On 07/01/2023 15.25, Peter Maydell wrote:
On Fri, 6 Jan 2023 at 08:29, Thomas Huth wrote:
Hi Peter!
The following changes since commit cb9c6a8e5ad6a1f0ce164d352e3102df46986e22:
.gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2
jobs (2023-01-04 18:58:33 +)
On 9/1/23 07:31, Akihiko Odaki wrote:
Presumably TARGET_ARM_64 should be a mistake of TARGET_AARCH64.
Fixes: 27598393a2 ("Lift max memory slots limit imposed by vhost-user")
Signed-off-by: Akihiko Odaki
Reviewed-by: Philippe Mathieu-Daudé
---
hw/virtio/vhost-user.c | 2 +-
1 file
On 02/01/23 12:48 pm, Het Gala wrote:
On 26/12/22 11:03 am, Het Gala wrote:
Current QAPI 'migrate' command design (for initiating a migration
stream) contains information regarding different migrate transport
mechanism
(tcp / unix / exec), dest-host IP address, and binding port number in
Presumably TARGET_ARM_64 should be a mistake of TARGET_AARCH64.
Signed-off-by: Akihiko Odaki
---
hw/virtio/vhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index d9ce0501b2..6c79da953b 100644
---
libvirt uses "none" machine type to test KVM availability. Before this
change, QEMU used to pass 0 as machine type when calling KVM_CREATE_VM.
The kernel documentation says:
> On arm64, the physical address size for a VM (IPA Size limit) is
> limited to 40bits by default. The limit can be
This patch checks if the s->tx_fifo is full.
Fixes: 58ac482a66de ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1424
Reported-by: Qiang Liu
Signed-off-by: Qiang Liu
---
hw/display/xlnx_dp.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
On 1/7/23 10:02, Paolo Bonzini wrote:
On 1/3/23 20:31, Stefan Hajnoczi wrote:
The other problem with this file is that it appears to
be generated differently depending on the host distro
(specifically the default value for the --libdir option).
That also would seem to nudge towards "don't
On 1/7/23 15:00, Mark Cave-Ayland wrote:
void HELPER(frem)(CPUM68KState *env, FPReg *res, FPReg *val0, FPReg *val1)
{
+ float_status fp_status;
+ FPReg fp_quot;
uint32_t quotient;
int sign;
+ /* Calculate quotient directly using round to nearest mode */
+
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/riscv/tcg-target.c.inc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 136fe54d4b..82ca86431e 100644
--- a/tcg/riscv/tcg-target.c.inc
Signed-off-by: Richard Henderson
---
tcg/i386/tcg-target.c.inc | 14 +-
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index feb257db01..c4ff59e9ee 100644
--- a/tcg/i386/tcg-target.c.inc
+++
Similar to the existing set_jmp_reset_offset. Include the
rw->rx address space conversion done by arm and s390x, and
forgotten by mips and riscv.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/tcg.c | 9 +
tcg/arm/tcg-target.c.inc | 2
Install empty versions for !TCG_TARGET_HAS_direct_jump hosts.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/arm/tcg-target.c.inc | 6 ++
tcg/mips/tcg-target.c.inc | 6 ++
tcg/riscv/tcg-target.c.inc | 6 ++
tcg/tci/tcg-target.c.inc | 6 ++
4
This will shortly be used for more than reset.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
include/exec/exec-all.h | 2 +-
accel/tcg/translate-all.c | 8
tcg/tcg.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git
The INDEX_op_exit_tb opcode needs no register allocation.
Split out a dedicated helper function for it.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/tcg.c| 4
tcg/aarch64/tcg-target.c.inc | 22 ++
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 32 +---
1 file changed, 13 insertions(+), 19 deletions(-)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index a95e4001d3..b72e266990 100644
--- a/tcg/ppc/tcg-target.c.inc
+++
We now have the option to generate direct or indirect
goto_tb depending on the dynamic displacement, thus
the define is no longer necessary or completely accurate.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.h | 1 -
tcg/arm/tcg-target.h | 1 -
Now that tcg can handle direct and indirect goto_tb simultaneously,
we can optimistically leave space for a direct branch and fall back
to loading the pointer from the TB for an indirect branch.
