aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2023-11-06Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) baseMaciej S. Szmigiero
This driver is like virtio-balloon on steroids: it allows both changing the guest memory allocation via ballooning and (in the next patch) inserting pieces of extra RAM into it on demand from a provided memory backend. The actual resizing is done via ballooning interface (for example, via the "balloon" HMP command). This includes resizing the guest past its boot size - that is, hot-adding additional memory in granularity limited only by the guest alignment requirements, as provided by the next patch. In contrast with ACPI DIMM hotplug where one can only request to unplug a whole DIMM stick this driver allows removing memory from guest in single page (4k) units via ballooning. After a VM reboot the guest is back to its original (boot) size. In the future, the guest boot memory size might be changed on reboot instead, taking into account the effective size that VM had before that reboot (much like Hyper-V does). For performance reasons, the guest-released memory is tracked in a few range trees, as a series of (start, count) ranges. Each time a new page range is inserted into such tree its neighbors are checked as candidates for possible merging with it. Besides performance reasons, the Dynamic Memory protocol itself uses page ranges as the data structure in its messages, so relevant pages need to be merged into such ranges anyway. One has to be careful when tracking the guest-released pages, since the guest can maliciously report returning pages outside its current address space, which later clash with the address range of newly added memory. Similarly, the guest can report freeing the same page twice. The above design results in much better ballooning performance than when using virtio-balloon with the same guest: 230 GB / minute with this driver versus 70 GB / minute with virtio-balloon. During a ballooning operation most of time is spent waiting for the guest to come up with newly freed page ranges, processing the received ranges on the host side (in QEMU and KVM) is nearly instantaneous. The unballoon operation is also pretty much instantaneous: thanks to the merging of the ballooned out page ranges 200 GB of memory can be returned to the guest in about 1 second. With virtio-balloon this operation takes about 2.5 minutes. These tests were done against a Windows Server 2019 guest running on a Xeon E5-2699, after dirtying the whole memory inside guest before each balloon operation. Using a range tree instead of a bitmap to track the removed memory also means that the solution scales well with the guest size: even a 1 TB range takes just a few bytes of such metadata. Since the required GTree operations aren't present in every Glib version a check for them was added to the meson build script, together with new "--enable-hv-balloon" and "--disable-hv-balloon" configure arguments. If these GTree operations are missing in the system's Glib version this driver will be skipped during QEMU build. An optional "status-report=on" device parameter requests memory status events from the guest (typically sent every second), which allow the host to learn both the guest memory available and the guest memory in use counts. Following commits will add support for their external emission as "HV_BALLOON_STATUS_REPORT" QMP events. The driver is named hv-balloon since the Linux kernel client driver for the Dynamic Memory Protocol is named as such and to follow the naming pattern established by the virtio-balloon driver. The whole protocol runs over Hyper-V VMBus. The driver was tested against Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 guests and obeys the guest alignment requirements reported to the host via DM_CAPABILITIES_REPORT message. Acked-by: David Hildenbrand <david@redhat.com> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
2023-11-06memory-device: Drop size alignment checkDavid Hildenbrand
There is no strong requirement that the size has to be multiples of the requested alignment, let's drop it. This is a preparation for hv-baloon. Signed-off-by: David Hildenbrand <david@redhat.com> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
2023-11-06Revert "hw/virtio/virtio-pmem: Replace impossible check by assertion"Maciej S. Szmigiero
This reverts commit 5960f254dbb46f0c7a9f5f44bf4d27c19c34cb97 since the previous commit made this situation possible again. Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
2023-11-06vfio/common: Move vfio_host_win_add/del into spapr.cZhenzhong Duan
