aboutsummaryrefslogtreecommitdiff
path: root/target/i386
AgeCommit message (Collapse)Author
2022-03-23target/i386/kvm: Free xsave_buf when destroying vCPUPhilippe Mathieu-Daudé
Fix vCPU hot-unplug related leak reported by Valgrind: ==132362== 4,096 bytes in 1 blocks are definitely lost in loss record 8,440 of 8,549 ==132362== at 0x4C3B15F: memalign (vg_replace_malloc.c:1265) ==132362== by 0x4C3B288: posix_memalign (vg_replace_malloc.c:1429) ==132362== by 0xB41195: qemu_try_memalign (memalign.c:53) ==132362== by 0xB41204: qemu_memalign (memalign.c:73) ==132362== by 0x7131CB: kvm_init_xsave (kvm.c:1601) ==132362== by 0x7148ED: kvm_arch_init_vcpu (kvm.c:2031) ==132362== by 0x91D224: kvm_init_vcpu (kvm-all.c:516) ==132362== by 0x9242C9: kvm_vcpu_thread_fn (kvm-accel-ops.c:40) ==132362== by 0xB2EB26: qemu_thread_start (qemu-thread-posix.c:556) ==132362== by 0x7EB2159: start_thread (in /usr/lib64/libpthread-2.28.so) ==132362== by 0x9D45DD2: clone (in /usr/lib64/libc-2.28.so) Reported-by: Mark Kanda <mark.kanda@oracle.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Mark Kanda <mark.kanda@oracle.com> Message-Id: <20220322120522.26200-1-philippe.mathieu.daude@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-23target/i386: force maximum rounding precision for fildl[l]Alex Bennée
The instruction description says "It is loaded without rounding errors." which implies we should have the widest rounding mode possible. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/888 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220315121251.2280317-4-alex.bennee@linaro.org>
2022-03-21Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell
Bugfixes. # gpg: Signature made Mon 21 Mar 2022 14:57:57 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: hw/i386/amd_iommu: Fix maybe-uninitialized error with GCC 12 target/i386: kvm: do not access uninitialized variable on older kernels Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-21Use g_new() & friends where that makes obvious senseMarkus Armbruster
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Patch created mechanically with: $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \ --macro-file scripts/cocci-macro-file.h FILES... Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20220315144156.1595462-4-armbru@redhat.com> Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
2022-03-20target/i386: kvm: do not access uninitialized variable on older kernelsPaolo Bonzini
KVM support for AMX includes a new system attribute, KVM_X86_XCOMP_GUEST_SUPP. Commit 19db68ca68 ("x86: Grant AMX permission for guest", 2022-03-15) however did not fully consider the behavior on older kernels. First, it warns too aggressively. Second, it invokes the KVM_GET_DEVICE_ATTR ioctl unconditionally and then uses the "bitmask" variable, which remains uninitialized if the ioctl fails. Third, kvm_ioctl returns -errno rather than -1 on errors. While at it, explain why the ioctl is needed and KVM_GET_SUPPORTED_CPUID is not enough. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15Merge tag 'darwin-20220315' of https://github.com/philmd/qemu into stagingPeter Maydell
Darwin-based host patches - Remove various build warnings - Fix building with modules on macOS - Fix mouse/keyboard GUI interactions # gpg: Signature made Tue 15 Mar 2022 12:52:19 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'darwin-20220315' of https://github.com/philmd/qemu: (21 commits) MAINTAINERS: Volunteer to maintain Darwin-based hosts support ui/cocoa: add option to swap Option and Command ui/cocoa: capture all keys and combos when mouse is grabbed ui/cocoa: release mouse when user switches away from QEMU window ui/cocoa: add option to disable left-command forwarding to guest ui/cocoa: Constify qkeycode translation arrays configure: Pass filtered QEMU_OBJCFLAGS to meson meson: Log QEMU_CXXFLAGS content in summary meson: Resolve the entitlement.sh script once for good osdep: Avoid using Clang-specific __builtin_available() audio: Rename coreaudio extension to use Objective-C compiler coreaudio: Always return 0 in handle_voice_change audio: Log context for audio bug audio/dbus: Fix building with modules on macOS audio/coreaudio: Remove a deprecation warning on macOS 12 block/file-posix: Remove a deprecation warning on macOS 12 hvf: Remove deprecated hv_vcpu_flush() calls hvf: Make hvf_get_segments() / hvf_put_segments() local hvf: Use standard CR0 and CR4 register definitions tests/fp/berkeley-testfloat-3: Ignore ignored #pragma directives ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-15hvf: Remove deprecated hv_vcpu_flush() callsPhilippe Mathieu-Daudé
