Re: [PATCH 5/7] hw/smbios: code cleanup - use macro definitions for table header handles

On 23/2/22 15:33, Ani Sinha wrote: This is a minor cleanup. Using macro definitions makes the code more readable. It is at once clear which tables use which handle numbers in their header. It also makes it easy to calculate the gaps between the numbers and update them if needed. Reviewed-by:

Re: [PATCH v6 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

Am 23.02.22 um 23:29 schrieb David Miller: Yes I'm adding to this patch, I haven't quite figured out where to put them, they are inline to various things in the patch themselves so I'm putting in the cover letter under the patch they go to. I hope that's correct. You usually put it under

Re: [PATCH] qapi: fix mistake in example command illustration

"Dr. David Alan Gilbert" writes: > * Daniel P. Berrangé (berra...@redhat.com) wrote: >> The snapshot-load/save/delete commands illustrated their usage, but >> mistakenly used 'data' rather than 'arguments' as the field name. >> >> Signed-off-by: Daniel P. Berrangé > > Fabian Holler's patch

[PATCH v2] qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities

Add a new field 'cpu0-id' to the response of query-sev-capabilities QMP command. The value of the field is the base64-encoded 64-byte unique ID of the CPU0 (socket 0), which can be used to retrieve the signed CEK of the CPU from AMD's Key Distribution Service (KDS). Signed-off-by: Dov Murik

[PATCH] vl: transform QemuOpts device to JSON syntax device

While there are mixed use of traditional -device option and JSON syntax option, QEMU reports conflict, e.x: /usr/libexec/qemu-kvm -nodefaults \ -device '{"driver":"virtio-scsi-pci","id":"scsi0","bus":"pci.0","addr":"0x02.0"}' \ -device virtio-scsi-pci,id=scsi1,bus=pci.0 It breaks with:

Re: [PATCH v3] target/riscv: Add isa extenstion strings to the device tree

On Wed, Feb 23, 2022 at 8:39 AM Atish Patra wrote: > > The Linux kernel parses the ISA extensions from "riscv,isa" DT > property. It used to parse only the single letter base extensions > until now. A generic ISA extension parsing framework was proposed[1] > recently that can parse multi-letter

Re: [PATCH 28/31] vdpa: Expose VHOST_F_LOG_ALL on SVQ

On Wed, Feb 23, 2022 at 4:06 PM Eugenio Perez Martin wrote: > > On Wed, Feb 23, 2022 at 4:47 AM Jason Wang wrote: > > > > On Tue, Feb 22, 2022 at 4:06 PM Eugenio Perez Martin > > wrote: > > > > > > On Tue, Feb 22, 2022 at 8:41 AM Jason Wang wrote: > > > > > > > > > > > > 在 2022/2/17 下午4:22,

Re: [PATCH v1 1/2] hw/ssi: Add Ibex SPI device model

On Wed, Feb 23, 2022 at 7:45 AM Alistair Francis wrote: > > From: Wilfred Mallawa > > Adds the SPI_HOST device model for ibex. The device specification is as per > [1]. The model has been tested on opentitan with spi_host unit tests > written for TockOS. > > [1]

Re: [PATCH v2 4/4] hw: hyperv: Initial commit for Synthetic Debugging device

ping On Wed, Feb 16, 2022, 12:25 Jon Doron wrote: > Signed-off-by: Jon Doron > --- > hw/hyperv/Kconfig | 5 + > hw/hyperv/meson.build | 1 + > hw/hyperv/syndbg.c| 402 ++ > 3 files changed, 408 insertions(+) > create mode 100644

Re: [PATCH RFC v1 1/2] random: add mechanism for VM forks to reinitialize crng

On Wed, Feb 23, 2022 at 02:12:30PM +0100, Jason A. Donenfeld wrote: > When a VM forks, we must immediately mix in additional information to > the stream of random output so that two forks or a rollback don't > produce the same stream of random numbers, which could have catastrophic > cryptographic

Re: [PATCH RFC v1 1/2] random: add mechanism for VM forks to reinitialize crng

On Thu, Feb 24, 2022 at 01:54:54AM +0100, Jason A. Donenfeld wrote: > On 2/24/22, Eric Biggers wrote: > > I think we should be removing cases where the base_crng key is changed > > directly > > besides extraction from the input_pool, not adding new ones. Why not > > implement > > this as

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

> > thanks for your report and patch - but to make sure that the right > > people get attention, please use the scripts/get_maintainer.pl script to > > get a list of people who should be on CC:, or look into the MAINTAINERS > > file directly (for the next time - this time, I've CC:ed them now

