[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 34808d: kvm: Introduce kvm_arch_get_default_t
|
From: |
Marc-Andre Lureau |
|
Subject: |
[Qemu-commits] [qemu/qemu] 34808d: kvm: Introduce kvm_arch_get_default_type hook |
|
Date: |
Sun, 10 Sep 2023 08:17:52 -0700 |
Branch: refs/heads/staging-8.1
Home: https://github.com/qemu/qemu
Commit: 34808d041caa3b63c2967a36dea9893083d3327c
https://github.com/qemu/qemu/commit/34808d041caa3b63c2967a36dea9893083d3327c
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M accel/kvm/kvm-all.c
M hw/mips/loongson3_virt.c
M include/sysemu/kvm.h
M target/arm/kvm.c
M target/i386/kvm/kvm.c
M target/mips/kvm.c
M target/mips/kvm_mips.h
M target/ppc/kvm.c
M target/riscv/kvm.c
M target/s390x/kvm/kvm.c
Log Message:
-----------
kvm: Introduce kvm_arch_get_default_type hook
kvm_arch_get_default_type() returns the default KVM type. This hook is
particularly useful to derive a KVM type that is valid for "none"
machine model, which is used by libvirt to probe the availability of
KVM.
For MIPS, the existing mips_kvm_type() is reused. This function ensures
the availability of VZ which is mandatory to use KVM on the current
QEMU.
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-2-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added doc comment for new function]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 5e0d65909c6f335d578b90491e165440c99adf81)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c8e381d672e069ae92ff1b93da8c7f945e63e891
https://github.com/qemu/qemu/commit/c8e381d672e069ae92ff1b93da8c7f945e63e891
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M target/arm/kvm.c
Log Message:
-----------
accel/kvm: Specify default IPA size for arm64
Before this change, the default KVM type, which is used for non-virt
machine models, was 0.
The kernel documentation says:
> On arm64, the physical address size for a VM (IPA Size limit) is
> limited to 40bits by default. The limit can be configured if the host
> supports the extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use
> KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine type
> identifier, where IPA_Bits is the maximum width of any physical
> address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
> machine type identifier.
>
> e.g, to configure a guest to use 48bit physical address size::
>
> vm_fd = ioctl(dev_fd, KVM_CREATE_VM, KVM_VM_TYPE_ARM_IPA_SIZE(48));
>
> The requested size (IPA_Bits) must be:
>
> == =========================================================
> 0 Implies default size, 40bits (for backward compatibility)
> N Implies N bits, where N is a positive integer such that,
> 32 <= N <= Host_IPA_Limit
> == =========================================================
> Host_IPA_Limit is the maximum possible value for IPA_Bits on the host
> and is dependent on the CPU capability and the kernel configuration.
> The limit can be retrieved using KVM_CAP_ARM_VM_IPA_SIZE of the
> KVM_CHECK_EXTENSION ioctl() at run-time.
>
> Creation of the VM will fail if the requested IPA size (whether it is
> implicit or explicit) is unsupported on the host.
https://docs.kernel.org/virt/kvm/api.html#kvm-create-vm
So if Host_IPA_Limit < 40, specifying 0 as the type will fail. This
actually confused libvirt, which uses "none" machine model to probe the
KVM availability, on M2 MacBook Air.
Fix this by using Host_IPA_Limit as the default type when
KVM_CAP_ARM_VM_IPA_SIZE is available.
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20230727073134.134102-3-akihiko.odaki@daynix.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 1ab445af8cd99343f29032b5944023ad7d8edebf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7012e20b2d714ef509fa88ad9cb39d4d139db226
https://github.com/qemu/qemu/commit/7012e20b2d714ef509fa88ad9cb39d4d139db226
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M target/arm/tcg/sme_helper.c
Log Message:
-----------
target/arm: Fix SME ST1Q
A typo, noted in the bug report, resulting in an
incorrect write offset.
