Paolo Bonzini [Tue, 23 Aug 2022 12:55:56 +0000 (14:55 +0200)]
target/i386: add ALU load/writeback core
Add generic code generation that takes care of preparing operands
around calls to decode.e.gen in a table-driven manner, so that ALU
operations need not take care of that.
Paolo Bonzini [Tue, 23 Aug 2022 09:20:55 +0000 (11:20 +0200)]
target/i386: add core of new i386 decoder
The new decoder is based on three principles:
- use mostly table-driven decoding, using tables derived as much as possible
from the Intel manual. Centralizing the decode the operands makes it
more homogeneous, for example all immediates are signed. All modrm
handling is in one function, and can be shared between SSE and ALU
instructions (including XMM<->GPR instructions). The SSE/AVX decoder
will also not have duplicated code between the 0F, 0F38 and 0F3A tables.
- keep the code as "non-branchy" as possible. Generally, the code for
the new decoder is more verbose, but the control flow is simpler.
Conditionals are not nested and have small bodies. All instruction
groups are resolved even before operands are decoded, and code
generation is separated as much as possible within small functions
that only handle one instruction each.
- keep address generation and (for ALU operands) memory loads and writeback
as much in common code as possible. All ALU operations for example
are implemented as T0=f(T0,T1). For non-ALU instructions,
read-modify-write memory operations are rare, but registers do not
have TCGv equivalents: therefore, the common logic sets up pointer
temporaries with the operands, while load and writeback are handled
by gvec or by helpers.
These principles make future code review and extensibility simpler, at
the cost of having a relatively large amount of code in the form of this
patch. Even EVEX should not be _too_ hard to implement (it's just a crazy
large amount of possibilities).
This patch introduces the main decoder flow, and integrates the old
decoder with the new one. The old decoder takes care of parsing
prefixes and then optionally drops to the new one. The changes to the
old decoder are minimal and allow it to be replaced incrementally with
the new one.
There is a debugging mechanism through a "LIMIT" environment variable.
In user-mode emulation, the variable is the number of instructions
decoded by the new decoder before permanently switching to the old one.
In system emulation, the variable is the highest opcode that is decoded
by the new decoder (this is less friendly, but it's the best that can
be done without requiring deterministic execution).
Paolo Bonzini [Tue, 18 Oct 2022 11:27:44 +0000 (13:27 +0200)]
target/i386: make rex_w available even in 32-bit mode
REX.W can be used even in 32-bit mode by AVX instructions, where it is retroactively
renamed to VEX.W. Make the field available even in 32-bit mode but keep the REX_W()
macro as it was; this way, that the handling of dflag does not use it by mistake and
the AVX code more clearly points at the special VEX behavior of the bit.
Paolo Bonzini [Fri, 2 Sep 2022 09:32:31 +0000 (11:32 +0200)]
target/i386: make ldo/sto operations consistent with ldq
ldq takes a pointer to the first byte to load the 64-bit word in;
ldo takes a pointer to the first byte of the ZMMReg. Make them
consistent, which will be useful in the new SSE decoder's
load/writeback routines.
target/i386: Use probe_access_full for final stage2 translation
Rather than recurse directly on mmu_translate, go through the
same softmmu lookup that we did for the page table walk.
This centralizes all knowledge of MMU_NESTED_IDX, with respect
to setup of TranslationParams, to get_physical_address.
target/i386: Combine 5 sets of variables in mmu_translate
We don't need one variable set per translation level,
which requires copying into pte/pte_addr for huge pages.
Standardize on pte/pte_addr for all levels.
Replace with PTE_HPHYS for the page table walk, and a direct call
to mmu_translate for the final stage2 translation. Hoist the check
for HF2_NPT_MASK out to get_physical_address, which avoids the
recursive call when stage2 is disabled.
We can now return all the way out to x86_cpu_tlb_fill before raising
an exception, which means probe works.
target/i386: Save and restore pc_save before tcg_remove_ops_after
Restore pc_save while undoing any state change that may have
happened while decoding the instruction. Leave a TODO about
removing all of that when the table-based decoder is complete.
