Since 7ecd02a06f8, we are prepared to re-start code generation
with a smaller TB if a relocation is out of range. We no longer
need to leave a nop in the stream Just In Case.
The offset even checks were folded into the range check incorrectly.
By offsetting by 1, and not decrementing the width, we silently
allowed out of range branches.
Assert that the offset is always even instead. Move tcg_out_goto
down into the CONFIG_SOFTMMU block so that it is not unused.
We cannot use a real temp file, because we would need to find
a filesystem that does not have noexec enabled. However, a
memfd is not associated with any filesystem.
Report better error messages than just "could not allocate".
Let alloc_code_gen_buffer set ctx->code_gen_buffer_size
and ctx->code_gen_buffer, and simply return bool.
Simplify the arguments to always use s->code_ptr instead of
take it as an argument. That makes it easy to ensure that
the value_ptr is always the rx version.
Change TCGLabel.u.value_ptr to const, and initialize it with
tcg_splitwx_to_rx. Propagate const through tcg/host/ only
as far as needed to avoid errors from the value_ptr change.
For darwin, the CTR_EL0 register is not accessible, but there
are system routines that we can use.
For other hosts, copy the single pointer implementation from
libgcc and modify it to support the double pointer interface
we require. This halves the number of cache operations required
when split-rwx is enabled.
util: Enhance flush_icache_range with separate data pointer
We are shortly going to have a split rw/rx jit buffer. Depending
on the host, we need to flush the dcache at the rw data pointer and
flush the icache at the rx code pointer.
For now, the two passed pointers are identical, so there is no
effective change in behaviour.
Enable this on i386 to restrict the set of input registers
for an 8-bit store, as required by the architecture. This
removes the last use of scratch registers for user-only mode.
Peter Maydell [Wed, 6 Jan 2021 22:18:36 +0000 (22:18 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-060121-4' into staging
Testing updates (back to green)
- include ccache in Debian 10 docker image
- iotests: drop 312 from auto group
- bound reading of s390x framebuffer file
- cirrus: drop non-x86 tests so we complete
# gpg: Signature made Wed 06 Jan 2021 17:31:14 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <[email protected]>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-testing-060121-4:
cirrus: don't run full qtest on macOS
tests/acceptance: bound the size of readline in s390_ccw_virtio
tests/iotests: drop test 312 from auto group
tests/docker: Include 'ccache' in Debian base image
The Cirrus CI macOS build hosts have exhibited a serious performance
degradation in recent months. For example the "qom-test" qtest takes
over an hour for only the qemu-system-aarch64 binary. This is as much
20-40 times slower than other environments. The other qtests all show
similar performance degradation, as do many of the unit tests.
This does not appear related to QEMU code changes, since older git
commits which were known to fully complete in less than 1 hour on
Cirrus CI now also show similar bad performance. Either Cirrus CI
performance has degraded, or an change in its environment has exposed
a latent bug widely affecting all of QEMU. Debugging the qom-test
showed no easily identified large bottleneck - every step of the
test execution was simply slower.
macOS builds/tests run outside Cirrus CI show normal performance.
With an inability to identify any obvious problem, the only viable
way to get a reliably completing Cirrus CI macOS job is to cut out
almost all of the qtests. We choose to run the x86_64 target only,
since that has very few machine types and thus is least badly
impacted in the qom-test execution.
With this change, the macOS jobs complete in approx 35 minutes.
Alex Bennée [Tue, 5 Jan 2021 10:04:02 +0000 (10:04 +0000)]
tests/iotests: drop test 312 from auto group
The "auto" documentation states:
That means they should run with every QEMU binary (also non-x86)
which is not the case as the check-system-fedora build which only
includes a rag tag group of rare and deprecated targets doesn't
support the virtio device required.
