KCOV_INIT_TRACE ioctl plays the role in kernel coverage tracing.
This ioctl's third argument is of type 'unsigned long', and the
implementation in QEMU is straightforward.
linux-user: Add support for KCOV_<ENABLE|DISABLE> ioctls
KCOV_ENABLE and KCOV_DISABLE play the role in kernel coverage
tracing. These ioctls do not use the third argument of ioctl()
system call and are straightforward to implement in QEMU.
configure: Detect kcov support and introduce CONFIG_KCOV
kcov is kernel code coverage tracing tool. It requires kernel 4.4+
compiled with certain kernel options.
This patch checks if kcov header "sys/kcov.h" is present on build
machine, and stores the result in variable CONFIG_KCOV, meant to
be used in linux-user code related to the support for three ioctls
that were introduced at the same time as the mentioned header
(their definition was a part of the first version of that header).
linux-user: Add support for FD<SETEMSGTRESH|SETMAXERRS|GETMAXERRS> ioctls
FDSETEMSGTRESH, FDSETMAXERRS, and FDGETMAXERRS ioctls are commands
for controlling error reporting of a floppy drive.
FDSETEMSGTRESH's third agrument is a pointer to the structure:
struct floppy_max_errors {
unsigned int
abort, /* number of errors to be reached before aborting */
read_track, /* maximal number of errors permitted to read an
* entire track at once */
reset, /* maximal number of errors before a reset is tried */
recal, /* maximal number of errors before a recalibrate is
* tried */
/*
* Threshold for reporting FDC errors to the console.
* Setting this to zero may flood your screen when using
* ultra cheap floppies ;-)
*/
reporting;
};
defined in Linux kernel header <linux/fd.h>.
Since all fields of the structure are of type 'unsigned int', there is
no need to define "target_floppy_max_errors".
FDSETMAXERRS and FDGETMAXERRS ioctls do not use the third argument.
linux-user: Add support for FS_IOC32_<GET|SET>VERSION ioctls
These FS_IOC32_<GET|SET>VERSION ioctls are identical to
FS_IOC_<GET|SET>VERSION ioctls, but without the anomaly of their
number defined as if their third argument is of type long, while
it is treated internally in kernel as is of type int.
linux-user: Add support for FS_IOC32_<GET|SET>FLAGS ioctls
These FS_IOC32_<GET|SET>FLAGS ioctls are identical to
FS_IOC_<GET|SET>FLAGS ioctls, but without the anomaly of their
number defined as if their third argument is of type long, while
it is treated internally in kernel as is of type int.
linux-user: Add support for FS_IOC_<GET|SET>VERSION ioctls
A very specific thing for these two ioctls is that their code
implies that their third argument is of type 'long', but the
kernel uses that argument as if it is of type 'int'. This anomaly
is recognized also in commit 6080723 (linux-user: Implement
FS_IOC_GETFLAGS and FS_IOC_SETFLAGS ioctls).
With bad luck, we can wind up with no space at all for brk,
which will generally cause the guest malloc to fail.
This bad luck is easier to come by with ET_DYN (PIE) binaries,
where either the stack or the interpreter (ld.so) gets placed
immediately after the main executable.
But there's nothing preventing this same thing from happening
with ET_EXEC (normal) binaries, during probe_guest_base().
In both cases, reserve some extra space via mmap and release
it back to the system after loading the interpreter and
allocating the stack.
The choice of 16MB is somewhat arbitrary. It's enough for libc
to get going, but without being so large that 32-bit guests or
32-bit hosts are in danger of running out of virtual address space.
It is expected that libc will be able to fall back to mmap arenas
after the limited brk space is exhausted.
Xinyu Li [Fri, 13 Dec 2019 02:29:19 +0000 (10:29 +0800)]
linux-user:Fix align mistake when mmap guest space
In init_guest_space, we need to mmap guest space. If the return address
of first mmap is not aligned with align, which was set to MAX(SHMLBA,
qemu_host_page_size), we need unmap and a new mmap(space is larger than
first size). The new size is named real_size, which is aligned_size +
qemu_host_page_size. alugned_size is the guest space size. And add a
qemu_host_page_size to avoid memory error when we align real_start
manually (ROUND_UP(real_start, align)). But when SHMLBA >
qemu_host_page_size, the added size will smaller than the size to align,
which can make a mistake(in a mips machine, it appears). So change
real_size from aligned_size +qemu_host_page_size
to aligned_size + align will solve it.