Only spapr supports a customed host window list, other vfio driver assume 64bit host window. So remove the check in listener callback and move vfio_host_win_add/del into spapr.c and make it static. With the check removed, we still need to do the same check for VFIO_SPAPR_TCE_IOMMU which allows a single host window range [dma32_window_start, dma32_window_size). Move vfio_find_hostwin into spapr.c and do same check in vfio_container_add_section_window instead. When mapping a ram device section, if it's unaligned with hostwin->iova_pgsizes, this mapping is bypassed. With hostwin moved into spapr, we changed to check container->pgsizes. Suggested-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-06vfio/spapr: Make vfio_spapr_create/remove_window staticZhenzhong Duan
vfio_spapr_create_window calls vfio_spapr_remove_window, With reoder of definition of the two, we can make vfio_spapr_create/remove_window static. No functional changes intended. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-06vfio/container: Move spapr specific init/deinit into spapr.cZhenzhong Duan
Move spapr specific init/deinit code into spapr.c and wrap them with vfio_spapr_container_init/deinit, this way footprint of spapr is further reduced, vfio_prereg_listener could also be made static. vfio_listener_release is unnecessary when prereg_listener is moved out, so have it removed. No functional changes intended. Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-06vfio/container: Move vfio_container_add/del_section_window into spapr.cZhenzhong Duan
vfio_container_add/del_section_window are spapr specific functions, so move them into spapr.c to make container.c cleaner. No functional changes intended. Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-06vfio/container: Move IBM EEH related functions into spapr_pci_vfio.cZhenzhong Duan
With vfio_eeh_as_ok/vfio_eeh_as_op moved and made static, vfio.h becomes empty and is deleted. No functional changes intended. Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Acked-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-06virtio-gpu: move scanout restoration to post_loadMarc-André Lureau
As we are going to introduce an extra subsection for "blob" resources, scanout have to be restored after. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Peter Xu <peterx@redhat.com>
2023-11-06virtio-gpu: factor out restore mappingMarc-André Lureau
The same function is going to be used next to restore "blob" resources. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Peter Xu <peterx@redhat.com>
2023-11-06virtio-gpu: block migration of VMs with blob=trueMarc-André Lureau
"blob" resources don't have an associated pixman image: #0 pixman_image_get_stride (image=0x0) at ../pixman/pixman-image.c:921 #1 0x0000562327c25236 in virtio_gpu_save (f=0x56232bb13b00, opaque=0x56232b555a60, size=0, field=0x5623289ab6c8 <__compound_literal.3+104>, vmdesc=0x56232ab59fe0) at ../hw/display/virtio-gpu.c:1225 Related to: https://bugzilla.redhat.com/show_bug.cgi?id=2236353 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Peter Xu <peterx@redhat.com>
2023-11-06ati-vga: Implement fallback for pixman routinesBALATON Zoltan
Pixman routines can fail if no implementation is available and it will become optional soon so add fallbacks when pixman does not work. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <ed0fba3f74e48143f02228b83bf8796ca49f3e7d.1698871239.git.balaton@eik.bme.hu>
2023-11-06ati-vga: Add 30 bit palette access registerBALATON Zoltan
Radeon cards have a 30 bit DAC and corresponding palette register to access it. We only use 8 bits but let the guests use 10 bit color values for those that access it through this register. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <9fa19eec95d1563cc65853cf26912f230c702b32.1698871239.git.balaton@eik.bme.hu>
2023-11-06ati-vga: Support unaligned access to GPIO DDC registersBALATON Zoltan
The GPIO_VGA_DDC and GPIO_DVI_DDC registers are used on Radeon for DDC access. Some drivers like the PPC Mac FCode ROM uses unaligned writes to these registers so implement this the same way as already done for GPIO_MONID which is used the same way for the Rage 128 Pro. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <dff6ce16ccabdfd54ffda348bf57c6d8b810cd98.1698871239.git.balaton@eik.bme.hu>
2023-11-06ati-vga: Fix aperture sizesBALATON Zoltan
Apparently these should be half the memory region sizes confirmed at least by Radeon FCocde ROM while Rage 128 Pro ROMs don't seem to use these. Linux r100 DRM driver also checks for a bit in HOST_PATH_CNTL so we also add that even though the FCode ROM does not seem to set it. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <d077d4f90d19db731df78da6f05058db074cada1.1698871239.git.balaton@eik.bme.hu>
2023-11-06virtio-gpu-rutabaga: Add empty interface to fix arm64 crashCong Liu