Re: [PATCH RFC v1 1/2] random: add mechanism for VM forks to reinitialize crng

On 2/24/22, Eric Biggers wrote: > I think we should be removing cases where the base_crng key is changed > directly > besides extraction from the input_pool, not adding new ones. Why not > implement > this as add_device_randomness() followed by crng_reseed(force=true), where > the > 'force'

Re: [PATCH v7 3/4] tests/tcg/s390x: Tests for Miscellaneous-Instruction-Extensions Facility 3

On 2/23/22 13:43, Richard Henderson wrote: Although none of this is going to work with .insn... I beg your pardon, this is incorrect: .insn does have fields for the register arguments. r~

Re: [PATCH v7 3/4] tests/tcg/s390x: Tests for Miscellaneous-Instruction-Extensions Facility 3

On 2/23/22 12:31, David Miller wrote: +#define F_EPI "stg %%r0, %[res] " : [res] "+m" (res) : : "r0", "r2", "r3" + +#define F_PROasm ( \ +"llihf %%r0,801\n" \ +"lg %%r2, %[a]\n" \ +"lg %%r3, %[b] " \ +: : [a] "m" (a), \ +[b] "m" (b)\ +: "r2", "r3") +

Re: [PATCH v3 4/6] i386/pc: relocate 4g start to 1T where applicable

On 2/23/22 21:22, Michael S. Tsirkin wrote: > On Wed, Feb 23, 2022 at 06:44:53PM +, Joao Martins wrote: >> It is assumed that the whole GPA space is available to be DMA >> addressable, within a given address space limit, expect for a >> tiny region before the 4G. Since Linux v5.4, VFIO

Re: [PATCH v7 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

On 2/23/22 12:31, David Miller wrote: resolves:https://gitlab.com/qemu-project/qemu/-/issues/737 implements: AND WITH COMPLEMENT (NCRK, NCGRK) NAND (NNRK, NNGRK) NOT EXCLUSIVE OR (NXRK, NXGRK) NOR (NORK, NOGRK) OR WITH COMPLEMENT(OCRK, OCGRK) SELECT

[PATCH v3 16/17] tests/avocado: Limit test_virt_tcg_gicv[23] to cortex-a72

These tests currently use Fedora Core 31, with a v5.3.7 kernel, which is broken vs FEAT_LPA2. Before we can re-enable these tests for -cpu max, we need to advance to at least a v5.12 kernel. Signed-off-by: Richard Henderson --- Fedora Cloud 35 uses a v5.14 kernel, and does work with FEAT_LPA2.

[PATCH v3 17/17] target/arm: Implement FEAT_LPA2

This feature widens physical addresses (and intermediate physical addresses for 2-stage translation) from 48 to 52 bits, when using 4k or 16k pages. This introduces the DS bit to TCR_ELx, which is RES0 unless the page size is enabled and supports LPA2, resulting in the effective value of DS for a

[PATCH v3 15/17] target/arm: Advertise all page sizes for -cpu max

We support 16k pages, but do not advertize that in ID_AA64MMFR0. The value 0 in the TGRAN*_2 fields indicates that stage2 lookups defer to the same support as stage1 lookups. This setting is deprecated, so indicate support for all stage2 page sizes directly. Signed-off-by: Richard Henderson

[PATCH v3 14/17] target/arm: Validate tlbi TG matches translation granule in use

For FEAT_LPA2, we will need other ARMVAParameters, which themselves depend on the translation granule in use. We might as well validate that the given TG matches; the architecture "does not require that the instruction invalidates any entries" if this is not true. Reviewed-by: Peter Maydell

[PATCH v3 13/17] target/arm: Fix TLBIRange.base for 16k and 64k pages

The shift of the BaseADDR field depends on the translation granule in use. Fixes: 84940ed8255 ("target/arm: Add support for FEAT_TLBIRANGE") Reported-by: Peter Maydell Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson --- target/arm/helper.c | 5 +++-- 1 file changed, 3

[PATCH v3 12/17] target/arm: Introduce tlbi_aa64_get_range

Merge tlbi_aa64_range_get_length and tlbi_aa64_range_get_base, returning a structure containing both results. Pass in the ARMMMUIdx, rather than the digested two_ranges boolean. This is in preparation for FEAT_LPA2, where the interpretation of 'value' depends on the effective value of DS for the

[PATCH v3 10/17] target/arm: Implement FEAT_LPA

This feature widens physical addresses (and intermediate physical addresses for 2-stage translation) from 48 to 52 bits, when using 64k pages. The only thing left at this point is to handle the extra bits in the TTBR and in the table descriptors. Note that PAR_EL1 and HPFAR_EL2 are nominally