When building on macOS 11 [*], we get: In file included from ../target/i386/hvf/hvf.c:59: ../target/i386/hvf/vmx.h:174:5: error: 'hv_vcpu_flush' is deprecated: first deprecated in macOS 11.0 - This API has no effect and always returns HV_UNSUPPORTED [-Werror,-Wdeprecated-declarations] hv_vcpu_flush(vcpu); ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/Hypervisor.framework/Headers/hv.h:364:20: note: 'hv_vcpu_flush' has been explicitly marked deprecated here extern hv_return_t hv_vcpu_flush(hv_vcpuid_t vcpu) ^ Since this call "has no effect", simply remove it ¯\_(ツ)_/¯ Not very useful deprecation doc: https://developer.apple.com/documentation/hypervisor/1441386-hv_vcpu_flush [*] Also 10.15 (Catalina): https://lore.kernel.org/qemu-devel/Yd3DmSqZ1SiJwd7P@roolebo.dev/ Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-15hvf: Make hvf_get_segments() / hvf_put_segments() localPhilippe Mathieu-Daudé
Both hvf_get_segments/hvf_put_segments() functions are only used within x86hvf.c: do not declare them as public API. Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-15hvf: Use standard CR0 and CR4 register definitionsCameron Esfahani
No need to have our own definitions of these registers. Signed-off-by: Cameron Esfahani <dirty@apple.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-15KVM: SVM: always set MSR_AMD64_TSC_RATIO to default valueMaxim Levitsky
Even when the feature is not supported in guest CPUID, still set the msr to the default value which will be the only value KVM will accept in this case Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20220223115824.319821-1-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15i386: Add Icelake-Server-v6 CPU model with 5-level EPT supportVitaly Kuznetsov
Windows 11 with WSL2 enabled (Hyper-V) fails to boot with Icelake-Server {-v5} CPU model but boots well with '-cpu host'. Apparently, it expects 5-level paging and 5-level EPT support to come in pair but QEMU's Icelake-Server CPU model lacks the later. Introduce 'Icelake-Server-v6' CPU model with 'vmx-page-walk-5' enabled by default. Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Message-Id: <20220221145316.576138-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Support XFD and AMX xsave data migrationZeng Guang
XFD(eXtended Feature Disable) allows to enable a feature on xsave state while preventing specific user threads from using the feature. Support save and restore XFD MSRs if CPUID.D.1.EAX[4] enumerate to be valid. Likewise migrate the MSRs and related xsave state necessarily. Signed-off-by: Zeng Guang <guang.zeng@intel.com> Signed-off-by: Wei Wang <wei.w.wang@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-8-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: add support for KVM_CAP_XSAVE2 and AMX state migrationJing Liu
When dynamic xfeatures (e.g. AMX) are used by the guest, the xsave area would be larger than 4KB. KVM_GET_XSAVE2 and KVM_SET_XSAVE under KVM_CAP_XSAVE2 works with a xsave buffer larger than 4KB. Always use the new ioctls under KVM_CAP_XSAVE2 when KVM supports it. Signed-off-by: Jing Liu <jing2.liu@intel.com> Signed-off-by: Zeng Guang <guang.zeng@intel.com> Signed-off-by: Wei Wang <wei.w.wang@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-7-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Add AMX CPUIDs enumerationJing Liu
Add AMX primary feature bits XFD and AMX_TILE to enumerate the CPU's AMX capability. Meanwhile, add AMX TILE and TMUL CPUID leaf and subleaves which exist when AMX TILE is present to provide the maximum capability of TILE and TMUL. Signed-off-by: Jing Liu <jing2.liu@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-6-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Add XFD faulting bit for state componentsJing Liu