Cc: qemu-stable@nongnu.org
Fixes: 7390e0e9ab8 ("target/arm: Implement SME LD1, ST1")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1833
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230818214255.146905-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4b3520fd93cd49cc56dfcab45d90735cc2e35af7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 63188a00bbea863cbcd9a081a8df29863d0e8f58
https://github.com/qemu/qemu/commit/63188a00bbea863cbcd9a081a8df29863d0e8f58
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M target/arm/tcg/translate.c
Log Message:
-----------
target/arm: Fix 64-bit SSRA
Typo applied byte-wise shift instead of double-word shift.
Cc: qemu-stable@nongnu.org
Fixes: 631e565450c ("target/arm: Create gen_gvec_[us]sra")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1737
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230821022025.397682-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit cd1e4db73646006039f25879af3bff55b2295ff3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 441106eebb6d4890e3ae5c4eb3494d004ac5a93d
https://github.com/qemu/qemu/commit/441106eebb6d4890e3ae5c4eb3494d004ac5a93d
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-08-24 (Thu, 24 Aug 2023)
Changed paths:
M docs/about/license.rst
Log Message:
-----------
docs/about/license: Update LICENSE URL
In early 2021 (see commit 2ad784339e "docs: update README to use
GitLab repo URLs") almost all of the code base was converted to
point to GitLab instead of git.qemu.org. During 2023, git.qemu.org
switched from a git mirror to a http redirect to GitLab (see [1]).
Update the LICENSE URL to match its previous content, displaying
the file raw content similarly to gitweb 'blob_plain' format ([2]).
[1]
https://lore.kernel.org/qemu-devel/CABgObfZu3mFc8tM20K-yXdt7F-7eV-uKZN4sKDarSeu7DYoRbA@mail.gmail.com/
[2] https://git-scm.com/docs/gitweb#Documentation/gitweb.txt-blobplain
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230822125716.55295-1-philmd@linaro.org>
(cherry picked from commit 09a3fffae00b042bed8ad9c351b1a58c505fde37)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5691fbf44095a31256cc6e323d37b8cd5fd9c196
https://github.com/qemu/qemu/commit/5691fbf44095a31256cc6e323d37b8cd5fd9c196
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-30 (Wed, 30 Aug 2023)
Changed paths:
M softmmu/physmem.c
Log Message:
-----------
softmmu: Assert data in bounds in iotlb_to_section
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Suggested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 17346f5c4abff05f8cff2fb2e9ba0db5cd9195bc
https://github.com/qemu/qemu/commit/17346f5c4abff05f8cff2fb2e9ba0db5cd9195bc
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-30 (Wed, 30 Aug 2023)
Changed paths:
M accel/tcg/cpu-exec-common.c
M include/exec/cpu-common.h
M softmmu/physmem.c
Log Message:
-----------
softmmu: Use async_run_on_cpu in tcg_commit
After system startup, run the update to memory_dispatch
and the tlb_flush on the cpu. This eliminates a race,
wherein a running cpu sees the memory_dispatch change
but has not yet seen the tlb_flush.
Since the update now happens on the cpu, we need not use
qatomic_rcu_read to protect the read of memory_dispatch.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1826
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1834
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1846
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 0d58c660689f6da1e3feff8a997014003d928b3b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7520db367f341d31c202932700dbbeec28a48072
https://github.com/qemu/qemu/commit/7520db367f341d31c202932700dbbeec28a48072
Author: Fabiano Rosas <farosas@suse.de>
Date: 2023-08-30 (Wed, 30 Aug 2023)
Changed paths:
M migration/block.c
Log Message:
-----------
block-migration: Ensure we don't crash during migration cleanup
We can fail the blk_insert_bs() at init_blk_migration(), leaving the
BlkMigDevState without a dirty_bitmap and BlockDriverState. Account
for the possibly missing elements when doing cleanup.
