm/vdso-be.so
create mode 100755 linux-user/arm/vdso-le.so
create mode 100644 linux-user/arm/vdso.S
create mode 100644 linux-user/arm/vdso.ld
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
index cf99fd7b8a..c328d31081 100644
--- a/linux-user/arm/signal.c
+++ b/linux-user/arm/signal.c
@@ -167,9 +167,8 @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
int usig,
abi_ulong handler = 0;
abi_ulong handler_fdpic_GOT = 0;
abi_ulong retcode;
-int thumb, retcode_idx;
+int thumb;
int is_fdpic = info_is_fdpic(((TaskState *)thread_cpu->opaque)->info);
-bool copy_retcode;
if (is_fdpic) {
/* In FDPIC mode, ka->_sa_handler points to a function
@@ -184,9 +183,7 @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
int usig,
} else {
handler = ka->_sa_handler;
}
-
thumb = handler & 1;
-retcode_idx = thumb + (ka->sa_flags & TARGET_SA_SIGINFO ? 2 : 0);
uint32_t cpsr = cpsr_read(env);
@@ -202,24 +199,23 @@ setup_return(CPUARMState *env, struct target_sigaction
*ka, int usig,
cpsr &= ~CPSR_E;
}
+/* Our vdso default_sigreturn label is a table of entry points. */
+int idx = is_fdpic * 2 + ((ka->sa_flags & TARGET_SA_SIGINFO) != 0);
+retcode = default_sigreturn + idx * 16;
+
+/*
+ * Put the sigreturn code on the stack no matter which return
+ * mechanism we use in order to remain ABI compliant.
+ */
+memcpy(frame->retcode, g2h_untagged(retcode & ~1), 16);
+
if (ka->sa_flags & TARGET_SA_RESTORER) {
if (is_fdpic) {
+/* Place the function descriptor in slot 3. */
__put_user((abi_ulong)ka->sa_restorer, >retcode[3]);
-retcode = (sigreturn_fdpic_tramp +
- retcode_idx * RETCODE_BYTES + thumb);
-copy_retcode = true;
} else {
retcode = ka->sa_restorer;
-copy_retcode = false;
}
-} else {
-retcode = default_sigreturn + retcode_idx * RETCODE_BYTES + thumb;
-copy_retcode = true;
-}
-
-/* Copy the code to the stack slot for ABI compatibility. */
-if (copy_retcode) {
-memcpy(frame->retcode, g2h_untagged(retcode & ~1), RETCODE_BYTES);
}
env->regs[0] = usig;
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 8316868bd2..cd2ab4292c 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -768,6 +768,8 @@ static uint32_t get_elf_hwcap2(void)
#undef GET_FEATURE_ID
+#endif /* not TARGET_AARCH64 */
+
#if TARGET_BIG_ENDIAN
# include "vdso-be.c.inc"
#else
@@ -775,7 +777,6 @@ static uint32_t get_elf_hwcap2(void)
#endif
#define vdso_image_info()_image_info
-#endif /* not TARGET_AARCH64 */
#endif /* TARGET_ARM */
#ifdef TARGET_SPARC
diff --git a/linux-user/arm/meson.build b/linux-user/arm/meson.build
index 5a93c925cf..6a8ce075c3 100644
--- a/linux-user/arm/meson.build
+++ b/linux-user/arm/meson.build
@@ -5,3 +5,38 @@ syscall_nr_generators += {
arguments: [ meson.current_source_dir() / 'syscallhdr.sh',
'@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
output: '@BASENAME@_nr.h')
}
+
+# TARGET_BIG_ENDIAN is defined to 'n' for little-endian; which means it
+# is always true as far as source_set.apply() is concerned. Always build
+# both header files and include the right one via #if.
+
+vdso_cmd = [
+build_vdso_cmd,
+'-B', meson.project_build_root(),
+'-C', meson.current_source_dir(),
+'-T', 'arm-linux-user',
+'-o', '@OUTPUT@',
+'--',
+'-nostdlib', '-shared',
+'-Wl,-use-blx',
+'-Wl,-h,linux-vdso.so.1',
+'-Wl,--build-id=sha1',
+'-Wl,--hash-style=both',
+'-Wl,-T,@INPUT1@',
+'@INPUT0@'
+]
+
+vdso_le_so = custom_target(output: 'vdso-le.so',
+ input: files('vdso.S', 'vdso.ld'),
+ command: vdso_cmd + ['-mlittle-endian'])
+
+vdso_be_so = custom_target(output: 'vdso-be.so',
+ input: files('vdso.S', 'vdso.ld'),
+ command: vdso_cmd + ['-mbig-endian'])
+
+gen = [
+ gen_vdso.process(vdso_be_so, extra_args: ['-s', 'sigreturn_codes']),
+ gen_vdso.process(vdso_le_so, extra_args: ['-s', 'sigreturn_codes'])
+]
+
+linux_user_ss.add(when: 'TARGET_ARM', if_true: gen)
diff --git a/linux-user/arm/vdso-be.so b/linux-user/arm/vdso-be.so
new file mode 100755
index
..591db80fe47540707e5c627443ac566d7f2c7c60
GIT
Re: [PATCH 24/32] bsd-user: Implement h2t reaper_pidinfo and h2t/t2h reaper_kill structs conversion functions.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/freebsd/os-proc.c | 50 ++
1 file changed, 50 insertions(+)
diff --git a/bsd-user/freebsd/os-proc.c b/bsd-user/freebsd/os-proc.c
index f069472156..a413109bc2 100644
--- a/bsd-user/freebsd/os-proc.c
+++ b/bsd-user/freebsd/os-proc.c
@@ -301,3 +301,53 @@ h2t_reaper_status(struct procctl_reaper_status *host_rs,
return 0;
}
+static abi_long
+t2h_reaper_kill(abi_ulong target_rk_addr, struct procctl_reaper_kill *host_rk)
+{
+struct target_procctl_reaper_kill *target_rk;
+
Unused functions will error; non-bisectable.
r~
Re: [PATCH 29/32] bsd-user: Implement pdgetpid(2) and the undocumented setugid.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/freebsd/os-proc.h| 23 +++
bsd-user/freebsd/os-syscall.c | 8
2 files changed, 31 insertions(+)
Reviewed-by: Richard Henderson
+/* undocumented __setugid */
+static inline abi_long do_freebsd___setugid(abi_long arg1)
+{
+return get_errno(__setugid(arg1));
+}
Given that this is
#ifdef REGRESSION
...