Peter Maydell [Thu, 13 Oct 2022 17:19:26 +0000 (18:19 +0100)]
target/i386: Use device_cold_reset() to reset the APIC
The semantic difference between the deprecated device_legacy_reset()
function and the newer device_cold_reset() function is that the new
function resets both the device itself and any qbuses it owns,
whereas the legacy function resets just the device itself and nothing
else.
The x86_cpu_after_reset() function uses device_legacy_reset() to reset
the APIC; this is an APICCommonState and does not have any qbuses, so
for this purpose the two functions behave identically and we can stop
using the deprecated one.
Michal Privoznik [Fri, 14 Oct 2022 07:30:15 +0000 (09:30 +0200)]
configure: Avoid using strings binary
When determining the endiandness of the target architecture we're
building for a small program is compiled, which in an obfuscated
way declares two strings. Then, we look which string is in
correct order (using strings binary) and deduct the endiandness.
But using the strings binary is problematic, because it's part of
toolchain (strings is just a symlink to
x86_64-pc-linux-gnu-strings or llvm-strings). And when
(cross-)compiling, it requires users to set the symlink to the
correct toolchain.
Fortunately, we have a better alternative anyways. We can mimic
what compiler.h is already doing: comparing __BYTE_ORDER__
against values for little/big endiandness.
hyperv: fix SynIC SINT assertion failure on guest reset
Resetting a guest that has Hyper-V VMBus support enabled triggers a QEMU
assertion failure:
hw/hyperv/hyperv.c:131: synic_reset: Assertion `QLIST_EMPTY(&synic->sint_routes)' failed.
This happens both on normal guest reboot or when using "system_reset" HMP
command.
The failing assertion was introduced by commit 64ddecc88bcf ("hyperv: SControl is optional to enable SynIc")
to catch dangling SINT routes on SynIC reset.
The root cause of this problem is that the SynIC itself is reset before
devices using SINT routes have chance to clean up these routes.
Since there seems to be no existing mechanism to force reset callbacks (or
methods) to be executed in specific order let's use a similar method that
is already used to reset another interrupt controller (APIC) after devices
have been reset - by invoking the SynIC reset from the machine reset
handler via a new x86_cpu_after_reset() function co-located with
the existing x86_cpu_reset() in target/i386/cpu.c.
Opportunistically move the APIC reset handler there, too.
Peter Maydell [Thu, 13 Oct 2022 16:06:23 +0000 (17:06 +0100)]
hw/scsi/vmw_pvscsi.c: Use device_cold_reset() to reset SCSI devices
Currently the vwm_pvscsi controller resets individual SCSI devices
with the device_legacy_reset() function. The only difference between
this and device_cold_reset() is that device_legacy_reset() resets the
device but not any child qbuses it might have.
In this case, no SCSI device has a child qbus, so the functions have
the same behaviour. Switch to device_cold_reset() to move away from
using the deprecated function, and bring this SCSI controller in to
line with what all the others do.
Peter Maydell [Thu, 13 Oct 2022 16:06:22 +0000 (17:06 +0100)]
scsi: Use device_cold_reset() and bus_cold_reset()
In the SCSI subsystem we currently use the legacy functions
qdev_reset_all() and qbus_reset_all(). These perform a recursive
reset, starting from either a qbus or a qdev. However they do not
permit any of the devices in the tree to use three-phase reset,
because device reset goes through the device_legacy_reset() function
that only calls the single DeviceClass::reset method.
Switch to using the device_cold_reset() and bus_cold_reset()
functions. These also perform a recursive reset, where first the
children are reset and then finally the parent, but they use the new
(...in 2020...) Resettable mechanism, which supports both the old
style single-reset method and also the new 3-phase reset handling.
Since no devices attached to SCSI buses currently try to use 3-phase
reset, this should be a no-behaviour-change commit which just reduces
the use of a deprecated API.