Fix the following crashes:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at
../block/dirty-bitmap.c:359
359 BlockDriverState *bs = bitmap->bs;
#0 0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at
../block/dirty-bitmap.c:359
#1 0x0000555555bba331 in unset_dirty_tracking () at ../migration/block.c:371
#2 0x0000555555bbad98 in block_migration_cleanup_bmds () at
../migration/block.c:681
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE,
reason=0x0) at ../block.c:7073
7073 QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) {
#0 0x0000555555e971ff in bdrv_op_unblock (bs=0x0,
op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073
#1 0x0000555555e9734a in bdrv_op_unblock_all (bs=0x0, reason=0x0) at
../block.c:7095
#2 0x0000555555bbae13 in block_migration_cleanup_bmds () at
../migration/block.c:690
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Message-id: 20230731203338.27581-1-farosas@suse.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f187609f27b261702a17f79d20bf252ee0d4f9cd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d445387476c256e472257513dab4421a61c9a535
https://github.com/qemu/qemu/commit/d445387476c256e472257513dab4421a61c9a535
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2023-08-31 (Thu, 31 Aug 2023)
Changed paths:
M docs/system/arm/emulation.rst
M target/arm/tcg/cpu64.c
Log Message:
-----------
target/arm: properly document FEAT_CRC32
This is a mandatory feature for Armv8.1 architectures but we don't
state the feature clearly in our emulation list. Also include
FEAT_CRC32 comment in aarch64_max_tcg_initfn for ease of grepping.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230824075406.1515566-1-alex.bennee@linaro.org
Cc: qemu-stable@nongnu.org
Message-Id: <20230222110104.3996971-1-alex.bennee@linaro.org>
[PMM: pluralize 'instructions' in docs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9e771a2fc68d98c5719b877e008d1dca64e6896e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5592ecdc21a7ddb4c06e53c39f80134dca1f5c68
https://github.com/qemu/qemu/commit/5592ecdc21a7ddb4c06e53c39f80134dca1f5c68
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-09-07 (Thu, 07 Sep 2023)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Adjust brk for load_bias
PIE executables are usually linked at offset 0 and are
relocated somewhere during load. The hiaddr needs to
be adjusted to keep the brk next to the executable.
Cc: qemu-stable@nongnu.org
Fixes: 1f356e8c013 ("linux-user: Adjust initial brk when interpreter is close
to executable")
Tested-by: Helge Deller <deller@gmx.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit aec338d63bc28f1f13d5e64c561d7f1dd0e4b07e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 600c8b10c9668d720964961c382eaba193f8ff6c
https://github.com/qemu/qemu/commit/600c8b10c9668d720964961c382eaba193f8ff6c
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-09-07 (Thu, 07 Sep 2023)
Changed paths:
M target/i386/tcg/sysemu/fpu_helper.c
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: raise FERR interrupt with iothread locked
Otherwise tcg_handle_interrupt() triggers an assertion failure:
#5 0x0000555555c97369 in tcg_handle_interrupt (cpu=0x555557434cb0, mask=2)
at ../accel/tcg/tcg-accel-ops.c:83
#6 tcg_handle_interrupt (cpu=0x555557434cb0, mask=2) at
../accel/tcg/tcg-accel-ops.c:81
#7 0x0000555555b4d58b in pic_irq_request (opaque=<optimized out>,
irq=<optimized out>, level=1) at ../hw/i386/x86.c:555
#8 0x0000555555b4f218 in gsi_handler (opaque=0x5555579423d0, n=13, level=1)
at ../hw/i386/x86.c:611
#9 0x00007fffa42bde14 in code_gen_buffer ()
#10 0x0000555555c724bb in cpu_tb_exec (cpu=cpu@entry=0x555557434cb0,
itb=<optimized out>, tb_exit=tb_exit@entry=0x7fffe9bfd658) at
../accel/tcg/cpu-exec.c:457
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1808
Reported-by: NyanCatTW1 <https://gitlab.com/a0939712328>
Co-developed-by: Richard Henderson <richard.henderson@linaro.org>'
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c1f27a0c6ae4059a1d809e9c2bc4d47b823c32a3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 889defd206a4f10230cb2150929dd4eeefca46b2
https://github.com/qemu/qemu/commit/889defd206a4f10230cb2150929dd4eeefca46b2
Author: Bilal Elmoussaoui <belmouss@redhat.com>
Date: 2023-09-07 (Thu, 07 Sep 2023)
Changed paths:
M ui/dbus-console.c
Log Message:
-----------
ui/dbus: Properly dispose touch/mouse dbus objects
Fixes: 142ca628a7 ("ui: add a D-Bus display backend")
Fixes: de9f844ce2 ("ui/dbus: Expose a touch device interface")
Signed-off-by: Bilal Elmoussaoui <belmouss@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230901124507.94087-1-belmouss@redhat.com>
(cherry picked from commit cb6ccdc9ca705cd8c3ef50e51c16a3732c2fa734)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c5e0f2900cff4bb94ae367dab80b41e9c2e43801
https://github.com/qemu/qemu/commit/c5e0f2900cff4bb94ae367dab80b41e9c2e43801
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ppc/vof.c
Log Message:
-----------
ppc/vof: Fix missed fields in VOF cleanup
Failing to reset the of_instance_last makes ihandle allocation continue
to increase, which causes record-replay replay fail to match the
recorded trace.