Signed-off-by: Richard Henderson
---
tcg/riscv/tcg-target.c.inc | 19 +--
1 file
This can replace four other variables that are references
into the TranslationBlock structure.
Signed-off-by: Richard Henderson
---
include/tcg/tcg.h | 11 +++
accel/tcg/translate-all.c | 2 +-
tcg/tcg-op.c | 14 +++---
tcg/tcg.c | 14
The INDEX_op_goto_tb opcode needs no register allocation.
Split out a dedicated helper function for it.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/tcg.c| 4 ++
tcg/aarch64/tcg-target.c.inc | 40 ++-
Replace 'tc_ptr' and 'addr' with 'tb' and 'n'.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.h | 3 ++-
tcg/arm/tcg-target.h | 3 ++-
tcg/i386/tcg-target.h| 9 ++---
tcg/loongarch64/tcg-target.h | 3 ++-
tcg/mips/tcg-target.h
The old implementation replaces two insns, swapping between
b
nop
br x30
and
adrpx30,
addix30, x30, lo12:
br x30
There is a race condition in which a thread could be stopped at
the PC of the second insn, and when restarted
The old ppc64 implementation replaces 2 or 4 insns, which leaves a race
condition in which a thread could be stopped at a PC in the middle of
the sequence, and when restarted does not see the complete address
computation and branches to nowhere.
The new implemetation replaces only one insn,
This is always true for sparc64, so this is dead since 3a5f6805c7ca.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/sparc64/tcg-target.c.inc | 62
1 file changed, 21 insertions(+), 41 deletions(-)
diff --git
The old sparc64 implementation may replace two insns, which leaves
a race condition in which a thread could be stopped at a PC in the
middle of the sequence, and when restarted does not see the complete
address computation and branches to nowhere.
The new implemetation replaces only one insn,
Similar to the existing set_jmp_reset_offset. Move any assert for
TCG_TARGET_HAS_direct_jump into the new function (which now cannot
be build-time). Will be unused if TCG_TARGET_HAS_direct_jump is
constant 0, but we can't test for constant in the preprocessor,
so just mark it G_GNUC_UNUSED.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
include/tcg/tcg.h| 3 +++
tcg/aarch64/tcg-target.h | 4
tcg/arm/tcg-target.h | 5 -
tcg/i386/tcg-target.h| 3 ---
tcg/loongarch64/tcg-target.h | 3 ---
tcg/mips/tcg-target.h
Stop overloading jmp_target_arg for both offset and address,
depending on TCG_TARGET_HAS_direct_jump. Instead, add a new
field to hold the jump insn offset and always set the target
address in jmp_target_addr[]. This will allow a tcg backend
to use either direct or indirect depending on
Now that tcg can handle direct and indirect goto_tb
simultaneously, we can optimistically leave space for
a direct branch and fall back to loading the pointer
from the TB for an indirect branch.
Signed-off-by: Richard Henderson
---
tcg/arm/tcg-target.c.inc | 52
Test TCG_TARGET_HAS_direct_jump instead of testing an
implementation pointer.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c.inc | 2 +-
tcg/arm/tcg-target.c.inc | 2 +-
tcg/loongarch64/tcg-target.c.inc | 2 +-
Small patch for exit_tb. Large reorg for goto_tb, primarily aimed at
fixing a race condition in which a host thread gets suspended in the
middle of executing a two insn sequence, and the sequence is updated.
The updated second insn does not match the previous first insn, so
when the thread
Signed-off-by: Richard Henderson
---
tcg/sparc64/tcg-target.c.inc | 41 +++-
1 file changed, 12 insertions(+), 29 deletions(-)
diff --git a/tcg/sparc64/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc
index d2d8b46815..26b00d1638 100644
---
Ping?
About [PATCH v2 2/2], the bad thing is that the customer will not be able to
notice the issue, that is, the "Broken BIOS detected" in dmesg, immediately.