#else /* !REGRESSION */
return (ENOSYS);
#endif /* REGRESSION */
in current freebsd, we could probably just stub this out?
r~
[PATCH v5 06/20] linux-user: Use ImageSource in load_symbols
Aside from the section headers, we're unlikely to hit the
ImageSource cache on guest executables. But the interface
for imgsrc_read_* is better.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 87
1 file changed, 48 insertions(+), 39 deletions(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 833c22da25..f34fb64c0c 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2049,7 +2049,8 @@ static inline void
bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) { }
#ifdef USE_ELF_CORE_DUMP
static int elf_core_dump(int, const CPUArchState *);
#endif /* USE_ELF_CORE_DUMP */
-static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
+static void load_symbols(struct elfhdr *hdr, const ImageSource *src,
+ abi_ulong load_bias);
/* Verify the portions of EHDR within E_IDENT for the target.
This can be performed before bswapping the entire header. */
@@ -3294,7 +3295,7 @@ static void load_elf_image(const char *image_name, const
ImageSource *src,
}
if (qemu_log_enabled()) {
-load_symbols(ehdr, src->fd, load_bias);
+load_symbols(ehdr, src, load_bias);
}
debuginfo_report_elf(image_name, src->fd, load_bias);
@@ -3385,19 +3386,20 @@ static int symcmp(const void *s0, const void *s1)
}
/* Best attempt to load symbols from this ELF object. */
-static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
+static void load_symbols(struct elfhdr *hdr, const ImageSource *src,
+ abi_ulong load_bias)
{
int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
-uint64_t segsz;
-struct elf_shdr *shdr;
+g_autofree struct elf_shdr *shdr = NULL;
char *strings = NULL;
-struct syminfo *s = NULL;
-struct elf_sym *new_syms, *syms = NULL;
+struct elf_sym *syms = NULL;
+struct elf_sym *new_syms;
+uint64_t segsz;
shnum = hdr->e_shnum;
-i = shnum * sizeof(struct elf_shdr);
-shdr = (struct elf_shdr *)alloca(i);
-if (pread(fd, shdr, i, hdr->e_shoff) != i) {
+shdr = imgsrc_read_alloc(hdr->e_shoff, shnum * sizeof(struct elf_shdr),
+ src, NULL);
+if (shdr == NULL) {
return;
}
@@ -3415,31 +3417,33 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
found:
/* Now know where the strtab and symtab are. Snarf them. */
-s = g_try_new(struct syminfo, 1);
-if (!s) {
-goto give_up;
-}
segsz = shdr[str_idx].sh_size;
-s->disas_strtab = strings = g_try_malloc(segsz);
-if (!strings ||
-pread(fd, strings, segsz, shdr[str_idx].sh_offset) != segsz) {
+strings = g_try_malloc(segsz);
+if (!strings) {
+goto give_up;
+}
+if (!imgsrc_read(strings, shdr[str_idx].sh_offset, segsz, src, NULL)) {
goto give_up;
}
segsz = shdr[sym_idx].sh_size;
-syms = g_try_malloc(segsz);
-if (!syms || pread(fd, syms, segsz, shdr[sym_idx].sh_offset) != segsz) {
-goto give_up;
-}
-
if (segsz / sizeof(struct elf_sym) > INT_MAX) {
-/* Implausibly large symbol table: give up rather than ploughing
- * on with the number of symbols calculation overflowing
+/*
+ * Implausibly large symbol table: give up rather than ploughing
+ * on with the number of symbols calculation overflowing.
*/
goto give_up;
}
nsyms = segsz / sizeof(struct elf_sym);
+syms = g_try_malloc(segsz);
+if (!syms) {
+goto give_up;
+}
+if (!imgsrc_read(syms, shdr[sym_idx].sh_offset, segsz, src, NULL)) {
+goto give_up;
+}
+
for (i = 0; i < nsyms; ) {
bswap_sym(syms + i);
/* Throw away entries which we do not need. */
@@ -3464,10 +3468,12 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
goto give_up;
}
-/* Attempt to free the storage associated with the local symbols
- that we threw away. Whether or not this has any effect on the
- memory allocation depends on the malloc implementation and how
- many symbols we managed to discard. */
+/*
+ * Attempt to free the storage associated with the local symbols
+ * that we threw away. Whether or not this has any effect on the
+ * memory allocation depends on the malloc implementation and how
+ * many symbols we managed to discard.
+ */
new_syms = g_try_renew(struct elf_sym, syms, nsyms);
if (new_syms == NULL) {
goto give_up;
@@ -3476,20 +3482,23 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
qsort(syms, nsyms, sizeof(*syms), symcmp);
-s->disas_num_syms = nsyms;
-#if ELF_CLASS == ELFCLASS32
-s->disas_symtab.elf32 = syms;
-#else
-s->disas_symtab.elf64 = syms;
-#endif
-s->lookup_symbol =
[PATCH 0/9] migration: Better error handling in rp thread, allow failures in recover
This patchset supersedes below: [PATCH v2 0/7] migration: Better error handling in return path thread Another note is that this might conflict with Fabiano's other patchset to fix postcopy race conditions, but maybe not. If collapse, I can rebase. Let me send this out still for early reviews. I dropped the last patch there (which wasn't clear on being beneficial) from last version, meanwhile added three more patches to address an issue reported from our QE team that one postcopy migration can stuck in RECOVER stage and never got kicked out. For more information of that problem, one can refer to the last patch commit message. Since this one covers more issues, I renamed the subject, and let me version it from v1. I still collected most of R-bs from Fabiano since last version (patches 1-6). Please have a look, thanks. Peter Xu (9): migration: Display error in query-migrate irrelevant of status migration: Let migrate_set_error() take ownership migration: Introduce migrate_has_error() migration: Refactor error handling in source return path migration: Deliver return path file error to migrate state too qemufile: Always return a verbose error migration: Remember num of ramblocks to sync during recovery migration: Add migration_rp_wait|kick() migration/postcopy: Allow network to fail even during recovery qapi/migration.json | 5 +- migration/migration.h| 25 - migration/qemu-file.h| 1 + migration/ram.h | 5 +- migration/channel.c | 1 - migration/migration.c| 230 +++ migration/multifd.c | 10 +- migration/postcopy-ram.c | 1 - migration/qemu-file.c| 17 ++- migration/ram.c | 77 +++-- migration/trace-events | 2 +- 11 files changed, 248 insertions(+), 126 deletions(-) -- 2.41.0
Re: [PULL 0/4] tcg patch queue
On 8/29/23 10:02, Richard Henderson wrote: The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0: Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400) are available in the Git repository at: https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230829 for you to fetch changes up to dad2f2f5afbaf58d6056f31dfd4b9edd0854b8ab: tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32 (2023-08-29 09:57:39 -0700) softmmu: Use async_run_on_cpu in tcg_commit tcg: Remove vecop_list check from tcg_gen_not_vec tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32 Disregard this PR. I will re-issue with the abi_ptr change reverted. r~
Re: [PATCH v8 06/12] virtio-sound: handle VIRTIO_SND_R_PCM_{START,STOP}
Emmanouil Pitsidianakis writes: > Handle the start and stop control messages for a stream_id. This request > does nothing at the moment except for replying to it. Audio playback > or capture will be started/stopped here in follow-up commits. > > Based-on: > https://github.com/OpenSynergy/qemu/commit/5a2f350eec5d157b90d9c7b40a8e603f4da92471 > Signed-off-by: Igor Skalkin > Signed-off-by: Anton Yakovlev > Signed-off-by: Emmanouil Pitsidianakis > Reviewed-by: Alex Bennée -- Alex Bennée Virtualisation Tech Lead @ Linaro
Re: [PATCH 05/10] meson: compile bundled device trees
On 8/29/23 07:25, Philippe Mathieu-Daudé wrote:
On 29/8/23 10:29, Paolo Bonzini wrote:
If dtc is available, compile the .dts files in the pc-bios directory
instead of using the precompiled binaries.