Peter Maydell [Wed, 6 Jan 2021 15:55:29 +0000 (15:55 +0000)]
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
From Alex's pull request:
* improve cross-build KVM coverage
* new --without-default-features configure flag
* add __repr__ for ConsoleSocket for debugging
* build tcg tests with -Werror
* test 32 bit builds with fedora
* remove last traces of debian9
* hotfix for centos8 powertools repo
* Move lots of feature detection code to meson (Alex, myself)
* CFI and LTO support (Daniele)
* test-char dangling pointer (Eduardo)
* Build system and win32 fixes (Marc-André)
* Initialization fixes (myself)
* TCG include cleanup (Richard, myself)
* x86 'int N' fix (Peter)
* remotes/bonzini-gitlab/tags/for-upstream: (52 commits)
win32: drop fd registration to the main-loop on setting non-block
configure: move tests/qemu-iotests/common.env generation to meson
meson.build: convert --with-default-devices to meson
libattr: convert to meson
cap_ng: convert to meson
virtfs: convert to meson
seccomp: convert to meson
zstd: convert to meson
lzfse: convert to meson
snappy: convert to meson
lzo: convert to meson
rbd: convert to meson
libnfs: convert to meson
libiscsi: convert to meson
bzip2: convert to meson
glusterfs: convert to meson
curl: convert to meson
curl: remove compatibility code, require 7.29.0
brlapi: convert to meson
configure: remove CONFIG_FILEVERSION and CONFIG_PRODUCTVERSION
...
Signed-off-by: Peter Maydell <[email protected]>
# Conflicts:
# trace/meson.build
Peter Maydell [Wed, 6 Jan 2021 13:31:11 +0000 (13:31 +0000)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-20210106' into staging
qemu-sparc queue
# gpg: Signature made Wed 06 Jan 2021 11:43:02 GMT
# gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Mark Cave-Ayland <[email protected]>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-sparc-20210106:
sun4m: don't connect two qemu_irqs directly to the same input
include/hw/sparc/grlib.h: Remove unused set_pil_in_fn typedef
hw/sparc: Make grlib-irqmp device handle its own inbound IRQ lines
hw/timer/slavio_timer: Allow 64-bit accesses
Mark Cave-Ayland [Sat, 19 Dec 2020 11:19:34 +0000 (11:19 +0000)]
sun4m: don't connect two qemu_irqs directly to the same input
The sun4m board code connects both of the IRQ outputs of each ESCC to the
same slavio input qemu_irq. Connecting two qemu_irqs outputs directly to the
same input is not valid as it produces subtly wrong behaviour (for instance
if both the IRQ lines are high, and then one goes low, the PIC input will see
this as a high-to-low transition even though the second IRQ line should still
be holding it high).
This kind of wiring needs an explicitly created OR gate; add one.
Peter Maydell [Sat, 12 Dec 2020 14:41:33 +0000 (14:41 +0000)]
hw/sparc: Make grlib-irqmp device handle its own inbound IRQ lines
Currently the GRLIB_IRQMP device is used in one place (the leon3 board),
but instead of the device providing inbound gpio lines for the board
to wire up, the board code itself calls qemu_allocate_irqs() with
the handler function being a set_irq function defined in the code
for the device.
Refactor this into the standard setup of a device having input
gpio lines.
This fixes a trivial Coverity memory leak report (the leon3
board code leaks the IRQ array returned from qemu_allocate_irqs()).
The address map indicated the allowed accesses at each address.
[...] W indicates a word access, and D indicates a double-word
access.
The SLAVIO timer controller is implemented expecting 32-bit accesses.
Commit a3d12d073e1 restricted the memory accesses to 32-bit, while
the device allows 64-bit accesses.
This was not an issue until commit 5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").
Fix by renaming .valid MemoryRegionOps as .impl, and add the valid
access range (W -> 4, D -> 8).
Since commit 21786c7e598 ("memory: Log invalid memory accesses")
this class of bug can be quickly debugged displaying 'guest_errors'
accesses, as:
Peter Maydell [Wed, 6 Jan 2021 11:24:11 +0000 (11:24 +0000)]
Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210106' into staging
ppc patch queue 2021-01-06
First pull request for 2021, which has a bunch of things accumulated
over the holidays. Includes:
* A number of cleanups to sam460ex and ppc440 code from BALATON Zoltan
* Several fixes for builds with --without-default-devices from Greg Kurz
* Fixes for some DRC reset problems from Greg Kurz
* QOM conversion of the PPC 4xx UIC devices from Peter Maydell
* Some other assorted fixes and cleanups
* remotes/dg-gitlab/tags/ppc-for-6.0-20210106: (22 commits)
ppc440_pcix: Fix up pci config access
ppc440_pcix: Fix register write trace event
ppc440_pcix: Improve comment for IRQ mapping
sam460ex: Remove FDT_PPC dependency from KConfig
ppc4xx: Move common dependency on serial to common option
pnv: Fix reverse dependency on PCI express root ports
ppc: Simplify reverse dependencies of POWERNV and PSERIES on XICS and XIVE
ppc: Fix build with --without-default-devices
spapr: Add drc_ prefix to the DRC realize and unrealize functions
spapr: Use spapr_drc_reset_all() at machine reset
spapr: Introduce spapr_drc_reset_all()
spapr: Fix reset of transient DR connectors
spapr: Call spapr_drc_reset() for all DRCs at CAS
spapr: Fix buffer overflow in spapr_numa_associativity_init()
spapr: Allow memory unplug to always succeed
spapr: Fix DR properties of the root node
spapr/xive: Make spapr_xive_pic_print_info() static
spapr: DRC lookup cannot fail
hw/ppc/ppc440_bamboo: Drop use of ppcuic_init()
hw/ppc/virtex_ml507: Drop use of ppcuic_init()
...