[PATCH v3 11/17] target/arm: Extend arm_fi_to_lfsc to level -1

With FEAT_LPA2, rather than introducing translation level 4, we introduce level -1, below the current level 0. Extend arm_fi_to_lfsc to handle these faults. Assert that this new translation level does not leak into fault types for which it is not defined, which allows some masking of fi->level

[PATCH v3 08/17] target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA

The original A.a revision of the AArch64 ARM required that we force-extend the addresses in these registers from 49 bits. This language has been loosened via a combination of IMPLEMENTATION DEFINED and CONSTRAINTED UNPREDICTABLE to allow consideration of the entire aligned address. This means

[PATCH v3 07/17] target/arm: Honor TCR_ELx.{I}PS

This field controls the output (intermediate) physical address size of the translation process. V8 requires to raise an AddressSize fault if the page tables are programmed incorrectly, such that any intermediate descriptor address, or the final translated address, is out of range. Add a PS field

[PATCH v3 06/17] target/arm: Use MAKE_64BIT_MASK to compute indexmask

The macro is a bit more readable than the inlined computation. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- target/arm/helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index

[PATCH v3 05/17] target/arm: Pass outputsize down to check_s2_mmu_setup

Pass down the width of the output address from translation. For now this is still just PAMax, but a subsequent patch will compute the correct value from TCR_ELx.{I}PS. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson --- target/arm/helper.c | 21 ++--- 1 file

[PATCH v3 04/17] target/arm: Move arm_pamax out of line

We will shortly share parts of this function with other portions of address translation. Reviewed-by: Peter Maydell Reviewed-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- target/arm/internals.h | 19 +-- target/arm/helper.c| 22

[PATCH v3 03/17] target/arm: Fault on invalid TCR_ELx.TxSZ

Without FEAT_LVA, the behaviour of programming an invalid value is IMPLEMENTATION DEFINED. With FEAT_LVA, programming an invalid minimum value requires a Translation fault. It is most self-consistent to choose to generate the fault always. Reviewed-by: Peter Maydell Signed-off-by: Richard

[PATCH v7 4/4] tests/tcg/s390x: changed to using .insn for tests requiring z15

Signed-off-by: David Miller --- tests/tcg/s390x/mie3-compl.c | 21 +++-- tests/tcg/s390x/mie3-mvcrl.c | 2 +- tests/tcg/s390x/mie3-sel.c | 6 +++--- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/tests/tcg/s390x/mie3-compl.c b/tests/tcg/s390x/mie3-compl.c

[PATCH v3 09/17] target/arm: Implement FEAT_LVA

This feature is relatively small, as it applies only to 64k pages and thus requires no additional changes to the table descriptor walking algorithm, only a change to the minimum TSZ (which is the inverse of the maximum virtual address space size). Note that this feature widens VBAR_ELx, but we

[PATCH v7 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

resolves: https://gitlab.com/qemu-project/qemu/-/issues/737 implements: AND WITH COMPLEMENT (NCRK, NCGRK) NAND (NNRK, NNGRK) NOT EXCLUSIVE OR (NXRK, NXGRK) NOR (NORK, NOGRK) OR WITH COMPLEMENT(OCRK, OCGRK) SELECT(SELR, SELGR) SELECT

[PATCH v3 02/17] target/arm: Set TCR_EL1.TSZ for user-only

Set this as the kernel would, to 48 bits, to keep the computation of the address space correct for PAuth. Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson --- target/arm/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c

[PATCH v7 3/4] tests/tcg/s390x: Tests for Miscellaneous-Instruction-Extensions Facility 3

tests/tcg/s390x/mie3-compl.c: [N]*K instructions tests/tcg/s390x/mie3-mvcrl.c: MVCRL instruction tests/tcg/s390x/mie3-sel.c: SELECT instruction Signed-off-by: David Miller --- tests/tcg/s390x/Makefile.target | 5 ++- tests/tcg/s390x/mie3-compl.c| 55 +

[PATCH v3 01/17] hw/registerfields: Add FIELD_SEX and FIELD_SDP

Add new macros to manipulate signed fields within the register. Reviewed-by: Philippe Mathieu-Daudé Suggested-by: Peter Maydell Signed-off-by: Richard Henderson --- include/hw/registerfields.h | 48 - 1 file changed, 47 insertions(+), 1 deletion(-) diff

[PATCH v7 0/4] s390x: Add partial z15 support and tests

Add partial support for s390x z15 ga1 and specific tests for mie3 v6 -> v7: * Modified SELFHR insn-data + test to ensure high 32bits are copied. * Changed m3 mask test value for popcnt to fix mie3 variant. v5 -> v6: * Swap operands for sel* instructions * Use .insn in tests for z15 arch