Add an empty element to the interfaces array, which is consistent with the behavior of other devices in qemu and fixes the crash on arm64. 0 0x0000fffff5c18550 in () at /usr/lib64/libc.so.6 1 0x0000fffff6c9cd6c in g_strdup () at /usr/lib64/libglib-2.0.so.0 2 0x0000aaaaab4945d8 in g_strdup_inline (str=<optimized out>) at /usr/include/glib-2.0/glib/gstrfuncs.h:321 3 type_new (info=info@entry=0xaaaaabc1b2c8 <virtio_gpu_rutabaga_pci_info>) at ../qom/object.c:133 4 0x0000aaaaab494f14 in type_register_internal (info=0xaaaaabc1b2c8 <virtio_gpu_rutabaga_pci_info>) at ../qom/object.c:143 5 type_register (info=0xaaaaabc1b2c8 <virtio_gpu_rutabaga_pci_info>) at ../qom/object.c:152 6 type_register_static (info=0xaaaaabc1b2c8 <virtio_gpu_rutabaga_pci_info>) at ../qom/object.c:157 7 type_register_static_array (infos=<optimized out>, nr_infos=<optimized out>) at ../qom/object.c:165 8 0x0000aaaaab6147e8 in module_call_init (type=type@entry=MODULE_INIT_QOM) at ../util/module.c:109 9 0x0000aaaaab10a0ec in qemu_init_subsystems () at ../system/runstate.c:817 10 0x0000aaaaab10d334 in qemu_init (argc=13, argv=0xfffffffff198) at ../system/vl.c:2760 11 0x0000aaaaaae4da6c in main (argc=<optimized out>, argv=<optimized out>) at ../system/main.c:47 Signed-off-by: Cong Liu <liucong2@kylinos.cn> Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20231031012515.15504-1-liucong2@kylinos.cn>
2023-11-06hw/xen: use correct default protocol for xen-block on x86David Woodhouse
Even on x86_64 the default protocol is the x86-32 one if the guest doesn't specifically ask for x86-64. Cc: qemu-stable@nongnu.org Fixes: b6af8926fb85 ("xen: add implementations of xen-block connect and disconnect functions...") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-06hw/xen: take iothread mutex in xen_evtchn_reset_op()David Woodhouse
The xen_evtchn_soft_reset() function requires the iothread mutex, but is also called for the EVTCHNOP_reset hypercall. Ensure the mutex is taken in that case. Cc: qemu-stable@nongnu.org Fixes: a15b10978fe6 ("hw/xen: Implement EVTCHNOP_reset") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-06hw/xen: fix XenStore watch delivery to guestDavid Woodhouse
When fire_watch_cb() found the response buffer empty, it would call deliver_watch() to generate the XS_WATCH_EVENT message in the response buffer and send an event channel notification to the guest… without actually *copying* the response buffer into the ring. So there was nothing for the guest to see. The pending response didn't actually get processed into the ring until the guest next triggered some activity from its side. Add the missing call to put_rsp(). It might have been slightly nicer to call xen_xenstore_event() here, which would *almost* have worked. Except for the fact that it calls xen_be_evtchn_pending() to check that it really does have an event pending (and clear the eventfd for next time). And under Xen it's defined that setting that fd to O_NONBLOCK isn't guaranteed to work, so the emu implementation follows suit. This fixes Xen device hot-unplug. Cc: qemu-stable@nongnu.org Fixes: 0254c4d19df ("hw/xen: Add xenstore wire implementation and implementation stubs") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-06hw/xen: don't clear map_track[] in xen_gnttab_reset()David Woodhouse
The refcounts actually correspond to 'active_ref' structures stored in a GHashTable per "user" on the backend side (mostly, per XenDevice). If we zero map_track[] on reset, then when the backend drivers get torn down and release their mapping we hit the assert(s->map_track[ref] != 0) in gnt_unref(). So leave them in place. Each backend driver will disconnect and reconnect as the guest comes back up again and reconnects, and it all works out OK in the end as the old refs get dropped. Cc: qemu-stable@nongnu.org Fixes: de26b2619789 ("hw/xen: Implement soft reset for emulated gnttab") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-06hw/xen: select kernel mode for per-vCPU event channel upcall vectorDavid Woodhouse
A guest which has configured the per-vCPU upcall vector may set the HVM_PARAM_CALLBACK_IRQ param to fairly much anything other than zero. For example, Linux v6.0+ after commit b1c3497e604 ("x86/xen: Add support for HVMOP_set_evtchn_upcall_vector") will just do this after setting the vector: /* Trick toolstack to think we are enlightened. */ if (!cpu) rc = xen_set_callback_via(1); That's explicitly setting the delivery to GSI#1, but it's supposed to be overridden by the per-vCPU vector setting. This mostly works in Qemu *except* for the logic to enable the in-kernel handling of event channels, which falsely determines that the kernel cannot accelerate GSI delivery in this case. Add a kvm_xen_has_vcpu_callback_vector() to report whether vCPU#0 has the vector set, and use that in xen_evtchn_set_callback_param() to enable the kernel acceleration features even when the param *appears* to be set to target a GSI. Preserve the Xen behaviour that when HVM_PARAM_CALLBACK_IRQ is set to *zero* the event channel delivery is disabled completely. (Which is what that bizarre guest behaviour is working round in the first place.) Cc: qemu-stable@nongnu.org Fixes: 91cce756179 ("hw/xen: Add xen_evtchn device for event channel emulation") Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-11-05macfb: allow reads from the DAFB_LUT registerMark Cave-Ayland