Not resetting claimed_base makes VOF eventually run out of memory after
some resets.
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Fixes: fc8c745d501 ("spapr: Implement Open Firmware client interface")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit 7b8589d7ce7e23f26ff53338d575a5cbd7818e28)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9b1df93828907b84cde4cced3f2ba5eadacae85b
https://github.com/qemu/qemu/commit/9b1df93828907b84cde4cced3f2ba5eadacae85b
Author: Maksim Kostin <maksim.kostin@ispras.ru>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ppc/e500.c
Log Message:
-----------
hw/ppc/e500: fix broken snapshot replay
ppce500_reset_device_tree is registered for system reset, but after
c4b075318eb1 this function rerandomizes rng-seed via
qemu_guest_getrandom_nofail. And when loading a snapshot, it tries to read
EVENT_RANDOM that doesn't exist, so we have an error:
qemu-system-ppc: Missing random event in the replay log
To fix this, use qemu_register_reset_nosnapshotload instead of
qemu_register_reset.
Reported-by: Vitaly Cheptsov <cheptsov@ispras.ru>
Fixes: c4b075318eb1 ("hw/ppc: pass random seed to fdt ")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1634
Signed-off-by: Maksim Kostin <maksim.kostin@ispras.ru>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit 6ec65b69ba17c954414fa23a397fb8a3fcfb4a43)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 317d4a9ec4ee0cf4877b0108db573cae306185d4
https://github.com/qemu/qemu/commit/317d4a9ec4ee0cf4877b0108db573cae306185d4
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M target/ppc/cpu.c
Log Message:
-----------
target/ppc: Flush inputs to zero with NJ in ppc_store_vscr
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1779
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit af03aeb631eeb81a44d2c0ff5b429cd4b5dc2799)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2d3a8b9435f0aeb39e32721f54dda0ce9ce004fb
https://github.com/qemu/qemu/commit/2d3a8b9435f0aeb39e32721f54dda0ce9ce004fb
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M target/ppc/translate/fixedpoint-impl.c.inc
Log Message:
-----------
target/ppc: Fix LQ, STQ register-pair order for big-endian
LQ, STQ have the same register-pair ordering as LQARX/STQARX., which is
the even (lower) register contains the most significant bits. This is
not implemented correctly for big-endian.
do_ldst_quad() has variables low_addr_gpr and high_addr_gpr which is
confusing because they are low and high addresses, whereas LQARX/STQARX.
and most such things use the low and high values for lo/hi variables.
The conversion to native 128-bit memory access functions missed this
strangeness.
Fix this by changing the if condition, and change the variable names to
hi/lo to match convention.