Intel introduces XFD faulting mechanism for extended XSAVE features to dynamically enable the features in runtime. If CPUID (EAX=0Dh, ECX=n, n>1).ECX[2] is set as 1, it indicates support for XFD faulting of this state component. Signed-off-by: Jing Liu <jing2.liu@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-5-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Grant AMX permission for guestYang Zhong
Kernel allocates 4K xstate buffer by default. For XSAVE features which require large state component (e.g. AMX), Linux kernel dynamically expands the xstate buffer only after the process has acquired the necessary permissions. Those are called dynamically- enabled XSAVE features (or dynamic xfeatures). There are separate permissions for native tasks and guests. Qemu should request the guest permissions for dynamic xfeatures which will be exposed to the guest. This only needs to be done once before the first vcpu is created. KVM implemented one new ARCH_GET_XCOMP_SUPP system attribute API to get host side supported_xcr0 and Qemu can decide if it can request dynamically enabled XSAVE features permission. https://lore.kernel.org/all/20220126152210.3044876-1-pbonzini@redhat.com/ Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Signed-off-by: Jing Liu <jing2.liu@intel.com> Message-Id: <20220217060434.52460-4-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Add AMX XTILECFG and XTILEDATA componentsJing Liu
The AMX TILECFG register and the TMMx tile data registers are saved/restored via XSAVE, respectively in state component 17 (64 bytes) and state component 18 (8192 bytes). Add AMX feature bits to x86_ext_save_areas array to set up AMX components. Add structs that define the layout of AMX XSAVE areas and use QEMU_BUILD_BUG_ON to validate the structs sizes. Signed-off-by: Jing Liu <jing2.liu@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-3-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15x86: Fix the 64-byte boundary enumeration for extended stateJing Liu
The extended state subleaves (EAX=0Dh, ECX=n, n>1).ECX[1] indicate whether the extended state component locates on the next 64-byte boundary following the preceding state component when the compacted format of an XSAVE area is used. Right now, they are all zero because no supported component needed the bit to be set, but the upcoming AMX feature will use it. Fix the subleaves value according to KVM's supported cpuid. Signed-off-by: Jing Liu <jing2.liu@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20220217060434.52460-2-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15target/i386: Throw a #SS when loading a non-canonical ISTGareth Webb
Loading a non-canonical address into rsp when handling an interrupt or performing a far call should raise a #SS not a #GP. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/870 Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk> Message-Id: <164529651121.25406.15337137068584246397-0@git.sr.ht> [Move get_pg_mode to seg_helper.c for user-mode emulators. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15target/i386: only include bits in pg_mode if they are not ignoredPaolo Bonzini
LA57/PKE/PKS is only relevant in 64-bit mode, and NXE is only relevant if PAE is in use. Since there is code that checks PG_MODE_LA57 to determine the canonicality of addresses, make sure that the bit is not set by mistake in 32-bit mode. While it would not be a problem because 32-bit addresses by definition fit in both 48-bit and 57-bit address spaces, it is nicer if get_pg_mode() actually returns whether a feature is enabled, and it allows a few simplifications in the page table walker. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15kvm/msi: do explicit commit when adding msi routesLongpeng(Mike)
We invoke the kvm_irqchip_commit_routes() for each addition to MSI route table, which is not efficient if we are adding lots of routes in some cases. This patch lets callers invoke the kvm_irqchip_commit_routes(), so the callers can decide how to optimize. [1] https://lists.gnu.org/archive/html/qemu-devel/2021-11/msg00967.html Signed-off-by: Longpeng <longpeng2@huawei.com> Message-Id: <20220222141116.2091-3-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15whpx: Fixed incorrect CR8/TPR synchronizationIvan Shcherbakov