This enables A/UX to correctly retrieve the LUT entries when used with applications that use the MacOS Device Manager Status (GetEntries) call. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-ID: <20231026085650.917663-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-11-05macfb: allow larger write accesses to the DAFB_LUT registerMark Cave-Ayland
The original tests with MacOS showed that only the bottom 8 bits of the DAFB_LUT register were used when writing to the LUT, however A/UX performs some of its writes using 4 byte accesses. Expand the address range for the DAFB_LUT register so that different size accesses write the correct value to the color_palette array. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-ID: <20231026085650.917663-4-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-11-05macfb: rename DAFB_RESET to DAFB_LUT_INDEXMark Cave-Ayland
When A/UX uses the MacOS Device Manager Status (GetEntries) call to read the contents of the CLUT, it is easy to see that the requested index is written to the DAFB_RESET register. Update the palette_current index with the requested value, and rename it to DAFB_LUT_INDEX to reflect its true purpose. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-ID: <20231026085650.917663-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-11-05macfb: don't clear interrupts when writing to DAFB_RESETMark Cave-Ayland
Traces from A/UX suggest that this register is only used to reset the framebuffer LUT (colour lookup table) and not any other device state. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-ID: <20231026085650.917663-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-11-03memory-device: Support empty memory devicesDavid Hildenbrand
Let's support empty memory devices -- memory devices that don't have a memory device region in the current configuration. hv-balloon with an optional memdev is the primary use case. Signed-off-by: David Hildenbrand <david@redhat.com> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
2023-11-03vfio/pci: Fix buffer overrun when writing the VF tokenCédric Le Goater
qemu_uuid_unparse() includes a trailing NUL when writing the uuid string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the recently added UUID_STR_LEN which defines the correct size. Fixes: CID 1522913 Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token") Cc: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: "Denis V. Lunev" <den@openvz.org> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03util/uuid: Add UUID_STR_LEN definitionCédric Le Goater
qemu_uuid_unparse() includes a trailing NUL when writing the uuid string and the buffer size should be UUID_FMT_LEN + 1 bytes. Add a define for this size and use it where required. Cc: Fam Zheng <fam@euphon.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: "Denis V. Lunev" <den@openvz.org> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03hw/pci: modify pci_setup_iommu() to set PCIIOMMUOpsYi Liu
This patch modifies pci_setup_iommu() to set PCIIOMMUOps instead of setting PCIIOMMUFunc. PCIIOMMUFunc is used to get an address space for a PCI device in vendor specific way. The PCIIOMMUOps still offers this functionality. But using PCIIOMMUOps leaves space to add more iommu related vendor specific operations. Cc: Kevin Tian <kevin.tian@intel.com> Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> Cc: Peter Xu <peterx@redhat.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Yi Sun <yi.y.sun@linux.intel.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Xu <peterx@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Cc: Helge Deller <deller@gmx.de> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: BALATON Zoltan <balaton@eik.bme.hu> Cc: Elena Ufimtseva <elena.ufimtseva@oracle.com> Cc: Jagannathan Raman <jag.raman@oracle.com> Cc: Matthew Rosato <mjrosato@linux.ibm.com> Cc: Eric Farman <farman@linux.ibm.com> Cc: Halil Pasic <pasic@linux.ibm.com> Cc: Christian Borntraeger <borntraeger@linux.ibm.com> Cc: Thomas Huth <thuth@redhat.com> Cc: Helge Deller <deller@gmx.de> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> [ clg: - refreshed on latest QEMU - included hw/remote/iommu.c - documentation update - asserts in pci_setup_iommu() - removed checks on iommu_bus->iommu_ops->get_address_space - included Elroy PCI host (PA-RISC) ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03virtio-iommu: Consolidate host reserved regions and property set onesEric Auger