As a result, the customer VM many panic randomly anytime in the future (once
issue is encountered) if
On 11/14/22 08:13, Ilya Leoshkevich wrote:
-const void *tcg_splitwx_to_rx(void *rw);
+const void *tcg_splitwx_to_rx(const void *rw);
void *tcg_splitwx_to_rw(const void *rx);
#else
-static inline const void *tcg_splitwx_to_rx(void *rw)
+static inline const void *tcg_splitwx_to_rx(const void
Am 8. Januar 2023 18:28:28 UTC schrieb "Philippe Mathieu-Daudé"
:
>On 8/1/23 16:12, Bernhard Beschow wrote:
>> Am 7. Januar 2023 23:57:32 UTC schrieb Mark Cave-Ayland
>> :
>>> On 05/01/2023 14:31, Bernhard Beschow wrote:
>
Bernhard Beschow (28):
hw/mips/Kconfig: Track Malta's
On 8/1/23 17:47, Emilio Cota wrote:
Related: #1381
Signed-off-by: Emilio Cota
---
accel/tcg/translator.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé
On 8/1/23 17:39, Emilio Cota wrote:
We forgot to add this one in "a890643958 util/qht: atomically set b->hashes".
Detected with tsan.
Signed-off-by: Emilio Cota
---
util/qht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé
On 1/8/23 08:39, Emilio Cota wrote:
+static inline void qht_bucket_lock_init(const struct qht_map *map,
+struct qht_bucket *b)
+{
+qht_do_if_first_in_stripe(map, b, qemu_spin_init);
+}
+
+static inline void qht_bucket_lock_destroy(const struct qht_map
On 1/8/23 08:39, Emilio Cota wrote:
To fix potential deadlocks as reported by tsan.
Signed-off-by: Emilio Cota
---
plugins/core.c | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
Reviewed-by: Richard Henderson
r~
On 1/8/23 08:39, Emilio Cota wrote:
We forgot to add this one in "a890643958 util/qht: atomically set b->hashes".
Detected with tsan.
Signed-off-by: Emilio Cota
---
util/qht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Richard Henderson
r~
On 1/8/23 08:39, Emilio Cota wrote:
Fixes the appended use-after-free. The root cause is that
during tb invalidation we use CPU_FOREACH, and therefore
to safely free a vCPU we must wait for an RCU grace period
to elapse.
$ x86_64-linux-user/qemu-x86_64 tests/tcg/x86_64-linux-user/munmap-pthread
On 8/1/23 16:12, Bernhard Beschow wrote:
Am 7. Januar 2023 23:57:32 UTC schrieb Mark Cave-Ayland
:
On 05/01/2023 14:31, Bernhard Beschow wrote:
Bernhard Beschow (28):
hw/mips/Kconfig: Track Malta's PIIX dependencies via Kconfig
hw/usb/hcd-uhci: Introduce TYPE_ defines for device
Fixes: #1381
Signed-off-by: Emilio Cota
---
accel/tcg/cpu-exec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 356fe348de..de4ba6e23c 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -504,6 +504,7 @@ static void
Related: #1381
Signed-off-by: Emilio Cota
---
accel/tcg/translator.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 061519691f..ef5193c67e 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
It is internal to TCG and therefore we know it does not
access guest memory.
Related: #1381
Signed-off-by: Emilio Cota
---
tcg/tcg.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tcg/tcg.c b/tcg/tcg.c
index da91779890..ee67eefc0c 100644
--- a/tcg/tcg.c
+++
We were mistakenly checking tcg_ctx->plugin_insn as a canary to know
whether the TB had emitted helpers that might have accessed memory.
The problem is that tcg_ctx->plugin_insn gets updated on every
instruction in the TB, which results in us wrongly performing the
optimization (i.e. not clearing
Hi,
These are the plugin fixes that I mentioned here:
https://lists.gnu.org/archive/html/qemu-devel/2022-12/msg02865.html
They should fix https://gitlab.com/qemu-project/qemu/-/issues/1381
Thanks,
Emilio
Fixes this tsan crash, easy to reproduce with any large enough program:
$ tests/unit/test-qht
1..2
ThreadSanitizer: CHECK failed: sanitizer_deadlock_detector.h:67
"((n_all_locks_)) <
(((sizeof(all_locks_with_contexts_)/sizeof((all_locks_with_contexts_)[0]"
(0x40, 0x40) (tid=1821568)
#0
We forgot to add this one in "a890643958 util/qht: atomically set b->hashes".