This fixes the following error triggered when stopping and resuming a 64-bit Linux kernel via gdb: qemu-system-x86_64.exe: WHPX: Failed to set virtual processor context, hr=c0350005 The previous logic for synchronizing the values did not take into account that the lower 4 bits of the CR8 register, containing the priority level, mapped to bits 7:4 of the APIC.TPR register (see section 10.8.6.1 of Volume 3 of Intel 64 and IA-32 Architectures Software Developer's Manual). The caused WHvSetVirtualProcessorRegisters() to fail with an error, effectively preventing GDB from changing the guest context. Signed-off-by: Ivan Shcherbakov <ivan@sysprogs.com> Message-Id: <010b01d82874$bb4ef160$31ecd420$@sysprogs.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15whpx: Fixed reporting of the CPU context to GDB for 64-bitIvan Shcherbakov
Make sure that pausing the VM while in 64-bit mode will set the HF_CS64_MASK flag in env->hflags (see x86_update_hflags() in target/i386/cpu.c). Without it, the code in gdbstub.c would only use the 32-bit register values when debugging 64-bit targets, making debugging effectively impossible. Signed-off-by: Ivan Shcherbakov <ivan@sysprogs.com> Message-Id: <00f701d82874$68b02000$3a106000$@sysprogs.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-08Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20220307' into staging target-arm queue: * cleanups of qemu_oom_check() and qemu_memalign() * target/arm/translate-neon: UNDEF if VLD1/VST1 stride bits are non-zero * target/arm/translate-neon: Simplify align field check for VLD3 * GICv3 ITS: add more trace events * GICv3 ITS: implement 8-byte accesses properly * GICv3: fix minor issues with some trace/log messages * ui/cocoa: Use the standard about panel * target/arm: Provide cpu property for controling FEAT_LPA2 * hw/arm/virt: Disable LPA2 for -machine virt-6.2 # gpg: Signature made Mon 07 Mar 2022 16:46:06 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20220307: hw/arm/virt: Disable LPA2 for -machine virt-6.2 target/arm: Provide cpu property for controling FEAT_LPA2 ui/cocoa: Use the standard about panel hw/intc/arm_gicv3_cpuif: Fix register names in ICV_HPPIR read trace event hw/intc/arm_gicv3: Fix missing spaces in error log messages hw/intc/arm_gicv3: Specify valid and impl in MemoryRegionOps hw/intc/arm_gicv3_its: Add trace events for table reads and writes hw/intc/arm_gicv3_its: Add trace events for commands target/arm/translate-neon: Simplify align field check for VLD3 target/arm/translate-neon: UNDEF if VLD1/VST1 stride bits are non-zero osdep: Move memalign-related functions to their own header util: Put qemu_vfree() in memalign.c util: Use meson checks for valloc() and memalign() presence util: Share qemu_try_memalign() implementation between POSIX and Windows meson.build: Don't misdetect posix_memalign() on Windows util: Return valid allocation for qemu_try_memalign() with zero size util: Unify implementations of qemu_memalign() util: Make qemu_oom_check() a static function Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-07osdep: Move memalign-related functions to their own headerPeter Maydell
Move the various memalign-related functions out of osdep.h and into their own header, which we include only where they are used. While we're doing this, add some brief documentation comments. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220226180723.1706285-10-peter.maydell@linaro.org
2022-03-06target/i386: Remove pointless CPUArchState castsPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220305233415.64627-3-philippe.mathieu.daude@gmail.com>
2022-03-06target: Use ArchCPU as interface to target CPUPhilippe Mathieu-Daudé
ArchCPU is our interface with target-specific code. Use it as a forward-declared opaque pointer (abstract type), having its structure defined by each target. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-15-f4bug@amsat.org>
2022-03-06target: Introduce and use OBJECT_DECLARE_CPU_TYPE() macroPhilippe Mathieu-Daudé
Replace the boilerplate code to declare CPU QOM types and macros, and forward-declare the CPU instance type. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-14-f4bug@amsat.org>
2022-03-06target: Use CPUArchState as interface to target-specific CPU statePhilippe Mathieu-Daudé