Up to now we were exposing to the RESV_MEM probe requests the reserved memory regions set though the reserved-regions array property. Combine those with the host reserved memory regions if any. Those latter are tagged as RESERVED. We don't have more information about them besides then cannot be mapped. Reserved regions set by property have higher priority. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Tested-by: Yanghang Liu <yanghliu@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03virtio-iommu: Implement set_iova_ranges() callbackEric Auger
The implementation populates the array of per IOMMUDevice host reserved ranges. It is forbidden to have conflicting sets of host IOVA ranges to be applied onto the same IOMMU MR (implied by different host devices). In case the callback is called after the probe request has been issues by the driver, a warning is issued. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Tested-by: Yanghang Liu <yanghliu@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03virtio-iommu: Record whether a probe request has been issuedEric Auger
Add an IOMMUDevice 'probe_done' flag to record that the driver already issued a probe request on that device. This will be useful to double check host reserved regions aren't notified after the probe and hence are not taken into account by the driver. Signed-off-by: Eric Auger <eric.auger@redhat.com> Suggested-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Tested-by: Yanghang Liu <yanghliu@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03virtio-iommu: Introduce per IOMMUDevice reserved regionsEric Auger
For the time being the per device reserved regions are just a duplicate of IOMMU wide reserved regions. Subsequent patches will combine those with host reserved regions, if any. Signed-off-by: Eric Auger <eric.auger@redhat.com> Tested-by: Yanghang Liu <yanghliu@redhat.com> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03virtio-iommu: Rename reserved_regions into prop_resv_regionsEric Auger
Rename VirtIOIOMMU (nb_)reserved_regions fields with the "prop_" prefix to highlight those fields are set through a property, at machine level. They are IOMMU wide. A subsequent patch will introduce per IOMMUDevice reserved regions that will include both those IOMMU wide property reserved regions plus, sometimes, host reserved regions, if the device is backed by a host device protected by a physical IOMMU. Also change nb_ prefix by nr_. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03vfio: Collect container iova range infoEric Auger
Collect iova range information if VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE capability is supported. This allows to propagate the information though the IOMMU MR set_iova_ranges() callback so that virtual IOMMUs get aware of those aperture constraints. This is only done if the info is available and the number of iova ranges is greater than 0. A new vfio_get_info_iova_range helper is introduced matching the coding style of existing vfio_get_info_dma_avail. The boolean returned value isn't used though. Code is aligned between both. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Tested-by: Yanghang Liu <yanghliu@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03memory: Let ReservedRegion use RangeEric Auger
A reserved region is a range tagged with a type. Let's directly use the Range type in the prospect to reuse some of the library helpers shipped with the Range type. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-11-03Merge tag 'pull-target-arm-20231102' of ↵Stefan Hajnoczi
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * linux-user/elfload: Add missing arm64 hwcap values * stellaris-gamepad: Convert to qdev * docs/specs: Convert various txt docs to rST * MAINTAINERS: Make sure that gicv3_internal.h is covered, too * hw/arm/pxa2xx_gpio: Pass CPU using QOM link property * hw/watchdog/wdt_imx2: Trace MMIO access and timer activity * hw/misc/imx7_snvs: Trace MMIO access * hw/misc/imx6_ccm: Convert DPRINTF to trace events * hw/i2c/pm_smbus: Convert DPRINTF to trace events * target/arm: Enable FEAT_MOPS insns in user-mode emulation * linux-user: Report AArch64 hwcap2 fields above bit 31 * target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly * target/arm: Fix SVE STR increment * hw/char/stm32f2xx_usart: implement TX interrupts * target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk * xlnx-versal-virt: Add AMD/Xilinx TRNG device * tag 'pull-target-arm-20231102' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits) tests/qtest: Introduce tests for AMD/Xilinx Versal