Signed-off-by: Paolo Bonzini
---
pc-bios/Makefile | 19 ---
pc-bios/meson.build | 25 +
2 files changed, 21 insertions(+), 23 deletions(-)
delete mode 100644 pc-bios/Makefile
+dtc = find_program('dtc', required: false)
+foreach f : [
+ 'bamboo.dts',
+ 'canyonlands.dts',
+ 'petalogix-s3adsp1800.dts',
+ 'petalogix-ml605.dts',
+]
+ out = fs.replace_suffix(f, '.dtb')
Does that work when building from read-only source directory?
+ if dtc.found()
+ custom_target(f,
+ build_by_default: have_system,
+ input: files(f),
+ output: out,
Yes, because the output will be in the build directory, and installed from
there,
+ install: get_option('install_blobs'),
+ install_dir: qemu_datadir,
+ command: [ dtc, '-I', 'dts', '-O', 'dtb', '-o', '@OUTPUT@', '@INPUT0@'
])
+ else
+ blobs += out
whereas the fallback case copies from the source directory.
r~
+ endif
+endforeach
+
if get_option('install_blobs')
install_data(blobs, install_dir: qemu_datadir)
endif
Re: [PATCH 29/32] bsd-user: Implement pdgetpid(2) and the undocumented setugid.
On Tue, Aug 29, 2023 at 2:36 PM Richard Henderson <
richard.hender...@linaro.org> wrote:
> On 8/27/23 08:57, Karim Taha wrote:
> > From: Stacey Son
> >
> > Signed-off-by: Stacey Son
> > Signed-off-by: Karim Taha
> > ---
> > bsd-user/freebsd/os-proc.h| 23 +++
> > bsd-user/freebsd/os-syscall.c | 8
> > 2 files changed, 31 insertions(+)
>
> Reviewed-by: Richard Henderson
>
> > +/* undocumented __setugid */
> > +static inline abi_long do_freebsd___setugid(abi_long arg1)
> > +{
> > +return get_errno(__setugid(arg1));
> > +}
>
> Given that this is
>
> #ifdef REGRESSION
> ...
> #else /* !REGRESSION */
> return (ENOSYS);
> #endif /* REGRESSION */
>
> in current freebsd, we could probably just stub this out?
>
I agree...
The REGRESSION kernel option exists only so that the
tools/regression/security/proc_to_proc tests
can run. this is an interesting set of tests, but hasn't been updated since
2004, except for the
usual 'churn' commits required by sweeps for new-compiler things, or
project policy changes.
So it's not even clear if this specific regression test is still
interesting (though there are many
other tests in the tree that are recent and under active development).
So it's irrelevant to the bsd-user emulator, and returning ENOSYS will
match perfectly what almost any
kernel deployed will do.
Warner
[PATCH v5 19/20] linux-user/s390x: Rename __SIGNAL_FRAMESIZE to STACK_FRAME_OVERHEAD
Signed-off-by: Richard Henderson
---
linux-user/s390x/signal.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/linux-user/s390x/signal.c b/linux-user/s390x/signal.c
index f72165576f..0f8b8e04bf 100644
--- a/linux-user/s390x/signal.c
+++ b/linux-user/s390x/signal.c
@@ -26,7 +26,8 @@
#define __NUM_FPRS 16
#define __NUM_ACRS 16
-#define __SIGNAL_FRAMESIZE 160 /* FIXME: 31-bit mode -> 96 */
+/* Minimum stack frame size */
+#define STACK_FRAME_OVERHEAD160
#define _SIGCONTEXT_NSIG64
#define _SIGCONTEXT_NSIG_BPW64 /* FIXME: 31-bit mode -> 32 */
@@ -63,7 +64,7 @@ typedef struct {
} target_sigcontext;
typedef struct {
-uint8_t callee_used_stack[__SIGNAL_FRAMESIZE];
+uint8_t callee_used_stack[STACK_FRAME_OVERHEAD];
target_sigcontext sc;
target_sigregs sregs;
int signo;
@@ -83,7 +84,7 @@ struct target_ucontext {
};
typedef struct {
-uint8_t callee_used_stack[__SIGNAL_FRAMESIZE];
+uint8_t callee_used_stack[STACK_FRAME_OVERHEAD];
/*
* This field is no longer initialized by the kernel, but it's still a part
* of the ABI.
--
2.34.1
Re: [PATCH v8 05/12] virtio-sound: handle VIRTIO_SND_R_PCM_INFO request
Emmanouil Pitsidianakis writes: > Respond to the VIRTIO_SND_R_PCM_INFO control request with the parameters > of each requested PCM stream. > > Based-on: > https://github.com/OpenSynergy/qemu/commit/5a2f350eec5d157b90d9c7b40a8e603f4da92471 > Signed-off-by: Igor Skalkin > Signed-off-by: Anton Yakovlev > Signed-off-by: Emmanouil Pitsidianakis > Reviewed-by: Alex Bennée -- Alex Bennée Virtualisation Tech Lead @ Linaro
Re: [PATCH 20/32] bsd-user: Add freebsd/os-proc.c to meson.build
On 8/27/23 08:57, Karim Taha wrote: Signed-off-by: Karim Taha --- bsd-user/freebsd/meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/bsd-user/freebsd/meson.build b/bsd-user/freebsd/meson.build index f87c788e84..d169e31235 100644 --- a/bsd-user/freebsd/meson.build +++ b/bsd-user/freebsd/meson.build @@ -1,4 +1,5 @@ bsd_user_ss.add(files( + 'os-proc.c', 'os-sys.c', 'os-syscall.c', )) This won't build -- won't configure -- without the file being present. Just merge into the next patch. r~
[PATCH V4 04/11] migration: preserve suspended for snapshot
Restoring a snapshot can break a suspended guest.
If a guest is suspended and saved to a snapshot using savevm, and qemu
is terminated and restarted with the -S option, then loadvm does not
restore the guest. The runstate is running, but the guest is not, because
vm_start was not called. The root cause is that loadvm does not restore
the runstate (eg suspended) from global_state loaded from the state file.
Restore the runstate, and allow the new state transitions that are possible.