[PATCH v7 2/4] s390x/cpumodel: Bump up QEMU model to a stripped-down IBM z15 GA1

TCG implements everything we need to run basic z15 OS+software Signed-off-by: David Miller --- hw/s390x/s390-virtio-ccw.c | 3 +++ target/s390x/cpu_models.c | 6 +++--- target/s390x/gen-features.c | 7 +-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git

[PATCH v3 00/17] target/arm: Implement LVA, LPA, LPA2 features

Changes for v3: * Update emulation.rst. * Split out separate update to ID_AA64MMFR0. * Hack for avocado. If the avocado hack isn't acceptable, perhaps just drop the last two patches for now? r~ Richard Henderson (17): hw/registerfields: Add FIELD_SEX and FIELD_SDP target/arm: Set

Re: [PATCH v6 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

Yes I'm adding to this patch, I haven't quite figured out where to put them, they are inline to various things in the patch themselves so I'm putting in the cover letter under the patch they go to. I hope that's correct. Thanks - David Miller On Wed, Feb 23, 2022 at 8:40 AM Christian

Re: [PATCH v4 24/47] target/ppc: move vrl[bhwd]nm/vrl[bhwd]mi to decodetree

On 2/23/22 11:43, Matheus K. Ferst wrote: Note that rotlv does the masking itself: /*   * Expand D = A << (B % element bits)   *   * Unlike scalar shifts, where it is easy for the target front end   * to include the modulo as part of the expansion.  If the target   * naturally includes the

[PULL 6/6] MAINTAINERS: python - remove ehabkost and add bleal

Eduardo Habkost has left Red Hat and has other daily responsibilities to attend to. In order to stop spamming him on every series, remove him as "Reviewer" for the python/ library dir and add Beraldo Leal instead. For the "python scripts" stanza (which is separate due to level of support),

[PULL 5/6] Revert "python: pin setuptools below v60.0.0"

This reverts commit 1e4d8b31be35e54b6429fea54f5ecaa0083f91e7. Signed-off-by: John Snow Message-id: 20220204221804.2047468-3-js...@redhat.com Signed-off-by: John Snow --- python/Makefile | 2 -- python/setup.cfg | 1 - 2 files changed, 3 deletions(-) diff --git a/python/Makefile

[PULL 2/6] python: support recording QMP session to a file

From: Daniel P. Berrangé When running QMP commands with very large response payloads, it is often not easy to spot the info you want. If we can save the response to a file then tools like 'grep' or 'jq' can be used to extract information. For convenience of processing, we merge the QMP command

Re: [PATCH v4 20/47] target/ppc: implement vslq

On 2/23/22 11:53, Matheus K. Ferst wrote: On 22/02/2022 19:14, Richard Henderson wrote: On 2/22/22 04:36, matheus.fe...@eldorado.org.br wrote: From: Matheus Ferst Signed-off-by: Matheus Ferst --- v4:   -  New in v4. ---   target/ppc/insn32.decode    |  1 +  

[PULL 1/6] python: introduce qmp-shell-wrap convenience tool

From: Daniel P. Berrangé With the current 'qmp-shell' tool developers must first spawn QEMU with a suitable -qmp arg and then spawn qmp-shell in a separate terminal pointing to the right socket. With 'qmp-shell-wrap' developers can ignore QMP sockets entirely and just pass the QEMU command and

[PATCH v2 2/2] virt: vmgenid: introduce driver for reinitializing RNG on VM fork

VM Generation ID is a feature from Microsoft, described at , and supported by Hyper-V and QEMU. Its usage is described in Microsoft's RNG whitepaper, , as: If the OS is running in a VM, there is a problem that most

[PULL 4/6] Python: add setuptools v60.0 workaround

Setuptools v60 and later include a bundled version of distutils, a deprecated standard library scheduled for removal in future versions of Python. Setuptools v60 is only possible to install for Python 3.7 and later. Python has a distutils.sysconfig.get_python_lib() function that returns

[PULL 3/6] Python: discourage direct setup.py install

When invoking setup.py directly, the default behavior for 'install' is to run the bdist_egg installation hook, which is ... actually deprecated by setuptools. It doesn't seem to work quite right anymore. By contrast, 'pip install' will invoke the bdist_wheel hook instead. This leads to

[PULL 0/6] Python patches

The following changes since commit 31e3caf21b6cdf54d11f3744b8b341f07a30b5d7: Merge remote-tracking branch 'remotes/lvivier-gitlab/tags/trivial-branch-for-7.0-pull-request' into staging (2022-02-22 20:17:09 +) are available in the Git repository at: https://gitlab.com/jsnow/qemu.git