TRNG device hw/arm: xlnx-versal-virt: Add AMD/Xilinx TRNG device hw/misc: Introduce AMD/Xilix Versal TRNG device target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk hw/char/stm32f2xx_usart: Add more definitions for CR1 register hw/char/stm32f2xx_usart: Update IRQ when DR is written hw/char/stm32f2xx_usart: Extract common IRQ update code to update_irq() target/arm: Fix SVE STR increment target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctly linux-user: Report AArch64 hwcap2 fields above bit 31 target/arm: Enable FEAT_MOPS insns in user-mode emulation hw/i2c/pm_smbus: Convert DPRINTF to trace events hw/misc/imx6_ccm: Convert DPRINTF to trace events hw/misc/imx7_snvs: Trace MMIO access hw/watchdog/wdt_imx2: Trace timer activity hw/watchdog/wdt_imx2: Trace MMIO access hw/arm/pxa2xx_gpio: Pass CPU using QOM link property MAINTAINERS: Make sure that gicv3_internal.h is covered, too docs/specs/vmgenid: Convert to rST docs/specs/vmcoreinfo: Convert to rST ... Conflicts: hw/input/stellaris_input.c The qdev conversion in this pull request ("stellaris-gamepad: Convert to qdev") eliminates the vmstate_register() call that was converted to vmstate_register_any() in the conflicting migration pull request. vmstate_register_any() is no longer necessary now that this device has been converted to qdev, so take this pull request's version of stellaris_gamepad.c over the previous pull request's stellaris_input.c (the file was renamed). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-03Merge tag 'migration-20231102-pull-request' of ↵Stefan Hajnoczi
https://gitlab.com/juan.quintela/qemu into staging Migration Pull request (20231102) Hi In this pull request: - migration reboot mode (steve) * I disabled the test because our CI don't like programs using so much shared memory. Searching for a fix. - test for postcopy recover (fabiano) - MigrateAddress QAPI (het) - better return path error handling (peter) - traces for downtime (peter) - vmstate_register() check for duplicates (juan) thomas find better solutions for s390x and ipmi. now also works on s390x Please, apply. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEGJn/jt6/WMzuA0uC9IfvGFhy1yMFAmVDipMACgkQ9IfvGFhy # 1yNYnQ/9E5Cywsoqljqa/9FiKBSII2qMrmkfu6JLKqePnsh5pFZiukbudYRuJCCe # ZTDEmD0NmKRJbDx2xRU1qx/e6gKJy+gz37KP89Buuh/WwZHPboPYtxQpGvCSiH26 # J3i+1+TgaqmkLzcO35wa8tp6gneQclWeAwKgMvdb4cm2pJEhgWRKI62ccyLzxeve # UCzFQn60t55ETyVZGnRD4YwdTQvGKH+DPlyTuJOLR3DePuvZd8EdH+ypvB4RLAy7 # 3+CuQOxmF5LRXPbpJuAeOsudbmhhHzrO/yL7ZmsiKQTthsJv+SzC1bO94jhQrawZ # Q7GCii5KpGq0KnRTRKZRGk6XKwxcYRduXMX3R5tXuVmDmCZsjhXzziU8yEdftph8 # 5TJdk1o0Gb043EFu81mrsQYS+9yJqe6sy6m3PTJaec54cAty5ln+c17WOvpAOaSV # +1phe05ftuVPmQ3KWhbIR/tCmavNLwEZxpVIfyaKJx04bFbtQ9gRpRyURORX4KXc # s4WXvNirQEohxYBnP4TPvA09xBTW3V08pk/wRDwt0YDXnLiqCltOuxD8r05K8K4B # MkCLcWj0g7he2tBkF60oz1KSIE0oTB81um9AzLIv5F2YSYLaJM5BIcoC437MR2f4 # MOR7drR1fP5GsRu/SeU5BWvhVq3IvdOxR7G2MLNRJJvl7ZtGXDc= # =uaqL # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Nov 2023 19:40:03 HKT # gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full] # gpg: aka "Juan Quintela <quintela@trasno.org>" [full] # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * tag 'migration-20231102-pull-request' of https://gitlab.com/juan.quintela/qemu: (40 commits) migration: modify test_multifd_tcp_none() to use new QAPI syntax. migration: Implement MigrateChannelList to hmp migration flow. migration: Implement MigrateChannelList to qmp migration flow. migration: modify migration_channels_and_uri_compatible() for new QAPI syntax migration: New migrate and migrate-incoming argument 'channels' migration: Convert the file backend to the new QAPI syntax migration: convert exec backend to accept MigrateAddress. migration: convert rdma backend to accept MigrateAddress migration: convert socket backend to accept MigrateAddress migration: convert migration 'uri' into 'MigrateAddress' migration: New QAPI type 'MigrateAddress' migration: Change ram_dirty_bitmap_reload() retval to bool tests/migration-test: Add a test for postcopy hangs during RECOVER migration: Allow network to fail even during recovery migration: Refactor error handling in source return path tests/qtest: migration: add reboot mode test cpr: reboot mode cpr: relax vhost migration blockers cpr: relax blockdev migration blockers migration: per-mode blockers ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-02hw/arm: xlnx-versal-virt: Add AMD/Xilinx TRNG deviceTong Ho
Connect the support for Versal True Random Number Generator (TRNG) device. Warning: unlike the TRNG component in a real device from the Versal device familiy, the connected TRNG model is not of cryptographic grade and is not intended for use cases when cryptograpically strong TRNG is needed. Signed-off-by: Tong Ho <tong.ho@amd.com> Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20231031184611.3029156-3-tong.ho@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/misc: Introduce AMD/Xilix Versal TRNG deviceTong Ho