Commit created with:
sed -i -e 's/qdev_reset_all/device_cold_reset/g;s/qbus_reset_all/bus_cold_reset/g' hw/scsi/*.c
Paolo Bonzini [Wed, 12 Oct 2022 14:33:03 +0000 (16:33 +0200)]
configure: don't enable firmware for targets that are not built
This avoids the unfortunate effect of building pc-bios blobs
even for targets the user isn't interested in.
Due to the bi-arch nature of x86 and PPC firmware, check for the
desired target by hand, and don't just look for the compilation target
in $target_list.
Venu Busireddy [Thu, 6 Oct 2022 19:49:46 +0000 (14:49 -0500)]
virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events
Section 5.6.6.3 of VirtIO specification states, "Events will also
be reported via sense codes..." However, no sense data is sent when
VIRTIO_SCSI_EVT_RESET_RESCAN or VIRTIO_SCSI_EVT_RESET_REMOVED events
are reported (when disk hotplug/hotunplug events occur). SCSI layer
on Solaris depends on this sense data, and hence does not handle disk
hotplug/hotunplug events.
When the disk inventory changes, use the bus unit attention mechanism
to return a CHECK_CONDITION status with sense data of 0x06/0x3F/0x0E
(sense code REPORTED_LUNS_CHANGED). The first device on the bus to
execute a command successfully will report and consume the unit
attention status.
* tag 'kraxel-20221013-pull-request' of https://gitlab.com/kraxel/qemu: (26 commits)
audio: improve out.voices test
audio: fix in.voices test
gtk: Add show_menubar=on|off command line option.
qemu-edid: Restrict input parameter -d to avoid division by zero
ui/gtk: Fix the implicit mouse ungrabbing logic
pci-ids: document modern virtio-pci ids in pci.h too
pci-ids: drop list of modern virtio devices
pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM
pci-ids: drop PCI_DEVICE_ID_VIRTIO_MEM
pci-ids: drop PCI_DEVICE_ID_VIRTIO_IOMMU
docs: add firmware feature flags
cirrus_vga: fix potential memory overflow
ui/gtk-egl: egl context needs to be unbound in the end of gd_egl_switch
ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
audio: prevent an integer overflow in resampling code
audio: fix sw->buf size for audio recording
audio: refactor audio_get_avail()
audio: rename audio_sw_bytes_free()
audio: swap audio_rate_get_bytes() function parameters
spiceaudio: update comment
...
* tag 'win32-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
tests/unit: make test-io-channel-command work on win32
io/command: implement support for win32
io/command: use glib GSpawn, instead of open-coding fork/exec
tests/channel-helper: set blocking in main thread
util: make do_send_recv work with partial send/recv
osdep: make readv_writev() work with partial read/write
win32: set threads name
Stefan Hajnoczi [Thu, 13 Oct 2022 17:55:24 +0000 (13:55 -0400)]
Merge tag 'pull-request-2022-10-12' of https://gitlab.com/thuth/qemu into staging
* Rework of qtests to support hot plugging tests on q35
* New VNC qtest
* Fixes related to temporary file handling in the tests
* Use signal() instead of sigaction() since the latter does not work on Windows
* Some other small clean-ups
* tag 'pull-request-2022-10-12' of https://gitlab.com/thuth/qemu:
tests/unit/test-image-locking: Fix handling of temporary files
tests/qtest: libqtest: Install signal handler via signal()
tests/qtest: migration-test: Avoid using hardcoded /tmp
qtest: start a VNC test
tests/avocado: Add missing require_netdev('user') checks
tests/x86: Add 'q35' machine type to ivshmem-test
tests/x86: Add 'q35' machine type to drive_del-test