[PATCH v2 1/2] random: add mechanism for VM forks to reinitialize crng

When a VM forks, we must immediately mix in additional information to the stream of random output so that two forks or a rollback don't produce the same stream of random numbers, which could have catastrophic cryptographic consequences. This commit adds a simple API, add_vmfork_ randomness(), for

[PATCH v2 0/2] VM fork detection for RNG

This small series picks up work from Amazon that seems to have stalled out last year around this time: listening for the vmgenid ACPI notification, and using it to "do something." Last year, folks proposed a complicated userspace mmap chardev, which was frought with difficulty and evidently

Re: [PATCH v4 20/47] target/ppc: implement vslq

On 22/02/2022 19:14, Richard Henderson wrote: On 2/22/22 04:36, matheus.fe...@eldorado.org.br wrote: From: Matheus Ferst Signed-off-by: Matheus Ferst --- v4:   -  New in v4. ---   target/ppc/insn32.decode    |  1 +   target/ppc/translate/vmx-impl.c.inc | 40

Re: [PATCH v4 24/47] target/ppc: move vrl[bhwd]nm/vrl[bhwd]mi to decodetree

On 22/02/2022 19:30, Richard Henderson wrote: On 2/22/22 04:36, matheus.fe...@eldorado.org.br wrote: +static void gen_vrlnm_vec(unsigned vece, TCGv_vec vrt, TCGv_vec vra, +  TCGv_vec vrb) +{ +    TCGv_vec mask, n = tcg_temp_new_vec_matching(vrt); + +    /* Create the

Re: [PATCH v3 4/6] i386/pc: relocate 4g start to 1T where applicable

On Wed, Feb 23, 2022 at 06:44:53PM +, Joao Martins wrote: > It is assumed that the whole GPA space is available to be DMA > addressable, within a given address space limit, expect for a > tiny region before the 4G. Since Linux v5.4, VFIO validates > whether the selected GPA is indeed valid

Re: [PATCH v6 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

> Bit 0 controls this, and recall that IBM uses big-bit numbering, so "8". > This stores the low part of r[23] in the high part of r1. > You need to select the high part of r[23]. good catch, these are both fixed will update patch shortly. Thanks for the review - David Miller On Wed, Feb

Re: [PATCH v2 00/15] target/arm: Implement LVA, LPA, LPA2 features

On 2/17/22 04:07, Peter Maydell wrote: This series seems to break 'make check-acceptance': (01/59) tests/avocado/boot_linux.py:BootLinuxAarch64.test_virt_tcg_gicv2: INTERRUPTED: Test interrupted by SIGTERM\nRunner error occurred: Timeout reached\nOriginal status: ERROR\n{'name':

Re: [PATCH v6 3/4] tests/tcg/s390x: Tests for Miscellaneous-Instruction-Extensions Facility 3

> No test for popcnt, seeing as there's a bug in m3? Originally popcnt was not in the task list, it was added later. > You can't split these two asm, lest the ltgr and sel not be adjacent, and the > flags not > having the correct value when we arrive at the sel. This was tested, both gcc and

RE: [PATCH 3/3] whpx: Added support for breakpoints and stepping

Hi Paolo, Thanks for getting back to me. Please see my comments below: >Please use WhpxStepMode and likewise for WhpxBreakpointState. No problem, I have updated the patch. >(In the case of WhpxStepMode I would also consider simply a "bool exclusive" >in whpx_cpu_run). This is a leftover from

Re: [PATCH v6 3/4] tests/tcg/s390x: Tests for Miscellaneous-Instruction-Extensions Facility 3

On 2/17/22 13:17, David Miller wrote: +#define F_PROasm ( \ +"lg %%r2, %[a]\n" \ +"lg %%r3, %[b]\n" \ +"lg %%r0, %[c]\n" \ +"ltgr %%r0, %%r0" \ +: : [a] "m" (a), \ +[b] "m" (b), \ +[c] "m" (c)\ +: "r0", "r2", "r3", "r4") + + + +#define

Re: [PATCH v6 1/4] s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x

On 2/17/22 13:17, David Miller wrote: +/* SELECT HIGH */ +C(0xb9c0, SELFHR, RRF_a, MIE3, r3, r2, new, r1_32h, loc, 0) This stores the low part of r[23] in the high part of r1. You need to select the high part of r[23]. static DisasJumpType op_popcnt(DisasContext *s, DisasOps *o) { -

Re: Analysis of slow distro boots in check-avocado (BootLinuxAarch64.test_virt_tcg*)

On Wed, 23 Feb 2022 at 16:38, Laszlo Ersek wrote: > BTW I still don't understand the problem with the DEBUG firmware builds; > in the test suite, as many debug messages should be printed as possible, > for helping with the analysis of any new issue that pops up. I've > re-read Alex's message that

Re: Fix a potential Use-after-free bug in handle_simd_shift_fpint_conv() (v6.2.0).