Signed-off-by: Steve Sistare
---
migration/savevm.c | 1 +
softmmu/runstate.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/migration/savevm.c b/migration/savevm.c
index eba3653..7b9c477 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -3194,6 +3194,7 @@ bool load_snapshot(const char *name, const char *vmstate,
}
aio_context_acquire(aio_context);
ret = qemu_loadvm_state(f);
+migrate_set_runstate();
migration_incoming_state_destroy();
aio_context_release(aio_context);
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index f3bd862..21d7407 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -77,6 +77,8 @@ typedef struct {
static const RunStateTransition runstate_transitions_def[] = {
{ RUN_STATE_PRELAUNCH, RUN_STATE_INMIGRATE },
+{ RUN_STATE_PRELAUNCH, RUN_STATE_PAUSED },
+{ RUN_STATE_PRELAUNCH, RUN_STATE_SUSPENDED },
{ RUN_STATE_DEBUG, RUN_STATE_RUNNING },
{ RUN_STATE_DEBUG, RUN_STATE_FINISH_MIGRATE },
--
1.8.3.1
Re: [PATCH 3/3] linux-user/aarch64: Add ESR signal frame for PACFAIL
On 8/29/23 07:46, Peter Maydell wrote:
+/* See arch/arm64/kernel/traps.c, do_el0_fpac, and our cpu_loop(). */
+if (sig == TARGET_SIGILL && code == TARGET_ILL_ILLOPN) {
+return true;
+}
This works, but we'll need to do something else if the kernel adds
some other fault later that is reported as ILLOPN but without
an ESR record...
Yes. I'm not happy about the separation in logic, but I can't think of a better way at
present.
r~
[PATCH v5 12/20] linux-user/x86_64: Add vdso
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 4 +-
linux-user/x86_64/meson.build | 20 +
linux-user/x86_64/vdso.S | 78 ++
linux-user/x86_64/vdso.ld | 73 +++
linux-user/x86_64/vdso.so | Bin 0 -> 2968 bytes
5 files changed, 173 insertions(+), 2 deletions(-)
create mode 100644 linux-user/x86_64/vdso.S
create mode 100644 linux-user/x86_64/vdso.ld
create mode 100755 linux-user/x86_64/vdso.so
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index fb876ae30a..b421f04675 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -317,12 +317,12 @@ static void elf_core_copy_regs(target_elf_gregset_t
*regs, const CPUX86State *en
#define DLINFO_ARCH_ITEMS 1
#define ARCH_DLINFO NEW_AUX_ENT(AT_SYSINFO, vdso_info->entry);
+#endif /* TARGET_X86_64 */
+
#include "vdso.c.inc"
#define vdso_image_info()_image_info
-#endif /* TARGET_X86_64 */
-
#define USE_ELF_CORE_DUMP
#define ELF_EXEC_PAGESIZE 4096
diff --git a/linux-user/x86_64/meson.build b/linux-user/x86_64/meson.build
index 203af9a60c..6744563a11 100644
--- a/linux-user/x86_64/meson.build
+++ b/linux-user/x86_64/meson.build
@@ -3,3 +3,23 @@ syscall_nr_generators += {
arguments: [ meson.current_source_dir() /
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
output: '@BASENAME@_nr.h')
}
+
+vdso_so = custom_target(output: 'vdso.so',
+input: files('vdso.S', 'vdso.ld'),
+command: [
+build_vdso_cmd,
+'-B', meson.project_build_root(),
+'-C', meson.current_source_dir(),
+'-T', 'x86_64-linux-user',
+'-o', '@OUTPUT@',
+ '--', '-nostdlib', '-shared',
+ '-Wl,-h,linux-vdso.so.1',
+'-Wl,--build-id=sha1',
+'-Wl,--hash-style=both',
+'-Wl,-T,@INPUT1@',
+'@INPUT0@'
+])
+
+vdso_inc = gen_vdso.process(vdso_so)
+
+linux_user_ss.add(when: 'TARGET_X86_64', if_true: vdso_inc)
diff --git a/linux-user/x86_64/vdso.S b/linux-user/x86_64/vdso.S
new file mode 100644
index 00..47d16c00ab
--- /dev/null
+++ b/linux-user/x86_64/vdso.S
@@ -0,0 +1,78 @@
+/*
+ * x86-64 linux replacement vdso.
+ *
+ * Copyright 2023 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include
+
+.macro endf name
+ .globl \name
+ .type \name, @function
+ .size \name, . - \name
+.endm
+
+.macro weakalias name
+\name = __vdso_\name
+ .weak \name
+.endm
+
+.macro vdso_syscall name, nr
+__vdso_\name:
+ mov $\nr, %eax
+ syscall
+ ret
+endf __vdso_\name
+weakalias \name
+.endm
+
+ .cfi_startproc
+
+vdso_syscall clock_gettime, __NR_clock_gettime
+vdso_syscall clock_getres, __NR_clock_getres
+vdso_syscall gettimeofday, __NR_gettimeofday
+vdso_syscall time, __NR_time
+
+__vdso_getcpu:
+ /*
+ * There is no syscall number for this allocated on x64.
+* We can handle this several ways:
+ *
+* (1) Invent a syscall number for use within qemu.
+ * It should be easy enough to pick a number that
+ * is well out of the way of the kernel numbers.
+ *
+ * (2) Force the emulated cpu to support the rdtscp insn,
+* and initialize the TSC_AUX value the appropriate value.
+ *
+* (3) Pretend that we're always running on cpu 0.
+ *
+* This last is the one that's implemented here, with the
+* tiny bit of extra code to support rdtscp in place.
+ */
+ xor %ecx, %ecx /* rdtscp w/ tsc_aux = 0 */
+
+ /* if (cpu != NULL) *cpu = (ecx & 0xfff); */
+ test%rdi, %rdi
+ jz 1f
+ mov %ecx, %eax
+ and $0xfff, %eax
+ mov %eax, (%rdi)
+
+ /* if (node != NULL) *node = (ecx >> 12); */
+1: test%rsi, %rsi
+ jz 2f
+ shr $12, %ecx
+ mov %ecx, (%rsi)
+
+2: xor %eax, %eax
+ ret
+endf __vdso_getcpu
+
+weakalias getcpu
+
+ .cfi_endproc
+
+/* TODO: Add elf note for LINUX_VERSION_CODE */
diff --git a/linux-user/x86_64/vdso.ld b/linux-user/x86_64/vdso.ld
new file mode 100644
index 00..ca6001cc3c
--- /dev/null
+++ b/linux-user/x86_64/vdso.ld
@@ -0,0 +1,73 @@
+/*
+ * Linker script for linux x86-64 replacement vdso.
+ *
+ * Copyright 2023 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+VERSION {
+LINUX_2.6 {
+global:
+clock_gettime;
+__vdso_clock_gettime;
+gettimeofday;
+__vdso_gettimeofday;
+getcpu;
+
Re: [PATCH 32/32] bsd-user: Implement pdfork(2) system call.