tests/x86: replace snprint() by g_strdup_printf() in drive_del-test
tests/x86: Fix comment typo in drive_del-test
tests/x86: Add 'q35' machine type to hotplug hd-geo-test
tests/x86: Add 'q35' machine type to override-tests in hd-geo-test
tests/x86: Refactor hot unplug hd-geo-test
tests/x86: Add subtest with 'q35' machine type to device-plug-test
tests/x86: add helper qtest_qmp_device_del_send()
tests/migration: remove the unused local variable
qtest: "-display none" is set in qtest_init()
Stefan Hajnoczi [Thu, 13 Oct 2022 17:55:03 +0000 (13:55 -0400)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* scsi-disk: support setting CD-ROM block size via device options
* target/i386: Implement MSR_CORE_THREAD_COUNT MSR
* target/i386: notify VM exit support
* target/i386: PC-relative translation block support
* target/i386: support for XSAVE state in signal frames (linux-user)
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (37 commits)
linux-user: i386/signal: support XSAVE/XRSTOR for signal frame fpstate
linux-user: i386/signal: support FXSAVE fpstate on 32-bit emulation
linux-user: i386/signal: move fpstate at the end of the 32-bit frames
KVM: x86: Implement MSR_CORE_THREAD_COUNT MSR
i386: kvm: Add support for MSR filtering
x86: Implement MSR_CORE_THREAD_COUNT MSR
target/i386: Enable TARGET_TB_PCREL
target/i386: Inline gen_jmp_im
target/i386: Add cpu_eip
target/i386: Create eip_cur_tl
target/i386: Merge gen_jmp_tb and gen_goto_tb into gen_jmp_rel
target/i386: Remove MemOp argument to gen_op_j*_ecx
target/i386: Use gen_jmp_rel for DISAS_TOO_MANY
target/i386: Use gen_jmp_rel for gen_jcc
target/i386: Use gen_jmp_rel for loop, repz, jecxz insns
target/i386: Create gen_jmp_rel
target/i386: Use DISAS_TOO_MANY to exit after gen_io_start
target/i386: Create eip_next_*
target/i386: Truncate values for lcall_real to i32
target/i386: Introduce DISAS_JUMP
...
Stefan Hajnoczi [Wed, 12 Oct 2022 19:59:10 +0000 (15:59 -0400)]
Merge tag 'pull-target-arm-20221010' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Retry KVM_CREATE_VM call if it fails EINTR
* allow setting SCR_EL3.EnTP2 when FEAT_SME is implemented
* docs/nuvoton: Update URL for images
* refactoring of page table walk code
* hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
* Don't allow guest to use unimplemented granule sizes
* Report FEAT_GTG support
* tag 'pull-target-arm-20221010' of https://git.linaro.org/people/pmaydell/qemu-arm: (28 commits)
docs/system/arm/emulation.rst: Report FEAT_GTG support
target/arm: Use ARMGranuleSize in ARMVAParameters
target/arm: Don't allow guest to use unimplemented granule sizes
hw/arm/boot: set CPTR_EL3.ESM and SCR_EL3.EnTP2 when booting Linux with EL3
target/arm: Use tlb_set_page_full
target/arm: Fix cacheattr in get_phys_addr_disabled
target/arm: Split out get_phys_addr_disabled
target/arm: Fix ATS12NSO* from S PL1
target/arm: Pass HCR to attribute subroutines.
target/arm: Remove env argument from combined_attrs_fwb
target/arm: Hoist read of *is_secure in S1_ptw_translate
target/arm: Introduce arm_hcr_el2_eff_secstate
target/arm: Drop secure check for HCR.TGE vs SCTLR_EL1.M
target/arm: Reorg regime_translation_disabled
target/arm: Fold secure and non-secure a-profile mmu indexes
target/arm: Add is_secure parameter to do_ats_write
target/arm: Merge regime_is_secure into get_phys_addr
target/arm: Add TBFLAG_M32.SECURE
target/arm: Add is_secure parameter to v7m_read_half_insn
target/arm: Split out get_phys_addr_with_secure
...