On 2/23/22 04:33, wli...@stu.xidian.edu.cn wrote: Hi all, I find a potential Use-after-free bug in QEMU 6.2.0, which is in handle_simd_shift_fpint_conv()(./target/arm/translate-a64.c). At line 9048, a variable 'tcg_fpstatus' is freed by invoking tcg_temp_free_ptr(). However, at line 9050,

[PATCH v3 6/6] i386/pc: restrict AMD only enforcing of valid IOVAs to new machine type

The added enforcing is only relevant in the case of AMD where the range right before the 1TB is restricted and cannot be DMA mapped by the kernel consequently leading to IOMMU INVALID_DEVICE_REQUEST or possibly other kinds of IOMMU events in the AMD IOMMU. Although, there's a case where it may

[PATCH v3 3/6] i386/pc: pass pci_hole64_size to pc_memory_init()

Use the pre-initialized pci-host qdev and fetch the pci-hole64-size into pc_memory_init() newly added argument. piix needs a bit of care given all the !pci_enabled() and that the pci_hole64_size is private to i440fx. This is in preparation to determine that host-phys-bits are enough and for

[PATCH v3 5/6] i386/pc: warn if phys-bits is too low

Default phys-bits on Qemu is TCG_PHYS_BITS (40) which is enough to address 1Tb (0xff ). On AMD platforms, if a ram-above-4g relocation happens and the CPU wasn't configured with a big enough phys-bits, warn the user. There isn't a catastrophic failure exactly, the guest will still boot,

[PATCH v3 2/6] i386/pc: create pci-host qdev prior to pc_memory_init()

At the start of pc_memory_init() we usually pass a range of 0..UINT64_MAX as pci_memory, when really its 2G (i440fx) or 32G (q35). To get the real user value, we need to get pci-host passed property for default pci_hole64_size. Thus to get that, create the qdev prior to memory init to better make

Re: [PATCH 19/20] migration: Postcopy recover with preempt enabled

* Peter Xu (pet...@redhat.com) wrote: > On Wed, Feb 23, 2022 at 09:52:08AM +, Dr. David Alan Gilbert wrote: > > * Peter Xu (pet...@redhat.com) wrote: > > > On Tue, Feb 22, 2022 at 11:32:10AM +, Dr. David Alan Gilbert wrote: > > > > * Peter Xu (pet...@redhat.com) wrote: > > > > > To allow

[PATCH v3 0/6] i386/pc: Fix creation of >= 1010G guests on AMD systems with IOMMU

RFCv2[3] -> v3: * Add missing brackets in single line statement, in patch 5 (David) * Change ranges printf to use PRIx64, in patch 5 (David) * Move the check to after changing above_4g_mem_start, in patch 5 (David) * Make the check generic and move it to pc_memory_init rather being specific to

[PATCH v3 1/6] hw/i386: add 4g boundary start to X86MachineState

Rather than hardcoding the 4G boundary everywhere, introduce a X86MachineState property @above_4g_mem_start and use it accordingly. This is in preparation for relocating ram-above-4g to be dynamically start at 1T on AMD platforms. Signed-off-by: Joao Martins --- hw/i386/acpi-build.c | 2 +-

[PATCH v3 4/6] i386/pc: relocate 4g start to 1T where applicable

It is assumed that the whole GPA space is available to be DMA addressable, within a given address space limit, expect for a tiny region before the 4G. Since Linux v5.4, VFIO validates whether the selected GPA is indeed valid i.e. not reserved by IOMMU on behalf of some specific devices or

Re: [PATCH] qapi: fix mistake in example command illustration

* Daniel P. Berrangé (berra...@redhat.com) wrote: > The snapshot-load/save/delete commands illustrated their usage, but > mistakenly used 'data' rather than 'arguments' as the field name. > > Signed-off-by: Daniel P. Berrangé Fabian Holler's patch from yesterday beat you to it slightly; I think

Re: [PATCH v4 12/12] KVM: Expose KVM_MEM_PRIVATE

On 23.02.2022 13:00, Chao Peng wrote: On Tue, Feb 22, 2022 at 02:16:46AM +0100, Maciej S. Szmigiero wrote: On 17.02.2022 14:45, Chao Peng wrote: On Tue, Jan 25, 2022 at 09:20:39PM +0100, Maciej S. Szmigiero wrote: On 18.01.2022 14:21, Chao Peng wrote: KVM_MEM_PRIVATE is not exposed by