Peter Maydell [Tue, 21 Jan 2020 15:29:25 +0000 (15:29 +0000)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/edk2-next-20200121' into staging
EDK2 firmware patches
Another set of build-sys patches, to help building the firmware
binaries we use for testing. We almost have reproducible builds.
# gpg: Signature made Tue 21 Jan 2020 15:14:09 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/edk2-next-20200121:
gitlab-ci.yml: Add jobs to build EDK2 firmware binaries
roms/edk2-funcs: Force softfloat ARM toolchain prefix on Debian
gitlab-ci.yml: Add jobs to build EDK2 firmware binaries
Add two GitLab job to build the EDK2 firmware binaries.
The first job build a Docker image with the packages requisite
to build EDK2, and store this image in the GitLab registry.
The second job pull the image from the registry and build the
EDK2 firmware binaries.
The docker image is only rebuilt if the GitLab YAML or the
Dockerfile is updated.
The second job is only built when the roms/edk2/ submodule is
updated, when a git-ref starts with 'edk2' or when the last
commit contains 'EDK2'. The files generated are archived in
the artifacts.zip file.
With edk2-stable201905, it took 2 minutes 52 seconds to build
the docker image, and 36 minutes 28 seconds to generate the
artifacts.zip with the firmware binaries (filesize: 10MiB).
roms/edk2-funcs: Force softfloat ARM toolchain prefix on Debian
The Debian (based) distributions currently provides 2 ARM
toolchains, documented as [1]:
* The ARM EABI (armel) port targets a range of older 32-bit ARM
devices, particularly those used in NAS hardware and a variety
of *plug computers.
* The newer ARM hard-float (armhf) port supports newer, more
powerful 32-bit devices using version 7 of the ARM architecture
specification.
For various reasons documented in [2], the EDK2 project suggests
to use the softfloat toolchain (named 'armel' by Debian).
Force the softfloat cross toolchain prefix on Debian distributions.
Stefan Hajnoczi [Mon, 20 Jan 2020 16:34:00 +0000 (16:34 +0000)]
Makefile: add missing mkdir MANUAL_BUILDDIR
The MANUAL_BUILDDIR directory is automatically created by sphinx-build
for the other targets. The index.html target does not use sphinx-build
so we must manually create the directory to avoid the following error:
GEN docs/built/index.html
/bin/sh: docs/built/index.html: No such file or directory
Peter Maydell [Mon, 20 Jan 2020 18:49:04 +0000 (18:49 +0000)]
Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-01-20' into staging
Assorted fixes and cleanups.
v2: - fix 32-bit build
# gpg: Signature made Mon 20 Jan 2020 14:14:11 GMT
# gpg: using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <[email protected]>" [full]
# gpg: aka "Gregory Kurz <[email protected]>" [full]
# gpg: aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/9p-next-2020-01-20:
9pfs/9p.c: remove unneeded labels
virtfs-proxy-helper.c: remove 'err_out' label in setugid()
9p: init_in_iov_from_pdu can truncate the size
9p: local: always return -1 on error in local_unlinkat_common
9pfs: local: Fix possible memory leak in local_link()
Greg Kurz [Mon, 20 Jan 2020 14:11:39 +0000 (15:11 +0100)]
9p: init_in_iov_from_pdu can truncate the size
init_in_iov_from_pdu might not be able to allocate the full buffer size
requested, which comes from the client and could be larger than the
transport has available at the time of the request. Specifically, this
can happen with read operations, with the client requesting a read up to
the max allowed, which might be more than the transport has available at
the time.
Today the implementation of init_in_iov_from_pdu throws an error, both
Xen and Virtio.
Instead, change the V9fsTransport interface so that the size becomes a
pointer and can be limited by the implementation of
init_in_iov_from_pdu.
Change both the Xen and Virtio implementations to set the size to the
size of the buffer they managed to allocate, instead of throwing an
error. However, if the allocated buffer size is less than P9_IOHDRSZ
(the size of the header) still throw an error as the case is unhandable.
9p: local: always return -1 on error in local_unlinkat_common
local_unlinkat_common() is supposed to always return -1 on error.
This is being done by jumps to the 'err_out' label, which is
a 'return ret' call, and 'ret' is initialized with -1.
Unfortunately there is a condition in which the function will
return 0 on error: in a case where flags == AT_REMOVEDIR, 'ret'
will be 0 when reaching
map_dirfd = openat_dir(...)