Stefan Hajnoczi [Wed, 12 Oct 2022 19:57:56 +0000 (15:57 -0400)]
Merge tag 'for-upstream' of git://repo.or.cz/qemu/kevin into staging
Block layer patches
- job: replace AioContext lock with job_mutex
- Fixes to make coroutine_fn annotations more accurate
- QAPI schema: Fix incorrect example
- Code cleanup
* tag 'for-upstream' of git://repo.or.cz/qemu/kevin: (50 commits)
file-posix: Remove unused s->discard_zeroes
job: remove unused functions
blockjob: remove unused functions
block_job_query: remove atomic read
job.c: enable job lock/unlock and remove Aiocontext locks
job.h: categorize JobDriver callbacks that need the AioContext lock
blockjob: protect iostatus field in BlockJob struct
blockjob: rename notifier callbacks as _locked
blockjob.h: categorize fields in struct BlockJob
jobs: protect job.aio_context with BQL and job_mutex
job: detect change of aiocontext within job coroutine
jobs: group together API calls under the same job lock
block/mirror.c: use of job helpers in drivers
jobs: use job locks also in the unit tests
jobs: add job lock in find_* functions
blockjob: introduce block_job _locked() APIs
job: move and update comments from blockjob.c
job.c: add job_lock/unlock while keeping job.h intact
aio-wait.h: introduce AIO_WAIT_WHILE_UNLOCKED
job.c: API functions not used outside should be static
...
Helge Konetzka [Wed, 12 Oct 2022 11:49:24 +0000 (13:49 +0200)]
audio: fix in.voices test
Calling qemu with valid -audiodev ...,in.voices=0 results in an obsolete
warning:
audio: Bogus number of capture voices 0, setting to 0
This patch fixes the in.voices test.
tests/unit: make test-io-channel-command work on win32
This has been tested under msys2 & windows 11. I haven't tried to make
it work with other environments yet, but that should be enough to
validate the channel-command implementation anyway.
Here are the changes:
- drop tests/ from fifo/pipe path, to avoid directory issues
- use g_find_program() to lookup the socat executable (otherwise we
would need to change ChanneCommand to use G_SPAWN_SEARCH_PATH, and deal
with missing socat differently)
- skip the "echo" test when socat is missing as well
The initial implementation was changing the pipe state created by GLib
to PIPE_NOWAIT, but it turns out it doesn't work (read/write returns an
error). Since reading may return less than the requested amount, it
seems to be non-blocking already. However, the IO operation may block
until the FD is ready, I can't find good sources of information, to be
safe we can just poll for readiness before.
Alternatively, we could setup the FDs ourself, and use UNIX sockets on
Windows, which can be used in blocking/non-blocking mode. I haven't
tried it, as I am not sure it is necessary.
io/command: use glib GSpawn, instead of open-coding fork/exec
Simplify qio_channel_command_new_spawn() with GSpawn API. This will
allow to build for WIN32 in the following patches.
As pointed out by Daniel Berrangé: there is a change in semantics here
too. The current code only touches stdin/stdout/stderr. Any other FDs
which do NOT have O_CLOEXEC set will be inherited. With the new code,
all FDs except stdin/out/err will be explicitly closed, because we don't
set the flag G_SPAWN_LEAVE_DESCRIPTORS_OPEN. The only place we use
QIOChannelCommand today is the migration exec: protocol, and that is
only declared to use stdin/stdout.
The /io/channel/command/echo tests run the reader side and the writer
side with the same underlying command channel. Setting the blocking mode
of the fd/handles while the other end is already reading/writing may
create issues (deadlock in win32 when earlier attempt of this series
were using SetNamedPipeHandleState). Let's just do it before spawning
the threads to avoid further concurrency issues.
util: make do_send_recv work with partial send/recv
According to msdn documentation and Linux man pages, send() should try
to send as much as possible in blocking mode, while recv() may return
earlier with a smaller available amount, we should try to continue
send/recv from there.
osdep: make readv_writev() work with partial read/write
With a pipe or other reasons, read/write may return less than the
requested bytes. This happens with the test-io-channel-command test on
Windows. glib spawn code uses a binary pipe of 4096 bytes, and the first
read returns that much (although more are requested), for some unclear
reason...