Detected with tsan.
Signed-off-by: Emilio Cota
---
util/qht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/qht.c b/util/qht.c
index 065fc501f4..15866299e6 100644
--- a/util/qht.c
+++
To fix potential deadlocks as reported by tsan.
Signed-off-by: Emilio Cota
---
plugins/core.c | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/plugins/core.c b/plugins/core.c
index ccb770a485..728bacef95 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@
Hi,
Here are some fixes for tsan issues that I've encountered.
The most important patch is 3/4, which allows us to run tsan for
non-trivial workloads.
Thanks,
Emilio
Fixes the appended use-after-free. The root cause is that
during tb invalidation we use CPU_FOREACH, and therefore
to safely free a vCPU we must wait for an RCU grace period
to elapse.
$ x86_64-linux-user/qemu-x86_64 tests/tcg/x86_64-linux-user/munmap-pthread
On 06/01/2023 23:56, Alex Williamson wrote:
External email: Use caution opening links or attachments
On Thu, 29 Dec 2022 13:03:36 +0200
Avihai Horon wrote:
Currently, if IOMMU of a VFIO container doesn't support dirty page
tracking, migration is blocked. This is because a DMA-able VFIO
On 06/01/2023 19:56, Alex Williamson wrote:
External email: Use caution opening links or attachments
On Thu, 29 Dec 2022 13:03:34 +0200
Avihai Horon wrote:
From: Juan Quintela
IMHO, there should always be a commit log description. Why is this a
simplification?
Yes. It just rephrases
> Year 2020 I made 2 attempts to contribute this patch. Unfortunately "git
> format-patch" produced crippled patches which were not possible to
> apply. Some @@-lines got extra code that didn't belong in those lines.
> Now I am instead trying to send my patch using sourcehut. Unfortunately,
> it
On 1/6/2023 10:02 AM, Chuck Zmudzinski wrote:
> On 1/6/23 9:31 AM, Chuck Zmudzinski wrote:
> > On 1/6/23 9:10 AM, Chuck Zmudzinski wrote:
> >> On 1/6/23 9:03 AM, Anthony PERARD wrote:
> >>> On Sun, Jan 01, 2023 at 06:52:03PM -0500, Chuck Zmudzinski wrote:
> ...
>
> Signed-off-by:
Hi Mark,
Am 7. Januar 2023 23:45:39 UTC schrieb Mark Cave-Ayland
:
>On 05/01/2023 14:32, Bernhard Beschow wrote:
>
>> Having an i8259 proxy allows for ISA PICs to be created and wired up in
>> southbridges. This is especially interesting for PIIX3 for two reasons:
>> First, the southbridge
Am 7. Januar 2023 23:48:52 UTC schrieb Mark Cave-Ayland
:
>On 05/01/2023 14:32, Bernhard Beschow wrote:
>
>> Now that PIIX4 also uses the "proxy-pic", both implementations
>
>Should "proxy-pic" be replaced with "isa-pic" (or even TYPE_ISA_PIC) here?
Yes, indeed.
Best regards,
Bernhard
>>
Am 7. Januar 2023 23:57:32 UTC schrieb Mark Cave-Ayland
:
>On 05/01/2023 14:31, Bernhard Beschow wrote:
>
>> This series consolidates the implementations of the PIIX3 and PIIX4 south
>> bridges and is an extended version of [1]. The motivation is to share as much
>> code as possible and to
On Sat, 7 Jan 2023 at 07:53, Richard Henderson
wrote:
>
> The following changes since commit aaa90fede5d10e2a3c3fc7f2df608128d2cba761:
>
> Merge tag 'pull-tcg-20230105' of https://gitlab.com/rth7680/qemu into
> staging (2023-01-06 15:40:37 +)
>
> are available in the Git repository at:
>
>
On Fri, Jan 06, 2023 at 03:29:01PM +, Peter Maydell wrote:
> On Thu, 5 Jan 2023 at 21:53, Michael S. Tsirkin wrote:
> >
> > On Thu, Jan 05, 2023 at 09:04:37PM +, Peter Maydell wrote:
> > > On Thu, 5 Jan 2023 at 16:32, Michael S. Tsirkin wrote:
> > > >
> > > > On Thu, Jan 05, 2023 at
On Fri, Jan 6, 2023 at 12:55 AM Alex Bennée wrote:
>
> Use something more specific to avoid name clashes.