And, if map_dirfd == -1 and errno != ENOENT, the existing 'err_out'
jump will execute 'return ret', when ret is still set to zero
at that point.
This patch fixes it by changing all 'err_out' labels by
'return -1' calls, ensuring that the function will always
return -1 on error conditions. 'ret' can be left unintialized
since it's now being used just to store the result of 'unlinkat'
calls.
Recent commit 3e7fb5811b "qapi: Fix code generation for empty modules"
modules" switched QAPISchema.visit() from
for entity in self._entity_list:
effectively to
for mod in self._module_dict.values():
for entity in mod._entity_list:
Visits in the same order as long as .values() is in insertion order.
That's the case only for Python 3.6 and later. Before, it's in some
arbitrary order, which results in broken generated code.
Fix by making self._module_dict an OrderedDict rather than a dict.
Peter Maydell [Mon, 20 Jan 2020 10:41:27 +0000 (10:41 +0000)]
Merge remote-tracking branch 'remotes/juanquintela/tags/migration-pull-pull-request' into staging
Migration pull request
# gpg: Signature made Mon 20 Jan 2020 10:29:53 GMT
# gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723
# gpg: Good signature from "Juan Quintela <[email protected]>" [full]
# gpg: aka "Juan Quintela <[email protected]>" [full]
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723
* remotes/juanquintela/tags/migration-pull-pull-request: (29 commits)
multifd: Be consistent about using uint64_t
migration: Support QLIST migration
apic: Use 32bit APIC ID for migration instance ID
migration: Change SaveStateEntry.instance_id into uint32_t
migration: Define VMSTATE_INSTANCE_ID_ANY
Bug #1829242 correction.
migration/multifd: fix destroyed mutex access in terminating multifd threads
migration/multifd: fix nullptr access in terminating multifd threads
migration/multifd: not use multifd during postcopy
migration/multifd: clean pages after filling packet
migration/postcopy: enable compress during postcopy
migration/postcopy: enable random order target page arrival
migration/postcopy: set all_zero to true on the first target page
migration/postcopy: count target page number to decide the place_needed
migration/postcopy: wait for decompress thread in precopy
migration/postcopy: reduce memset when it is zero page and matches_target_page_size
migration/ram: Yield periodically to the main loop
migration: savevm_state_handler_insert: constant-time element insertion
migration: add savevm_state_handler_remove()
misc: use QEMU_IS_ALIGNED
...
Eric Auger [Mon, 13 Jan 2020 13:48:23 +0000 (14:48 +0100)]
migration: Support QLIST migration
Support QLIST migration using the same principle as QTAILQ: 94869d5c52 ("migration: migrate QTAILQ").
The VMSTATE_QLIST_V macro has the same proto as VMSTATE_QTAILQ_V.
The change mainly resides in QLIST RAW macros: QLIST_RAW_INSERT_HEAD
and QLIST_RAW_REVERSE.
After migration, the guest kernel could hang at anything, due to
x2apic bit not migrated correctly in IA32_APIC_BASE on some vcpus, so
any operations related to x2apic could be broken then (e.g., RDMSR on
x2apic MSRs could fail because KVM would think that the vcpu hasn't
enabled x2apic at all).
The issue is that the x2apic bit was never applied correctly for vcpus
whose ID > 255 when migrate completes, and that's because when we
migrate APIC we use the APICCommonState.id as instance ID of the
migration stream, while that's too short for x2apic.
Let's use the newly introduced initial_apic_id for that.
Peter Xu [Wed, 16 Oct 2019 02:29:31 +0000 (10:29 +0800)]
migration: Change SaveStateEntry.instance_id into uint32_t
It was always used as 32bit, so define it as used to be clear.
Instead of using -1 as the auto-gen magic value, we switch to
UINT32_MAX. We also make sure that we don't auto-gen this value to
avoid overflowed instance IDs without being noticed.
Peter Xu [Wed, 16 Oct 2019 02:29:30 +0000 (10:29 +0800)]
migration: Define VMSTATE_INSTANCE_ID_ANY
Define the new macro VMSTATE_INSTANCE_ID_ANY for callers who wants to
auto-generate the vmstate instance ID. Previously it was hard coded
as -1 instead of this macro. It helps to change this default value in
the follow up patches. No functional change.