While CPUState is our interface with generic code, CPUArchState is our interface with target-specific code. Use CPUArchState as an abstract type, defined by each target. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-13-f4bug@amsat.org>
2022-03-06target: Use forward declared type instead of structure typePhilippe Mathieu-Daudé
The CPU / CPU state are forward declared. $ git grep -E 'struct [A-Za-z]+CPU\ \*' target/arm/hvf_arm.h:16:void hvf_arm_set_cpu_features_from_host(struct ARMCPU *cpu); target/openrisc/cpu.h:234: int (*cpu_openrisc_map_address_code)(struct OpenRISCCPU *cpu, target/openrisc/cpu.h:238: int (*cpu_openrisc_map_address_data)(struct OpenRISCCPU *cpu, $ git grep -E 'struct CPU[A-Za-z0-9]+State\ \*' target/mips/internal.h:137: int (*map_address)(struct CPUMIPSState *env, hwaddr *physical, int *prot, target/mips/internal.h:139: void (*helper_tlbwi)(struct CPUMIPSState *env); target/mips/internal.h:140: void (*helper_tlbwr)(struct CPUMIPSState *env); target/mips/internal.h:141: void (*helper_tlbp)(struct CPUMIPSState *env); target/mips/internal.h:142: void (*helper_tlbr)(struct CPUMIPSState *env); target/mips/internal.h:143: void (*helper_tlbinv)(struct CPUMIPSState *env); target/mips/internal.h:144: void (*helper_tlbinvf)(struct CPUMIPSState *env); target/xtensa/cpu.h:347: struct CPUXtensaState *env; ... Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-12-f4bug@amsat.org>
2022-03-06target/i386/tcg/sysemu: Include missing 'exec/exec-all.h' headerPhilippe Mathieu-Daudé
excp_helper.c requires "exec/exec-all.h" for tlb_set_page_with_attrs() and misc_helper.c for tlb_flush(). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-8-f4bug@amsat.org>
2022-03-06accel: Introduce AccelOpsClass::cpu_thread_is_idle()Philippe Mathieu-Daudé
Add cpu_thread_is_idle() to AccelOps, and implement it for the KVM / WHPX accelerators. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220207075426.81934-11-f4bug@amsat.org>
2022-03-06accel/hax: Introduce CONFIG_HAX_IS_POSSIBLEPhilippe Mathieu-Daudé
Mirror "sysemu/kvm.h" #ifdef'ry to define CONFIG_HAX_IS_POSSIBLE, expose hax_allowed to hax_enabled() macro. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220207075426.81934-9-f4bug@amsat.org>
2022-02-28tcg: Remove dh_alias indirection for dh_typecodeRichard Henderson
The dh_alias redirect is intended to handle TCG types as distinguished from C types. TCG does not distinguish signed int from unsigned int, because they are the same size. However, we need to retain this distinction for dh_typecode, lest we fail to extend abi types properly for the host call parameters. This bug was detected when running the 'arm' emulator on an s390 system. The s390 uses TCG_TARGET_EXTEND_ARGS which triggers code in tcg_gen_callN to extend 32 bit values to 64 bits; the incorrect sign data in the typemask for each argument caused the values to be extended as unsigned values. This simple program exhibits the problem: static volatile int num = -9; static volatile int den = -5; int main(void) { int quo = num / den; printf("num %d den %d quo %d\n", num, den, quo); exit(0); } When run on the broken qemu, this results in: num -9 den -5 quo 0 The correct result is: num -9 den -5 quo 1 Fixes: 7319d83a735 ("tcg: Combine dh_is_64bit and dh_is_signed to dh_typecode") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/876 Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Tested-by: Keith Packard <keithp@keithp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-02-22Merge remote-tracking branch ↵Peter Maydell
'remotes/thuth-gitlab/tags/pull-request-2022-02-21' into staging * Improve virtio-net failover test * Some small fixes for the qtests * Misc header cleanups by Philippe # gpg: Signature made Mon 21 Feb 2022 11:40:37 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/thuth-gitlab/tags/pull-request-2022-02-21: (25 commits) hw/tricore: Remove unused and incorrect header hw/m68k/mcf: Add missing 'exec/hwaddr.h' header exec/exec-all: Move 'qemu/log.h' include in units requiring it softmmu/runstate: Clean headers linux-user: Add missing "qemu/timer.h" include target: Add missing "qemu/timer.h" include core/ptimers: Remove unnecessary 'sysemu/cpus.h' include exec/ramblock: Add missing includes qtest: Add missing 'hw/qdev-core.h' include hw/acpi/memory_hotplug: Remove unused 'hw/acpi/pc-hotplug.h' header hw/remote: Add missing include hw/tpm: Clean includes scripts: Remove the old switch-timer-api script tests/qtest: failover: migration abort test with failover off tests/qtest: failover: test migration if the guest doesn't support failover tests/qtest: failover: check migration with failover off tests/qtest: failover: check missing guest feature tests/qtest: failover: check the feature is correctly provided tests/qtest: failover: use a macro for check_one_card() tests/qtest: failover: clean up pathname of tests ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-02-21Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * More Meson conversions (0.59.x now required rather than suggested) * UMIP support for TCG x86 * Fix migration crash * Restore error output for check-block # gpg: Signature made Mon 21 Feb 2022 09:35:59 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (29 commits) configure, meson: move CONFIG_IASL to a Meson option meson, configure: move ntddscsi API check to meson meson: require dynamic linking for VSS support qga/vss-win32: require widl/midl, remove pre-built TLB file meson: do not make qga/vss-win32/meson.build conditional on C++ presence configure, meson: replace VSS SDK checks and options with --enable-vss-sdk qga/vss: use standard windows headers location qga/vss-win32: use widl if available meson: drop --with-win-sdk qga/vss-win32: fix midl arguments meson: refine check for whether to look for virglrenderer configure, meson: move guest-agent, tools to meson configure, meson: move smbd options to meson_options.txt configure, meson: move coroutine options to meson_options.txt configure, meson: move some default-disabled options to meson_options.txt meson: define qemu_cflags/qemu_ldflags configure, meson: move block layer options to meson_options.txt configure, meson: move image format options to meson_options.txt configure, meson: cleanup qemu-ga libraries configure, meson: move TPM check to meson ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-02-21include: Move hardware version declarations to new qemu/hw-version.hPeter Maydell
The "hardware version" machinery (qemu_set_hw_version(), qemu_hw_version(), and the QEMU_HW_VERSION define) is used by fewer than 10 files. Move it out from osdep.h into a new qemu/hw-version.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-6-peter.maydell@linaro.org
2022-02-21exec/exec-all: Move 'qemu/log.h' include in units requiring itPhilippe Mathieu-Daudé
Many files use "qemu/log.h" declarations but neglect to include it (they inherit it via "exec/exec-all.h"). "exec/exec-all.h" is a core component and shouldn't be used that way. Move the "qemu/log.h" inclusion locally to each unit requiring it. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220207082756.82600-10-f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-02-16target/i386: add TCG support for UMIPGareth Webb
Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk> Message-Id: <164425598317.21902.4257759159329756142-1@git.sr.ht> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-02-09target/i386: use CPU_LOG_INT for IRQ servicingAlex Bennée
I think these have been wrong since f193c7979c (do not depend on thunk.h - more log items). Fix them so as not to confuse other debugging. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220204204335.1689602-26-alex.bennee@linaro.org>
2022-01-12KVM: x86: ignore interrupt_bitmap field of KVM_GET/SET_SREGSPaolo Bonzini
This is unnecessary, because the interrupt would be retrieved and queued anyway by KVM_GET_VCPU_EVENTS and KVM_SET_VCPU_EVENTS respectively, and it makes the flow more similar to the one for KVM_GET/SET_SREGS2. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-01-12KVM: use KVM_{GET|SET}_SREGS2 when supported.Maxim Levitsky
This allows to make PDPTRs part of the migration stream and thus not reload them after migration which is against X86 spec. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20211101132300.192584-2-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-01-08exec/memop: Adding signedness to quad definitionsFrédéric Pétrot