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On Wed, Feb 23, 2022 at 12:09 PM Damien Hedde wrote: > > > > On 2/23/22 17:18, John Snow wrote: > > On Wed, Feb 23, 2022 at 10:44 AM Daniel P. Berrangé > > wrote: > >> > >> On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: > >>> On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé >

Re: [PATCH v3] docs/system/i386: Add measurement calculation details to amd-memory-encryption

* Dov Murik (dovmu...@linux.ibm.com) wrote: > Add a section explaining how the Guest Owner should calculate the > expected guest launch measurement for SEV and SEV-ES. > > Also update the name and links to the SEV API Spec document. > > Signed-off-by: Dov Murik > Suggested-by: Daniel P.

[PATCH] qapi: fix mistake in example command illustration

The snapshot-load/save/delete commands illustrated their usage, but mistakenly used 'data' rather than 'arguments' as the field name. Signed-off-by: Daniel P. Berrangé --- qapi/migration.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qapi/migration.json

Re: [PATCH RFC 4/4] rtc: Have event RTC_CHANGE identify the RTC by QOM path

On 2/22/22 14:06, Peter Maydell wrote: On Tue, 22 Feb 2022 at 12:56, Philippe Mathieu-Daudé wrote: On 22/2/22 13:02, Markus Armbruster wrote: Event RTC_CHANGE is "emitted when the guest changes the RTC time" (and the RTC supports the event). What if there's more than one RTC? w.r.t. RTC, a

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On Wed, Feb 23, 2022 at 11:18:26AM -0500, John Snow wrote: > On Wed, Feb 23, 2022 at 10:44 AM Daniel P. Berrangé > wrote: > > > > On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: > > > On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé > > > wrote: > > > > > > > > On Wed, Feb 23,

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

Hi, On 2/23/22 5:02 PM, Thomas Huth wrote: > On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: >> Hi all, >> >> I find a potential Use-after-free in QEMU 6.2.0, which is in >> virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). >> >> Specifically, in the loop body, the variable 'buf'

Re: [PATCH RFCv2 3/4] i386/pc: warn if phys-bits is too low

On 2/14/22 15:18, Joao Martins wrote: > On 2/14/22 15:03, Igor Mammedov wrote: >> On Mon, 7 Feb 2022 20:24:21 + >> Joao Martins wrote: >> >>> Default phys-bits on Qemu is TCG_PHYS_BITS (40) which is enough >>> to address 1Tb (0xff ). On AMD platforms, if a >>> ram-above-4g

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On 2/23/22 17:18, John Snow wrote: On Wed, Feb 23, 2022 at 10:44 AM Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:22:11AM -0500, John Snow wrote: On Mon, Feb

Re: Adding a handshake to qemu-guest-agent

On Wed, Feb 16, 2022 at 3:52 PM Michael Roth wrote: > > On Wed, Feb 16, 2022 at 10:12:36AM +0100, Markus Armbruster wrote: > > Michael Roth writes: > > > > > On Mon, Feb 14, 2022 at 03:14:37PM +0100, Markus Armbruster wrote: > > >> Cc: the qemu-ga maintainer > > >> > > >> John Snow writes: > >

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On 2/23/22 17:43, Damien Hedde wrote: On 2/23/22 16:44, Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:22:11AM -0500, John Snow wrote: On Mon, Feb 21, 2022 at

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On 2/23/22 16:44, Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé wrote: On Wed, Feb 23, 2022 at 10:22:11AM -0500, John Snow wrote: On Mon, Feb 21, 2022 at 10:55 AM Damien Hedde wrote: This option

Re: Analysis of slow distro boots in check-avocado (BootLinuxAarch64.test_virt_tcg*)

On 02/23/22 14:34, Philippe Mathieu-Daudé wrote: > On 23/2/22 12:07, Daniel P. Berrangé wrote: >> On Tue, Feb 22, 2022 at 06:33:41PM +0100, Philippe Mathieu-Daudé wrote: >>> +Igor/MST for UEFI tests. >>> >>> On 22/2/22 17:38, Daniel P. Berrangé wrote: On Tue, Feb 22, 2022 at 04:17:23PM +,

Re: [PATCH RFC v1 2/2] drivers/virt: add vmgenid driver for reinitializing RNG

Adding the Hyper-V people to this: On Wed, Feb 23, 2022 at 2:13 PM Jason A. Donenfeld wrote: > > VM Generation ID is a feature from Microsoft, described at > , and supported by > Hyper-V and QEMU. Its usage is described in Microsoft's RNG

Re: configure: How to pass flags to the Objective-C compiler?