Added type conversions to ram_addr_t before all left shifts of page
indexes to TARGET_PAGE_BITS, to correct overflows when the page
address was 4Gb and more.
Jiahui Cen [Wed, 23 Oct 2019 03:47:37 +0000 (11:47 +0800)]
migration/multifd: fix destroyed mutex access in terminating multifd threads
One multifd will lock all the other multifds' IOChannel mutex to inform them
to quit by setting p->quit or shutting down p->c. In this senario, if some
multifds had already been terminated and multifd_load_cleanup/multifd_save_cleanup
had destroyed their mutex, it could cause destroyed mutex access when trying
lock their mutex.
Here is the coredump stack:
#0 0x00007f81a2794437 in raise () from /usr/lib64/libc.so.6
#1 0x00007f81a2795b28 in abort () from /usr/lib64/libc.so.6
#2 0x00007f81a278d1b6 in __assert_fail_base () from /usr/lib64/libc.so.6
#3 0x00007f81a278d262 in __assert_fail () from /usr/lib64/libc.so.6
#4 0x000055eb1bfadbd3 in qemu_mutex_lock_impl (mutex=0x55eb1e2d1988, file=<optimized out>, line=<optimized out>) at util/qemu-thread-posix.c:64
#5 0x000055eb1bb4564a in multifd_send_terminate_threads (err=<optimized out>) at migration/ram.c:1015
#6 0x000055eb1bb4bb7f in multifd_send_thread (opaque=0x55eb1e2d19f8) at migration/ram.c:1171
#7 0x000055eb1bfad628 in qemu_thread_start (args=0x55eb1e170450) at util/qemu-thread-posix.c:502
#8 0x00007f81a2b36df5 in start_thread () from /usr/lib64/libpthread.so.0
#9 0x00007f81a286048d in clone () from /usr/lib64/libc.so.6
To fix it up, let's destroy the mutex after all the other multifd threads had
been terminated.
Jiahui Cen [Wed, 23 Oct 2019 04:30:02 +0000 (12:30 +0800)]
migration/multifd: fix nullptr access in terminating multifd threads
One multifd channel will shutdown all the other multifd's IOChannel when it
fails to receive an IOChannel. In this senario, if some multifds had not
received its IOChannel yet, it would try to shutdown its IOChannel which could
cause nullptr access at qio_channel_shutdown.
Here is the coredump stack:
#0 object_get_class (obj=obj@entry=0x0) at qom/object.c:908
#1 0x00005563fdbb8f4a in qio_channel_shutdown (ioc=0x0, how=QIO_CHANNEL_SHUTDOWN_BOTH, errp=0x0) at io/channel.c:355
#2 0x00005563fd7b4c5f in multifd_recv_terminate_threads (err=<optimized out>) at migration/ram.c:1280
#3 0x00005563fd7bc019 in multifd_recv_new_channel (ioc=ioc@entry=0x556400255610, errp=errp@entry=0x7ffec07dce00) at migration/ram.c:1478
#4 0x00005563fda82177 in migration_ioc_process_incoming (ioc=ioc@entry=0x556400255610, errp=errp@entry=0x7ffec07dce30) at migration/migration.c:605
#5 0x00005563fda8567d in migration_channel_process_incoming (ioc=0x556400255610) at migration/channel.c:44
#6 0x00005563fda83ee0 in socket_accept_incoming_migration (listener=0x5563fff6b920, cioc=0x556400255610, opaque=<optimized out>) at migration/socket.c:166
#7 0x00005563fdbc25cd in qio_net_listener_channel_func (ioc=<optimized out>, condition=<optimized out>, opaque=<optimized out>) at io/net-listener.c:54
#8 0x00007f895b6fe9a9 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#9 0x00005563fdc18136 in glib_pollfds_poll () at util/main-loop.c:218
#10 0x00005563fdc181b5 in os_host_main_loop_wait (timeout=1000000000) at util/main-loop.c:241
#11 0x00005563fdc183a2 in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:517
#12 0x00005563fd8edb37 in main_loop () at vl.c:1791
#13 0x00005563fd74fd45 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4473
To fix it up, let's check p->c before calling qio_channel_shutdown.
Wei Yang [Fri, 25 Oct 2019 23:19:59 +0000 (07:19 +0800)]
migration/multifd: clean pages after filling packet
This is a preparation for the next patch:
not use multifd during postcopy.