This adds a non-cryptographic grade implementation of the model for the True Random Number Generator (TRNG) component in AMD/Xilinx Versal device family. This implements all 3 modes defined by the actual hardware specs, all of which selectable by guest software at will at anytime: 1) PRNG mode, in which the generated sequence is required to be reproducible after reseeded by the same 384-bit value as supplied by guest software. 2) Test mode, in which the generated sequence is required to be reproducible ater reseeded by the same 128-bit test seed supplied by guest software. 3) TRNG mode, in which non-reproducible sequence is generated based on periodic reseed by a suitable entropy source. This model is only intended for non-real world testing of guest software, where cryptographically strong PRNG or TRNG is not needed. This model supports versions 1 & 2 of the device, with default to be version 2; the 'hw-version' uint32 property can be set to 0x0100 to override the default. Other implemented properties: - 'forced-prng', uint64 When set to non-zero, mode 3's entropy source is implemented as a deterministic sequence based on the given value and other deterministic parameters. This option allows the emulation to test guest software using mode 3 and to reproduce data-dependent defects. - 'fips-fault-events', uint32, bit-mask bit 3: Triggers the SP800-90B entropy health test fault irq bit 1: Triggers the FIPS 140-2 continuous test fault irq Signed-off-by: Tong Ho <tong.ho@amd.com> Message-id: 20231031184611.3029156-2-tong.ho@amd.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/char/stm32f2xx_usart: Update IRQ when DR is writtenHans-Erik Floryd
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com> Message-id: 20231030151528.1138131-3-hans-erik.floryd@rt-labs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/char/stm32f2xx_usart: Extract common IRQ update code to update_irq()Hans-Erik Floryd
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com> Message-id: 20231030151528.1138131-2-hans-erik.floryd@rt-labs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/i2c/pm_smbus: Convert DPRINTF to trace eventsBernhard Beschow
Let the trace messages slightly deviate from the function names ("smb" -> "smbus") being traced in order to avoid conflights with the SMB protocol. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Corey Minyard <cminyard@mvista.com> Message-id: 20231028122415.14869-6-shentey@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/misc/imx6_ccm: Convert DPRINTF to trace eventsBernhard Beschow
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231028122415.14869-5-shentey@gmail.com [PMM: Add "Hz" unit indicator to frequency traces] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/misc/imx7_snvs: Trace MMIO accessBernhard Beschow
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231028122415.14869-4-shentey@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/watchdog/wdt_imx2: Trace timer activityBernhard Beschow
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Message-id: 20231028122415.14869-3-shentey@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/watchdog/wdt_imx2: Trace MMIO accessBernhard Beschow
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231028122415.14869-2-shentey@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02hw/arm/pxa2xx_gpio: Pass CPU using QOM link propertyPhilippe Mathieu-Daudé
Instead of passing the CPU index and resolving it, use a QOM link to directly pass the CPU. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231030083706.63685-1-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02docs/specs/standard-vga: Convert to rSTPeter Maydell
Convert docs/specs/standard-vga.txt to rST format. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230927151205.70930-6-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-11-02hw/input/stellaris_gamepad: Convert to qemu_input_handler_register()Peter Maydell
Now that we have converted to qdev, we can use the newer qemu_input_handler_register() API rather than the legacy qemu_add_kbd_event_handler(). Since we only have one user, take the opportunity to convert from scancodes to QCodes, rather than using qemu_input_key_value_to_scancode() (which adds an 0xe0 prefix and encodes up/down indication in the scancode, which our old handler function then had to reverse). That lets us drop the old state field which was tracking whether we were halfway through a two-byte scancode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231030114802.3671871-7-peter.maydell@linaro.org