> You can use this patch (which is going to be merged soon): Any ETA on when this will merge? > This entry in the machine file affects the compilation steps: > > + test -n "$objcc" && echo "objc_args = [$(meson_quote $OBJCFLAGS > $EXTRA_OBJCFLAGS)]" >> $cross Great! I had naively assumed that

Re: [PATCH RFC v1 0/2] VM fork detection for RNG

On Wed, Feb 23, 2022 at 5:08 PM Jason A. Donenfeld wrote: > > On Wed, Feb 23, 2022 at 2:12 PM Jason A. Donenfeld wrote: > > second patch is the reason this is just an RFC: it's a cleanup of the > > ACPI driver from last year, and I don't really have much experience > > writing, testing,

Re: [PATCH 4/5] python: qmp_shell: add -e/--exit-on-error option

On Wed, Feb 23, 2022 at 10:44 AM Daniel P. Berrangé wrote: > > On Wed, Feb 23, 2022 at 10:41:11AM -0500, John Snow wrote: > > On Wed, Feb 23, 2022 at 10:27 AM Daniel P. Berrangé > > wrote: > > > > > > On Wed, Feb 23, 2022 at 10:22:11AM -0500, John Snow wrote: > > > > On Mon, Feb 21, 2022 at

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

On 23/2/22 17:02, Thomas Huth wrote: On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). I'm looking forward to your confirmation.  Hi, thanks for your

Re: Fix a potential memory leak bug in write_boot_rom() (v6.2.0).

On 23/2/22 15:39, wli...@stu.xidian.edu.cn wrote: Hi all, I find a memory leak bug in QEMU 6.2.0, which is in write_boot_rom()(./hw/arm/aspeed.c). Specifically, at line 276, a memory chunk is allocated with g_new0() and assigned to the variable 'storage'. However, if the branch takes true

Re: [PATCH RFC v1 0/2] VM fork detection for RNG

On Wed, Feb 23, 2022 at 2:12 PM Jason A. Donenfeld wrote: > second patch is the reason this is just an RFC: it's a cleanup of the > ACPI driver from last year, and I don't really have much experience > writing, testing, debugging, or maintaining these types of drivers. > Ideally this thread would

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). Specifically, in the loop body, the variable 'buf' allocated at line 639 can be freed by g_free() at line

[PATCH] aio-posix: fix spurious ->poll_ready() callbacks in main loop

When ->poll() succeeds the AioHandler is placed on the ready list with revents set to the magic value 0. This magic value causes aio_dispatch_handler() to invoke ->poll_ready() instead of ->io_read() for G_IO_IN or ->io_write() for G_IO_OUT. This magic value 0 hack works for the IOThread where

Re: virtio-blk issue with vIOMMU

On Wed, Feb 23, 2022 at 12:37:03PM +0800, Jason Wang wrote: > Hi Stefan: > > Recently I found intel vIOMMU gives the following warning when using > virtio-blk: > > qemu-system-x86_64: vtd_iova_to_slpte: detected slpte permission error > (iova=0x7ffde000, level=0x3, slpte=0x0, write=0) >

Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). Specifically, in the loop body, the variable 'buf' allocated at line 639 can be freed by g_free() at line 659. However, if the execution path enters the loop body

Fix a potential Use-after-free bug in handle_simd_shift_fpint_conv() (v6.2.0).

Hi all, I find a potential Use-after-free bug in QEMU 6.2.0, which is in handle_simd_shift_fpint_conv()(./target/arm/translate-a64.c). At line 9048, a variable 'tcg_fpstatus' is freed by invoking tcg_temp_free_ptr(). However, at line 9050, the variable 'tcg_fpstatus' is subsequently use as

Fix a potential Use-after-free in test_blockjob_common_drain_node() (v6.2.0).

Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in test_blockjob_common_drain_node() (./tests/unit/test-bdrv-drain.c). Specifically, at line 880, the variable 'scr' is released by the bdrv_unref(). However, at line 881, it is subsequently used as the 1st parameter of the

Fix a potential memory leak bug in write_boot_rom() (v6.2.0).

Hi all, I find a memory leak bug in QEMU 6.2.0, which is in write_boot_rom()(./hw/arm/aspeed.c). Specifically, at line 276, a memory chunk is allocated with g_new0() and assigned to the variable 'storage'. However, if the branch takes true at line 277, there will be only an error report at

  1   2   3   >