Without enabling postcopy, everything looks good. While after enabling
postcopy, migration may fail even not use multifd during postcopy. The
reason is the pages is not properly cleared and *old* target page will
continue to be transferred.
Wei Yang [Thu, 7 Nov 2019 12:39:07 +0000 (20:39 +0800)]
migration/postcopy: enable compress during postcopy
postcopy requires to place a whole host page, while migration thread
migrate memory in target page size. This makes postcopy need to collect
all target pages in one host page before placing via userfaultfd.
To enable compress during postcopy, there are two problems to solve:
1. Random order for target page arrival
2. Target pages in one host page arrives without interrupt by target
page from other host page
The first one is handled by previous cleanup patch.
This patch handles the second one by:
1. Flush compress thread for each host page
2. Wait for decompress thread for before placing host page
Wei Yang [Thu, 7 Nov 2019 12:39:06 +0000 (20:39 +0800)]
migration/postcopy: enable random order target page arrival
After using number of target page received to track one host page, we
could have the capability to handle random order target page arrival in
one host page.
This is a preparation for enabling compress during postcopy.
Wei Yang [Thu, 7 Nov 2019 12:39:04 +0000 (20:39 +0800)]
migration/postcopy: count target page number to decide the place_needed
In postcopy, it requires to place whole host page instead of target
page.
Currently, it relies on the page offset to decide whether this is the
last target page. We also can count the target page number during the
iteration. When the number of target page equals
(host page size / target page size), this means it is the last target
page in the host page.
This is a preparation for non-ordered target page transmission.
Yury Kotov [Mon, 25 Nov 2019 13:36:32 +0000 (16:36 +0300)]
migration/ram: Yield periodically to the main loop
Usually, incoming migration coroutine yields to the main loop
while its IO-channel is waiting for data to receive. But there is a case
when RAM migration and data receive have the same speed: VM with huge
zeroed RAM. In this case, IO-channel won't read and thus the main loop
is stuck and for instance, it doesn't respond to QMP commands.
For this case, yield periodically, but not too often, so as not to
affect the speed of migration.
Scott Cheloha [Thu, 17 Oct 2019 20:59:53 +0000 (15:59 -0500)]
migration: savevm_state_handler_insert: constant-time element insertion
savevm_state's SaveStateEntry TAILQ is a priority queue. Priority
sorting is maintained by searching from head to tail for a suitable
insertion spot. Insertion is thus an O(n) operation.
If we instead keep track of the head of each priority's subqueue
within that larger queue we can reduce this operation to O(1) time.
savevm_state_handler_remove() becomes slightly more complex to
accomodate these gains: we need to replace the head of a priority's
subqueue when removing it.
With O(1) insertion, booting VMs with many SaveStateEntry objects is
more plausible. For example, a ppc64 VM with maxmem=8T has 40000 such
objects to insert.
Yury Kotov [Wed, 13 Nov 2019 17:53:25 +0000 (20:53 +0300)]
migration: Fix the re-run check of the migrate-incoming command
The current check sets an error but doesn't fail the command.
This may cause a problem if new connection attempt by the same URI
affects the first connection.
Fangrui Song [Fri, 22 Nov 2019 08:00:38 +0000 (09:00 +0100)]
migration: Fix incorrect integer->float conversion caught by clang
Clang does not like qmp_migrate_set_downtime()'s code to clamp double
@value to 0..INT64_MAX:
qemu/migration/migration.c:2038:24: error: implicit conversion from 'long' to 'double' changes value from 9223372036854775807 to 9223372036854775808 [-Werror,-Wimplicit-int-float-conversion]
The warning will be enabled by default in clang 10. It is not
available for clang <= 9.
The clamp is actually useless; @value is checked to be within
0..MAX_MIGRATE_DOWNTIME_SECONDS immediately before. Delete it.
While there, make the conversion from double to int64_t explicit.
When using hugepages, rate limiting is necessary within each huge
page, since a 1G huge page can take a significant time to send, so
you end up with bursty behaviour.
ram_save_queue_pages() has an 'err' label that can be replaced by
'return -1' instead.
Same thing with ram_discard_range(), and in this case we can also
get rid of the 'ret' variable and return either '-1' on error
or the result of ram_block_discard_range().
Commit 1bd71dce4bf2 tries to prevent a finishmigrate -> prelaunch
transition by exiting at the beginning of the main_loop_should_exit()
function if the state is already finishmigrate.