Cc: qemu-stable@nongnu.org
Reported-by: Ivan Warren <ivan@vmfacility.fr>
Fixes: 57b38ffd0c6f ("target/ppc: Use tcg_gen_qemu_{ld,st}_i128 for LQARX, LQ,
STQ")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1836
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit 718209358f2e4f231cbacf974c3299c4fe7beb83)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1cc7649c7f9c32275ded80ac9b20dcc30a4d1471
https://github.com/qemu/qemu/commit/1cc7649c7f9c32275ded80ac9b20dcc30a4d1471
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/core.c
Log Message:
-----------
hw/ide/core: set ERR_STAT in unsupported command completion
Currently, the first time sending an unsupported command
(e.g. READ LOG DMA EXT) will not have ERR_STAT set in the completion.
Sending the unsupported command again, will correctly have ERR_STAT set.
When ide_cmd_permitted() returns false, it calls ide_abort_command().
ide_abort_command() first calls ide_transfer_stop(), which will call
ide_transfer_halt() and ide_cmd_done(), after that ide_abort_command()
sets ERR_STAT in status.
ide_cmd_done() for AHCI will call ahci_write_fis_d2h() which writes the
current status in the FIS, and raises an IRQ. (The status here will not
have ERR_STAT set!).
Thus, we cannot call ide_transfer_stop() before setting ERR_STAT, as
ide_transfer_stop() will result in the FIS being written and an IRQ
being raised.
The reason why it works the second time, is that ERR_STAT will still
be set from the previous command, so when writing the FIS, the
completion will correctly have ERR_STAT set.
Set ERR_STAT before writing the FIS (calling cmd_done), so that we will
raise an error IRQ correctly when receiving an unsupported command.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-3-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit c3461c6264a7c8ca15b117e91fe5da786924a784)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: aa11a0abd2d6d68708e3c26dbdce9a801a45909e
https://github.com/qemu/qemu/commit/aa11a0abd2d6d68708e3c26dbdce9a801a45909e
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: write D2H FIS when processing NCQ command
The way that BUSY + PxCI is cleared for NCQ (FPDMA QUEUED) commands is
described in SATA 3.5a Gold:
11.15 FPDMA QUEUED command protocol
DFPDMAQ2: ClearInterfaceBsy
"Transmit Register Device to Host FIS with the BSY bit cleared to zero
and the DRQ bit cleared to zero and Interrupt bit cleared to zero to
mark interface ready for the next command."
PxCI is currently cleared by handle_cmd(), but we don't write the D2H
FIS to the FIS Receive Area that actually caused PxCI to be cleared.
Similar to how ahci_pio_transfer() calls ahci_write_fis_pio() with an
additional parameter to write a PIO Setup FIS without raising an IRQ,
add a parameter to ahci_write_fis_d2h() so that ahci_write_fis_d2h()
also can write the FIS to the FIS Receive Area without raising an IRQ.
Change process_ncq_command() to call ahci_write_fis_d2h() without
raising an IRQ (similar to ahci_pio_transfer()), such that the FIS
Receive Area is in sync with the PxTFD shadow register.
E.g. Linux reads status and error fields from the FIS Receive Area
directly, so it is wise to keep the FIS Receive Area and the PxTFD
shadow register in sync.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-id: 20230609140844.202795-4-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 2967dc8209dd27b61a6ab7bad78cf7c6ec58ddb4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f24eab54c8e514df501aa8a140d8e024626fbb6d
https://github.com/qemu/qemu/commit/f24eab54c8e514df501aa8a140d8e024626fbb6d
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: simplify and document PxCI handling
The AHCI spec states that:
For NCQ, PxCI is cleared on command queued successfully.
For non-NCQ, PxCI is cleared on command completed successfully.
(A non-NCQ command that completes with error does not clear PxCI.)
The current QEMU implementation either clears PxCI in check_cmd(),
or in ahci_cmd_done().
check_cmd() will clear PxCI for a command if handle_cmd() returns 0.
handle_cmd() will return -1 if BUSY or DRQ is set.
The QEMU implementation for NCQ commands will currently not set BUSY
or DRQ, so they will always have PxCI cleared by handle_cmd().
ahci_cmd_done() will never even get called for NCQ commands.
Non-NCQ commands are executed by ide_bus_exec_cmd().
Non-NCQ commands in QEMU are implemented either in a sync or in an async
way.