On 8/27/23 08:57, Karim Taha wrote:
From: Stacey Son
Signed-off-by: Stacey Son
Signed-off-by: Karim Taha
---
bsd-user/freebsd/os-proc.h| 32
bsd-user/freebsd/os-syscall.c | 4
2 files changed, 36 insertions(+)
diff --git a/bsd-user/freebsd/os-proc.h b/bsd-user/freebsd/os-proc.h
index 94824d737a..1eaba908a5 100644
--- a/bsd-user/freebsd/os-proc.h
+++ b/bsd-user/freebsd/os-proc.h
@@ -248,4 +248,36 @@ static inline abi_long do_freebsd_rfork(void *cpu_env,
abi_long flags)
}
+/* pdfork(2) */
+static inline abi_long do_freebsd_pdfork(void *cpu_env, abi_ulong target_fdp,
+abi_long flags)
+{
+abi_long ret;
+abi_ulong child_flag;
+int fd;
+
+fork_start();
+ret = pdfork(, flags);
+if (ret == 0) {
+/* child */
+child_flag = 1;
+target_cpu_clone_regs(cpu_env, 0);
+} else {
+/* parent */
+child_flag = 0;
+}
+if (put_user_s32(fd, target_fdp)) {
+return -TARGET_EFAULT;
+}
I *think* this copy belongs in the parent? It's really hard to follow the path of new
process creation within the freebsd kernel.
Anyway, the rest looks fine so I'll give an
Acked-by: Richard Henderson
r~
[PATCH v5 03/20] linux-user: Tidy loader_exec
Reorg the if cases to reduce indentation.
Test for 4 bytes in the file before checking the signatures.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
linux-user/linuxload.c | 42 +-
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index 3536dd8104..5b7e9ab983 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload.c
@@ -154,31 +154,31 @@ int loader_exec(int fdexec, const char *filename, char
**argv, char **envp,
retval = prepare_binprm(bprm);
-if (retval >= 0) {
-if (bprm->buf[0] == 0x7f
-&& bprm->buf[1] == 'E'
-&& bprm->buf[2] == 'L'
-&& bprm->buf[3] == 'F') {
-retval = load_elf_binary(bprm, infop);
-#if defined(TARGET_HAS_BFLT)
-} else if (bprm->buf[0] == 'b'
-&& bprm->buf[1] == 'F'
-&& bprm->buf[2] == 'L'
-&& bprm->buf[3] == 'T') {
-retval = load_flt_binary(bprm, infop);
-#endif
-} else {
-return -ENOEXEC;
-}
+if (retval < 4) {
+return -ENOEXEC;
}
-
-if (retval >= 0) {
-/* success. Initialize important registers */
-do_init_thread(regs, infop);
+if (bprm->buf[0] == 0x7f
+&& bprm->buf[1] == 'E'
+&& bprm->buf[2] == 'L'
+&& bprm->buf[3] == 'F') {
+retval = load_elf_binary(bprm, infop);
+#if defined(TARGET_HAS_BFLT)
+} else if (bprm->buf[0] == 'b'
+ && bprm->buf[1] == 'F'
+ && bprm->buf[2] == 'L'
+ && bprm->buf[3] == 'T') {
+retval = load_flt_binary(bprm, infop);
+#endif
+} else {
+return -ENOEXEC;
+}
+if (retval < 0) {
return retval;
}
-return retval;
+/* Success. Initialize important registers. */
+do_init_thread(regs, infop);
+return 0;
}
bool imgsrc_read(void *dst, off_t offset, size_t len,
--
2.34.1
Re: [PATCH v2 1/2] vhost-user: Fix lost reconnect
> On Aug 24, 2023, at 3:41 AM, Li Feng wrote:
>
> When the vhost-user is reconnecting to the backend, and if the vhost-user
> fails
> at the get_features in vhost_dev_init(), then the reconnect will fail
> and it will not be retriggered forever.
>
> The reason is:
> When the vhost-user fails at get_features, the vhost_dev_cleanup will be
> called
> immediately.
>
> vhost_dev_cleanup calls 'memset(hdev, 0, sizeof(struct vhost_dev))'.
>
> The reconnect path is:
> vhost_user_blk_event
> vhost_user_async_close(.. vhost_user_blk_disconnect ..)
> qemu_chr_fe_set_handlers <- clear the notifier callback
> schedule vhost_user_async_close_bh
>
> The vhost->vdev is null, so the vhost_user_blk_disconnect will not be
> called, then the event fd callback will not be reinstalled.
>
> All vhost-user devices have this issue, including vhost-user-blk/scsi.
>
> With this patch, if the vdev->vdev is null, the fd callback will still
> be reinstalled.
>
> Fixes: 71e076a07d ("hw/virtio: generalise CHR_EVENT_CLOSED handling")
>
A couple of NITs, otherwise LGTM
Reviewed-by: Raphael Norwitz
> Signed-off-by: Li Feng
> ---
> hw/block/vhost-user-blk.c | 2 +-
> hw/scsi/vhost-user-scsi.c | 3 ++-
> hw/virtio/vhost-user-gpio.c| 2 +-
> hw/virtio/vhost-user.c | 10 --
> include/hw/virtio/vhost-user.h | 4 +++-
> 5 files changed, 15 insertions(+), 6 deletions(-)
>
> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> index 3c69fa47d5..95c758200d 100644
> --- a/hw/block/vhost-user-blk.c
> +++ b/hw/block/vhost-user-blk.c
> @@ -391,7 +391,7 @@ static void vhost_user_blk_event(void *opaque,
> QEMUChrEvent event)
> case CHR_EVENT_CLOSED:
> /* defer close until later to avoid circular close */
> vhost_user_async_close(dev, >chardev, >dev,
> - vhost_user_blk_disconnect);
> + vhost_user_blk_disconnect,
> vhost_user_blk_event);
> break;
> case CHR_EVENT_BREAK:
> case CHR_EVENT_MUX_IN:
> diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c
> index a7fa8e8df2..e931df9f5b 100644
> --- a/hw/scsi/vhost-user-scsi.c
> +++ b/hw/scsi/vhost-user-scsi.c
> @@ -236,7 +236,8 @@ static void vhost_user_scsi_event(void *opaque,
> QEMUChrEvent event)
> case CHR_EVENT_CLOSED:
> /* defer close until later to avoid circular close */
> vhost_user_async_close(dev, >conf.chardev, >dev,
> - vhost_user_scsi_disconnect);
> + vhost_user_scsi_disconnect,
> + vhost_user_scsi_event);
> break;
> case CHR_EVENT_BREAK:
> case CHR_EVENT_MUX_IN:
> diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
> index d9979aa5db..04c2cc79f4 100644
> --- a/hw/virtio/vhost-user-gpio.c
> +++ b/hw/virtio/vhost-user-gpio.c
> @@ -283,7 +283,7 @@ static void vu_gpio_event(void *opaque, QEMUChrEvent
> event)
> case CHR_EVENT_CLOSED:
> /* defer close until later to avoid circular close */
> vhost_user_async_close(dev, >chardev, >vhost_dev,
> - vu_gpio_disconnect);
> + vu_gpio_disconnect, vu_gpio_event);
> break;
> case CHR_EVENT_BREAK:
> case CHR_EVENT_MUX_IN:
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 8dcf049d42..9540766dd3 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -2643,6 +2643,7 @@ typedef struct {
> DeviceState *dev;
> CharBackend *cd;
> struct vhost_dev *vhost;
> +IOEventHandler *event_cb;
> } VhostAsyncCallback;
>
> static void vhost_user_async_close_bh(void *opaque)
> @@ -2657,7 +2658,10 @@ static void vhost_user_async_close_bh(void *opaque)
> */
> if (vhost->vdev) {
> data->cb(data->dev);
> -}
> +} else if (data->event_cb) {
> +qemu_chr_fe_set_handlers(data->cd, NULL, NULL, data->event_cb,
> + NULL, data->dev, NULL, true);
> + }
>
> g_free(data);
> }
> @@ -2669,7 +2673,9 @@ static void vhost_user_async_close_bh(void *opaque)
> */
> void vhost_user_async_close(DeviceState *d,
> CharBackend *chardev, struct vhost_dev *vhost,
> -vu_async_close_fn cb)
> +vu_async_close_fn cb,
> +IOEventHandler *event_cb
Nit: why the newline before the closing parenthesis?