As the finishmigrate state is set in the migration thread it can
happen concurrently to the function. The migration thread and the
function are normally protected by the iothread mutex and thus the
state should no evolve between the start of the function and its end.
Unfortunately during the function life the lock is released by
pause_all_vcpus() just before the point we need to be sure we are
not in finishmigrate state and if the migration thread is waiting
for the lock it will take the opportunity to change the state
to finishmigrate.
The only way to be sure we are not in the finishmigrate state when
we need is to check the state after the pause_all_vcpus() function.
Fixes: 1bd71dce4bf2 ("runstate: ignore exit request in finish migrate state") Signed-off-by: Laurent Vivier <[email protected]> Signed-off-by: Juan Quintela <[email protected]>
Peter Maydell [Fri, 17 Jan 2020 17:27:20 +0000 (17:27 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200117-1' into staging
Add model of the Netduino Plus 2 board
Some allwinner-a10 code cleanup
New test cases for cubieboard
target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandle
i.MX: add an emulation for RNGC device
target/arm: adjust program counter for wfi exception in AArch32
arm/gicv3: update virtual irq state after IAR register read
Set IL bit correctly for syndrome information for data aborts
* remotes/pmaydell/tags/pull-target-arm-20200117-1:
target/arm: Set ISSIs16Bit in make_issinfo
target/arm: Return correct IL bit in merge_syn_data_abort
arm/gicv3: update virtual irq state after IAR register read
target/arm: adjust program counter for wfi exception in AArch32
i.MX: add an emulation for RNGC
target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandle
hw/arm/allwinner-a10: Remove local qemu_irq variables
hw/arm/allwinner-a10: Simplify by passing IRQs with qdev_pass_gpios()
hw/arm/allwinner-a10: Move SoC definitions out of header
tests/boot_linux_console: Add a SD card test for the CubieBoard
tests/boot_linux_console: Add initrd test for the CubieBoard
hw/arm: Add the Netduino Plus 2
hw/arm: Add the STM32F4xx SoC
hw/misc: Add the STM32F4xx EXTI device
hw/misc: Add the STM32F4xx Sysconfig device
* remotes/huth-gitlab/tags/pull-request-2020-01-17:
gitlab-ci.yml: Run tcg test with tci
tests/qtest/vhost-user-test: Fix memory leaks
migration-test: ppc64: fix FORTH test program
tests: acpi: update path in rebuild-expected-aml
Jeff Kubascik [Fri, 17 Jan 2020 14:09:31 +0000 (14:09 +0000)]
target/arm: Return correct IL bit in merge_syn_data_abort
The IL bit is set for 32-bit instructions, thus passing false
with the is_16bit parameter to syn_data_abort_with_iss() makes
a syn mask that always has the IL bit set.
Pass is_16bit as true to make the initial syn mask have IL=0,
so that the final IL value comes from or'ing template_syn.
Jeff Kubascik [Fri, 17 Jan 2020 14:09:31 +0000 (14:09 +0000)]
arm/gicv3: update virtual irq state after IAR register read
The IAR0/IAR1 register is used to acknowledge an interrupt - a read of the
register activates the highest priority pending interrupt and provides its
interrupt ID. Activating an interrupt can change the CPU's virtual interrupt
state - this change makes sure the virtual irq state is updated.
Jeff Kubascik [Fri, 17 Jan 2020 14:09:31 +0000 (14:09 +0000)]
target/arm: adjust program counter for wfi exception in AArch32
The wfi instruction can be configured to be trapped by a higher exception
level, such as the EL2 hypervisor. When the instruction is trapped, the
program counter should contain the address of the wfi instruction that
caused the exception. The program counter is adjusted for this in the wfi op
helper function.
However, this correction is done to env->pc, which only applies to AArch64
mode. For AArch32, the program counter is stored in env->regs[15]. This
adds an if-else statement to modify the correct program counter location
based on the the current CPU mode.
Martin Kaiser [Fri, 17 Jan 2020 14:09:31 +0000 (14:09 +0000)]
i.MX: add an emulation for RNGC
Add an emulation for the RNGC random number generator and the compatible
RNGB variant. These peripherals are included (at least) in imx25 and
imx35 chipsets.
The emulation supports the initial self test, reseeding the prng and
reading random numbers.