For non-NCQ commands implemented in a sync way, the command handler will
return true, and when ide_bus_exec_cmd() sees that a command handler
returns true, it will call ide_cmd_done() (which will call
ahci_cmd_done()). For a command implemented in a sync way,
ahci_cmd_done() will do nothing (since busy_slot is not set). Instead,
after ide_bus_exec_cmd() has finished, check_cmd() will clear PxCI for
these commands.
For non-NCQ commands implemented in an async way (using either aiocb or
pio_aiocb), the command handler will return false, ide_bus_exec_cmd()
will not call ide_cmd_done(), instead it is expected that the async
callback function will call ide_cmd_done() once the async command is
done. handle_cmd() will set busy_slot, if and only if BUSY or DRQ is
set, and this is checked _after_ ide_bus_exec_cmd() has returned.
handle_cmd() will return -1, so check_cmd() will not clear PxCI.
When the async callback calls ide_cmd_done() (which will call
ahci_cmd_done()), it will see that busy_slot is set, and
ahci_cmd_done() will clear PxCI.
This seems racy, since busy_slot is set _after_ ide_bus_exec_cmd() has
returned. The callback might come before busy_slot gets set. And it is
quite confusing that ahci_cmd_done() will be called for all non-NCQ
commands when the command is done, but will only clear PxCI in certain
cases, even though it will always write a D2H FIS and raise an IRQ.
Even worse, in the case where ahci_cmd_done() does not clear PxCI, it
still raises an IRQ. Host software might thus read an old PxCI value,
since PxCI is cleared (by check_cmd()) after the IRQ has been raised.
Try to simplify this by always setting busy_slot for non-NCQ commands,
such that ahci_cmd_done() will always be responsible for clearing PxCI
for non-NCQ commands.
For NCQ commands, clear PxCI when we receive the D2H FIS, but before
raising the IRQ, see AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and
RegFIS:ClearCI.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-id: 20230609140844.202795-5-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit e2a5d9b3d9c3d311618160603cc9bc04fbd98796)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 822f1c080b8e5f455715ebcc41d653ad47674387
https://github.com/qemu/qemu/commit/822f1c080b8e5f455715ebcc41d653ad47674387
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: PxSACT and PxCI is cleared when PxCMD.ST is cleared
According to AHCI 1.3.1 definition of PxSACT:
This field is cleared when PxCMD.ST is written from a '1' to a '0' by
software. This field is not cleared by a COMRESET or a software reset.
According to AHCI 1.3.1 definition of PxCI:
This field is also cleared when PxCMD.ST is written from a '1' to a '0'
by software.
Clearing PxCMD.ST is part of the error recovery procedure, see
AHCI 1.3.1, section "6.2 Error Recovery".
If we don't clear PxCI on error recovery, the previous command will
incorrectly still be marked as pending after error recovery.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-6-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit d73b84d0b664e60fffb66f46e84d0db4a8e1c713)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dcef54e8ff107948e3d4200036f1ac8a2ff5ca59
https://github.com/qemu/qemu/commit/dcef54e8ff107948e3d4200036f1ac8a2ff5ca59
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
M tests/qtest/libqos/ahci.c
M tests/qtest/libqos/ahci.h
Log Message:
-----------
hw/ide/ahci: PxCI should not get cleared when ERR_STAT is set
For NCQ, PxCI is cleared on command queued successfully.
For non-NCQ, PxCI is cleared on command completed successfully.
Successfully means ERR_STAT, BUSY and DRQ are all cleared.
A command that has ERR_STAT set, does not get to clear PxCI.
See AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and RegFIS:ClearCI,
and 5.3.16.5 ERR:FatalTaskfile.