Renaming defines for quad in their various forms so that their signedness is now explicit. Done using git grep as suggested by Philippe, with a bit of hand edition to keep assignments aligned. Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220106210108.138226-2-frederic.petrot@univ-grenoble-alpes.fr Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-12-17target/i386/kvm: Replace use of __u32 typePhilippe Mathieu-Daudé
QEMU coding style mandates to not use Linux kernel internal types for scalars types. Replace __u32 by uint32_t. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211116193955.2793171-1-philmd@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-12-15target/i386: Use assert() to sanity-check b1 in SSE decodePeter Maydell
In the SSE decode function gen_sse(), we combine a byte 'b' and a value 'b1' which can be [0..3], and switch on them: b |= (b1 << 8); switch (b) { ... default: unknown_op: gen_unknown_opcode(env, s); return; } In three cases inside this switch, we were then also checking for "if (b1 >= 2) { goto unknown_op; }". However, this can never happen, because the 'case' values in each place are 0x0nn or 0x1nn and the switch will have directed the b1 == (2, 3) cases to the default already. This check was added in commit c045af25a52e9 in 2010; the added code was unnecessary then as well, and was apparently intended only to ensure that we never accidentally ended up indexing off the end of an sse_op_table with only 2 entries as a result of future bugs in the decode logic. Change the checks to assert() instead, and make sure they're always immediately before the array access they are protecting. Fixes: Coverity CID 1460207 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-19Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingRichard Henderson
Bugfixes for 6.2. # gpg: Signature made Fri 19 Nov 2021 10:33:29 AM CET # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: chardev/wctable: don't free the instance in wctablet_chr_finalize meson.build: Support ncurses on MacOS and OpenBSD docs: Spell QEMU all caps qtest/am53c974-test: add test for reset before transfer esp: ensure that async_len is reset to 0 during esp_hard_reset() nvmm: Fix support for stable version meson: fix botched compile check conversions Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-19nvmm: Fix support for stable versionnia
NVMM user version 1 is the version being shipped with netbsd-9, which is the most recent stable branch of NetBSD. This makes it possible to use the NVMM accelerator on the most recent NetBSD release, 9.2, which lacks nvmm_cpu_stop. (CC'ing maintainers) Signed-off-by: Nia Alarie <nia@NetBSD.org> Reviewed-by: Kamil Rytarowski <kamil@netbsd.org> Message-Id: <YWblCe2J8GwCaV9U@homeworld.netbsd.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-18target/i386/sev: Replace qemu_map_ram_ptr with address_space_mapDov Murik
Use address_space_map/unmap and check for errors. Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Acked-by: Brijesh Singh <brijesh.singh@amd.com> [Two lines wrapped for length - Daniel] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-18target/i386/sev: Perform padding calculations at compile-timeDov Murik
In sev_add_kernel_loader_hashes, the sizes of structs are known at compile-time, so calculate needed padding at compile-time. No functional change intended. Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-18target/i386/sev: Fail when invalid hashes table area detectedDov Murik
Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, no checks are performed on the validity of the hashes area designated by OVMF. Specifically, if OVMF publishes the SEV_HASH_TABLE_RV_GUID entry but it is filled with zeroes, this will cause QEMU to write the hashes entries over the first page of the guest's memory (GPA 0). Add validity checks to the published area. If the hashes table area's base address is zero, or its size is too small to fit the aligned hashes table, display an error and stop the guest launch. In such case, the following error will be displayed: qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0) Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Reported-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>