As described in:
https://learn.microsoft.com/en-us/visualstudio/debugger/how-to-set-a-thread-name-in-native-code?view=vs-2022
SetThreadDescription() is available since Windows 10, version 1607 and
in some versions only by "Run Time Dynamic Linking". Its declaration is
not yet in mingw, so we lookup the function the same way glib does.
Tested with Visual Studio Community 2022 debugger.
Bryce Mills [Tue, 11 Oct 2022 13:58:21 +0000 (13:58 +0000)]
gtk: Add show_menubar=on|off command line option.
The patch adds "show_menubar" command line option for GTK UI similar to
"show_tabs". This option allows to hide menu bar initially, it still can
be toggled by shortcut and other shortcuts still work.
Thomas Huth [Wed, 12 Oct 2022 08:56:01 +0000 (10:56 +0200)]
tests/unit/test-image-locking: Fix handling of temporary files
test-image-locking leaves some temporary files around - clean
them up. While we're at it, test-image-locking is a unit test,
so it should not use "qtest.*" for temporary file names. Give
them better names instead, so that it clear where the temporary
files come from.
Akihiko Odaki [Sat, 8 Oct 2022 14:01:16 +0000 (23:01 +0900)]
ui/gtk: Fix the implicit mouse ungrabbing logic
Although the grab menu item represents the tabbed displays, the old
implicit mouse ungrabbing logic changes the grab menu item even for
an untabbed display.
Leave the grab menu item when implicitly ungrabbing mouse for an
untabbed display. The new ungrabbing logic introduced in
gd_mouse_mode_change() strictly follows the corresponding grabbing
logic found in gd_button_event().
Bin Meng [Thu, 6 Oct 2022 15:19:19 +0000 (23:19 +0800)]
tests/qtest: libqtest: Install signal handler via signal()
At present the codes uses sigaction() to install signal handler with
a flag SA_RESETHAND. Such usage can be covered by the signal() API
that is a simplified interface to the general sigaction() facility.
Update to use signal() to install the signal handler, as it is
available on Windows which we are going to support.
This is some of the simplest test we could perform, it simply connects
to the VNC server via passed-in socket FDs and checks the connection can
be established.
Another series will make this test work on Windows as well.
Stefan Hajnoczi [Tue, 11 Oct 2022 19:31:27 +0000 (15:31 -0400)]
Merge tag 'pull-testing-gdbstub-plugins-gitdm-111022-1' of https://github.com/stsquad/qemu into staging
testing:
- revert patch to stop always building pc-bios roms
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmNFw8YACgkQ+9DbCVqe
# KkT40wf+JTJSu9yashD38isN26LtW/Ie7+D0lhBCpmHlQy256Qumc4kaMotC6da5
# iU58rfDzN6EUjfbZSPfbLQTVnmH6om5/ejJoEWZIeoYtcgBHdzHYGpHxOf68r/BA
# 1y5GlahyG0rtR80J9vjAIqlQswBgklZIomqQj2VyAy3I7fFcYKIW14FyY6by/cZU
# b7YVn8esZ/+6q6KirrX/zksf04uek8twoOZ4oBRNW1aeApvs73NUXmIXd1IidlgW
# qxDOCm2IGZ1skRoaWH8kOjsYXfE/w4DFt+vOAKmSHnnYLAEYjfA+J4TUfoqmaOQ1
# LhEm/v0rDvteX8hEErBvXAsXdm3HqA==
# =ux3j
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 11 Oct 2022 15:28:06 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-testing-gdbstub-plugins-gitdm-111022-1' of https://github.com/stsquad/qemu:
Revert "configure: build ROMs with container-based cross compilers"
Some avocado tests fail if QEMU was built without libslirp. Add
require_netdev('user') checks where necessary:
These tests try to ping 10.0.2.2 and expect it to succeed:
boot_linux_console.py:BootLinuxConsole.test_arm_emcraft_sf2
boot_linux_console.py:BootLinuxConsole.test_arm_orangepi_sd
ppc_bamboo.py:BambooMachine.test_ppc_bamboo
These tests run a commandline that includes '-net user':
machine_aspeed.py:AST2x00Machine.test_arm_ast2500_evb_builroot
(and others that use the do_test_arm_aspeed_buidroot_start()
or do_test_arm_aspeed_sdk_start() helper functions)
These changes seem to be sufficient for 'make check-avocado'
to not fail on a --disable-slirp build.