In the case of non-NCQ commands, not clearing PxCI is needed in order
for host software to be able to see which command slot that failed.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-id: 20230609140844.202795-7-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 1a16ce64fda11bdf50f0c4ab5d9fdde72c1383a2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f422cfc1347d7c15d1548a81edb59c1f4c0cf4f6
https://github.com/qemu/qemu/commit/f422cfc1347d7c15d1548a81edb59c1f4c0cf4f6
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: fix ahci_write_fis_sdb()
When there is an error, we need to raise a TFES error irq, see AHCI 1.3.1,
5.3.13.1 SDB:Entry.
If ERR_STAT is set, we jump to state ERR:FatalTaskfile, which will raise
a TFES IRQ unconditionally, regardless if the I bit is set in the FIS or
not.
Thus, we should never raise a normal IRQ after having sent an error IRQ.
It is valid to signal successfully completed commands as finished in the
same SDB FIS that generates the error IRQ. The important thing is that
commands that did not complete successfully (e.g. commands that were
aborted, do not get the finished bit set).
Before this commit, there was never a TFES IRQ raised on NCQ error.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-8-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 7e85cb0db4c693b4e084a00e66fe73a22ed1688a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f7c390a1fa7ee09f1c0796cacd7ee3d1b33b53ff
https://github.com/qemu/qemu/commit/f7c390a1fa7ee09f1c0796cacd7ee3d1b33b53ff
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: fix broken SError handling
When encountering an NCQ error, you should not write the NCQ tag to the
SError register. This is completely wrong.
The SError register has a clear definition, where each bit represents a
different error, see PxSERR definition in AHCI 1.3.1.
If we write a random value (like the NCQ tag) in SError, e.g. Linux will
read SError, and will trigger arbitrary error handling depending on the
NCQ tag that happened to be executing.
In case of success, ncq_cb() will call ncq_finish().
In case of error, ncq_cb() will call ncq_err() (which will clear
ncq_tfs->used), and then call ncq_finish(), thus using ncq_tfs->used is
sufficient to tell if finished should get set or not.
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-9-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 9f89423537653de07ca40c18b5ff5b70b104cc93)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 50d3cda130a14eaefd7ebc0d18d18f29a2d21b91
https://github.com/qemu/qemu/commit/50d3cda130a14eaefd7ebc0d18d18f29a2d21b91
Author: Hang Yu <francis_yuu@stu.pku.edu.cn>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/i2c/aspeed_i2c.c
M include/hw/i2c/aspeed_i2c.h
Log Message:
-----------
hw/i2c/aspeed: Fix Tx count and Rx size error in buffer pool mode
Fixed inconsistency between the regisiter bit field definition header file
and the ast2600 datasheet. The reg name is I2CD1C:Pool Buffer Control
Register in old register mode and I2CC0C: Master/Slave Pool Buffer Control
Register in new register mode. They share bit field
[12:8]:Transmit Data Byte Count and bit field
[29:24]:Actual Received Pool Buffer Size according to the datasheet.
According to the ast2600 datasheet,the actual Tx count is
Transmit Data Byte Count plus 1, and the max Rx size is
Receive Pool Buffer Size plus 1, both in Pool Buffer Control Register.
The version before forgot to plus 1, and mistake Rx count for Rx size.