win32: drop fd registration to the main-loop on setting non-block
Low-level fd users from QEMU use aio_set_fd_handler(), which handles
event registration with the main loop; qemu_fd_register() is only
needed together with the main loop's poll notifiers, of which SLIRP
is the only user.
This removes a dependency from oslib-win32.c to main-loop.c.
This fixes a long standing issue with MorphOS booting on sam460ex
which turns out to be because of suspicious values written to PCI
config address that apparently works on real machine but caused wrong
access on this device model. This replaces a previous work around for
this with a better fix that makes it work.
Dependency on FDT_PPC was added in commit b0048f76095
("hw/ppc/Kconfig: Only select FDT helper for machines using it") but
it does not seem to be really necessary so remove it again.
Greg Kurz [Thu, 24 Dec 2020 17:23:03 +0000 (18:23 +0100)]
pnv: Fix reverse dependency on PCI express root ports
qemu-system-ppc64 built with --without-default-devices crashes:
Type 'pnv-phb4-root-port' is missing its parent 'pcie-root-port-base'
Aborted (core dumped)
Have POWERNV to select PCIE_PORT. This is done through a
new PCI_POWERNV config in hw/pci-host/Kconfig since POWERNV
doesn't have a direct dependency on PCI. For this reason,
PCI_EXPRESS and MSI_NONBROKEN are also moved under
PCI_POWERNV.
Greg Kurz [Thu, 24 Dec 2020 17:22:55 +0000 (18:22 +0100)]
ppc: Simplify reverse dependencies of POWERNV and PSERIES on XICS and XIVE
Have PSERIES to select XICS and XIVE, and directly check PSERIES
in hw/intc/meson.build to enable build of the XICS and XIVE sPAPR
backends, like POWERNV already does. This allows to get rid of the
intermediate XICS_SPAPR and XIVE_SPAPR.
Greg Kurz [Thu, 24 Dec 2020 17:22:47 +0000 (18:22 +0100)]
ppc: Fix build with --without-default-devices
Linking of the qemu-system-ppc64 fails on a POWER9 host when
--without-default-devices is passed to configure:
$ ./configure --without-default-devices \
--target-list=ppc64-softmmu && make
...
libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function `ppce500_init_mpic_kvm':
/home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777: undefined reference to `kvm_openpic_connect_vcpu'
libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function `spapr_irq_check':
/home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189: undefined reference to `xics_kvm_has_broken_disconnect'
libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function `spapr_xive_post_load':
/home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530: undefined reference to `kvmppc_xive_post_load'
... and tons of other symbols belonging to the KVM backend of the
openpic, XICS and XIVE interrupt controllers.
It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
to depend on KVM but this has no effect when minikconf runs in
allnoconfig mode. Such reverse dependencies should rather be
handled with a 'select' statement, eg.
config OPENPIC
select OPENPIC_KVM if KVM
or even better by getting rid of the intermediate _KVM config
and directly checking CONFIG_KVM in the meson.build file:
Greg Kurz [Fri, 18 Dec 2020 10:33:58 +0000 (11:33 +0100)]
spapr: Use spapr_drc_reset_all() at machine reset
Documentation of object_child_foreach_recursive() clearly stipulates
that "it is forbidden to add or remove children from @obj from the @fn
callback". But this is exactly what we do during machine reset. The call
to spapr_drc_reset() can finalize the hot-unplug sequence of a PHB or a
PCI bridge, both of which will then in turn destroy their PCI DRCs. This
could potentially invalidate the iterator used by do_object_child_foreach().
It is pure luck that this haven't caused any issues so far.
Use spapr_drc_reset_all() since it can cope with DRC removal.