Dongwon Kim [Wed, 28 Sep 2022 21:58:05 +0000 (14:58 -0700)]
ui/gtk-egl: egl context needs to be unbound in the end of gd_egl_switch
A thread often fails to bind an egl context to itself after guest VM is
rebooted because the context is still owned by another thread. It is not
very clear what condition makes this happen but this can be prevented
by unbinding the context from the thread in the end of gd_egl_switch.
Stefan Hajnoczi [Tue, 11 Oct 2022 13:31:19 +0000 (09:31 -0400)]
Merge tag 'dump-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
dump patches
Hi
Includes:
- the first patches from "[PATCH v5 00/18] dump: Add arch section and s390x PV dump"
- "[PATCH v2 0/2] Fix dumping in kdump format with non-aligned memory"
* tag 'dump-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
dump: fix kdump to work over non-aligned blocks
dump: simplify a bit kdump get_next_page()
dump: Rename write_elf*_phdr_note to prepare_elf*_phdr_note
dump: Split elf header functions into prepare and write
dump: Rework dump_calculate_size function
dump: Rework filter area variables
dump: Rework get_start_block
dump: Refactor dump_iterate and introduce dump_filter_memblock_*()
dump: Rename write_elf_loads to write_elf_phdr_loads
dump: Replace opaque DumpState pointer with a typed one
ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
Extended ClientCutText messages start with a 4-byte header. If len < 4,
an integer underflow occurs in vnc_client_cut_text_ext. The result is
used to decompress data in a while loop in inflate_buffer, leading to
CPU consumption and denial of service. Prevent this by checking dlen in
protocol_client_msg.
Michael Labiuk [Thu, 29 Sep 2022 22:35:39 +0000 (01:35 +0300)]
tests/x86: add helper qtest_qmp_device_del_send()
Move sending 'device_del' command to separate function.
Function can be used in case of addition action is needed to start
actual removing device after sending command.
audio: prevent an integer overflow in resampling code
There are corner cases where rate->opos can overflow. For
example, if QEMU is started with -audiodev pa,id=audio0,
out.frequency=11025 -device ich9-intel-hda -device hda-duplex,
audiodev=audio0 and the guest plays audio with a sampling
frequency of 44100Hz, rate->opos will overflow after 27.05h
and the audio stream will be silent for a long time.
To prevent a rate->opos and also a rate->ipos overflow, both
are wrapped around after a short time. The wrap around point
rate->ipos >= 0x10001 is an arbitrarily selected value and can
be any small value, 0 and 1 included.
The comment that an ipos overflow will result in an infinite
loop has been removed, because in this case the resampling code
only generates no more output samples and the audio stream stalls.
However, there is no infinite loop.
The calculation of the buffer size needed to store audio samples
after resampling is wrong for audio recording. For audio recording
sw->ratio is calculated as
In 2 of 3 places in the audio recording code where sw->ratio
is used in a calculation to get the number of frontend frames,
the calculation is wrong. Fix this. The 3rd formula in
audio_pcm_sw_read() is correct.
Split out the code in audio_get_avail() that calculates the
buffer size that the audio frontend can read. This is similar
to the code changes in audio_get_free().
Rename and refactor audio_sw_bytes_free(). This function is not
limited to calculate the free audio buffer size. The renamed
function returns the number of frames instead of bytes.
spiceaudio: add a pcm_ops buffer_get_free function
It seems there is a demand [1] for low latency playback over
SPICE. Add a pcm_ops buffer_get_free function to reduce the
playback latency. The mixing engine buffer becomes a temporary
buffer.