Signed-off-by: Hang Yu <francis_yuu@stu.pku.edu.cn>
Fixes: 3be3d6ccf2ad ("aspeed: i2c: Migrate to registerfields API")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit 97b8aa5ae9ff197394395eda5062ea3681e09c28)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c05ce1500cdaca2b5b9940e3791532610471a0de
https://github.com/qemu/qemu/commit/c05ce1500cdaca2b5b9940e3791532610471a0de
Author: Hang Yu <francis_yuu@stu.pku.edu.cn>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M hw/i2c/aspeed_i2c.c
Log Message:
-----------
hw/i2c/aspeed: Fix TXBUF transmission start position error
According to the ast2600 datasheet and the linux aspeed i2c driver,
the TXBUF transmission start position should be TXBUF[0] instead
of TXBUF[1],so the arg pool_start is useless,and the address is not
included in TXBUF.So even if Tx Count equals zero,there is at least
1 byte data needs to be transmitted,and M_TX_CMD should not be cleared
at this condition.The driver url is:
https://github.com/AspeedTech-BMC/linux/blob/aspeed-master-v5.15/drivers/i2c/busses/i2c-ast2600.c
Signed-off-by: Hang Yu <francis_yuu@stu.pku.edu.cn>
Fixes: 6054fc73e8f4 ("aspeed/i2c: Add support for pool buffer transfers")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit 961faf3ddbd8ffcdf776bbcf88af0bc97218114a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: be781a96e4f6e0725e63cca063dd051e0987de68
https://github.com/qemu/qemu/commit/be781a96e4f6e0725e63cca063dd051e0987de68
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-09-09 (Sat, 09 Sep 2023)
Changed paths:
M qemu-options.hx
Log Message:
-----------
qemu-options.hx: Rephrase the descriptions of the -hd* and -cdrom options
The current description says that these options will create a device
on the IDE bus, which is only true on x86. So rephrase these sentences
a little bit to speak of "default bus" instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit bcd8e243083c878884e52d609deddbe6be17c730)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 83dca7a6eeee753a145f1904c5fe32bffe3fede5
https://github.com/qemu/qemu/commit/83dca7a6eeee753a145f1904c5fe32bffe3fede5
Author: Markus Armbruster <armbru@redhat.com>
Date: 2023-09-09 (Sat, 09 Sep 2023)
Changed paths:
M docs/multi-thread-compression.txt
M docs/rdma.txt
M tests/qemu-iotests/181
M tests/qtest/test-hmp.c
Log Message:
-----------
docs tests: Fix use of migrate_set_parameter
docs/multi-thread-compression.txt uses parameter names with
underscores instead of dashes. Wrong since day one.
docs/rdma.txt, tests/qemu-iotests/181, and tests/qtest/test-hmp.c are
wrong the same way since commit cbde7be900d2 (v6.0.0). Hard to see,
as test-hmp doesn't check whether the commands work, and iotest 181
appears to be unaffected.
Fixes: 263170e679df (docs: Add a doc about multiple thread compression)
Fixes: cbde7be900d2 (migrate: remove QMP/HMP commands for speed, downtime and
cache size)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit b21a6e31a182a5ae7436a444f840d49aac07c94f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9a4f41535b9b9116294e8e406ad97dd69330b28d
https://github.com/qemu/qemu/commit/9a4f41535b9b9116294e8e406ad97dd69330b28d
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-09-09 (Sat, 09 Sep 2023)
Changed paths:
M hw/net/vmxnet3.c
Log Message:
-----------
hw/net/vmxnet3: Fix guest-triggerable assert()
The assert() that checks for valid MTU sizes can be triggered by
the guest (e.g. with the reproducer code from the bug ticket
https://gitlab.com/qemu-project/qemu/-/issues/517 ). Let's avoid
this problem by simply logging the error and refusing to activate
the device instead.
Fixes: d05dcd94ae ("net: vmxnet3: validate configuration values during
activate")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
[Mjt: change format specifier from %d to %u for uint32_t argument]
(cherry picked from commit 90a0778421acdf4ca903be64c8ed19378183c944)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 00628cf412cd35277eda2e4601814de806557bc1
https://github.com/qemu/qemu/commit/00628cf412cd35277eda2e4601814de806557bc1
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-09-09 (Sat, 09 Sep 2023)
Changed paths:
M hw/display/qxl.c
Log Message:
-----------
qxl: don't assert() if device isn't yet initialized
If the PCI BAR isn't yet mapped or was unmapped, QXL_IO_SET_MODE will
assert(). Instead, report a guest bug and keep going.
This can be reproduced with:
cat << EOF | ./qemu-system-x86_64 -vga qxl -m 2048 -nodefaults -qtest stdio
outl 0xcf8 0x8000101c
outl 0xcfc 0xc000
outl 0xcf8 0x80001001
outl 0xcfc 0x01000000
outl 0xc006 0x00
EOF
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1829
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 95bef686e490bc3afc3f51f5fc6e20bf260b938c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/01f6417f1550...00628cf412cd
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 34808d: kvm: Introduce kvm_arch_get_default_type hook,
Marc-Andre Lureau <=