> +)
> {
> if (!runstate_check(RUN_STATE_SHUTDOWN)) {
> /*
> diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
> index 191216a74f..5fdc711d4e 100644
> --- a/include/hw/virtio/vhost-user.h
> +++ b/include/hw/virtio/vhost-user.h
> @@ -84,6 +84,8 @@ typedef void (*vu_async_close_fn)(DeviceState *cb);
>
> void vhost_user_async_close(DeviceState *d,
> CharBackend
Re: [PATCH 05/10] meson: compile bundled device trees
On 8/29/23 01:29, Paolo Bonzini wrote: If dtc is available, compile the .dts files in the pc-bios directory instead of using the precompiled binaries. Signed-off-by: Paolo Bonzini --- pc-bios/Makefile| 19 --- pc-bios/meson.build | 25 + 2 files changed, 21 insertions(+), 23 deletions(-) delete mode 100644 pc-bios/Makefile Reviewed-by: Richard Henderson r~
[PATCH v5 02/20] linux-user: Introduce imgsrc_read, imgsrc_read_alloc
Introduced and initialized, but not yet really used.
These will tidy the current tests vs BPRM_BUF_SIZE.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
linux-user/loader.h| 61 +++-
linux-user/linuxload.c | 90 ++
2 files changed, 142 insertions(+), 9 deletions(-)
diff --git a/linux-user/loader.h b/linux-user/loader.h
index 59cbeacf24..311d20f5d1 100644
--- a/linux-user/loader.h
+++ b/linux-user/loader.h
@@ -18,6 +18,48 @@
#ifndef LINUX_USER_LOADER_H
#define LINUX_USER_LOADER_H
+typedef struct {
+const void *cache;
+unsigned int cache_size;
+int fd;
+} ImageSource;
+
+/**
+ * imgsrc_read: Read from ImageSource
+ * @dst: destination for read
+ * @offset: offset within file for read
+ * @len: size of the read
+ * @img: ImageSource to read from
+ * @errp: Error details.
+ *
+ * Read into @dst, using the cache when possible.
+ */
+bool imgsrc_read(void *dst, off_t offset, size_t len,
+ const ImageSource *img, Error **errp);
+
+/**
+ * imgsrc_read_alloc: Read from ImageSource
+ * @offset: offset within file for read
+ * @size: size of the read
+ * @img: ImageSource to read from
+ * @errp: Error details.
+ *
+ * Read into newly allocated memory, using the cache when possible.
+ */
+void *imgsrc_read_alloc(off_t offset, size_t len,
+const ImageSource *img, Error **errp);
+
+/**
+ * imgsrc_mmap: Map from ImageSource
+ *
+ * If @src has a file descriptor, pass on to target_mmap. Otherwise,
+ * this is "mapping" from a host buffer, which resolves to memcpy.
+ * Therefore, flags must be MAP_PRIVATE | MAP_FIXED; the argument is
+ * retained for clarity.
+ */
+abi_long imgsrc_mmap(abi_ulong start, abi_ulong len, int prot,
+ int flags, const ImageSource *src, abi_ulong offset);
+
/*
* Read a good amount of data initially, to hopefully get all the
* program headers loaded.
@@ -29,15 +71,16 @@
* used when loading binaries.
*/
struct linux_binprm {
-char buf[BPRM_BUF_SIZE] __attribute__((aligned));
-abi_ulong p;
-int fd;
-int e_uid, e_gid;
-int argc, envc;
-char **argv;
-char **envp;
-char *filename;/* Name of binary */
-int (*core_dump)(int, const CPUArchState *); /* coredump routine */
+char buf[BPRM_BUF_SIZE] __attribute__((aligned));
+ImageSource src;
+abi_ulong p;
+int fd;
+int e_uid, e_gid;
+int argc, envc;
+char **argv;
+char **envp;
+char *filename;/* Name of binary */
+int (*core_dump)(int, const CPUArchState *); /* coredump routine */
};
void do_init_thread(struct target_pt_regs *regs, struct image_info *infop);
diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index 745cce70ab..3536dd8104 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload.c
@@ -3,7 +3,9 @@
#include "qemu/osdep.h"
#include "qemu.h"
#include "user-internals.h"
+#include "user-mmap.h"
#include "loader.h"
+#include "qapi/error.h"
#define NGROUPS 32
@@ -76,6 +78,10 @@ static int prepare_binprm(struct linux_binprm *bprm)
/* Make sure the rest of the loader won't read garbage. */
memset(bprm->buf + retval, 0, BPRM_BUF_SIZE - retval);
}
+
+bprm->src.cache = bprm->buf;
+bprm->src.cache_size = retval;
+
return retval;
}
@@ -139,6 +145,7 @@ int loader_exec(int fdexec, const char *filename, char
**argv, char **envp,
int retval;
bprm->fd = fdexec;
+bprm->src.fd = fdexec;
bprm->filename = (char *)filename;
bprm->argc = count(argv);
bprm->argv = argv;
@@ -173,3 +180,86 @@ int loader_exec(int fdexec, const char *filename, char
**argv, char **envp,
return retval;
}
+
+bool imgsrc_read(void *dst, off_t offset, size_t len,
+ const ImageSource *img, Error **errp)
+{
+ssize_t ret;
+
+if (offset + len <= img->cache_size) {
+memcpy(dst, img->cache + offset, len);
+return true;
+}
+
+if (img->fd < 0) {
+error_setg(errp, "read past end of buffer");
+return false;
+}
+
+ret = pread(img->fd, dst, len, offset);
+if (ret == len) {
+return true;
+}
+if (ret < 0) {
+error_setg_errno(errp, errno, "Error reading file header");
+} else {
+error_setg(errp, "Incomplete read of file header");
+}
+return false;
+}
+
+void *imgsrc_read_alloc(off_t offset, size_t len,
+const ImageSource *img, Error **errp)
+{
+void *alloc = g_malloc(len);
+bool ok = imgsrc_read(alloc, offset, len, img, errp);
+
+if (!ok) {
+g_free(alloc);
+alloc = NULL;
+}
+return alloc;
+}
+
+abi_long imgsrc_mmap(abi_ulong start, abi_ulong len, int prot,
+ int flags, const ImageSource *src, abi_ulong offset)
+{
+const int prot_write = PROT_READ | PROT_WRITE;
+abi_long ret;
+void
Re: [PATCH 1/2] hw/intc/riscv_aplic.c fix non-KVM --enable-debug build
On 8/29/23 11:17, Philippe Mathieu-Daudé wrote:
On 29/8/23 14:21, Daniel Henrique Barboza wrote:
Commit 6df0b37e2ab breaks a --enable-debug build in a non-KVM
environment with the following error:
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_intc_riscv_aplic.c.o: in function
`riscv_kvm_aplic_request':
./qemu/build/../hw/intc/riscv_aplic.c:486: undefined reference to `kvm_set_irq'
collect2: error: ld returned 1 exit status
This happens because the debug build will poke into the
'if (is_kvm_aia(aplic->msimode))' block and fail to find a reference to
the KVM only function riscv_kvm_aplic_request().