Masahiro Yamada [Fri, 17 Jan 2020 14:09:30 +0000 (14:09 +0000)]
target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandle
According to the specification "Semihosting for AArch32 and Aarch64",
the SYS_OPEN operation should return:
- A nonzero handle if the call is successful
- -1 if the call is not successful
So, it should never return 0.
Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting
code hand out its own file descriptors"), the guest fd matched to the
host fd. It returned a nonzero handle on success since the fd 0 is
already used for stdin.
Now that the guest fd is the index of guestfd_array, it starts from 0.
I noticed this issue particularly because Trusted Firmware-A built with
PLAT=qemu is no longer working. Its io_semihosting driver only handles
a positive return value as a valid filehandle.
Basically, there are two ways to fix this:
- Use (guestfd - 1) as the index of guestfs_arrary. We need to insert
increment/decrement to convert the guestfd and the array index back
and forth.
- Keep using guestfd as the index of guestfs_array. The first entry
of guestfs_array is left unused.
I thought the latter is simpler. We end up with wasting a small piece
of memory for the unused first entry of guestfd_array, but this is
probably not a big deal.
hw/arm/allwinner-a10: Simplify by passing IRQs with qdev_pass_gpios()
By calling qdev_pass_gpios() we don't need to hold a copy of the
IRQs from the INTC into the SoC state.
Instead of filling an array of qemu_irq and passing it around, we
can now directly call qdev_get_gpio_in() on the SoC.
Peter Maydell [Fri, 17 Jan 2020 12:13:17 +0000 (12:13 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20200115' into staging
Add cpu_{ld,st}*_mmuidx_ra
Remove MMU_MODE*_SUFFIX
Move tcg headers under include/
# gpg: Signature made Thu 16 Jan 2020 01:36:41 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-tcg-20200115: (34 commits)
MAINTAINERS: Replace Claudio Fontana for tcg/aarch64
configure: Remove tcg/ from the preprocessor include search list
tcg: Move TCG headers to include/tcg/
tcg: Search includes in the parent source directory
tcg: Search includes from the project root source directory
cputlb: Expand cpu_ldst_template.h in cputlb.c
cputlb: Remove support for MMU_MODE*_SUFFIX
target/ppc: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
target/s390x: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
target/mips: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
target/m68k: Use cpu_*_mmuidx_ra instead of MMU_MODE{0,1}_SUFFIX
target/xtensa: Remove MMU_MODE{0,1,2,3}_SUFFIX
target/unicore32: Remove MMU_MODE{0,1}_SUFFIX
target/sh4: Remove MMU_MODE{0,1}_SUFFIX
target/microblaze: Remove MMU_MODE{0,1,2}_SUFFIX
target/i386: Remove MMU_MODE{0,1,2}_SUFFIX
target/cris: Remove MMU_MODE{0,1}_SUFFIX
target/alpha: Remove MMU_MODE{0,1}_SUFFIX
target/nios2: Remove MMU_MODE{0,1}_SUFFIX
cputlb: Expand cpu_ldst_useronly_template.h in user-exec.c
...
Stafford Horne [Fri, 10 Jan 2020 21:28:43 +0000 (06:28 +0900)]
target/openrisc: Fix FPCSR mask to allow setting DZF
The mask used when setting FPCSR allows setting bits 10 to 1. However,
OpenRISC has flags and config bits in 11 to 1, 11 being Divide by Zero
Flag (DZF). This seems like an off-by-one bug.
This was found when testing the GLIBC test suite which has test cases to
set and clear all bits.
Thomas Huth [Thu, 26 Sep 2019 15:51:57 +0000 (17:51 +0200)]
gitlab-ci.yml: Run tcg test with tci
Since commit 2f160e0f9797c7522bfd0d09218d0c9340a5137c ("tci: Add
implementation for INDEX_op_ld16u_i64") has been included now, we
can also run the TCG tests with tci, so let's enable them in our
Gitlab CI now.
Laurent Vivier [Tue, 7 Jan 2020 16:34:37 +0000 (17:34 +0100)]
migration-test: ppc64: fix FORTH test program
Commit e51e711b1bef has moved the initialization of start_address and
end_address after the definition of the command line argument,
where the nvramrc is initialized, and thus the loop is between 0 and 0
rather than 1 MiB and 100 MiB.
It doesn't affect the result of the test if all the tests are run in
sequence because the two first tests don't run the loop, so the
values are correctly initialized when we actually need them.