Greg Kurz [Fri, 18 Dec 2020 10:33:56 +0000 (11:33 +0100)]
spapr: Fix reset of transient DR connectors
Documentation of object_property_iter_init() clearly stipulates that
"it is forbidden to modify the property list while iterating". But this
is exactly what we do when resetting transient DR connectors during CAS.
The call to spapr_drc_reset() can finalize the hot-unplug sequence of a
PHB or a PCI bridge, both of which will then in turn destroy their PCI
DRCs. This could potentially invalidate the iterator. It is pure luck
that this haven't caused any issues so far.
Change spapr_drc_reset() to return true if it caused a device to be
removed. Restart from scratch in this case. This can potentially
increase the overall DRC reset time, especially with a high maxmem
which generates a lot of LMB DRCs. But this kind of setup is rare,
and so is the use case of rebooting a guest while doing hot-unplug.
Greg Kurz [Fri, 18 Dec 2020 10:33:55 +0000 (11:33 +0100)]
spapr: Call spapr_drc_reset() for all DRCs at CAS
Non-transient DRCs are either in the empty or the ready state,
which means spapr_drc_reset() doesn't change their state. It
is thus not needed to do any checking. Call spapr_drc_reset()
unconditionally and squash spapr_drc_transient() into its
only user, spapr_drc_needed().
The crash happens when setting the FWNMI migration blocker:
2861 if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI) == SPAPR_CAP_ON) {
2862 /* Create the error string for live migration blocker */
2863 error_setg(&spapr->fwnmi_migration_blocker,
2864 "A machine check is being handled during migration. The handler"
2865 "may run and log hardware error on the destination");
2866 }
Inspection reveals that papr->fwnmi_migration_blocker isn't NULL:
(gdb) p spapr->fwnmi_migration_blocker
$1 = (Error *) 0x8000000004000000
Since this is the only place where papr->fwnmi_migration_blocker is
set, this means someone wrote there in our back. Further analysis
points to spapr_numa_associativity_init(), especially the part
that initializes the associative arrays for NVLink GPUs:
Fix the size of the array. This requires "hw/ppc/spapr.h" to see
NVGPU_MAX_NUM. Including "hw/pci-host/spapr.h" introduces a
circular dependency that breaks the build, so this moves the
definition of NVGPU_MAX_NUM to "hw/ppc/spapr.h" instead.
Greg Kurz [Mon, 14 Dec 2020 10:05:50 +0000 (11:05 +0100)]
spapr: Allow memory unplug to always succeed
It is currently impossible to hot-unplug a memory device between
machine reset and CAS.
(qemu) device_del dimm1
Error: Memory hot unplug not supported for this guest
This limitation was introduced in order to provide an explicit
error path for older guests that didn't support hot-plug event
sources (and thus memory hot-unplug).
The linux kernel has been supporting these since 4.11. All recent
enough guests are thus capable of handling the removal of a memory
device at all time, including during early boot.
Lift the limitation for the latest machine type. This means that
trying to unplug memory from a guest that doesn't support it will
likely just do nothing and the memory will only get removed at
next reboot. Such older guests can still get the existing behavior
by using an older machine type.
Greg Kurz [Mon, 14 Dec 2020 11:19:55 +0000 (12:19 +0100)]
spapr: Fix DR properties of the root node
Section 13.5.2 of LoPAPR mandates various DR related indentifiers
for all hot-pluggable entities to be exposed in the "ibm,drc-indexes",
"ibm,drc-power-domains", "ibm,drc-names" and "ibm,drc-types" properties
of their parent node. These properties are created with spapr_dt_drc().
PHBs and LMBs are both children of the machine. Their DR identifiers
are thus supposed to be exposed in the afore mentioned properties of
the root node.
When PHB hot-plug support was added, an extra call to spapr_dt_drc()
was introduced: this overwrites the existing properties, previously
populated with the LMB identifiers, and they end up containing only
PHB identifiers. This went unseen so far because linux doesn't care,
but this is still not conformant with LoPAPR.
Fortunately spapr_dt_drc() is able to handle multiple DR entity types
at the same time. Use that to handle DR indentifiers for PHBs and LMBs
with a single call to spapr_dt_drc(). While here also account for PMEM
DR identifiers, which were forgotten when NVDIMM hot-plug support was
added. Also add an assert to prevent further misuse of spapr_dt_drc().