Make riscv_kvm_aplic_request() a no-op if we're not building KVM.
Fixes: 6df0b37e2ab ("target/riscv: update APLIC and IMSIC to support KVM AIA")
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/riscv_aplic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
index 592c3ce768..b634738bda 100644
--- a/hw/intc/riscv_aplic.c
+++ b/hw/intc/riscv_aplic.c
@@ -483,7 +483,9 @@ static uint32_t riscv_aplic_idc_claimi(RISCVAPLICState
*aplic, uint32_t idc)
static void riscv_kvm_aplic_request(void *opaque, int irq, int level)
{
+#ifdef CONFIG_KVM
kvm_set_irq(kvm_state, irq, !!level);
+#endif
}
Can we use kvm_enabled() to let the compiler elide KVM code
when !CONFIG_KVM?
-- >8 --
diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
index 592c3ce768..f28d0d3237 100644
@@ -155,7 +155,7 @@
*/
static bool is_kvm_aia(bool msimode)
{
- return kvm_irqchip_in_kernel() && msimode;
+ return kvm_enabled() && kvm_irqchip_in_kernel() && msimode;
Apparently we can't:
$ git diff
diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
index b634738bda..f28d0d3237 100644
--- a/hw/intc/riscv_aplic.c
+++ b/hw/intc/riscv_aplic.c
@@ -155,7 +155,7 @@
*/
static bool is_kvm_aia(bool msimode)
{
-return kvm_irqchip_in_kernel() && msimode;
+return kvm_enabled() && kvm_irqchip_in_kernel() && msimode;
}
static uint32_t riscv_aplic_read_input_word(RISCVAPLICState *aplic,
@@ -483,9 +483,7 @@ static uint32_t riscv_aplic_idc_claimi(RISCVAPLICState
*aplic, uint32_t idc)
static void riscv_kvm_aplic_request(void *opaque, int irq, int level)
{
-#ifdef CONFIG_KVM
kvm_set_irq(kvm_state, irq, !!level);
-#endif
}
Same error appears:
/usr/bin/ld: libqemu-riscv64-softmmu.fa.p/hw_intc_riscv_aplic.c.o: in function
`riscv_kvm_aplic_request':
/home/danielhb/work/qemu/build/../hw/intc/riscv_aplic.c:486: undefined
reference to `kvm_set_irq'
collect2: error: ld returned 1 exit status
Thanks,
Daniel
}
---
[PATCH V4 07/11] tests/qtest: migration events
Define a state object to capture events seen by migration tests, to allow
more events to be captured in a subsequent patch, and simplify event
checking in wait_for_migration_pass. No functional change.
Signed-off-by: Steve Sistare
Reviewed-by: Fabiano Rosas
---
tests/qtest/migration-helpers.c | 24 +--
tests/qtest/migration-helpers.h | 8 +++--
tests/qtest/migration-test.c| 68 +++--
3 files changed, 44 insertions(+), 56 deletions(-)
diff --git a/tests/qtest/migration-helpers.c b/tests/qtest/migration-helpers.c
index be00c52..b541108 100644
--- a/tests/qtest/migration-helpers.c
+++ b/tests/qtest/migration-helpers.c
@@ -23,26 +23,16 @@
*/
#define MIGRATION_STATUS_WAIT_TIMEOUT 120
-bool migrate_watch_for_stop(QTestState *who, const char *name,
-QDict *event, void *opaque)
-{
-bool *seen = opaque;
-
-if (g_str_equal(name, "STOP")) {
-*seen = true;
-return true;
-}
-
-return false;
-}
-
-bool migrate_watch_for_resume(QTestState *who, const char *name,
+bool migrate_watch_for_events(QTestState *who, const char *name,
QDict *event, void *opaque)
{
-bool *seen = opaque;
+QTestMigrationState *state = opaque;
-if (g_str_equal(name, "RESUME")) {
-*seen = true;
+if (g_str_equal(name, "STOP")) {
+state->stop_seen = true;
+return true;
+} else if (g_str_equal(name, "RESUME")) {
+state->resume_seen = true;
return true;
}
diff --git a/tests/qtest/migration-helpers.h b/tests/qtest/migration-helpers.h
index 009e250..59fbb83 100644
--- a/tests/qtest/migration-helpers.h
+++ b/tests/qtest/migration-helpers.h
@@ -15,9 +15,11 @@
#include "libqtest.h"
-bool migrate_watch_for_stop(QTestState *who, const char *name,
-QDict *event, void *opaque);
-bool migrate_watch_for_resume(QTestState *who, const char *name,
+typedef struct QTestMigrationState {
+bool stop_seen, resume_seen;
+} QTestMigrationState;
+
+bool migrate_watch_for_events(QTestState *who, const char *name,
QDict *event, void *opaque);
G_GNUC_PRINTF(3, 4)
diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 62d3f37..526a1b7 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -43,8 +43,8 @@
unsigned start_address;
unsigned end_address;
static bool uffd_feature_thread_id;
-static bool got_src_stop;
-static bool got_dst_resume;
+static QTestMigrationState src_state;
+static QTestMigrationState dst_state;
/*
* An initial 3 MB offset is used as that corresponds
@@ -188,6 +188,13 @@ static void wait_for_serial(const char *side)
} while (true);
}
+static void wait_for_stop(QTestState *who, QTestMigrationState *state)
+{
+if (!state->stop_seen) {
+qtest_qmp_eventwait(who, "STOP");
+}
+}
+
/*
* It's tricky to use qemu's migration event capability with qtest,
* events suddenly appearing confuse the qmp()/hmp() responses.