But it hangs when we ask to run only one test, for instance:
Shameer Kolothum [Tue, 14 Jan 2020 16:51:38 +0000 (16:51 +0000)]
tests: acpi: update path in rebuild-expected-aml
Since commit 1e8a1fae7464("test: Move qtests to a separate
directory") qtests are now placed in a separate folder and
this breaks the script used to rebuild the expected ACPI
tables for bios-tables-test. Update the script with correct
path.
ui/gtk: Get display refresh rate with GDK version 3.22 or later
Commit c4c00922cc introduced the use of the GdkMonitor API, which
was introduced in GTK+ 3.22:
https://developer.gnome.org/gdk3/stable/api-index-3-22.html#api-index-3.22
Unfortunately this break building with older versions, as on Ubuntu
Xenial which provides GTK+ 3.18:
$ ./configure && make
GTK support yes (3.18.9)
GTK GL support no
[...]
CC ui/gtk.o
qemu/ui/gtk.c: In function ‘gd_vc_gfx_init’:
qemu/ui/gtk.c:1973:5: error: unknown type name ‘GdkMonitor’
GdkMonitor *monitor = gdk_display_get_monitor_at_window(dpy, win);
^
qemu/ui/gtk.c:1973:27: error: implicit declaration of function ‘gdk_display_get_monitor_at_window’ [-Werror=implicit-function-declaration]
GdkMonitor *monitor = gdk_display_get_monitor_at_window(dpy, win);
^
qemu/ui/gtk.c:1973:5: error: nested extern declaration of ‘gdk_display_get_monitor_at_window’ [-Werror=nested-externs]
GdkMonitor *monitor = gdk_display_get_monitor_at_window(dpy, win);
^
qemu/ui/gtk.c:1973:27: error: initialization makes pointer from integer without a cast [-Werror=int-conversion]
GdkMonitor *monitor = gdk_display_get_monitor_at_window(dpy, win);
^
qemu/ui/gtk.c:2035:28: error: implicit declaration of function ‘gdk_monitor_get_refresh_rate’ [-Werror=implicit-function-declaration]
refresh_rate_millihz = gdk_monitor_get_refresh_rate(monitor);
^
qemu/ui/gtk.c:2035:5: error: nested extern declaration of ‘gdk_monitor_get_refresh_rate’ [-Werror=nested-externs]
refresh_rate_millihz = gdk_monitor_get_refresh_rate(monitor);
^
cc1: all warnings being treated as errors
qemu/rules.mak:69: recipe for target 'ui/gtk.o' failed
make: *** [ui/gtk.o] Error 1
GTK+ provides convenient definition in <gdk/gdkversionmacros.h>
(already include by <gdk/gdk.h>) to check which API are available.
We only use the GdkMonitor API to get the monitor refresh rate.
Extract this code as a new gd_refresh_rate_millihz() function,
and check GDK_VERSION_3_22 is defined before calling its API.
If it is not defined, return 0. This is safe and fixes our build
failure (see https://travis-ci.org/qemu/qemu/builds/636992508).
tcg: Search includes in the parent source directory
All the *.inc.c files included by tcg/$TARGET/tcg-target.inc.c
are in tcg/, their parent directory. To simplify the preprocessor
search path, include the relative parent path: '..'.
Patch created mechanically by running:
$ for x in tcg-pool.inc.c tcg-ldst.inc.c; do \
sed -i "s,#include \"$x\",#include \"../$x\"," \
$(git grep -l "#include \"$x\""); \
done
Reduce the amount of preprocessor obfuscation by expanding
the text of each of the functions generated. The result is
only slightly smaller than the original.
target/ppc: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
There are only two uses. Within dcbz_common, the local variable
mmu_idx already contains the epid computation, and we can avoid
repeating it for the store. Within helper_icbiep, the usage is
trivially expanded using PPC_TLB_EPID_LOAD.
target/s390x: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
The generated functions aside from *_real are unused.
The *_real functions have a couple of users in mem_helper.c;
use *_mmuidx_ra instead, with MMU_REAL_IDX.
target/mips: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX
The separate suffixed functions were used to construct
some do_##insn function switched on mmu_idx. The interface
is exactly identical to the *_mmuidx_ra functions. Replace
them directly and remove the constructions.
cputlb: Expand cpu_ldst_useronly_template.h in user-exec.c
With the tracing hooks, the inline functions are no longer
so simple. Reduce the amount of preprocessor obfuscation
by expanding the text of each of the functions generated.
projects / qemu.git / log