The next patch needs two new rate control functions. The first
one returns the bytes needed at call time to maintain the
selected rate. The second one adjusts the bytes actually sent.
Split the audio_rate_get_bytes() function into these two
functions and reintroduce audio_rate_get_bytes().
Change the buffer_get_free pcm_ops function to report the free
ALSA playback buffer. The generic buffer becomes a temporary
buffer and is empty after a call to audio_run_out().
audio: run downstream playback queue unconditionally
Run the downstream playback queue even if the emulated audio
device didn't write new samples. There still may be buffered
audio samples downstream.
This is for the -audiodev out.mixing-engine=off case. Commit a8a98cfd42 ("audio: run downstream playback queue uncondition-
ally") fixed the out.mixing-engine=on case.
Paolo Bonzini [Thu, 6 Oct 2022 11:31:06 +0000 (13:31 +0200)]
linux-user: i386/signal: support FXSAVE fpstate on 32-bit emulation
Linux can use FXSAVE to save/restore XMM registers even on 32-bit
systems. This requires some care in order to keep the FXSAVE area
aligned to 16 bytes; for this reason, get_sigframe is changed to
pass the offset into the FXSAVE area rather than the full frame
size.
Paolo Bonzini [Fri, 7 Oct 2022 13:47:35 +0000 (15:47 +0200)]
linux-user: i386/signal: move fpstate at the end of the 32-bit frames
Recent versions of Linux moved the 32-bit fpstate towards the end of the
frame, so that the variable-sized xsave data does not overwrite the
(ABI-defined) extramask[] field. Follow suit in QEMU.
Alexander Graf [Tue, 4 Oct 2022 22:56:43 +0000 (00:56 +0200)]
KVM: x86: Implement MSR_CORE_THREAD_COUNT MSR
The MSR_CORE_THREAD_COUNT MSR describes CPU package topology, such as number
of threads and cores for a given package. This is information that QEMU has
readily available and can provide through the new user space MSR deflection
interface.
This patch propagates the existing hvf logic from patch 027ac0cb516
("target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT") to KVM.
Alexander Graf [Tue, 4 Oct 2022 22:56:42 +0000 (00:56 +0200)]
i386: kvm: Add support for MSR filtering
KVM has grown support to deflect arbitrary MSRs to user space since
Linux 5.10. For now we don't expect to make a lot of use of this
feature, so let's expose it the easiest way possible: With up to 16
individually maskable MSRs.
This patch adds a kvm_filter_msr() function that other code can call
to install a hook on KVM MSR reads or writes.
Alexander Graf [Tue, 4 Oct 2022 22:56:41 +0000 (00:56 +0200)]
x86: Implement MSR_CORE_THREAD_COUNT MSR
Intel CPUs starting with Haswell-E implement a new MSR called
MSR_CORE_THREAD_COUNT which exposes the number of threads and cores
inside of a package.
This MSR is used by XNU to populate internal data structures and not
implementing it prevents virtual machines with more than 1 vCPU from
booting if the emulated CPU generation is at least Haswell-E.
This patch propagates the existing hvf logic from patch 027ac0cb516
("target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT") to TCG.
target/i386: Remove MemOp argument to gen_op_j*_ecx
These functions are always passed aflag, so we might as well
read it from DisasContext directly. While we're at it, use
a common subroutine for these two functions.
target/i386: Use gen_jmp_rel for loop, repz, jecxz insns
With gen_jmp_rel, we may chain to the next tb instead of merely
writing to eip and exiting. For repz, subtract cur_insn_len to
restart the current insn.
Create a common helper for pc-relative branches. The jmp jb insn
was missing a mask for CODE32. In all cases the CODE64 check was
incorrectly placed, allowing PREFIX_DATA to truncate %rip to 16 bits.
projects / qemu.git / log