@@ -235,21 +242,19 @@ static void read_blocktime(QTestState *who)
qobject_unref(rsp_return);
}
+/*
+ * Wait for two changes in the migration pass count, but bail if we stop.
+ */
static void wait_for_migration_pass(QTestState *who)
{
-uint64_t initial_pass = get_migration_pass(who);
-uint64_t pass;
+uint64_t pass, prev_pass = 0, changes = 0;
-/* Wait for the 1st sync */
-while (!got_src_stop && !initial_pass) {
-usleep(1000);
-initial_pass = get_migration_pass(who);
-}
-
-do {
+while (changes < 2 && !src_state.stop_seen) {
usleep(1000);
pass = get_migration_pass(who);
-} while (pass == initial_pass && !got_src_stop);
+changes += (pass != prev_pass);
+prev_pass = pass;
+}
}
static void check_guests_ram(QTestState *who)
@@ -586,10 +591,7 @@ static void migrate_postcopy_start(QTestState *from,
QTestState *to)
{
qtest_qmp_assert_success(from, "{ 'execute': 'migrate-start-postcopy' }");
-if (!got_src_stop) {
-qtest_qmp_eventwait(from, "STOP");
-}
-
+wait_for_stop(from, _state);
qtest_qmp_eventwait(to, "RESUME");
}
@@ -720,8 +722,9 @@ static int test_migrate_start(QTestState **from, QTestState
**to,
}
}
-got_src_stop = false;
-got_dst_resume = false;
+dst_state = (QTestMigrationState) { };
+src_state = (QTestMigrationState) { };
+
bootpath = g_strdup_printf("%s/bootsect", tmpfs);
if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
/* the assembled x86 boot sector should be exactly one sector large */
@@ -801,8 +804,8 @@ static int test_migrate_start(QTestState **from, QTestState
**to,
if (!args->only_target) {
*from = qtest_init(cmd_source);
qtest_qmp_set_event_callback(*from,
- migrate_watch_for_stop,
-
Re: [PATCH 02/32] bsd-user: Implement procctl(2) system call.
On 8/27/23 08:57, Karim Taha wrote: From: Stacey Son Implement procctl flags and related structs: struct target_procctl_reaper_status struct target_procctl_reaper_pidinfo struct target_procctl_reaper_pids struct target_procctl_reaper_kill Signed-off-by: Stacey Son Signed-off-by: Karim Taha --- bsd-user/syscall_defs.h | 42 + 1 file changed, 42 insertions(+) Fix subject, to define structures not implement a syscall. With that, Reviewed-by: Richard Henderson r~
Re: [PATCH 32/32] bsd-user: Implement pdfork(2) system call.
On Tue, Aug 29, 2023 at 2:58 PM Richard Henderson <
richard.hender...@linaro.org> wrote:
> On 8/27/23 08:57, Karim Taha wrote:
> > From: Stacey Son
> >
> > Signed-off-by: Stacey Son
> > Signed-off-by: Karim Taha
> > ---
> > bsd-user/freebsd/os-proc.h| 32
> > bsd-user/freebsd/os-syscall.c | 4
> > 2 files changed, 36 insertions(+)
> >
> > diff --git a/bsd-user/freebsd/os-proc.h b/bsd-user/freebsd/os-proc.h
> > index 94824d737a..1eaba908a5 100644
> > --- a/bsd-user/freebsd/os-proc.h
> > +++ b/bsd-user/freebsd/os-proc.h
> > @@ -248,4 +248,36 @@ static inline abi_long do_freebsd_rfork(void
> *cpu_env, abi_long flags)
> >
> > }
> >
> > +/* pdfork(2) */
> > +static inline abi_long do_freebsd_pdfork(void *cpu_env, abi_ulong
> target_fdp,
> > +abi_long flags)
> > +{
> > +abi_long ret;
> > +abi_ulong child_flag;
> > +int fd;
> > +
> > +fork_start();
> > +ret = pdfork(, flags);
> > +if (ret == 0) {
> > +/* child */
> > +child_flag = 1;
> > +target_cpu_clone_regs(cpu_env, 0);
> > +} else {
> > +/* parent */
> > +child_flag = 0;
> > +}
> > +if (put_user_s32(fd, target_fdp)) {
> > +return -TARGET_EFAULT;
> > +}
>
> I *think* this copy belongs in the parent?
I think that it's copied out in both cases. For normal fork, this would
be 0 for the pid. However, it appears to return the same FD to both
the parent and child (see your next comment), so it should be in both
paths. And even if it returned something different for parent and child
(which seems unlikely given how the code is setup), we want to return
the fd each one sees. So either way, I think this code is correct.
> It's really hard to follow the path of new
> process creation within the freebsd kernel.
>
Agreed.
> Anyway, the rest looks fine so I'll give an
>
> Acked-by: Richard Henderson
>
Reviewed-by: Warner Losh
Re: [PATCH 03/10] configure: remove HOST_CC
On 8/29/23 01:29, Paolo Bonzini wrote: $(HOST_CC) is only used to invoke the preprocessor, and $(CC) can be used instead now that there is a Tricore C compiler. Remove the variable from config-host.mak. Signed-off-by: Paolo Bonzini --- configure | 1 - tests/tcg/tricore/Makefile.softmmu-target | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) Reviewed-by: Richard Henderson r~
[PATCH] target/riscv/pmp.c: respect mseccfg.RLB for pmpaddrX changes
From: Leon Schuermann
When the rule-lock bypass (RLB) bit is set in the mseccfg CSR, the PMP
configuration lock bits must not apply. While this behavior is
implemented for the pmpcfgX CSRs, this bit is not respected for
changes to the pmpaddrX CSRs. This patch ensures that pmpaddrX CSR
writes work even on locked regions when the global rule-lock bypass is
enabled.
Signed-off-by: Leon Schuermann
---
target/riscv/pmp.c | 4
1 file changed, 4 insertions(+)
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 9d8db493e6..5e60c26031 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -44,6 +44,10 @@ static inline uint8_t pmp_get_a_field(uint8_t cfg)
*/
static inline int pmp_is_locked(CPURISCVState *env, uint32_t pmp_index)
{
+/* mseccfg.RLB is set */
+if (MSECCFG_RLB_ISSET(env)) {
+return 0;
+}
if (env->pmp_state.pmp[pmp_index].cfg_reg & PMP_LOCK) {
return 1;
base-commit: a8fc5165aab02f328ccd148aafec1e59fd1426eb
--
2.34.1