>
> Reviewed-by: Richard Henderson
> Signed-off-by: Alex Bennée
> ---
> gdbstub/internals.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
Reviewed-by: Bin Meng
On Thu, Jan 5, 2023 at 6:48 AM Philippe Mathieu-Daudé wrote:
>
> pflash_cfi02_register() hides an implicit sysbus mapping of
> MMIO region #0. This is not practical in a heterogeneous world
> where multiple cores use different address spaces. In order to
> remove to remove pflash_cfi02_register()
On Thu, Jan 5, 2023 at 6:50 AM Philippe Mathieu-Daudé wrote:
>
> Convert the QOM PFlashCFI02 to a forward/opaque pointer declaration.
> Only pflash_cfi02.c is able to poke at the internal fields.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> hw/block/pflash_cfi02.c | 2 ++
>
On Thu, Jan 5, 2023 at 6:28 AM Philippe Mathieu-Daudé wrote:
>
> We converted all caller of pflash_cfi02_register() by open
> coding a call to pflash_cfi02_create() followed by an explicit
> call to sysbus_mmio_map(); we can now remove it.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
>
On Thu, Jan 5, 2023 at 6:47 AM Philippe Mathieu-Daudé wrote:
>
> pflash_cfi02_register() hides an implicit sysbus mapping of
> MMIO region #0. This is not practical in a heterogeneous world
> where multiple cores use different address spaces. In order to
> remove to remove pflash_cfi02_register()
On Thu, Jan 5, 2023 at 6:51 AM Philippe Mathieu-Daudé wrote:
>
> Currently pflash_cfi02_register():
>
> 1/ creates a TYPE_PFLASH_CFI02 qdev instance
> 2/ maps the first MMIO region to the system bus
>
> The first minor issue is the implicit sysbus mapping is not
> obvious (the function name
On Thu, Jan 5, 2023 at 6:51 AM Philippe Mathieu-Daudé wrote:
>
> pflash_cfi01_register() hides an implicit sysbus mapping of
> MMIO region #0. This is not practical in a heterogeneous world
> where multiple cores use different address spaces. In order to
> remove to remove pflash_cfi01_register()
On Thu, Jan 5, 2023 at 6:49 AM Philippe Mathieu-Daudé wrote:
>
> pflash_cfi01_register() hides an implicit sysbus mapping of
> MMIO region #0. This is not practical in a heterogeneous world
> where multiple cores use different address spaces. In order to
> remove to remove pflash_cfi01_register()
On Thu, Jan 5, 2023 at 6:52 AM Philippe Mathieu-Daudé wrote:
>
> Convert the QOM PFlashCFI01 to a forward/opaque pointer declaration.
> Only pflash_cfi01.c is able to poke at the internal fields.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> hw/block/pflash_cfi01.c | 2 ++
>
On Thu, Jan 5, 2023 at 6:48 AM Philippe Mathieu-Daudé wrote:
>
> We converted all caller of pflash_cfi01_register() by open
> coding a call to pflash_cfi01_create() followed by an explicit
> call to sysbus_mmio_map(); we can now remove it.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
>
On Thu, Jan 5, 2023 at 6:37 AM Philippe Mathieu-Daudé wrote:
>
> pflash_cfi01_register() hides an implicit sysbus mapping of
> MMIO region #0. This is not practical in a heterogeneous world
> where multiple cores use different address spaces. In order to
> remove to remove pflash_cfi01_register()
71 matches
Mail list logo