With -m 1G,maxmem=2G,slots=8 passed on the QEMU command line we get:
Greg Kurz [Tue, 15 Dec 2020 17:36:51 +0000 (18:36 +0100)]
spapr: DRC lookup cannot fail
All memory DRC objects are created during machine init. It is thus safe
to assume spapr_drc_by_id() cannot return NULL when hot-plug/unplugging
memory.
Make this clear with an assertion, like the code already does a few lines
above when looping over memory DRCs. This fixes Coverity reports 1437757
and 1437758.
Peter Maydell [Sat, 12 Dec 2020 00:15:31 +0000 (00:15 +0000)]
ppc: Convert PPC UIC to a QOM device
Currently the PPC UIC ("Universal Interrupt Controller") is implemented
as a non-QOM device in ppc4xx_devs.c. Convert it to a proper QOM device
in hw/intc.
The ppcuic_init() function is retained for the moment with its current
interface; in subsequent commits this will be tidied up to avoid the
allocation of an irq array.
This conversion adds VMState support.
It leaves the LOG_UIC() macro as-is to maximise the extent to which
this is simply code-movement rather than a rewrite (in new code it
would be better to use tracepoints).
The default property values for dcr-base and use-vectors are set to
match those use by most of our boards with a UIC.
Peter Maydell [Sat, 12 Dec 2020 00:15:30 +0000 (00:15 +0000)]
hw/ppc/ppc4xx_devs: Make code style fixes to UIC code
In a following commit we will move the PPC UIC implementation to
its own file in hw/intc. To prevent checkpatch complaining about that
code-motion, fix up the minor style issues first.
Peter Maydell [Tue, 5 Jan 2021 21:06:42 +0000 (21:06 +0000)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-20210104' into staging
MIPS patches queue
- Use PCI macros (Philippe Mathieu-Daudé)
- Clean up VT82C686B south bridge (BALATON Zoltan)
- Introduce clock_ticks_to_ns() (Peter Maydell)
- Add Loongson-3 machine (Huacai Chen)
- Make addresses used by bootloader unsigned (Jiaxun Yang)
- Clean fuloong2e PROM environment (Jiaxun Yang)
- Add integration test of fuloong2e booting Linux (Jiaxun Yang)
# gpg: Signature made Mon 04 Jan 2021 22:37:48 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/mips-20210104: (35 commits)
tests/acceptance: Test boot_linux_console for fuloong2e
hw/mips/fuloong2e: Correct cpuclock in PROM environment
hw/mips/fuloong2e: Remove unused env entry
hw/mips/fuloong2e: Replace faulty documentation links
hw/mips/fuloong2e: Remove define DEBUG_FULOONG2E_INIT
hw/mips: Use address translation helper to handle ENVP_ADDR
hw/mips/malta: Use address translation helper to calculate bootloader_run_addr
hw/mips: Make bootloader addresses unsigned
docs/system: Update MIPS machine documentation
hw/mips: Add Loongson-3 machine support
hw/mips: Add Loongson-3 boot parameter helpers
hw/mips: Implement fw_cfg_arch_key_name()
hw/intc: Rework Loongson LIOINTC
clock: Define and use new clock_display_freq()
clock: Remove clock_get_ns()
target/mips: Don't use clock_get_ns() in clock period calculation
clock: Introduce clock_ticks_to_ns()
vt82c686: Rename superio config related parts
vt82c686: Use shorter name for local variable holding object state
vt82c686: Remove unneeded includes and defines
...
# gpg: Signature made Mon 04 Jan 2021 17:16:24 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20210104:
tcg: Add tcg_gen_bswap_tl alias
tcg/riscv: Fix illegal shift instructions
tcg: Use memset for large vector byte replication
Peter Maydell [Tue, 5 Jan 2021 13:09:10 +0000 (13:09 +0000)]
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging
Pull request
Show trace-events filename/lineno in fmt string errors and send -d trace:help
output to stdout for consistency.
# gpg: Signature made Mon 04 Jan 2021 14:26:58 GMT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>" [full]
# gpg: aka "Stefan Hajnoczi <[email protected]>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha-gitlab/tags/tracing-pull-request:
tracetool: show trace-events filename/lineno in fmt string errors
tracetool: add input filename and line number to Event
tracetool: add out_lineno and out_next_lineno to out()
tracetool: add output filename command-line argument
trace: Send "-d trace:help" output to stdout
projects / qemu.git / log